LDX: Causality Inference by Lightweight Dual Execution
| Title | LDX: Causality Inference by Lightweight Dual Execution |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Kwon, Yonghwi, Kim, Dohyeong, Sumner, William Nick, Kim, Kyungtae, Saltaformaggio, Brendan, Zhang, Xiangyu, Xu, Dongyan |
| Conference Name | Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4091-5 |
| Keywords | causality inference, composability, concurrency and security, concurrency security, dual execution, dynamic analysis, Dynamical Systems, Metrics, pubcrawl, Resiliency, taint analysis |
| Abstract | Causality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine LDX. Given an execution, it spawns a slave execution, in which it mutates c and observes whether any change is induced at e. To preclude non-determinism, LDX couples the executions by sharing syscall outcomes. To handle path differences induced by the perturbation, we develop a novel on-the-fly execution alignment scheme that maintains a counter to reflect the progress of execution. The scheme relies on program analysis and compiler transformation. LDX can effectively detect information leak and security attacks with an average overhead of 6.08% while running the master and the slave concurrently on separate CPUs, much lower than existing systems that require instruction level monitoring. Furthermore, it has much better accuracy in causality inference. |
| URL | http://doi.acm.org/10.1145/2872362.2872395 |
| DOI | 10.1145/2872362.2872395 |
| Citation Key | kwon_ldx:_2016 |