Efficient and extensible security enforcement using dynamic data flow analysis

Authors:
Walter Chang;Brandon Streiff;Calvin Lin
Affiliations:
The University of Texas at Austin, Austin, TX, USA;The University of Texas at Austin, Austin, TX, USA;The University of Texas at Austin, Austin, TX, USA
Venue:
Proceedings of the 15th ACM conference on Computer and communications security
Year:
2008

Citing 40
Cited 30

Typestate: A programming language concept for enhancing software reliability

IEEE Transactions on Software Engineering
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Global Data Flow Analysis and Iterative Algorithms

Journal of the ACM (JACM)
An annotation language for optimizing software libraries

Proceedings of the 2nd conference on Domain-specific languages
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Reflections on trusting trust

Communications of the ACM
A lattice model of secure information flow

Communications of the ACM
CCured: type-safe retrofitting of legacy code

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Programming Perl

Programming Perl
Improving Security Using Extensible Lightweight Static Analysis

IEEE Software
Cyclone: A Safe Dialect of C

ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Secure Execution via Program Shepherding

Proceedings of the 11th USENIX Security Symposium
Program slicing

ICSE '81 Proceedings of the 5th international conference on Software engineering
Using Programmer-Written Compiler Extensions to Catch Security Holes

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
The inlined reference monitor approach to security policy enforcement

The inlined reference monitor approach to security policy enforcement
Incorporating domain-specific information into the compilation process

Incorporating domain-specific information into the compilation process
Secure program execution via dynamic information flow tracking

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Low-overhead memory leak detection using adaptive statistical profiling

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Improving software security with a C pointer analysis

Proceedings of the 27th international conference on Software engineering
Defeating Memory Corruption Attacks via Pointer Taintedness Detection

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Finding application errors and security flaws using PQL: a program query language

OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Vigilante: end-to-end containment of internet worms

Proceedings of the twentieth ACM symposium on Operating systems principles
Control-flow integrity

Proceedings of the 12th ACM conference on Computer and communications security
DieHard: probabilistic memory safety for unsafe languages

Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
A General Dynamic Information Flow Tracking Framework for Security Applications

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks

Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Raksha: a flexible information flow architecture for software security

Proceedings of the 34th annual international symposium on Computer architecture
FormatGuard: automatic protection from printf format string vulnerabilities

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting format string vulnerabilities with type qualifiers

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Efficient techniques for comprehensive protection from memory error exploits

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks

ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Dytan: a generic dynamic taint analysis framework

Proceedings of the 2007 international symposium on Software testing and analysis
Securing software by enforcing data-flow integrity

OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Detection of Data Flow Anomaly Through Program Instrumentation

IEEE Transactions on Software Engineering
Client-driven pointer analysis

SAS'03 Proceedings of the 10th international conference on Static analysis
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Semi-sparse flow-sensitive pointer analysis

Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
TAJ: effective taint analysis of web applications

Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Improving application security with data flow assertions

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Finding bugs in exceptional situations of JNI programs

Proceedings of the 16th ACM conference on Computer and communications security
Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks

Proceedings of the 2009 ACM workshop on Scalable trusted computing
Efficient character-level taint tracking for Java

Proceedings of the 2009 ACM workshop on Secure web services
Towards security testing with taint analysis and genetic algorithms

Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Client-side detection of XSS worms by monitoring payload propagation

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Dynamic tainting for deployed Java programs

Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Patch auditing in infrastructure as a service clouds

Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Saving the world wide web from vulnerable JavaScript

Proceedings of the 2011 International Symposium on Software Testing and Analysis
GuardRails: a data-centric web application security framework

WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Static detection of access control vulnerabilities in web applications

SEC'11 Proceedings of the 20th USENIX conference on Security
RoleCast: finding missing security checks when you do not know what checks are

Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
A formalisation of java strings for program specification and verification

SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
Static program analysis assisted dynamic taint tracking for software vulnerability discovery

Computers & Mathematics with Applications
Flow-sensitive pointer analysis for millions of lines of code

CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Towards a taint mode for cloud computing web applications

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Hash-flow taint analysis of higher-order programs

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
A taint mode for python via a library

NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Scalable flow-sensitive pointer analysis for java with strong updates

ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
Static secure page allocation for light-weight dynamic information flow tracking

Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
Practical Integrated Analysis of Pointers, Dataflow and Control Flow

ACM Transactions on Programming Languages and Systems (TOPLAS)
ANDROMEDA: accurate and scalable security analysis of web applications

FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
Inlined monitors for security policy enforcement in web applications

Proceedings of the 17th Panhellenic Conference on Informatics
Parallel flow-sensitive pointer analysis by graph-rewriting

PACT '13 Proceedings of the 22nd international conference on Parallel architectures and compilation techniques
Native ×86 decompilation using semantics-preserving structural analysis and iterative control-flow structuring

SEC'13 Proceedings of the 22nd USENIX conference on Security
Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities

Information and Software Technology
Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis

Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Time- and space-efficient flow-sensitive points-to analysis

ACM Transactions on Architecture and Code Optimization (TACO)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current taint tracking systems suffer from high overhead and a lack of generality. In this paper, we solve both of these issues with an extensible system that is an order of magnitude more efficient than previous software taint tracking systems and is fully general to dynamic data flow tracking problems. Our system uses a compiler to transform untrusted programs into policy-enforcing programs, and our system can be easily reconfigured to support new analyses and policies without modifying the compiler or runtime system. Our system uses a sound and sophisticated static analysis that can dramatically reduce the amount of data that must be dynamically tracked. For server programs, our system's average overhead is 0.65% for taint tracking, which is comparable to the best hardware-based solutions. For a set of compute-bound benchmarks, our system produces no runtime overhead because our compiler can prove the absence of vulnerabilities, eliminating the need to dynamically track taint. After modifying these benchmarks to contain format string vulnerabilities, our system's overhead is less than 13%, which is over 6X lower than the previous best solutions. We demonstrate the flexibility and power of our system by applying it to file disclosure vulnerabilities, a problem that taint tracking cannot handle. To prevent such vulnerabilities, our system introduces an average runtime overhead of 0.25% for three open source server programs.