Loading…

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks

Computer security is severely threatened by software vulnerabilities. Prior work shows that information flow tracking (also referred to as taint analysis) is a promising technique to detect a wide range of security attacks. However, current information flow tracking systems are not very practical, b...

Full description

Saved in:

Bibliographic Details
Main Authors:	Qin, Feng, Wang, Cheng, Li, Zhenmin, Kim, Ho-seop, Zhou, Yuanyuan, Wu, Youfeng
Format:	Conference Proceeding
Language:	English
Subjects:	Application software Computer crime Computer security Computer systems organization > Embedded and cyber-physical systems > Embedded systems Hardware Information security Instruments Runtime Security and privacy > Systems security > Information flow control Security and privacy > Systems security > Operating systems security Software and its engineering > Software organization and properties > Software system structures > Embedded software Software and its engineering > Software organization and properties > Software system structures > Real-time systems software Software tools Switches Target tracking
Citations:	Items that cite this one
Online Access:	Request full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by	cdi_FETCH-LOGICAL-a384t-ef479b677de484c298e2221cef42a3ff183192de07cb3ae7cd12f9620ddf835f3
cites
container_end_page	148
container_issue
container_start_page	135
container_title
container_volume
creator	Qin, Feng Wang, Cheng Li, Zhenmin Kim, Ho-seop Zhou, Yuanyuan Wu, Youfeng
description	Computer security is severely threatened by software vulnerabilities. Prior work shows that information flow tracking (also referred to as taint analysis) is a promising technique to detect a wide range of security attacks. However, current information flow tracking systems are not very practical, because they either require program annotations, source code, non-trivial hardware extensions, or incur prohibitive runtime overheads. This paper proposes a low overhead, software-only information flow tracking system, called LIFT, which minimizes run-time overhead by exploiting dynamic binary instrumentation and optimizations for detecting various types of security attacks without requiring any hardware changes. More specifically, LIFT aggressively eliminates unnecessary dynamic information flow tracking, coalesces information checks, and efficiently switches between target programs and instrumented information flow tracking code. We have implemented LIFT on a dynamic binary instrumentation framework on Windows. Our real-system experiments with two real-world server applications, one client application and eighteen attack benchmarks show that LIFT can effectively detect various types of security attacks. LIFT also incurs very low overhead, only 6.2% for server applications, and 3.6 times on average for seven SPEC INT2000 applications. Our dynamic optimizations are very effective in reducing the overhead by a factor of 5-12 times.
doi_str_mv	10.1109/MICRO.2006.29
format	conference_proceeding
fullrecord	<record><control><sourceid>proquest_6IE</sourceid><recordid>TN_cdi_acm_books_10_1109_MICRO_2006_29</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4041842</ieee_id><sourcerecordid>31251533</sourcerecordid><originalsourceid>FETCH-LOGICAL-a384t-ef479b677de484c298e2221cef42a3ff183192de07cb3ae7cd12f9620ddf835f3</originalsourceid><addsrcrecordid>eNqNkEFLw0AQRhesYK09evLuycSZ2U02e5RgayBSkHpeNsksRBNTs-3Bf29qBa-ePvh4vMMT4hohRgRz_1zkL5uYANKYzJm4BJ2ahLQkMxNzBE2RUgleiGUIbwCASJAoPRezslhtr8S5d13g5e8uxOvqcZs_ReVmXeQPZeRkpvYRe6VNlWrdsMpUTSZjIsJ6-slJ7zGTaKhh0HUlHeu6QfImJWgan8nEy4W4PXl34_B54LC3fRtq7jr3wcMhWImUYCLlBN6cwJaZ7W5sezd-WQUKM0V_Glf3thqG92AR7DGD_clgjxksmQm8-xdoq7FlL78BbV9Ybw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype><pqid>31251533</pqid></control><display><type>conference_proceeding</type><title>LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Qin, Feng ; Wang, Cheng ; Li, Zhenmin ; Kim, Ho-seop ; Zhou, Yuanyuan ; Wu, Youfeng</creator><creatorcontrib>Qin, Feng ; Wang, Cheng ; Li, Zhenmin ; Kim, Ho-seop ; Zhou, Yuanyuan ; Wu, Youfeng</creatorcontrib><description>Computer security is severely threatened by software vulnerabilities. Prior work shows that information flow tracking (also referred to as taint analysis) is a promising technique to detect a wide range of security attacks. However, current information flow tracking systems are not very practical, because they either require program annotations, source code, non-trivial hardware extensions, or incur prohibitive runtime overheads. This paper proposes a low overhead, software-only information flow tracking system, called LIFT, which minimizes run-time overhead by exploiting dynamic binary instrumentation and optimizations for detecting various types of security attacks without requiring any hardware changes. More specifically, LIFT aggressively eliminates unnecessary dynamic information flow tracking, coalesces information checks, and efficiently switches between target programs and instrumented information flow tracking code. We have implemented LIFT on a dynamic binary instrumentation framework on Windows. Our real-system experiments with two real-world server applications, one client application and eighteen attack benchmarks show that LIFT can effectively detect various types of security attacks. LIFT also incurs very low overhead, only 6.2% for server applications, and 3.6 times on average for seven SPEC INT2000 applications. Our dynamic optimizations are very effective in reducing the overhead by a factor of 5-12 times.