Presentation is loading. Please wait.

Presentation is loading. Please wait.

Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University.

Published byAnthony Carroll Modified over 7 years ago

Similar presentations

Presentation on theme: "Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University."— Presentation transcript:

1 Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University

2 Goal: Track how apps use data 2

3 3

4 4

5 “What is the app doing?” What is the app doing after taking a picture? Is it creating multiple copies of the picture? 5

6 Dynamic taint tracking 6 Log when photos are saved as files 01: Image pic = takePicWithCamera(); 02: Image newPic = copy(pic); 03: crop(newPic); 04: modify(newPic); 05: writeToFile(newPic, “my_picture.png”); Mark as “taint source” Tainted due to “taint propagation rules” Mark the file system as a “taint sink”

7 Dynamic taint tracking Detecting and defeating malware TaintCheck (Newsome `05), Panorama (Yin`07) Attest to the authenticity of sensor data YouProve (Gilbert `11) Minimize exposure of sensitive data Clean OS (Tang `12) Manage app data in logical units Pebbles (Spahn `14) Track how apps use passwords SpanDex (Cox `14) Improve energy efficiency of apps MobileHub (Shen `15) 7

8 YouProve [Gilbert `11] 8 Was the swan really there?

9 YouProve [Gilbert `11] 9 Prove that camera images are authentic 01: Image pic = takePicWithCamera(); 02: Image newPic = copy(pic); 03: crop(newPic); 04: modify(newPic); 05: writeToFile(newPic, “my_picture.png”); The camera is a taint source The file system is a taint sink Original

10 YouProve [Gilbert `11] 10 OriginalnewPic Picture analyzer Authenticity certificate

11 TaintDroid [Enck ‘10] Implemented within the Dalvik VM – Dalvik is a managed runtime like the Java VM Reasonably good performance – Overhead of about 14% – Running apps on a VM is slow to begin with – Taint tracking logic does not add significant overhead Hardware Linux Kernel Android Platform Dalvik VM Core Libraries 11

12 The trend to native code 12 Tracking native code is expensive! 10 to 30x slowdown TaintCheck (Newsome ‘05), Dytan (Clause ’07)

13 Selective taint tracking Perform tracking only the camera is used – 1. Disassemble an app’s instructions – 2. Perform taint propagation – 3. Execute the app instruction – 4. Proceed until app stops using tainted data Otherwise, apps run normally Implemented using page protections Demand Emulation (Ho ’06) Overhead is amortized over app’s lifetime! 13

14 Apps are multi-threaded takePicWithCamera() Only emulate the threads handling tainted data UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 14

15 Thread-local emulation takePicWithCamera() How can we interpose on memory accesses on a thread-level basis? Worker Thread 2 Worker Thread 3 UI Thread Worker Thread 1 Only the threads handling tainted data are emulated 15

16 16 UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 Memory How does emulator access tainted data in protected page? Tainted data in protected page Memory organized in pages Remove page protections Not emulated!

17 17 UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 Memory Emulate everything! We want thread-local emulation

18 Page table tricks 18 UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 Virtual Memory Physical Memory

19 Alternative approaches Software Techniques: – Virtual page table tricks (Appel and Li ’91) Hardware techniques: – ARM memory domains – Virtualization features Dune (Belay ’12) 19

20 Limitations 20 Tainted data on UI thread!

21 Conclusion Dynamic taint tracking is useful Modern mobile platforms exhibit a shift to native code Need native code taint tracking Require thread-local emulation for performance Plenty of research and implementation questions left 21

22 Thread-level Memory Access UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 Process Emulator implemented as thread-specific signal handler. Page protections at thread-granularity.

23 The Elephant in the Room 23 Implicit Flows

24 Might not be a problem. YouProve (Gilbert’11) May be quantified in certain contexts. SpanDex (Cox ‘14) Ideas from static taint analysis may be used. MobileHub (Shen ’15) 24

25 Implicit Flows 25 01: int someVal = getTaintedValue(); 02: bool lessThanTwenty = false; 03: if (someVal < 20) { 04: lessThanTwenty = true; 05: } 06: if (lessThanTwenty) { 07: doSomethingHere(); 08: } Should this be tainted? Exploitable by malicious apps. Unclear.

26 YouProve [Gilbert `11] 26 Prove that sensor data is authentic. 01: Image pic = takePicWithCamera(); 02: Image newPic = copy(pic); 03: crop(newPic); 04: modify(newPic); 05: writeToFile(newPic, “my_picture.png”) Original Authenticity certificate will not be generated!

Download ppt "Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University."

Similar presentations

Android Application Development A Tutorial Driven Course.

Android Application Development A Tutorial Driven Course.
CSC 360- Instructor: K. Wu Overview of Operating Systems.

CSC 360- Instructor: K. Wu Overview of Operating Systems.
Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.

Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.

Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Introduction to Android Mohammad A. Gowayyed CS334-Spring 2014.

Introduction to Android Mohammad A. Gowayyed CS334-Spring 2014.
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P
DEPARTMENT OF COMPUTER ENGINEERING

DEPARTMENT OF COMPUTER ENGINEERING
ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.

ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.
CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
Dynamic Tainting for Deployed Java Programs Du Li Advisor: Witawas Srisa-an University of Nebraska-Lincoln 1.

Dynamic Tainting for Deployed Java Programs Du Li Advisor: Witawas Srisa-an University of Nebraska-Lincoln 1.
Mobile Application Development

Mobile Application Development
KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.

KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.
ThreadsThreads operating systems. ThreadsThreads A Thread, or thread of execution, is the sequence of instructions being executed. A process may have.

ThreadsThreads operating systems. ThreadsThreads A Thread, or thread of execution, is the sequence of instructions being executed. A process may have.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Mobile Application Development with ANDROID Tejas Lagvankar UMBC 29 April 2009.

Mobile Application Development with ANDROID Tejas Lagvankar UMBC 29 April 2009.

Similar presentations

Ads by Google