Dynamic taint analysis

Discussion in 'other anti-virus software' started by LUSHER, Sep 22, 2007.

Thread Status:
Not open for further replies.
  1. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Can someone tell me something about Dynamic taint analysis?
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
  3. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I can google too you know. :)
     
  4. munckman

    munckman Registered Member

    Joined:
    May 2, 2002
    Posts:
    100
    LUSHER,

    As far as I can tell...

    Dynamic - Refers to actions that take place at the moment they are needed rather than in advance. For example, many programs perform dynamic memory allocation, which means that they do not reserve memory ahead of time, but seize sections of memory when needed. In general, such programs require less memory, although they may run a little more slowly.

    taint - is a term used to refer to the perineum (the region of the human body between the testicles or vagina and the anus). This term has no basis in medical terminology and is most often considered lewd and mildly obscene.

    analysis - means literally to break a complex problem down into smaller, more manageable "independent" parts for the purposes of examination — with the hope that solving these smaller parts will lead to a solution of the more complex problem as well.

    I'm confident you were just being inquisitive. Perhaps a re-word is in order?;) The taint reference is the one that is uncommon and funny or may even be offensive to some. Not offensive to me because I found it humorous.:)
     
  5. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    I found it funny also, I hope that someone was not just pulling your leg. I know I laughed a little reading the title, as I didn't think that an analysis of the "taint" belonged in a security forum :).
    Now if this is actually has something to do with computer security I hope someone will enlighten us all.

    EDIT:
    I actually found a fairly easy to read paper from the ComSci Dept. at SUNY Stonybrook:
    http://seclab.cs.sunysb.edu/seclab/pubs/papers/usenix_sec06.pdf

    I feel a little silly now.
     
  6. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    whatever dude.. back to discussing whether that 1% difference in avcomparitives is worth making a switch...
     
  7. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    that's a bit harsh.
     
  8. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    If this was directed at me, I have no idea what you are talking about.
     
    Last edited: Sep 24, 2007
  9. Tweakie

    Tweakie Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    90
    Location:
    E.U.
    That seems to be the perfect companion to behavioral detection (in an AV lab, at least): whereas "norman's like sandboxes" monitor the execution of "tainted executables", this kind of sandbox monitors the flow of tainted data inside legit execuables. I'm impressed by the perfs they obtain: according to the authors, the slowdown for apache is only 1.5 to 40. If you consider the time needed to translate the code to and from ucode, the instrumentation and the memory overhead, that's surprisinglyly good. Another application they do not mention explicitely is the use of TaintCheck on the client side (browser, etc.), in security-critical environments.

    Does somebody know if Valgrind is able to handle correctly self modifying code ?
     
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Mostly...goto Valgrind.org
     
Thread Status:
Not open for further replies.