PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory Tracker

Michael Kiperberg, Nezer Zaidenberg

Research output: Contribution to journalArticlepeer-review


Information-flow tracking is useful for preventing malicious code execution and sensitive information leakage. Unfortunately, the performance penalty of the currently available solutions is too high for real-world applications. This paper presents PDIFT++, a hybrid system-wide dynamic information-flow tracker. PDIFT++ uses a hypervisor for coarse memory tracking and an emulator for fine memory tracking. The switching between the two modes allows PDIFT++ to achieve high performance without compromising the memory tracking precision. In addition, PDIFT++ provides system-wide tracking by monitoring system calls that can transmit information between two processes and between a process and a file system. The results show that PDIFT++ induces a performance penalty of 26% on average.

Original languageEnglish
Article number226
JournalSN Computer Science
Issue number2
StatePublished - Feb 2024


  • DIFT
  • Emulator
  • Hypervisor
  • Virtualization

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • General Computer Science
  • Computer Networks and Communications
  • Computer Science Applications
  • Computational Theory and Mathematics
  • Computer Graphics and Computer-Aided Design


Dive into the research topics of 'PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory Tracker'. Together they form a unique fingerprint.

Cite this