research-article

Efficient and Precise Information Flow Control for Machine Code through Demand-Driven Secure Multi-Execution

Authors:

Tobias Pfeffer,

Thomas Göthel,

Sabine GlesnerAuthors Info & Claims

CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

Pages 197 - 208

https://doi.org/10.1145/3292006.3300040

Published: 13 March 2019 Publication History

Abstract

Dynamic Information Flow Control (IFC) systems, like No-Sensitive-Upgrade or Permissive-Upgrade, can guarantee Termination-Insensitive Non-Interference, but reject valid programs due to their inability to track implicit flows. More advanced multi-execution based approaches, like Shadow Execution and Secure Multi-Execution, are precise and guarantee Termination-Sensitive Non-Interference, but require additional resources or, in the case of Faceted Evaluation, deep changes to the execution semantics. In this paper, we propose a novel efficient and precise Information Flow Control system for machine code through Demand-Driven Secure Multi-Execution. Our key idea is to use lightweight single-execution monitoring as long as the execution is secretless and fork multiple copies on-demand when necessary. We present the first Secure Multi-Execution implementation for legacy code in Unix-based environments and show that our demand-driven optimization drastically reduces the run-time overhead for cat and sha256sum. Our results indicate that further acceleration is possible through improved static analyses, making multi-execution based IFC systems applicable to machine code.

References

[1]

Thomas H Austin and Cormac Flanagan. 2009. Efficient purely-dynamic information flow analysis. In Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security. ACM, 113--124.

Digital Library

[2]

Thomas H Austin and Cormac Flanagan. 2010. Permissive dynamic information flow analysis. In Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security. ACM, 3.

Digital Library

[3]

Thomas H Austin and Cormac Flanagan. 2012. Multiple facets for dynamic information flow. In ACM Sigplan Notices, Vol. 47. ACM, 165--178.

Digital Library

[4]

Gogul Balakrishnan and Thomas Reps. 2004. Analyzing memory accesses in x86 executables. In International conference on compiler construction. Springer, 5--23.

[5]

Musard Balliu, Mads Dam, and Roberto Guanciale. 2014. Automating Information Flow Analysis of Low Level Code. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, New York, NY, USA, 1080--1091.

Digital Library

[6]

Gilles Barthe, Pedro R D'Argenio, and Tamara Rezk. 2004. Secure information flow by self-composition. In Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE. IEEE, 100--114.

Digital Library

[7]

R. Capizzi, A. Longo, V. N. Venkatakrishnan, and A. P. Sistla. 2008. Preventing Information Leaks through Shadow Executions. In 2008 Annual Computer Security Applications Conference (ACSAC). 322--331.

Digital Library

[8]

Michael R Clarkson and Fred B Schneider. 2010. Hyperproperties. Journal of Computer Security, Vol. 18, 6 (2010), 1157--1210.

[9]

Dominique Devriese and Frank Piessens. 2010. Noninterference through secure multi-execution. In Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 109--124.

Digital Library

[10]

Joseph A Goguen and José Meseguer. 1982. Security policies and security models. In Security and Privacy, 1982 IEEE Symposium on . IEEE, 11--11.

[11]

Ivan Gotovchits, Rijnard van Tonder, and David Brumley. 2018. Saluki: finding taint-style vulnerabilities with static property checking.

[12]

Kevin W Hamlen, Greg Morrisett, and Fred B Schneider. 2006. Computability classes for enforcement mechanisms. ACM Transactions on Programming Languages and Systems (TOPLAS), Vol. 28, 1 (2006), 175--205.

Digital Library

[13]

Petr Hosek and Cristian Cadar. 2015. VARAN the Unbelievable: An Efficient N-version Execution Framework. SIGPLAN Not., Vol. 50, 4 (March 2015), 339--353.

Digital Library

[14]

Vineeth Kashyap, Ben Wiedermann, and Ben Hardekopf. 2011. Timing-and termination-sensitive secure information flow: Exploring a new approach. In Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, 413--428.

Digital Library

[15]

Johannes Kinder. 2010. Static Analysis of x86 Executables . Ph.D. Dissertation. Technische Universit"at Darmstadt.

[16]

Koen Koning, Herbert Bos, and Cristiano Giuffrida. 2016. Secure and efficient multi-variant execution using hardware-assisted process virtualization. In Dependable Systems and Networks (DSN), 2016 46th Annual IEEE/IFIP International Conference on. IEEE, 431--442.

[17]

Yonghwi Kwon, Dohyeong Kim, William Nick Sumner, Kyungtae Kim, Brendan Saltaformaggio, Xiangyu Zhang, and Dongyan Xu. 2016. LDX: Causality Inference by Lightweight Dual Execution. In Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '16). ACM, New York, NY, USA, 503--515.

Digital Library

[18]

Xiaozhu Meng and B Miller. 2015. Binary code is not easy . Technical Report. Tech. rep., Computer Sciences Department, University of Wisconsin, Madison.

