Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

Yu Hsin Hung; Bing Jhong Jheng; Hong Wei Li; Wen Yang Lai; Sanoop Mallissery; Yu-Sung Wu

doi:10.1109/DSC49826.2021.9346239

Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

Yu Hsin Hung, Bing Jhong Jheng, Hong Wei Li, Wen Yang Lai, Sanoop Mallissery, Yu-Sung Wu

資電亥客與安全碩士學位學程

研究成果: Conference contribution › 同行評審

2 引文斯高帕斯（Scopus）

摘要

Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

原文	English
主出版物標題	2021 IEEE Conference on Dependable and Secure Computing, DSC 2021
發行者	Institute of Electrical and Electronics Engineers Inc.
頁數	8
ISBN（電子）	9781728175348
DOIs	https://doi.org/10.1109/DSC49826.2021.9346239
出版狀態	Published - 30 1月 2021
事件	2021 IEEE Conference on Dependable and Secure Computing, DSC 2021 - Aizuwakamatsu, Fukushima, 日本持續時間: 30 1月 2021 → 2 2月 2021

出版系列

名字	2021 IEEE Conference on Dependable and Secure Computing, DSC 2021

Conference

Conference	2021 IEEE Conference on Dependable and Secure Computing, DSC 2021
國家/地區	日本
城市	Aizuwakamatsu, Fukushima
期間	30/01/21 → 2/02/21

存取文件

10.1109/DSC49826.2021.9346239

其它文件與鏈接

Link to publication in Scopus

引用此

Hung, Y. H., Jheng, B. J., Li, H. W., Lai, W. Y., Mallissery, S., & Wu, Y.-S. (2021). Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay. 於 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021 文章 9346239 (2021 IEEE Conference on Dependable and Secure Computing, DSC 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSC49826.2021.9346239

@inproceedings{f815c56000a9446db23ccd76b8122916,

title = "Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay",

abstract = "Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.",

keywords = "anomaly detection, application logic vulnerabilities, decoupled dynamic information flow tracking, static information flow tracking, taint propagation",

author = "Hung, {Yu Hsin} and Jheng, {Bing Jhong} and Li, {Hong Wei} and Lai, {Wen Yang} and Sanoop Mallissery and Yu-Sung Wu",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021 ; Conference date: 30-01-2021 Through 02-02-2021",

year = "2021",

month = jan,

day = "30",

doi = "10.1109/DSC49826.2021.9346239",

language = "English",

series = "2021 IEEE Conference on Dependable and Secure Computing, DSC 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2021 IEEE Conference on Dependable and Secure Computing, DSC 2021",

address = "美國",

}

Hung, YH, Jheng, BJ, Li, HW, Lai, WY, Mallissery, S & Wu, Y-S 2021, Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay. 於 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021., 9346239, 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021, Institute of Electrical and Electronics Engineers Inc., 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021, Aizuwakamatsu, Fukushima, 日本, 30/01/21. https://doi.org/10.1109/DSC49826.2021.9346239

Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay. / Hung, Yu Hsin; Jheng, Bing Jhong; Li, Hong Wei 等.
2021 IEEE Conference on Dependable and Secure Computing, DSC 2021. Institute of Electrical and Electronics Engineers Inc., 2021. 9346239 (2021 IEEE Conference on Dependable and Secure Computing, DSC 2021).

研究成果: Conference contribution › 同行評審

TY - GEN

T1 - Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

AU - Hung, Yu Hsin

AU - Jheng, Bing Jhong

AU - Li, Hong Wei

AU - Lai, Wen Yang

AU - Mallissery, Sanoop

AU - Wu, Yu-Sung

PY - 2021/1/30

Y1 - 2021/1/30

N2 - Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

AB - Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

KW - anomaly detection

KW - application logic vulnerabilities

KW - decoupled dynamic information flow tracking

KW - static information flow tracking

KW - taint propagation

UR - http://www.scopus.com/inward/record.url?scp=85101704567&partnerID=8YFLogxK

U2 - 10.1109/DSC49826.2021.9346239

DO - 10.1109/DSC49826.2021.9346239

M3 - Conference contribution

AN - SCOPUS:85101704567

T3 - 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021

BT - 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021

Y2 - 30 January 2021 through 2 February 2021

ER -

Hung YH, Jheng BJ, Li HW, Lai WY, Mallissery S, Wu YS. Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay. 於 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021. Institute of Electrical and Electronics Engineers Inc. 2021. 9346239. (2021 IEEE Conference on Dependable and Secure Computing, DSC 2021). doi: 10.1109/DSC49826.2021.9346239

Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

摘要

出版系列

Conference

存取文件

其它文件與鏈接

指紋

引用此