Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

Yu-Hsin Hung; Bing-Jhong Jheng; Hong-Wei Li; Wen-Yang Lai; Sanoop Mallissery; Yu-Sung Wu

doi:10.1109/DSC49826.2021.9346239

Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

Yu-Hsin Hung, Bing-Jhong Jheng, Hong-Wei Li, Wen-Yang Lai, Sanoop Mallissery, Yu-Sung Wu

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

3 Citations (Scopus)

Abstract

Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

Original language	English
Title of host publication	2021 IEEE Conference on Dependable and Secure Computing, DSC 2021
Editors	Wenjuan Li
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Number of pages	8
ISBN (Electronic)	9781728175348
ISBN (Print)	9781728175355
DOIs	https://doi.org/10.1109/DSC49826.2021.9346239
Publication status	Published - 2021
Externally published	Yes
Event	IEEE Conference on Dependable and Secure Computing 2021 - Aizuwakamatsu, Fukushima, Japan Duration: 30 Jan 2021 → 2 Feb 2021 https://ieeexplore.ieee.org/xpl/conhome/9346211/proceeding?sortType=vol-only-seq&isnumber=9346228&rowsPerPage=50&pageNumber=1 (Proceedings) https://nsclab.org/dsc2021/ (Website)

Conference

Conference	IEEE Conference on Dependable and Secure Computing 2021
Abbreviated title	DSC 2021
Country/Territory	Japan
City	Aizuwakamatsu, Fukushima
Period	30/01/21 → 2/02/21
Internet address	https://ieeexplore.ieee.org/xpl/conhome/9346211/proceeding?sortType=vol-only-seq&isnumber=9346228&rowsPerPage=50&pageNumber=1 (Proceedings) https://nsclab.org/dsc2021/ (Website)

Keywords

anomaly detection
application logic vulnerabilities
decoupled dynamic information flow tracking
static information flow tracking
taint propagation

Access to Document

10.1109/DSC49826.2021.9346239

Cite this

Hung, Y.-H., Jheng, B.-J., Li, H.-W., Lai, W.-Y., Mallissery, S., & Wu, Y.-S. (2021). Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay. In W. Li (Ed.), 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021 Article 9346239 IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/DSC49826.2021.9346239

@inproceedings{a6f6d7e84549455685f0f05a663cfd8f,

title = "Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay",

abstract = "Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.",

keywords = "anomaly detection, application logic vulnerabilities, decoupled dynamic information flow tracking, static information flow tracking, taint propagation",

author = "Yu-Hsin Hung and Bing-Jhong Jheng and Hong-Wei Li and Wen-Yang Lai and Sanoop Mallissery and Yu-Sung Wu",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; IEEE Conference on Dependable and Secure Computing 2021, DSC 2021 ; Conference date: 30-01-2021 Through 02-02-2021",

year = "2021",

doi = "10.1109/DSC49826.2021.9346239",

language = "English",

isbn = "9781728175355",

editor = "Wenjuan Li",

booktitle = "2021 IEEE Conference on Dependable and Secure Computing, DSC 2021",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

url = "https://ieeexplore.ieee.org/xpl/conhome/9346211/proceeding?sortType=vol-only-seq\&isnumber=9346228\&rowsPerPage=50\&pageNumber=1, https://nsclab.org/dsc2021/",

}

Hung, Y-H, Jheng, B-J, Li, H-W, Lai, W-Y, Mallissery, S & Wu, Y-S 2021, Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay. in W Li (ed.), 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021., 9346239, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, IEEE Conference on Dependable and Secure Computing 2021, Aizuwakamatsu, Fukushima, Japan, 30/01/21. https://doi.org/10.1109/DSC49826.2021.9346239

Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay. / Hung, Yu-Hsin; Jheng, Bing-Jhong; Li, Hong-Wei et al.
2021 IEEE Conference on Dependable and Secure Computing, DSC 2021. ed. / Wenjuan Li. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers, 2021. 9346239.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

AU - Hung, Yu-Hsin

AU - Jheng, Bing-Jhong

AU - Li, Hong-Wei

AU - Lai, Wen-Yang

AU - Mallissery, Sanoop

AU - Wu, Yu-Sung

PY - 2021

Y1 - 2021

N2 - Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

AB - Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

KW - anomaly detection

KW - application logic vulnerabilities

KW - decoupled dynamic information flow tracking

KW - static information flow tracking

KW - taint propagation

UR - https://www.scopus.com/pages/publications/85101704567

U2 - 10.1109/DSC49826.2021.9346239

DO - 10.1109/DSC49826.2021.9346239

M3 - Conference Paper

AN - SCOPUS:85101704567

SN - 9781728175355

BT - 2021 IEEE Conference on Dependable and Secure Computing, DSC 2021

A2 - Li, Wenjuan

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

T2 - IEEE Conference on Dependable and Secure Computing 2021

Y2 - 30 January 2021 through 2 February 2021

ER -

Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this