Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay

Yu Hsin Hung, Bing Jhong Jheng, Hong Wei Li, Wen Yang Lai, Sanoop Mallissery, Yu Sung Wu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Static information flow analysis (IFA) and dynamic information flow tracking (DIFT) have been widely employed in offline security analysis of computer programs. As security attacks become more sophisticated, there is a rising need for IFA and DIFT in production environment. However, existing systems usually deal with IFA and DIFT separately, and most DIFT systems incur significant performance overhead. We propose MIT to facilitate IFA and DIFT in online production environment. MIT offers mixed-mode information flow tracking at byte-granularity and incurs moderate runtime performance overhead. The core techniques consist of the extraction of taint semantics intermediate representation (TSIR) at compile-time and the decoupled execution of TSIR for information flow analysis. We conducted an extensive performance overhead evaluation on MIT to confirm its applicability in production environment. We also outline potential applications of MIT, including the implementation of data provenance checking and information flow based anomaly detection in real-world applications.

Original languageEnglish
Title of host publication2021 IEEE Conference on Dependable and Secure Computing, DSC 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728175348
DOIs
StatePublished - 30 Jan 2021
Event2021 IEEE Conference on Dependable and Secure Computing, DSC 2021 - Aizuwakamatsu, Fukushima, Japan
Duration: 30 Jan 20212 Feb 2021

Publication series

Name2021 IEEE Conference on Dependable and Secure Computing, DSC 2021

Conference

Conference2021 IEEE Conference on Dependable and Secure Computing, DSC 2021
CountryJapan
CityAizuwakamatsu, Fukushima
Period30/01/212/02/21

Keywords

  • anomaly detection
  • application logic vulnerabilities
  • decoupled dynamic information flow tracking
  • static information flow tracking
  • taint propagation

Fingerprint Dive into the research topics of 'Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay'. Together they form a unique fingerprint.

Cite this