ISSTA 2007 https://faculty.cc.gatech.edu/~orso/papers/clause.li.orso.ISSTA07.pdf

Background

The disadvantages of dynamic taint analysis:

• ad-hoc manner, target specific/small class of problems — applicability
• focus on data-flow based tainting only without considering tainting due to the control-flow
• small fixed number of taint markings — flexibility and generality

The advantages of DYTAN:

• highly flexible and customizable: allow to specify customized tainted data/propagation/checking
• performing both data-flow and control-flow based tainting
• work on binaries without source code

Motivation

Explicit information flow: a tainted variable directly involves in the computation of another variable’s value, related to data dependencies

Implicit information flow: related to control dependencies, as shown in Figure 4 (the value of x should be tainted with marking ta)

Related work