The ability to monitor code as it is executed and measure against predefined sources of input, known as dynamic taint analysis (DTA), is a very common method in information security. However, it can lead to serious performance degradation as mentioned by the authors of Dynamic Taint Analysis for Automatic Detection, Analysis and Signature Generation of Exploits on Commodity Software
Using TaintCheck to monitor a process’s execution exacts a 1.5X to 40X performance penalty
The research question we address in this paper is whether the slow-down is a fundamental performance barrier, or an artifact of bolting information flow tracking on emulators not designed for it? To answer this question, we designed a new emulator architecture for the x86 architecture from scratchâ€”with the sole purpose of minimizing the instructions needed to propagate taint. The emulator, Minemu, reduces the slowdown of DTA in most real applications to a factor of 1.5 to 3. It is significantly faster than existing solutions, even though we have not applied some of their most significant optimizations yet. We believe that the new design may be suitable for certain classes of applications in production systems.