[19]

Bogdan Mihaila. 2015. Adaptable Static Analysis of Executables for proving the Absence of Vulnerabilities . Ph.D. Dissertation. München, Technische Universit"at München, Diss., 2015.

[20]

Dimiter Milushev, Wim Beck, and Dave Clarke. 2012. Noninterference via Symbolic Execution. FMOODS/FORTE, Vol. 7273 (2012), 152--168.

Digital Library

[21]

Tobias Pfeffer, Paula Herber, Lucas Druschke, and Sabine Glesner. 2018. Efficient and Safe Control Flow Recovery Using a Restricted Intermediate Language. In VSC Track on Validation of Safety critical Collaboration systems at the IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2018, to appear). IEEE Computer Society.

[22]

Willard Rafnsson and Andrei Sabelfeld. 2016. Secure multi-execution: Fine-grained, declassification-aware, and transparent. Journal of Computer Security, Vol. 24, 1 (2016), 39--90.

[23]

Andrei Sabelfeld and Alejandro Russo. 2009. From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research. In Ershov Memorial Conference, Vol. 5947. Springer, 352--365.

Digital Library

[24]

Thomas Schmitz, Maximilian Algehed, Cormac Flanagan, and Alejandro Russo. 2018. Faceted Secure Multi Execution. (2018).

[25]

Edward J Schwartz, Thanassis Avgerinos, and David Brumley. 2010. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Security and privacy (SP), 2010 IEEE symposium on. IEEE, 317--331.

Digital Library

[26]

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis. In IEEE Symposium on Security and Privacy .

[27]

Tachio Terauchi and Alexander Aiken. 2005. Secure information flow as a safety problem. In SAS, Vol. 3672. Springer, 352--367.

Digital Library

[28]

Stijn Volckaert, Bart Coppens, and Bjorn De Sutter. 2015. Cloning your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution. (2015).

[29]

D. Zanarini, M. Jaskelioff, and A. Russo. 2013. Precise Enforcement of Confidentiality for Reactive Systems. In 2013 IEEE 26th Computer Security Foundations Symposium. 18--32.

Digital Library

[30]

Stephan Arthur Zdancewic and Andrew Myers. 2002. Programming languages for information security .Cornell University.

Digital Library

Cited By

Algehed MFlanagan C(2020)Transparent IFC Enforcement: Possibility and (In)Efficiency Results2020 IEEE 33rd Computer Security Foundations Symposium (CSF)10.1109/CSF49147.2020.00013(65-78)Online publication date: Jun-2020
https://doi.org/10.1109/CSF49147.2020.00013
Pfeffer TGothel TGlesner S(2019)Automatic Analysis of Critical Sections for Efficient Secure Multi-Execution2019 IEEE 19th International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS.2019.00048(318-325)Online publication date: Jul-2019
https://doi.org/10.1109/QRS.2019.00048

Index Terms

Efficient and Precise Information Flow Control for Machine Code through Demand-Driven Secure Multi-Execution
1. Security and privacy
  1. Software and application security
  2. Systems security
    1. Information flow control

Recommendations

Precise and efficient integration of interprocedural alias information into data-flow analysis

Data-flow analysis is a basis for program optimization and parallelizing transformations. The mechanism of passing reference parameters at call sites generates interprocedural aliases which complicate this analysis. Solutions have been developed for ...
Static flow-sensitive & context-sensitive information-flow analysis for software product lines: position paper
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for Security

A software product line encodes a potentially large variety of software products as variants of some common code base, e.g., through the use of #ifdef statements or other forms of conditional compilation. Traditional information-flow analyses cannot ...
Efficient Instrumentation of GPGPU Applications Using Information Flow Analysis and Symbolic Execution
GPGPU-7: Proceedings of Workshop on General Purpose Processing Using GPUs

Dynamic instrumentation of GPGPU binaries makes possible real-time introspection methods for performance debugging, correctness checks, workload characterization, and runtime optimization. Such instrumentation involves inserting code at the instruction ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '19: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy

March 2019

373 pages

ISBN:9781450360999

DOI:10.1145/3292006

General Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Bhavani Thuraisingham
University of Texas at Dallas, USA
,
Program Chairs:
Murat Kantarcioglu
University of Texas at Dallas, USA
,
Ram Krishnan
University of Texas at San Antonio, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CODASPY '19

Sponsor:

SIGSAC

CODASPY '19: Ninth ACM Conference on Data and Application Security and Privacy

March 25 - 27, 2019

Texas, Richardson, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
193
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Algehed MFlanagan C(2020)Transparent IFC Enforcement: Possibility and (In)Efficiency Results2020 IEEE 33rd Computer Security Foundations Symposium (CSF)10.1109/CSF49147.2020.00013(65-78)Online publication date: Jun-2020
https://doi.org/10.1109/CSF49147.2020.00013
Pfeffer TGothel TGlesner S(2019)Automatic Analysis of Critical Sections for Efficient Secure Multi-Execution2019 IEEE 19th International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS.2019.00048(318-325)Online publication date: Jul-2019
https://doi.org/10.1109/QRS.2019.00048

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten