Dynamic taint analysis (DTA), as a fundamental analysis technique, is widely used in security, privacy, and diagnosis, etc. As DTA demands to collect and analyze massive taint data online, it suffers extremely high runtime overhead. Over the past decades, numerous attempts have been made to lower the overhead of DTA. Unfortunately, the reductions they achieved are marginal, causing DTA only applicable to the debugging/testing scenarios. In this paper, we propose and implement HardTaint, a system that can realize production-run dynamic taint tracking. HardTaint adopts a hybrid and systematic design which combines static analysis, selective hardware tracing and parallel graph processing techniques. The comprehensive evaluations demonstrate that HardTaint introduces only around 9% runtime overhead which is an order of magnitude lower than the state-of-the-arts, while without sacrificing any taint detection capability.

翻译：动态污点分析（DTA）作为一项基础分析技术，广泛应用于安全、隐私保护和诊断等领域。由于DTA需要在线采集并分析海量污点数据，其运行时开销极高。过去数十年间，研究人员已付出诸多努力以降低DTA的开销。然而，现有方法仅能实现边际效益的降幅，导致DTA仍仅适用于调试/测试场景。本文提出并实现了HardTaint——一套能够实现生产环境动态污点追踪的系统。HardTaint采用混合式系统设计，融合了静态分析、选择性硬件追踪和并行图处理技术。综合评估表明，HardTaint仅引入约9%的运行时开销，比现有最优方案降低一个数量级，且未损失任何污点检测能力。