TY - GEN
T1 - Sdft
T2 - 21st International Conference on Software Quality, Reliability and Security, QRS 2021
AU - Kan, Xiao
AU - Sun, Cong
AU - Liu, Shen
AU - Huang, Yongzhe
AU - Tan, Gang
AU - Ma, Siqi
AU - Zhang, Yumei
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Dynamic taint analysis (DTA) has been widely used in various security-relevant scenarios that need to track the runtime information flow of programs. Dynamic binary instrumentation (DBI) is a prevalent technique in achieving effective dynamic taint tracking on commodity hardware and systems. However, the significant performance overhead incurred by dynamic taint analysis restricts its usage in production systems. Previous efforts on mitigating the performance penalty fall into two categories, parallelizing taint tracking from program execution and abstracting the tainting logic to a higher granularity. Both approaches have only met with limited success. In this work, we propose Sdft, an efficient approach that combines the precision of DBI-based instruction-level taint tracking and the efficiency of function-level abstract taint propagation. First, we build the library function summaries automatically with reachability analysis on the program dependency graph (PDG) to specify the control- and data dependencies between the input parameters, output parameters, and global variables of the target library. Then we derive the taint rules for the target library functions and develop taint tracking for library function that is tightly integrated into the state-of-the-art DTA framework Libdft. By applying our approach to the core C library functions of glibc, we report an average of 1.58x speed up of the tracking performance compared with Libdft64. We also validate the effectiveness of the hybrid taint tracking and the ability on detecting real-world vulnerabilities.
AB - Dynamic taint analysis (DTA) has been widely used in various security-relevant scenarios that need to track the runtime information flow of programs. Dynamic binary instrumentation (DBI) is a prevalent technique in achieving effective dynamic taint tracking on commodity hardware and systems. However, the significant performance overhead incurred by dynamic taint analysis restricts its usage in production systems. Previous efforts on mitigating the performance penalty fall into two categories, parallelizing taint tracking from program execution and abstracting the tainting logic to a higher granularity. Both approaches have only met with limited success. In this work, we propose Sdft, an efficient approach that combines the precision of DBI-based instruction-level taint tracking and the efficiency of function-level abstract taint propagation. First, we build the library function summaries automatically with reachability analysis on the program dependency graph (PDG) to specify the control- and data dependencies between the input parameters, output parameters, and global variables of the target library. Then we derive the taint rules for the target library functions and develop taint tracking for library function that is tightly integrated into the state-of-the-art DTA framework Libdft. By applying our approach to the core C library functions of glibc, we report an average of 1.58x speed up of the tracking performance compared with Libdft64. We also validate the effectiveness of the hybrid taint tracking and the ability on detecting real-world vulnerabilities.
UR - http://www.scopus.com/inward/record.url?scp=85146198571&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85146198571&partnerID=8YFLogxK
U2 - 10.1109/QRS54544.2021.00080
DO - 10.1109/QRS54544.2021.00080
M3 - Conference contribution
AN - SCOPUS:85146198571
T3 - IEEE International Conference on Software Quality, Reliability and Security, QRS
SP - 702
EP - 713
BT - Proceedings - 2021 21st International Conference on Software Quality, Reliability and Security, QRS 2021
PB - Institute of Electrical and Electronics Engineers
Y2 - 6 December 2021 through 10 December 2021
ER -