research-article

Efficient and extensible security enforcement using dynamic data flow analysis

Authors:

Brandon Streiff, and

Calvin LinAuthors Info & Claims

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

October 2008

Pages 39 - 50

https://doi.org/10.1145/1455770.1455778

Published: 27 October 2008 Publication History

Abstract

Current taint tracking systems suffer from high overhead and a lack of generality. In this paper, we solve both of these issues with an extensible system that is an order of magnitude more efficient than previous software taint tracking systems and is fully general to dynamic data flow tracking problems. Our system uses a compiler to transform untrusted programs into policy-enforcing programs, and our system can be easily reconfigured to support new analyses and policies without modifying the compiler or runtime system. Our system uses a sound and sophisticated static analysis that can dramatically reduce the amount of data that must be dynamically tracked. For server programs, our system's average overhead is 0.65% for taint tracking, which is comparable to the best hardware-based solutions. For a set of compute-bound benchmarks, our system produces no runtime overhead because our compiler can prove the absence of vulnerabilities, eliminating the need to dynamically track taint. After modifying these benchmarks to contain format string vulnerabilities, our system's overhead is less than 13%, which is over 6X lower than the previous best solutions. We demonstrate the flexibility and power of our system by applying it to file disclosure vulnerabilities, a problem that taint tracking cannot handle. To prevent such vulnerabilities, our system introduces an average runtime overhead of 0.25% for three open source server programs.

References

[1]

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. In Proceedings of the ACM Conference on Computer and Communication Security, pages 340--353, 2005.

Digital Library

[2]

K. Ashcraft and D. Engler. Using programmer-written compiler extensions to catch security holes. In Proceedings of the IEEE Symposium on Security and Privacy, pages 143--159, 2002.

Digital Library

[3]

D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving software security with a C pointer analysis. In Proceedings of the 27th International Conference on Software Engineering, pages 332--341, 2005.

Digital Library

[4]

A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference, pages 251--262, 2000.

Digital Library

[5]

D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical Report 2547, MITRE, March 1973.

[6]

E. D. Berger and B. G. Zorn. DieHard: Probabalistic memory safety for unsafe languages. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 158--168, 2006.

Digital Library

[7]

S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th USENIX Security Symposium, pages 271--286, 2005.

Digital Library

[8]

K. J. Biba. Integrity considerations for secure computer systems. Technical Report ES-TR-76-372, Electronic Systems Division, Hanscom Air Force Base, April 1977.

[9]

M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pages 147--160, 2006.

Digital Library

[10]

S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. K. Iyer. Defeating memory corruption attacks via pointer taintedness detection. In Proceedings of the International Conference on Dependable Systems and Networks, pages 378--387, 2005.

Digital Library

[11]

J. Clause, W. Li, and A. Orso. Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing, pages 196--206, 2007.

Digital Library

[12]

M. Costa, J. Crowcroft, M. Castro, A. Rwostron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of Internet worms. In Proceedings of the 20th ACM Symposium on Operating System Principles, pages 133--147, 2005.

Digital Library

[13]

C. Cowan, M. Barringer, S. Beattie, G. Kroah-Hartman, M. Frantzen, and J. Lokier. FormatGuard: Automatic protection from printf format string vulnerabilities. In Proceedings of the 10th USENIX Security Symposium, pages 15--23, 2001.

Digital Library

[14]

C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, pages 91--104, 2003.

Digital Library

[15]

C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, pages 63--78, 1998.

Digital Library

[16]

J. R. Crandall and F. T. Chong. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the 37th International Symposium on Microarchitecture, pages 221--232, 2004.

Digital Library

[17]

M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: A flexible information flow architecture for software security. In Proceedings of the 34th International Symposium on Computer Architecture, pages 482--493, 2007.

Digital Library

[18]

D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236--243, May 1976.

Digital Library

[19]

U. Erlingsson. The inlined reference monitor approach to security policy enforcement. PhD thesis, Cornell University, Ithaca, New York, 2003.

Digital Library

[20]

D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, 19(1):42--51, January/February 2002.

Digital Library

[21]

S. Z. Guyer. Incorporating Domain-Specific Information into the Compilation Process. PhD thesis, The University of Texas at Austin, Austin, TX, 2003.

Digital Library

[22]

S. Z. Guyer and C. Lin. An annotation language for optimizing software libraries. In Proceedings of the 2nd Conference on Domain-Specific Languages, pages 39--52, 1999.

