Stony Brook Computer Science Dept.
Taint-tracking is emerging as a general technique in software security to complement virtualization and static analysis. It has been applied for accurate detection of a wide range of attacks on benign software, as well as in malware defense. Although it is quite robust for tackling the former problem, application of taint analysis to untrusted (and potentially malicious) software is riddled with several subtle difficulties that lead to gaping holes in the defense techniques. These holes arise due to theoretical limitations of information flow analysis techniques, as well as the nature of real-world software designs.