</description><identifier>ISSN: 1072-4451</identifier><identifier>ISBN: 0769527329</identifier><identifier>ISBN: 9780769527321</identifier><identifier>DOI: 10.1109/MICRO.2006.29</identifier><language>eng</language><publisher>Washington, DC, USA: IEEE Computer Society</publisher><subject>Application software ; Computer crime ; Computer security ; Computer systems organization -- Embedded and cyber-physical systems -- Embedded systems ; Hardware ; Information security ; Instruments ; Runtime ; Security and privacy -- Systems security -- Information flow control ; Security and privacy -- Systems security -- Operating systems security ; Software and its engineering -- Software organization and properties -- Software system structures -- Embedded software ; Software and its engineering -- Software organization and properties -- Software system structures -- Real-time systems software ; Software tools ; Switches ; Target tracking</subject><ispartof>2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06), 2006, p.135-148</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-a384t-ef479b677de484c298e2221cef42a3ff183192de07cb3ae7cd12f9620ddf835f3</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4041842$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54530,54895,54907</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4041842$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Qin, Feng</creatorcontrib><creatorcontrib>Wang, Cheng</creatorcontrib><creatorcontrib>Li, Zhenmin</creatorcontrib><creatorcontrib>Kim, Ho-seop</creatorcontrib><creatorcontrib>Zhou, Yuanyuan</creatorcontrib><creatorcontrib>Wu, Youfeng</creatorcontrib><title>LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks</title><title>2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06)</title><addtitle>MICRO</addtitle><description>Computer security is severely threatened by software vulnerabilities. Prior work shows that information flow tracking (also referred to as taint analysis) is a promising technique to detect a wide range of security attacks. However, current information flow tracking systems are not very practical, because they either require program annotations, source code, non-trivial hardware extensions, or incur prohibitive runtime overheads. This paper proposes a low overhead, software-only information flow tracking system, called LIFT, which minimizes run-time overhead by exploiting dynamic binary instrumentation and optimizations for detecting various types of security attacks without requiring any hardware changes. More specifically, LIFT aggressively eliminates unnecessary dynamic information flow tracking, coalesces information checks, and efficiently switches between target programs and instrumented information flow tracking code. We have implemented LIFT on a dynamic binary instrumentation framework on Windows. Our real-system experiments with two real-world server applications, one client application and eighteen attack benchmarks show that LIFT can effectively detect various types of security attacks. LIFT also incurs very low overhead, only 6.2% for server applications, and 3.6 times on average for seven SPEC INT2000 applications. Our dynamic optimizations are very effective in reducing the overhead by a factor of 5-12 times.</description><subject>Application software</subject><subject>Computer crime</subject><subject>Computer security</subject><subject>Computer systems organization -- Embedded and cyber-physical systems -- Embedded systems</subject><subject>Hardware</subject><subject>Information security</subject><subject>Instruments</subject><subject>Runtime</subject><subject>Security and privacy -- Systems security -- Information flow control</subject><subject>Security and privacy -- Systems security -- Operating systems security</subject><subject>Software and its engineering -- Software organization and properties -- Software system structures -- Embedded software</subject><subject>Software and its engineering -- Software organization and properties -- Software system structures -- Real-time systems software</subject><subject>Software tools</subject><subject>Switches</subject><subject>Target tracking</subject><issn>1072-4451</issn><isbn>0769527329</isbn><isbn>9780769527321</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2006</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNqNkEFLw0AQRhesYK09evLuycSZ2U02e5RgayBSkHpeNsksRBNTs-3Bf29qBa-ePvh4vMMT4hohRgRz_1zkL5uYANKYzJm4BJ2ahLQkMxNzBE2RUgleiGUIbwCASJAoPRezslhtr8S5d13g5e8uxOvqcZs_ReVmXeQPZeRkpvYRe6VNlWrdsMpUTSZjIsJ6-slJ7zGTaKhh0HUlHeu6QfImJWgan8nEy4W4PXl34_B54LC3fRtq7jr3wcMhWImUYCLlBN6cwJaZ7W5sezd-WQUKM0V_Glf3thqG92AR7DGD_clgjxksmQm8-xdoq7FlL78BbV9Ybw</recordid><startdate>20061209</startdate><enddate>20061209</enddate><creator>Qin, Feng</creator><creator>Wang, Cheng</creator><creator>Li, Zhenmin</creator><creator>Kim, Ho-seop</creator><creator>Zhou, Yuanyuan</creator><creator>Wu, Youfeng</creator><general>IEEE Computer