Digital Library

[23]

S. Z. Guyer and C. Lin. Client-driven pointer analysis. In Proceedings of the 10th Annual Static Analysis Symposium, pages 214--236, June 2003.

Digital Library

[24]

S. Z. Guyer and C. Lin. Broadway: A compiler for exploiting the domain-specific semantics of software libraries. Proceedings of the IEEE, Special issue on program generation, optimization and adaptation, 93(2):342--357, January-February 2005.

[25]

M. Hauswirth and T. M. Chilimbi. Low-overhead memory leak detection using adaptive statistical profiling. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 156--164, 2004.

Digital Library

[26]

J. C. Huang. Detection of data flow anomaly through program instrumentation. IEEE Transactions on Software Engineering, SE--5(3):226--236, May 1979.

Digital Library

[27]

T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the USENIX Annual Technical Conference, pages 275--288, 2002.

Digital Library

[28]

R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proceedings of the 4th International Workshop on Automated and Algorithmic Debugging, pages 13--26, 1997.

[29]

J. B. Kam and J. D. Ullman. Global data flow analysis and iterative algorithms. Journal of the ACM, 23(1):158--176, January 1976.

Digital Library

[30]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the 11th Annual USENIX Security Symposium, pages 191--206, 2002.

Digital Library

[31]

L. C. Lam and T.-C. Chiueh. A general dynamic information flow tracking framework for security applications. In Proceedings of the 22nd Annual Computer Security Applications Conference, pages 463--472, 2006.

Digital Library

[32]

M. Martin, B. Livshits, and M. S. Lam. Finding application errors and security flaws using PQL: A program query language. In Proceedings of the 20th Annual ACM SIGPLAN Conference on Object Oriented Programming, Systems, and Applications, pages 365--383, 2005.

Digital Library

[33]

A. C. Myers. JFlow: Practical mostly-static information flow control. In Proceedings of the 26th ACM SIGPLAN Symposium on Principles of Programming Languages, pages 228--241, 1999.

Digital Library

[34]

National Security Agency Information Systems Security Organization. Labeled security protection profile version 1b, October 1999.

[35]

G. C. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proceedings of the 29th ACM SIGPLAN Symposium on Principles of Programming Languages, pages 128--139, 2002.

Digital Library

[36]

J. Newsome, D. Brumley, and D. Song. Vulnerability-specific execution filtering for exploit prevention on commodity software. In Proceedings of the Network and Distributed Security Symposium, 2006.

[37]

J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed Security Symposium, 2005.

[38]

A. Nguyen-Tong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening web applications using precise tainting. In Proceedings of the 20th IFIP International Information Security Conference, pages 295--308, 2005.

[39]

F. Qin, C. Wang, Z. Li, H. seop Kim, Y. Zhou, and Y. Wu. LIFT: A low-overhead information flow tracking system for detecting security attacks. In Proceedings of the 39th Annual IEEE/ACM Symposium on Microarchitecture, pages 135--148, 2006.

Digital Library

[40]

A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, 2003.

Digital Library

[41]

F. B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security, 3(1):30--50, February 2000.

Digital Library

[42]

U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th USENIX Security Symposium, pages 201--218, 2001.

Digital Library

[43]

R. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Transactions on Software Engineering, 12(1):157--171, 1986.

Digital Library

[44]

G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 85--96, 2004.

Digital Library

[45]

K. Thompson. Reflections on trusting trust. Communications of the ACM, 27(8):761--763, August 1984.

Digital Library

[46]

L. Wall, T. Christiansen, and J. Orwant. Programming Perl. O'Reilly & Associates, Sebastopol, California, United States, third edition, 2000.

Digital Library

[47]

M. Weiser. Program slicing. In Proceedings of the 5th International Conference on Software Engineering, pages 439--449, 1981.

Digital Library

[48]

W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of the 15th USENIX Security Symposium, pages 121--136, 2006.

