skip to main content
research-article

Phosphor: illuminating dynamic data flow in commodity jvms

Published:15 October 2014Publication History
Skip Abstract Section

Abstract

Dynamic taint analysis is a well-known information flow analysis problem with many possible applications. Taint tracking allows for analysis of application data flow by assigning labels to data, and then propagating those labels through data flow. Taint tracking systems traditionally compromise among performance, precision, soundness, and portability. Performance can be critical, as these systems are often intended to be deployed to production environments, and hence must have low overhead. To be deployed in security-conscious settings, taint tracking must also be sound and precise. Dynamic taint tracking must be portable in order to be easily deployed and adopted for real world purposes, without requiring recompilation of the operating system or language interpreter, and without requiring access to application source code.

We present Phosphor, a dynamic taint tracking system for the Java Virtual Machine (JVM) that simultaneously achieves our goals of performance, soundness, precision, and portability. Moreover, to our knowledge, it is the first portable general purpose taint tracking system for the JVM. We evaluated Phosphor's performance on two commonly used JVM languages (Java and Scala), on two successive revisions of two commonly used JVMs (Oracle's HotSpot and OpenJDK's IcedTea) and on Android's Dalvik Virtual Machine, finding its performance to be impressive: as low as 3% (53% on average; 220% at worst) using the DaCapo macro benchmark suite. This paper describes our approach toward achieving portable taint tracking in the JVM.

Skip Supplemental Material Section

Supplemental Material

References

  1. Apache Software Foundation. Apache harmony - open source java platform. http://harmony.apache.org.Google ScholarGoogle Scholar
  2. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '14, pages 259--269, New York, NY, USA, 2014. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. R. Azadmanesh and M. Sharifi. Towards a system-wide and transparent security mechanism using language-level information flow control. In Proceedings of the 3rd International Conference on Security of Information and Networks, SIN '10, pages 19--26, New York, NY, USA, 2010. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. Bell and G. Kaiser. Phosphor: Dynamic taint tracking for the jvm. https://github.com/Programming-Systems-Lab/phosphor.Google ScholarGoogle Scholar
  5. S. M. Blackburn, R. Garner, C. Hoffmann, A. M. Khang, K. S. McKinley, R. Bentzur, A. Diwan, D. Feinberg, D. Frampton, S. Z. Guyer, M. Hirzel, A. Hosking, M. Jump, H. Lee, J. E. B. Moss, A. Phansalkar, D. Stefanović, T. VanDrunen, D. von Dincklage, and B. Wiedermann. The dacapo benchmarks: Java benchmarking development and analysis. In OOPSLA '06, pages 169--190, New York, NY, USA, 2006. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. E. Bruneton, R. Lenglet, and T. Coupaye. Asm: A code manipulation tool to implement adaptable systems. In In Adaptable and extensible component systems, 2002.Google ScholarGoogle Scholar
  7. J. M. Bull, L. A. Smith, M. D. Westhead, D. S. Henty, and R. A. Davey. A methodology for benchmarking java grande applications. In in Proceedings of ACM 1999 Java Grande Conference, pages 81--88. ACM Press, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Chandra. Personal Communication (Email). July 10, 2014.Google ScholarGoogle Scholar
  9. D. Chandra and M. Franz. Fine-grained information flow analysis and enforcement in a java virtual machine. In Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, pages 463--475, Dec 2007.Google ScholarGoogle ScholarCross RefCross Ref
  10. W. Chang, B. Streiff, and C. Lin. Efficient and extensible security enforcement using dynamic data flow analysis. In CCS '08, pages 39--50, New York, NY, USA, 2008. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. Tainttrace: Efficient flow tracing with dynamic binary rewriting. In Proceedings of the 11th IEEE Symposium on Computers and Communications, ISCC '06, Washington, DC, USA, 2006. IEEE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. E. Chin and D.Wagner. Efficient character-level taint tracking for java. In Proceedings of the 2009 ACM Workshop on Secure Web Services, SWS '09. ACM, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Clause,W. Li, and A. Orso. Dytan: A generic dynamic taint analysis framework. In ISSTA '07. ACM, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. CVE Details. Vulnerability distribution of cve security vulnerabilities by types. http://www.cvedetails.com/vulnerabilities-by-types.php.Google ScholarGoogle Scholar
  15. Dex2Jar Project. dex2jar - tools to work with android .dex and java .class files - google project hosting. https://code.google.com/p/dex2jar/.Google ScholarGoogle Scholar
  16. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI'10, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. M. Ganai, D. Lee, and A. Gupta. Dtam: Dynamic taint analysis of multi-threaded programs for relevancy. In FSE '12, pages 46:1--46:11, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Georges, D. Buytaert, and L. Eeckhout. Statistically rigorous java performance evaluation. In Proceedings of the 22Nd Annual ACM SIGPLAN Conference on Object-oriented Programming Systems and Applications, OOPSLA '07, pages 57--76, New York, NY, USA, 2007. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. E. Gluzberg, E. Gluzberg, S. Fink, and S. Fink. An evaluation of java system services with microbenchmarks. Technical report, 2000.Google ScholarGoogle Scholar
  20. S. Guarnieri, M. Pistoia, O. Tripp, J. Dolby, S. Teilhet, and R. Berg. Saving the world wide web from vulnerable javascript. In ISSTA '11, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. V. Haldar, D. Chandra, and M. Franz. Dynamic taint propagation for java. In Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC '05, pages 303--311, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. W. G. J. Halfond, A. Orso, and P. Manolios. Using positive tainting and syntax-aware evaluation to counter sql injection attacks. In SIGSOFT '06/FSE-14, pages 175--185, New York, NY, USA, 2006. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis. Libdft: Practical dynamic data flow tracking for commodity systems. In Proceedings of the 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, VEE '12, pages 121--132, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. L. C. Lam and T.-c. Chiueh. A general dynamic information flow tracking framework for security applications. In Proceedings of the 22Nd Annual Computer Security Applications Conference, ACSAC '06,Washington, DC, USA, 2006. IEEE. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. T. R. Leek, G. Z. Baker, R. E. Brown, M. A. Zhivich, and R. P. Lippmann. Coverage maximization using dynamic taint tracing. Technical Report TR-1112, MIT Lincoln Lab, 2007.Google ScholarGoogle Scholar
  26. T. Lindholm, F. Yellin, G. Bracha, and A. Buckley. The Java Virtual Machine Specification, Java SE 7 edition, Feb 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. M. Migliavacca, I. Papagiannis, D. M. Eyers, B. Shand, J. Bacon, and P. Pietzuch. Defcon: High-performance event processing with information security. In Proceedings of the 2010 USENIX ATC, pages 1--1, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. S. K. Nair, P. N. D. Simpson, B. Crispo, and A. S. Tanenbaum. A virtual machine based information flow control system for policy enforcement. Electron. Notes Theor. Comput. Sci., 197(1):3--16, Feb. 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically hardening web applications using precise tainting. In R. Sasaki, S. Qing, E. Okamoto, and H. Yoshiura, editors, SEC, pages 295--308. Springer, 2005.Google ScholarGoogle Scholar
  30. Pendragon Software Corporation. Caffeinemark 3.0. http://www.benchmarkhq.ru/cm30/, 1997.Google ScholarGoogle Scholar
  31. I. Roy, D. E. Porter, M. D. Bond, K. S. McKinley, and E. Witchel. Laminar: Practical fine-grained decentralized information flow control. In PLDI '09, pages 63--74, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. A. Sewe, M. Mezini, A. Sarimbekov, and W. Binder. Da capo con scala: Design and analysis of a scala benchmark suite for the java virtual machine. In OOPSLA '11, pages 657--676, New York, NY, USA, 2011. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. S. Son, K. S. McKinley, and V. Shmatikov. Diglossia: detecting code injection attacks with precision and efficiency. In CCS '13, New York, NY, USA, 2013. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. M. Sridharan, S. Artzi, M. Pistoia, S. Guarnieri, O. Tripp, and R. Berg. F4f: Taint analysis of framework-based web applications. In OOPSLA '11. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS XI, pages 85--96, New York, NY, USA, 2004. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. The Jikes RVM Project. Jikes rvm - project status. http://jikesrvm.org/Project+Status.Google ScholarGoogle Scholar
  37. The Kaffe Team. Kaffe vm. https://github.com/kaffe/kaffe.Google ScholarGoogle Scholar
  38. O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. Taj: Effective taint analysis of web applications. In PLDI '09, pages 87--97, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. S. Vandebogart, P. Efstathopoulos, E. Kohler, M. Krohn, C. Frey, D. Ziegler, F. Kaashoek, R. Morris, and D. Mazières. Labels and event processes in the asbestos operating system. ACM Trans. Comput. Syst., 25(4), Dec. 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. M. Vitásek,W. Binder, and M. Hauswirth. Shadowdata: Shadowing heap objects in java. In Proceedings of the 11th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, PASTE '13, pages 17--24, New York, NY, USA, 2013. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. S. Wei and B. G. Ryder. Practical blended taint analysis for javascript. In ISSTA 2013. ACM, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. A. Yip, X.Wang, N. Zeldovich, and M. F. Kaashoek. Improving application security with data flow assertions. In SOSP '09, pages 291--304, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in histar. In OSDI '06, pages 263--278, Berkeley, CA, USA, 2006. USENIX Association Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Phosphor: illuminating dynamic data flow in commodity jvms

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 49, Issue 10
          OOPSLA '14
          October 2014
          907 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/2714064
          • Editor:
          • Andy Gill
          Issue’s Table of Contents
          • cover image ACM Conferences
            OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications
            October 2014
            946 pages
            ISBN:9781450325851
            DOI:10.1145/2660193

          Copyright © 2014 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 15 October 2014

          Check for updates

          Qualifiers

          • research-article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!