Visible to the public Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

TitleMixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay
Publication TypeConference Paper
Year of Publication2021
AuthorsHung, Yu-Hsin, Jheng, Bing-Jhong, Li, Hong-Wei, Lai, Wen-Yang, Mallissery, Sanoop, Wu, Yu-Sung
Conference Name2021 IEEE Conference on Dependable and Secure Computing (DSC)
Keywordsanomaly detection, application logic vulnerabilities, composability, decoupled dynamic information flow tracking, Memory management, Metrics, pubcrawl, Runtime, Runtime library, Semantics, Servers, static information flow tracking, taint analysis, taint propagation, target tracking
AbstractStatic information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.
DOI10.1109/DSC49826.2021.9346239
Citation Keyhung_mixed-mode_2021