Architecture-Independent Dynamic Information Flow Tracking

  • Ryan Whelan
  • Tim Leek
  • David Kaeli
Conference paper

DOI: 10.1007/978-3-642-37051-9_8

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7791)
Cite this paper as:
Whelan R., Leek T., Kaeli D. (2013) Architecture-Independent Dynamic Information Flow Tracking. In: Jhala R., De Bosschere K. (eds) Compiler Construction. CC 2013. Lecture Notes in Computer Science, vol 7791. Springer, Berlin, Heidelberg

Abstract

Dynamic information flow tracking is a well-known dynamic software analysis technique with a wide variety of applications that range from making systems more secure, to helping developers and analysts better understand the code that systems are executing. Traditionally, the fine-grained analysis capabilities that are desired for the class of these systems which operate at the binary level require tight coupling to a specific ISA. This places a heavy burden on developers of these systems since significant domain knowledge is required to support each ISA, and the ability to amortize the effort expended on one ISA implementation cannot be leveraged to support other ISAs. Further, the correctness of the system must carefully evaluated for each new ISA.

In this paper, we present a general approach to information flow tracking that allows us to support multiple ISAs without mastering the intricate details of each ISA we support, and without extensive verification. Our approach leverages binary translation to an intermediate representation where we have developed detailed, architecture-neutral information flow models. To support advanced instructions that are typically implemented in C code in binary translators, we also present a combined static/dynamic analysis that allows us to accurately and automatically support these instructions. We demonstrate the utility of our system in three different application settings: enforcing information flow policies, classifying algorithms by information flow properties, and characterizing types of programs which may exhibit excessive information flow in an information flow tracking system.

Keywords

Binary translation binary instrumentation information flow tracking dynamic analysis taint analysis intermediate representations 

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Ryan Whelan
    • 1
  • Tim Leek
    • 2
  • David Kaeli
    • 1
  1. 1.Department of Electrical and Computer EngineeringNortheastern UniversityBostonUSA
  2. 2.Cyber System Assessments GroupMIT Lincoln LaboratoryLexingtonUSA

Personalised recommendations