Download presentation
Presentation is loading. Please wait.
1
Dynamic Tainting for Deployed Java Programs Du Li Advisor: Witawas Srisa-an University of Nebraska-Lincoln 1
2
Example 2
3
Example (Cont) 3
4
Dynamic Tainting Analysis Mark and track certain data at runtime Widely applied to: o Attack prevention o Data lifespan/scope analysis o Generation of test cases o etc. 4
5
Dynamic Tainting Analysis (cont.) Powerful but expensive o Significant overhead o Need third-party tools support o Suitable for debugging and maintenance, too much overhead for deployed systems 5
6
Goal Make dynamic tainting analysis feasible for deployed systems o Fast: High-performance and low overhead o Easy to use: No need for extra HW or SW support o Flexible: Users control what and when to monitor 6
7
Idea Java Virtual Machine is a good platform for dynamic tainting analysis o Useful runtime information CFG, data access, object life span,... o Existing components Barriers Optimizing compilers Garbage collectors 7
8
Outline Motivation A proposed solution Implementation plan Conclusion 8
9
Motivation Existing dynamic tainting tools have high overhead o Dytan: 30-50 times overhead (Clause et al.) o Taintcheck: 20 times overhead in the worst case (Seward et al.) o Effective memory protector: 25% overhead but need special hardware (Clause et al.) 9
10
Motivation (cont.) Existing solutions need extra SW support o Dytan: on top of PIN (Luk et al.) o TaintChecker: on top of Valgrind (Nethercote et al.) o Require users' extra effort to set up execution environment on third-party tools (not always feasible) 10
11
Motivation (cont.) Existing work is based on binary instrumentation Managed languages (like Java) are popular in many deployed environments It is time to investigate tainting analysis in virtual machines 11
12
Solution JVM-based Dynamic Tainting framework o Easy to use: as one JVM build-in feature, no need for extra tool support, enable by setting a flag o High-performance: utilize existing runtime systems to generate information o Customization: can be configurable to monitor only a subset of data flow 12
13
Implementation JVM has useful infrastructure for dynamic tainting analysis o Read/Write barriers → data access tracing o Garbage collector → marking information process o JIT compilers → optimization 13
14
Implementation (cont.) Data tracing o Write/Read Barriers can monitor all data access efficiently o Garbage collector can help to identify data references o Our experiment and existing work (Blackburn et al.) shows average overhead of barriers can range from 6.49% to 21.24% o Data tracing is the dominant part of overhead 14
15
Implementation (cont.) Achieving High-Performance o JIT compiler is a great place to improve performance All tainting analysis related code will be optimized by JIT compiler Data dependency information can be generated by JIT compiler Make tainting process more accurate and smart 15
16
Implementation (cont.) Achieving Customization o JIT compiler can replace code at runtime Our framework makes use of JIT compiler to customize tainting analysis sampling rate, granularity, or even turn on/off tainting analysis o Tradeoff between accuracy and performance 16
17
Status 1.Working on Maxine Virtual Machine to build data flow analysis framework 2.Basic components are close to be done 3.Plan to build tainting analysis on top of the framework 17
18
Conclusion Existing tainting analysis solution is powerful but heavy weight JVM base tainting framework is easier to use: efficient, flexible Existing JVM infrastructure can help to improve tainting process 18
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.