SHRIFT system-wide HybRid information flow tracking

Enrico Lovat, Alexander Fromm, Martin Mohr, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

Using data flow tracking technology, one can observe how data flows from inputs (sources) to outputs (sinks) of a software system. It has been proposed [1] to do runtime data flow tracking at various layers simultaneously (operating system, application, data base, window manager, etc.), and connect the monitors’ observations to exploit semantic information about the layers to make analyses more precise. This has implications on performance—multiple monitors running in parallel— and on methodology—there needs to be one dedicated monitor per layer. We address both aspects of the problem. We replace a runtime monitor at a layer L by its statically computed input-output dependencies. At runtime, these relations are used by monitors at other layers to model flows of data through L, thus allowing cross-layer system-wide tracking. We achieve this in three steps: (1) static analysis of the application at layer L, (2) instrumentation of the application’s source and sink instructions and (3) runtime execution of the instrumented application in combination with monitors at other layers. The result allows for system-wide tracking of data dissemination, across and through multiple applications. We implement our solution at the Java Bytecode level, and connect it to a runtime OS-level monitor. In terms of precision and performance, we outperform binary-level approaches and can exploit high-level semantics.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection - 30th IFIP TC 11 International Conference, SEC 2015, Proceedings
EditorsHannes Federrath, Dieter Gollmann
PublisherSpringer New York LLC
Pages371-385
Number of pages15
ISBN (Print)9783319184661
DOIs
StatePublished - 2015
Event30th IFIP TC 11 International Information Security and Privacy Conference, SEC 2015 - Hamburg, Germany
Duration: 26 May 201528 May 2015

Publication series

NameIFIP Advances in Information and Communication Technology
Volume455
ISSN (Print)1868-4238

Conference

Conference30th IFIP TC 11 International Information Security and Privacy Conference, SEC 2015
Country/TerritoryGermany
CityHamburg
Period26/05/1528/05/15

Fingerprint

Dive into the research topics of 'SHRIFT system-wide HybRid information flow tracking'. Together they form a unique fingerprint.

Cite this