TruffleTaint: Polyglot Dynamic Taint Analysis on GraalVM

TruffleTaint: Polyglot Dynamic Taint Analysis on GraalVM

Jacob Kreindl, Daniele Bonetta, Lukas Stadler, David Leopoldseder, Hanspeter Moessenboeck

13 September 2022

Dynamic taint analysis tracks the propagation of specific values while a program executes . To this end, a taint label is attached to these values and dynamically propagated to any values derived from them. Frequent application of this analysis technique in many fields has led to the development of general purpose analysis platforms with taint propaga- tion capabilities. However, these platforms generally limit analysis developers to a specific implementation language, propagation semantics or taint label representation, and they provide no tooling support for analysis development. In this paper we present a language-agnostic approach for implementing a dynamic taint analysis independently of the analysis platform that it is executed on. We imple- mented this approach in TruffleTaint, a platform for taint propagation in multiple programming languages. We show how our approach enables TruffleTaint to provide analysis implementers with more control over the semantics and im- plementation language of their taint analysis than current analysis platforms and with a more capable development en- vironment. We further show that our approach enables the development of both tooling infrastructure for taint analysis research and data-flow enabled tools for end-users.


Venue : 19th International Conference on Managed Programming Languages & Runtimes (MPLR'22) https://soft.vub.ac.be/mplr22/