With the advent of multicore processors, there is a great need to write parallel programs to take advantage of parallel computing resources. However, due to the nondeterminism of parallel execution, the malware behaviors sensitive to thread scheduling are extremely difficult to detect. Dynamic taint analysis is widely used in security problems. By serializing a multithreaded execution and then propagating taint tags along the serialized schedule, existing dynamic taint analysis techniques lead to under-tainting with respect to other possible interleavings under the same input. In this paper, we propose an approach called DSTAM that integrates symbolic analysis and guided execution to systematically detect tainted instances on all possible executions under a given input. Symbolic analysis infers alternative interleavings of an executed trace that cover new tainted instances, and computes thread schedules that guide future executions. Guided execution explores new execution traces that drive future symbolic analysis. We have implemented a prototype as part of an educational tool that teaches secure C programming, where accuracy is more critical than efficiency. To the best of our knowledge, DSTAM is the first algorithm that addresses the challenge of taint analysis for multithreaded program under fixed inputs.

中文翻译：

---

告诉你一个明确的答案：你的数据是否在线程调度期间被污染

随着多核处理器的出现，非常需要编写并行程序以利用并行计算资源。然而，由于并行执行的不确定性，对线程调度敏感的恶意软件行为极难检测。动态污点分析广泛应用于安全问题。通过序列化多线程执行，然后沿着序列化的时间表传播污点标签，现有的动态污点分析技术导致相对于同一输入下其他可能的交错的污点不足。在本文中，我们提出了一种称为 DSPAM 的方法，该方法集成了符号分析和引导执行，以系统地检测给定输入下所有可能执行的受污染实例。符号分析推断覆盖新受污染实例的已执行跟踪的替代交错，并计算指导未来执行的线程调度。引导执行探索驱动未来符号分析的新执行轨迹。我们已经实现了一个原型作为教育工具的一部分，用于教授安全的 C 编程，其中准确性比效率更重要。据我们所知，DSTAM 是第一个解决固定输入下多线程程序污点分析挑战的算法。准确性比效率更重要。据我们所知，DSTAM 是第一个解决固定输入下多线程程序污点分析挑战的算法。准确性比效率更重要。据我们所知，DSTAM 是第一个解决固定输入下多线程程序污点分析挑战的算法。