Skip to Main content Skip to Navigation
Conference papers

SHRIFT System-Wide HybRid Information Flow Tracking

Abstract : Using data flow tracking technology, one can observe how data flows from inputs (sources) to outputs (sinks) of a software system. It has been proposed [1] to do runtime data flow tracking at various layers simultaneously (operating system, application, data base, window manager, etc.), and connect the monitors’ observations to exploit semantic information about the layers to make analyses more precise. This has implications on performance—multiple monitors running in parallel—and on methodology—there needs to be one dedicated monitor per layer. We address both aspects of the problem. We replace a runtime monitor at a layer L by its statically computed input-output dependencies. At runtime, these relations are used by monitors at other layers to model flows of data through L, thus allowing cross-layer system-wide tracking. We achieve this in three steps: (1) static analysis of the application at layer L, (2) instrumentation of the application’s source and sink instructions and (3) runtime execution of the instrumented application in combination with monitors at other layers. The result allows for system-wide tracking of data dissemination, across and through multiple applications. We implement our solution at the Java Bytecode level, and connect it to a runtime OS-level monitor. In terms of precision and performance, we outperform binary-level approaches and can exploit high-level semantics.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-01345128
Contributor : Hal Ifip <>
Submitted on : Wednesday, July 13, 2016 - 11:08:42 AM
Last modification on : Wednesday, July 13, 2016 - 11:18:41 AM

File

337885_1_En_25_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Enrico Lovat, Alexander Fromm, Martin Mohr, Alexander Pretschner. SHRIFT System-Wide HybRid Information Flow Tracking. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.371-385, ⟨10.1007/978-3-319-18467-8_25⟩. ⟨hal-01345128⟩

Share

Metrics

Record views

126

Files downloads

137