Society</general><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20061209</creationdate><title>LIFT</title><author>Qin, Feng ; Wang, Cheng ; Li, Zhenmin ; Kim, Ho-seop ; Zhou, Yuanyuan ; Wu, Youfeng</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a384t-ef479b677de484c298e2221cef42a3ff183192de07cb3ae7cd12f9620ddf835f3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2006</creationdate><topic>Application software</topic><topic>Computer crime</topic><topic>Computer security</topic><topic>Computer systems organization -- Embedded and cyber-physical systems -- Embedded systems</topic><topic>Hardware</topic><topic>Information security</topic><topic>Instruments</topic><topic>Runtime</topic><topic>Security and privacy -- Systems security -- Information flow control</topic><topic>Security and privacy -- Systems security -- Operating systems security</topic><topic>Software and its engineering -- Software organization and properties -- Software system structures -- Embedded software</topic><topic>Software and its engineering -- Software organization and properties -- Software system structures -- Real-time systems software</topic><topic>Software tools</topic><topic>Switches</topic><topic>Target tracking</topic><toplevel>online_resources</toplevel><creatorcontrib>Qin, Feng</creatorcontrib><creatorcontrib>Wang, Cheng</creatorcontrib><creatorcontrib>Li, Zhenmin</creatorcontrib><creatorcontrib>Kim, Ho-seop</creatorcontrib><creatorcontrib>Zhou, Yuanyuan</creatorcontrib><creatorcontrib>Wu, Youfeng</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Qin, Feng</au><au>Wang, Cheng</au><au>Li, Zhenmin</au><au>Kim, Ho-seop</au><au>Zhou, Yuanyuan</au><au>Wu, Youfeng</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks</atitle><btitle>2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06)</btitle><stitle>MICRO</stitle><date>2006-12-09</date><risdate>2006</risdate><spage>135</spage><epage>148</epage><pages>135-148</pages><issn>1072-4451</issn><isbn>0769527329</isbn><isbn>9780769527321</isbn><abstract>Computer security is severely threatened by software vulnerabilities. Prior work shows that information flow tracking (also referred to as taint analysis) is a promising technique to detect a wide range of security attacks. However, current information flow tracking systems are not very practical, because they either require program annotations, source code, non-trivial hardware extensions, or incur prohibitive runtime overheads. This paper proposes a low overhead, software-only information flow tracking system, called LIFT, which minimizes run-time overhead by exploiting dynamic binary instrumentation and optimizations for detecting various types of security attacks without requiring any hardware changes. More specifically, LIFT aggressively eliminates unnecessary dynamic information flow tracking, coalesces information checks, and efficiently switches between target programs and instrumented information flow tracking code. We have implemented LIFT on a dynamic binary instrumentation framework on Windows. Our real-system experiments with two real-world server applications, one client application and eighteen attack benchmarks show that LIFT can effectively detect various types of security attacks. LIFT also incurs very low overhead, only 6.2% for server applications, and 3.6 times on average for seven SPEC INT2000 applications. Our dynamic optimizations are very effective in reducing the overhead by a factor of 5-12 times.</abstract><cop>Washington, DC, USA</cop><pub>IEEE Computer Society</pub><doi>10.1109/MICRO.2006.29</doi><tpages>14</tpages></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 1072-4451
ispartof	2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06), 2006, p.135-148
issn	1072-4451
language	eng
recordid	cdi_acm_books_10_1109_MICRO_2006_29
source	IEEE Electronic Library (IEL) Conference Proceedings
subjects	Application software Computer crime Computer security Computer systems organization -- Embedded and cyber-physical systems -- Embedded systems Hardware Information security Instruments Runtime Security and privacy -- Systems security -- Information flow control Security and privacy -- Systems security -- Operating systems security Software and its engineering -- Software organization and properties -- Software system structures -- Embedded software Software and its engineering -- Software organization and properties -- Software system structures -- Real-time systems software Software tools Switches Target tracking
title	LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-13T21%3A18%3A16IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=LIFT:%20A%20Low-Overhead%20Practical%20Information%20Flow%20Tracking%20System%20for%20Detecting%20Security%20Attacks&rft.btitle=2006%2039th%20Annual%20IEEE/ACM%20International%20Symposium%20on%20Microarchitecture%20(MICRO'06)&rft.au=Qin,%20Feng&rft.date=2006-12-09&rft.spage=135&rft.epage=148&rft.pages=135-148&rft.issn=1072-4451&rft.isbn=0769527329&rft.isbn_list=9780769527321&rft_id=info:doi/10.1109/MICRO.2006.29&rft_dat=%3Cproquest_6IE%3E31251533%3C/proquest_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a384t-ef479b677de484c298e2221cef42a3ff183192de07cb3ae7cd12f9620ddf835f3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=31251533&rft_id=info:pmid/&rft_ieee_id=4041842&rfr_iscdi=true