TY - GEN
T1 - Enriching the Semantics of Information Flow Tracking with Source-Level Memory Allocation Event Logging
AU - Mallissery, Sanoop
AU - Wu, Yu Sung
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Information flow tracking (IFT) reveals how a program accesses its data throughout its execution. It can effectively detect the leakage of sensitive data or the corruption of critical data. Much of its strength depends on the semantics of the variables involved. Here, we have devised SQUIRREL, a configurable static code instrumentation and runtime logging tool, which enriches the semantics of information flow representation with detailed source-code level variable mappings. System administrators or intrusion detection systems (IDS) will have precise insight into the information flow, making it possible to detect attacks on zero-day vulnerabilities or application-specific logic loopholes. We evaluate SQUIRREL with various real-world programs and generate information flow with source-level variable mappings and discuss the efficiency of SQUIRREL concerning performance overhead and memory usage with existing profiling tools.
AB - Information flow tracking (IFT) reveals how a program accesses its data throughout its execution. It can effectively detect the leakage of sensitive data or the corruption of critical data. Much of its strength depends on the semantics of the variables involved. Here, we have devised SQUIRREL, a configurable static code instrumentation and runtime logging tool, which enriches the semantics of information flow representation with detailed source-code level variable mappings. System administrators or intrusion detection systems (IDS) will have precise insight into the information flow, making it possible to detect attacks on zero-day vulnerabilities or application-specific logic loopholes. We evaluate SQUIRREL with various real-world programs and generate information flow with source-level variable mappings and discuss the efficiency of SQUIRREL concerning performance overhead and memory usage with existing profiling tools.
KW - code analysis
KW - code instrumentation
KW - dynamic information flow tracking code sanitization
UR - http://www.scopus.com/inward/record.url?scp=85182266861&partnerID=8YFLogxK
U2 - 10.1109/DSC61021.2023.10354156
DO - 10.1109/DSC61021.2023.10354156
M3 - Conference contribution
AN - SCOPUS:85182266861
T3 - Proceedings - 2023 IEEE Conference on Dependable and Secure Computing, DSC 2023
BT - Proceedings - 2023 IEEE Conference on Dependable and Secure Computing, DSC 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th IEEE Conference on Dependable and Secure Computing, DSC 2023
Y2 - 7 November 2023 through 9 November 2023
ER -