Towards Practical Taint Tracking

This paper proposes several technical measures that significantly improve performance and largely limit kernel taint explosion in a XEN- and QEMU-based taint tracking system. Full-system, fine-grained taint tracking is a fundamental primitive that can be used for a number of purposes, most notably for tracking the flow of information through a system. Taint tracking is conceptually simple: memory containing data is tagged with a "Taint", and the tag is tracked as contents of the memory are computed upon and moved. There is a large and growing literature of various taint-tracking techniques and there are many cases where taint-tracking has proven both practical and beneficial.