Panorama: Malware Detection Using Information Flow

EMU-based system that keeps track of sensitive information flow throughout system.  Generate taint graphs that can be used to identify malware signature.
OS and Hardware-level awareness.
20x slowdown, not very useful from client-side but might be useful for research group/honey net perspective.  Allow us to weed through lots of files.

Taint graph = trace graph of data.  Does slowdown come from representation of trace being a graph?  Is there a way to speed it up by skipping graph generation or 
develop another type of signature?  Or is complexity just too much, shadow data, following data takes time.

What if the vulnerability consists of multiple files?

Stop violations when they occur?

Seemed very similar to all of us.  Been there, done that.  Just hasn't been published with this security slant before.  With OS research, can't we do something similar without 20x slowdown?