Dynamic Taint Tracking in Managed Runtimes

Ben Livshits

MSR-TR-2012-114 |

This paper provides a taxonomy of runtime taint tracking approaches for managed code, such as code written in Java, C#, PHP, Perl, or Ruby. It covers main applications of data tainting such as preventing web application vulnerabilities including cross-site scripting and SQL injection attacks, along with disallowing privacy-sensitive data leaks. In addition to giving an overview of related literature from the last decade, this paper provides guidance and describes the trade-offs of different instrumentation approaches. Lastly, we provide a list of open problems whose solutions would aid practical adaption of runtime tainting on a wider scale.