On the Scalable Dynamic Taint Analysis for Distributed Systems

被引:0
|
作者
Fu, Xiaoqin [1 ]
机构
[1] Washington State Univ, Pullman, WA 99164 USA
来源
ESEC/FSE'2019: PROCEEDINGS OF THE 2019 27TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING | 2019年
关键词
Distributed systems; Dynamic taint analysis; Scalability;
D O I
10.1145/3338906.3342506
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
To protect the privacy and search sensitive data leaks, we must solve multiple challenges (e.g., applicability, portability, and scalability) for developing an appropriate taint analysis for distributed systems. We hence present DISTTAINT, a dynamic taint analysis for distributed systems against these challenges. It could infer implicit dependencies from partial-ordering method events in executions to resolve the applicability challenge. DISTTAINT fully works at application-level without any customization of platforms to overcome the portability challenge. It exploits a multi-phase analysis to achieve scalability. By proposing a pre-analysis, DISTTAINT narrows down the following fine-grained analysis' scope to reduce the overall cost significantly. Empirical results showed DISTTAINT's practical applicability, portability, and scalability to industry-scale distributed programs, and its capability of discovering security vulnerabilities in real-world distributed systems. The tool package can be downloaded here: https://www.dropbox.com/sh/kfr9ixucyny1jp2/AAC00aI-I8O-d4ywZCqwZ1uaa?dl=0
引用
收藏
页码:1247 / 1249
页数:3
相关论文
共 50 条
  • [1] A Dynamic Taint Analyzer for Distributed Systems
    Fu, Xiaoqin
    Cai, Haipeng
    [J]. ESEC/FSE'2019: PROCEEDINGS OF THE 2019 27TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2019, : 1115 - 1119
  • [2] An Uneven Distributed System for Dynamic Taint Analysis Framework
    Wang, Xuefei
    Ma, Hengtai
    Yang, Ke
    Liang, Hongliang
    [J]. 2015 IEEE 2ND INTERNATIONAL CONFERENCE ON CYBER SECURITY AND CLOUD COMPUTING (CSCLOUD), 2015, : 237 - 240
  • [3] Scaling Application-Level Dynamic Taint Analysis to Enterprise-Scale Distributed Systems
    Fu, Xiaoqin
    Cai, Haipeng
    [J]. 2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: COMPANION PROCEEDINGS (ICSE-COMPANION 2020), 2020, : 270 - 271
  • [4] DisTA: Generic Dynamic Taint Tracking for Java']Java-Based Distributed Systems
    Wang, Dong
    Gao, Yu
    Dou, Wensheng
    Wei, Jun
    [J]. 2022 52ND ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2022), 2022, : 547 - 558
  • [5] SURVEY OF DYNAMIC TAINT ANALYSIS
    Kim, Junhyoung
    Kim, TaeGuen
    Im, Eul Gyu
    [J]. 2014 4TH IEEE INTERNATIONAL CONFERENCE ON NETWORK INFRASTRUCTURE AND DIGITAL CONTENT (IEEE IC-NIDC), 2014, : 269 - 272
  • [6] Scalable and efficient parallel and distributed simulation of complex, dynamic and mobile systems
    Bononi, L
    Bracuto, M
    D'Angelo, G
    Donatiello, L
    [J]. 2005 WORKSHOP ON TECHNIQUES, METHODOLOGIES AND TOOLS FOR PERFORMANCE EVALUATION OF COMPLEX SYSTEMS, PROCEEDINGS, 2005, : 136 - 145
  • [7] The Performance Analysis of Distributed Storage Systems Used in Scalable Web Systems
    Oles, Dominik
    Nowak, Ziemowit
    [J]. INFORMATION SYSTEMS ARCHITECTURE AND TECHNOLOGY, ISAT 2018, PT I, 2019, 852 : 287 - 298
  • [8] SEADS: Scalable and Cost-effective Dynamic Dependence Analysis of Distributed Systems via Reinforcement Learning
    Fu, Xiaoqin
    Cai, Haipeng
    Li, Wen
    Li, Li
    [J]. ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2021, 30 (01)
  • [9] Automatic protocol reverse engineering for industrial control systems with dynamic taint analysis
    Ma, Rongkuan
    Zheng, Hao
    Wang, Jingyi
    Wang, Mufeng
    Wei, Qiang
    Wang, Qingxian
    [J]. FRONTIERS OF INFORMATION TECHNOLOGY & ELECTRONIC ENGINEERING, 2022, 23 (03) : 351 - 360
  • [10] Automatic protocol reverse engineering for industrial control systems with dynamic taint analysis
    Ma, Rongkuan
    Zheng, Hao
    Wang, Jingyi
    Wang, Mufeng
    Wei, Qiang
    Wang, Qingxian
    [J]. Frontiers of Information Technology and Electronic Engineering, 2022, 23 (03): : 351 - 360
12345