research-article

Open access

Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems

Authors:

Shashidhar Mysore,

Tim SherwoodAuthors Info & Claims

ACM Transactions on Architecture and Code Optimization (TACO), Volume 9, Issue 1

Article No.: 3, Pages 1 - 26

https://doi.org/10.1145/2133382.2133385

Published: 01 March 2012 Publication History

Abstract

It is not uncommon for modern systems to be composed of a variety of interacting services, running across multiple machines in such a way that most developers do not really understand the whole system. As abstraction is layered atop abstraction, developers gain the ability to compose systems of extraordinary complexity with relative ease. However, many software properties, especially those that cut across abstraction layers, become very difficult to understand in such compositions. The communication patterns involved, the privacy of critical data, and the provenance of information, can be difficult to find and understand, even with access to all of the source code. The goal of Dataflow Tomography is to use the inherent information flow of such systems to help visualize the interactions between complex and interwoven components across multiple layers of abstraction. In the same way that the injection of short-lived radioactive isotopes help doctors trace problems in the cardiovascular system, the use of “data tagging” can help developers slice through the extraneous layers of software and pin-point those portions of the system interacting with the data of interest. To demonstrate the feasibility of this approach we have developed a prototype system in which tags are tracked both through the machine and in between machines over the network, and from which novel visualizations of the whole system can be derived. We describe the system-level challenges in creating a working system tomography tool and we qualitatively evaluate our system by examining several example real world scenarios.

References

[1]

Aguilera, M. K., Mogul, J. C., Wiener, J. L., Reynolds, P., and Muthitacharoen, A. 2003. Performance debugging for distributed systems of black boxes. In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP’03). ACM Press, 74--89.

Digital Library

[2]

Barham, P., Donnelly, A., Isaacs, R., and Mortier, R. 2004. Using magpie for request extraction and workload modelling. In Proceedings of the 6th Conference on Symposium on Opearting Systems Design and Implementation (OSDI’04). USENIX Association.

Digital Library

[3]

Bellard, F. 2005. QEMU, A fast and portable dynamic translator. In Proceedings of the USENIX Annual Technical Conference.

Digital Library

[4]

Bitton, D. and Turbyfill, C. 1988. A retrospective on the Wisconsin benchmark. In Readings in Database Systems, M. Stonebraker Ed., Morgan Kaufman, 280--299.

Digital Library

[5]

Castro, M., Costa, M., and Harris, T. 2006. Securing software by enforcing dataflow integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (USENIX’06). USENIX Association.

Digital Library

[6]

Chong, S., Liu, J., Myers, A. C., Qi, X., Vikram, K., Zheng, L., and Zheng, X. 2007. Secure web applications via automatic partitioning. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP’07).

Digital Library

[7]

Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., and Rosenblum, M. 2004. Understanding data lifetime via whole system simulation. In Proceedings of the 13th USENIX Security Symposium (SSYM’04). USENIX Association, 22--22.

Digital Library

[8]

Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., and Barham, P. 2005. Vigilante: End-to-end containment of internet worms. In Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP’05). ACM Press, 133--147.

Digital Library

[9]

Crandall, J. R. and Chong, F. T. 2004. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the 37th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society, Los Alamitos, CA, 221--232.

Digital Library

[10]

Crandall, J. R., Su, Z., Wu, S. F., and Chong, F. T. 2005. On deriving unknown vulnerabilities from zeroday polymorphic and metamorphic worm exploits. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS’05). ACM Press, 235--248.

Digital Library

[11]

Dalton, M., Kannan, H., and Kozyrakis, C. 2007. Raksha: A flexible information flow architecture for software security. In Proceedings of the 34th International Symposium on Computer Architecture.

Digital Library

[12]

Dean, J., Hicks, J. E., Waldspurger, C. A., Weihl, W. E., and Chrysos, G. 2004. Profileme: Hardware support for instruction-level profiling on out-of-order processors. In Proceedings of the 30th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE, 292--302.

Digital Library

[13]

Efstathopoulos, P., Krohn, M., Vandebogart, S., Frey, C., Ziegler, D., Kohler, E., Mazières, D., Kaashoek, F., and Morris, R. 2005. Labels and event processes in the asbestos operating system. SIGOPS Oper. Syst. Rev. 39, 5, 17--30.

Digital Library

[14]

Erlingsson, Ú., Valley, S., Abadi, M., Vrable, M., Budiu, M., and Necula, G. C. 2006. Xfi: Software guards for system address spaces. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (USENIX’06). USENIX Association.

Digital Library

[15]

Gupta, D., Yocum, K., McNett, M., Snoeren, A. C., Vahdat, A., and Voelker, G. M. 2006. To infinity and beyond: Time-warped network emulation. In Proceedings of the 3rd Conference on Networked Systems Design & Implementation (NSDI’’06). USENIX Association, Berkeley, CA, 7--7.

Digital Library

[16]

Haeberlen, A., Kouznetsov, P., and Druschel, P. 2007. Peerreview: Practical accountability for distributed systems. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP’07).

Digital Library

[17]

Hauswirth, M., Sweeney, P. F., Diwan, A., and Hind, M. 2004. Vertical profiling: understanding the behavior of object-oriented applications. In Proceedings of the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA’04). ACM Press, 251--269.

Digital Library

[18]

Ho, A., Fetterman, M., Clark, C., Warfield, A., and Hand, S. 2006. Practical taint-based protection using demand emulation. SIGOPS Oper. Syst, Rev. 40, 4, 29--41.

Digital Library

[19]

Joukov, N., Traeger, A., Iyer, R., Wright, C. P., and Zadok, E. 2006. Operating system profiling via latency analysis. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (USENIX’06). USENIX Association.

Digital Library

[20]

Kiciman, E. and Livshits, B. 2007. Ajaxscope: A platform for remotely monitoring the client-side behavior of web 2.0 applications. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP’07).

Digital Library

[21]

Kim, H. C., Keromytis, A. D., Covington, M., and Sahita, R. 2009. Capturing information flow with concatenated dynamic taint analysis. In Proceedings of the International Conference on Availability, Reliability and Security. 355--362.

[22]

Larus, J. R. 1999. Whole program paths. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’99). ACM Press, 259--269.

Digital Library

[23]

Levon, J. and Elie, P. Oprofile. oprofile.sourceforge.net.

[24]

Narayanasamy, S., Pokam, G., and Calder, B. 2005. Bugnet: Continuously recording program execution for deterministic replay debugging. In Proceedings of the 32nd Annual International Symposium on Computer Architecture (ISCA’05). IEEE, 284--295.

Digital Library

[25]

Newsome, J. and Song, D. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS’05).

[26]

Portokalidis, G., Slowinska, A., and Bos, H. 2006. Argos: An emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. SIGOPS Oper. Syst. Rev. 40, 4, 15--27.

Digital Library

[27]

Qin, F., Wang, C., Li, Z., Kim, H.-S., Zhou, Y. Y., and Wu, Y. 2006. LIFT: A low-overhead practical information flow tracking system for detecting general security attacks. In Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture.

Digital Library

[28]

Shaw, Z. A. Mongrel: mongrel.rubyforge.org.

[29]

Suh, G. E., Lee, J. W., Zhang, D., and Devadas, S. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM Press, New York, NY, 85--96.

Digital Library

[30]

Sweeney, P. F., Hauswirth, M., Cahoon, B., Cheng, P., Diwan, A., Grove, D., and Hind, M. 2004. Using hardware performance moniters to understand the behavior of java applications. In Proceedings of the USENIX 3rd Virtual Machine Research and Technology Symposium (VM’04). ACM Press.

Digital Library

[31]

Tiwari, M., Agrawal, B., Mysore, S., Valamehr, J., and Sherwood, T. 2008. A small cache of large ranges: Hardware methods for efficiently searching, storing, and updating big dataflow tags. In Proceedings of the 41st IEEE/ACM International Symposium on Microarchitecture (MICRO’08). IEEE Computer Society, 94--105.

Digital Library

[32]

Tiwari, M., Wassel, H. M., Mazloom, B., Mysore, S., Chong, F. T., and Sherwood, T. 2009. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’09). ACM, 109--120.

Digital Library

[33]

Vachharajani, N., Bridges, M. J., Chang, J., Rangan, R., Ottoni, G., Blome, J. A., Reis, G. A., Vachharajani, M., and August, D. I. 2004. Rifle: An architectural framework for user-centric information-flow security. In Proceedings of the 37th Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society, 243--254.

Digital Library

[34]

Venkataramani, G., Roemer, B., Solihin, Y. and Prvulovic, M. 2007. MemTracker: Efficient and programmable support for memory access monitoring and debugging. In Proceedings of the 13th International Symposium on High-Performance Computer Architecture.

Digital Library

[35]

Xu, M., Bodik, R., and Hill, M. D. 2003. A “flight data recorder” for enabling full-system multiprocessor deterministic replay. In Proceedings of the 30th Annual International Symposium on Computer Architecture (ISCA’03). ACM Press, 122--135.

Digital Library

[36]

Xu, W., Bhatkar, S., and Sekar, R. 2006. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of the 15th USENIX Security Symposium (USENIX-SS’06). USENIX Association.

Digital Library

[37]

Zeldovich, N., Boyd-Wickizer, S., Kohler, E., and Mazières, D. 2006. Making information flow explicit in histar. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (USENIX’06). USENIX Association.

Digital Library

Cited By

Sapountzis NSun RWei XJin YCrandall JOliveira D(2020)MITOS: Optimal Decisioning for the Indirect Flow Propagation Dilemma in Dynamic Information Flow Tracking Systems2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS47774.2020.00093(1090-1100)Online publication date: Nov-2020
https://doi.org/10.1109/ICDCS47774.2020.00093
Navaki Arefi MAlexander GRokham HChen AFaloutsos MWei XOliveira DCrandall J(2018)FAROS: Illuminating In-memory Injection Attacks via Provenance-Based Whole-System Dynamic Information Flow Tracking2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN.2018.00034(231-242)Online publication date: Jun-2018
https://doi.org/10.1109/DSN.2018.00034
Ito TKaneko Y(2016)A Semantic Dataflow Logger Connecting Java Objects and Database Rows and Columns2016 Fourth International Symposium on Computing and Networking (CANDAR)10.1109/CANDAR.2016.0027(84-90)Online publication date: Nov-2016
https://doi.org/10.1109/CANDAR.2016.0027

Index Terms

Dataflow Tomography: Information Flow Tracking For Understanding and Visualizing Full Systems
1. Computer systems organization

Recommendations

Understanding and visualizing full systems with data flow tomography
ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems

It is not uncommon for modern systems to be composed of a variety of interacting services, running across multiple machines in such a way that most developers do not really understand the whole system. As abstraction is layered atop abstraction, ...
Segmenting Extra Pulmonary Tuberculous Lesions in Computed Tomography Images Using Positron Emission Tomography Intensity Markers
ICIME '09: Proceedings of the 2009 International Conference on Information Management and Engineering

Various studies have been conducted to expand the utilization of Combined Positron Emission Tomography and Computed Tomography (PET/CT) covering cases of infection and inflammation. PET images provide the functional activity of a lesion while CT images ...
Registration of Planar Film Radiographs with Computed Tomography
MMBIA '96: Proceedings of the 1996 Workshop on Mathematical Methods in Biomedical Image Analysis (MMBIA '96)

Abstract: The authors describe a method to register computed tomography (CT) data with planar film radiographs. Previous methods applied to the problem of CT-radiograph registration rely on determining the correspondence between occluding contours of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Architecture and Code Optimization

ACM Transactions on Architecture and Code Optimization Volume 9, Issue 1

March 2012

176 pages

ISSN:1544-3566

EISSN:1544-3973

DOI:10.1145/2133382

Issue’s Table of Contents

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2012

Accepted: 01 August 2011

Revised: 01 July 2011

Received: 01 January 2010

Published in TACO Volume 9, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
670
Total Downloads

Downloads (Last 12 months)68
Downloads (Last 6 weeks)5

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sapountzis NSun RWei XJin YCrandall JOliveira D(2020)MITOS: Optimal Decisioning for the Indirect Flow Propagation Dilemma in Dynamic Information Flow Tracking Systems2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS47774.2020.00093(1090-1100)Online publication date: Nov-2020
https://doi.org/10.1109/ICDCS47774.2020.00093
Navaki Arefi MAlexander GRokham HChen AFaloutsos MWei XOliveira DCrandall J(2018)FAROS: Illuminating In-memory Injection Attacks via Provenance-Based Whole-System Dynamic Information Flow Tracking2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN.2018.00034(231-242)Online publication date: Jun-2018
https://doi.org/10.1109/DSN.2018.00034
Ito TKaneko Y(2016)A Semantic Dataflow Logger Connecting Java Objects and Database Rows and Columns2016 Fourth International Symposium on Computing and Networking (CANDAR)10.1109/CANDAR.2016.0027(84-90)Online publication date: Nov-2016
https://doi.org/10.1109/CANDAR.2016.0027

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents