Identification of data propagation paths for efficient dynamic information flow tracking

Sanoop Mallissery, Yu Sung Wu*, Chih Hao Hsieh, Chun An Bau

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Dynamic information flow tracking is a positive step towards the prevention of untrusted data injection and protection from possible exploits of such data. This emphasizes the importance of tracking the suspicious data flows at run-time to ensure neither the exploitation of data nor security violation. In this work, we have contemplated enhancing the competence of Static Taint Tracking (STT) to seamlessly support Dynamic Taint Tracking (DTT) using data flow analysis. The concept of definition-used (def-use) is used for source code analysis to capture the potential taint propagation paths represented using the Data Flow Graph (DFG). The extracted paths from the DFG provides prior information about all the potential taint propagation paths which extensively needed to be considered for DTT. We have tested our proposed methodology on some well-known benchmarks such as Firefox, SQLite3, Gzip, and Zlib. It is observed that the proposed method can identify all potential taint source propagation paths that cover pointers, branch conditions, inter-procedure, and inter-module data flows. The evaluation results show that this work will be very useful in guiding the dynamic taint tracking to achieve efficient and accurate detection of suspicious information flow.

Original languageEnglish
Title of host publication35th Annual ACM Symposium on Applied Computing, SAC 2020
PublisherAssociation for Computing Machinery
Pages92-99
Number of pages8
ISBN (Electronic)9781450368667
DOIs
StatePublished - 30 Mar 2020
Event35th Annual ACM Symposium on Applied Computing, SAC 2020 - Brno, Czech Republic
Duration: 30 Mar 20203 Apr 2020

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Conference

Conference35th Annual ACM Symposium on Applied Computing, SAC 2020
CountryCzech Republic
CityBrno
Period30/03/203/04/20

Keywords

  • Information flow tracking
  • Software security
  • Source code analysis
  • Static taint tracking
  • Taint analysis and propagation

Fingerprint Dive into the research topics of 'Identification of data propagation paths for efficient dynamic information flow tracking'. Together they form a unique fingerprint.

  • Cite this

    Mallissery, S., Wu, Y. S., Hsieh, C. H., & Bau, C. A. (2020). Identification of data propagation paths for efficient dynamic information flow tracking. In 35th Annual ACM Symposium on Applied Computing, SAC 2020 (pp. 92-99). (Proceedings of the ACM Symposium on Applied Computing). Association for Computing Machinery. https://doi.org/10.1145/3341105.3373876