Sciweavers

CCS
2008
ACM

Efficient and extensible security enforcement using dynamic data flow analysis

14 years 2 months ago
Efficient and extensible security enforcement using dynamic data flow analysis
Current taint tracking systems suffer from high overhead and a lack of generality. In this paper, we solve both of these issues with an extensible system that is an order of magnitude more efficient than previous software taint tracking systems and is fully general to dynamic data flow tracking problems. Our system uses a compiler to transform untrusted programs into policy-enforcing programs, and our system can be easily reconfigured to support new analyses and policies without modifying the compiler or runtime system. Our system uses a sound and sophisticated static analysis that can dramatically reduce the amount of data that must be dynamically tracked. For server programs, our system's average overhead is 0.65% for taint tracking, which is comparable to the best hardware-based solutions. For a set of compute-bound benchmarks, our system produces no runtime overhead because our compiler can prove the absence of vulnerabilities, eliminating the need to dynamically track taint....
Walter Chang, Brandon Streiff, Calvin Lin
Added 18 Oct 2010
Updated 18 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Walter Chang, Brandon Streiff, Calvin Lin
Comments (0)