Digital Library

Cited By

Wu BLiu SXiao YLi ZSun JLin SChandra SBlincoe KTonella P(2023)Learning Program Semantics for Vulnerability Detection via Vulnerability-Specific Inter-procedural SlicingProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616351(1371-1383)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616351
KC DFerra TMorrison C(2023)Neural Machine Translation for Recovering ASTs from Binaries2023 IEEE 3rd International Conference on Software Engineering and Artificial Intelligence (SEAI)10.1109/SEAI59139.2023.10217602(80-85)Online publication date: 16-Jun-2023
https://doi.org/10.1109/SEAI59139.2023.10217602
Ouyang YShao KChen KShen RChen CXu MZhang YZhang LGrundy JPollock LPenta M(2023)MirrorTaint: Practical Non-Intrusive Dynamic Taint Tracking for JVM-Based Microservice SystemsProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00210(2514-2526)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00210
Show More Cited By

Index Terms

Efficient and extensible security enforcement using dynamic data flow analysis
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systems

Precise static analyses are context-, field- and flow-sensitive. Context- and field-sensitivity are both expressible as context-free language (CFL) reachability problems. Solving both CFL problems along the same data-flow path is undecidable, which is ...
Read More
Precise flow-insensitive may-alias analysis is NP-hard

Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...
Read More
Pushdown control-flow analysis for free
POPL '16

Traditional control-flow analysis (CFA) for higher-order languages introduces spurious connections between callers and callees, and different invocations of a function may pollute each other's return flows. Recently, three distinct approaches have been ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

October 2008

590 pages

ISBN:9781595938107

DOI:10.1145/1455770

General Chair:
Peng Ning
North Carolina State University, USA
,
Program Chairs:
Paul Syverson
Naval Research Laboratory, USA
,
Somesh Jha
University of Wisconsin, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 27 - 31, 2008

Virginia, Alexandria, USA

Acceptance Rates

CCS '08 Paper Acceptance Rate 51 of 280 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

90
Total Citations
View Citations
1,483
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)5

Other Metrics

View Author Metrics

Citations

Cited By

Wu BLiu SXiao YLi ZSun JLin SChandra SBlincoe KTonella P(2023)Learning Program Semantics for Vulnerability Detection via Vulnerability-Specific Inter-procedural SlicingProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616351(1371-1383)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616351
KC DFerra TMorrison C(2023)Neural Machine Translation for Recovering ASTs from Binaries2023 IEEE 3rd International Conference on Software Engineering and Artificial Intelligence (SEAI)10.1109/SEAI59139.2023.10217602(80-85)Online publication date: 16-Jun-2023
https://doi.org/10.1109/SEAI59139.2023.10217602
Ouyang YShao KChen KShen RChen CXu MZhang YZhang LGrundy JPollock LPenta M(2023)MirrorTaint: Practical Non-Intrusive Dynamic Taint Tracking for JVM-Based Microservice SystemsProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00210(2514-2526)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00210
Goharshady AZaher A(2023)Efficient Interprocedural Data-Flow Analysis Using Treedepth and TreewidthVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-24950-1_9(177-202)Online publication date: 17-Jan-2023
https://doi.org/10.1007/978-3-031-24950-1_9
Cheng XDevecsery DFalsafi BFerdman MLu SWenisch T(2022)Creating concise and efficient dynamic analyses with ALDAProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507760(740-752)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507760
Yang ZYuan ZJin SChen XSun LDu XLi WZhang H(2022)FSAFlow: Lightweight and Fast Dynamic Path Tracking and Control for Privacy Protection on Android Using Hybrid Analysis with State-Reduction Strategy2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833764(2114-2129)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833764
Brant CShrestha PMixon-Baca BChen KVarlioglu SElsayed NJin YCrandall JOliveira D(2021)Challenges and Opportunities for Practical and Effective Dynamic Information Flow TrackingACM Computing Surveys10.1145/348379055:1(1-33)Online publication date: 23-Nov-2021
https://dl.acm.org/doi/10.1145/3483790
Chen THeo KRaghothaman MSpinellis DGousios GChechik MDi Penta M(2021)Boosting static analysis accuracy with instrumented test executionsProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468626(1154-1165)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468626
Jayapandian N(2021)Cloud Dynamic Scheduling for Multimedia Data Encryption Using Tabu Search AlgorithmWireless Personal Communications: An International Journal10.1007/s11277-021-08562-5120:3(2427-2447)Online publication date: 1-Oct-2021
https://dl.acm.org/doi/10.1007/s11277-021-08562-5
Galea JKroening DSun HShieh SGu GAteniese G(2020)The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path GenerationProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3384764(622-636)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3384764
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents