DTA++: Dynamic Taint Analysis With Targeted Control-Flow Propagation
Dynamic Taint Analysis (DTA) is a powerful technique for, among other things, tracking the flow of sensitive information. However, it is vulnerable to false negative errors caused by implicit flows, situations in which tainted data values affect control flow, which in turn affects other data. The authors propose DTA++, an enhancement to dynamic taint analysis that additionally propagates taint along a targeted subset of control-flow dependencies. Their technique first diagnoses implicit flows within information-preserving transformations, where they are most likely to cause under-tainting.