Abstract
Causality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine LDX. Given an execution, it spawns a slave execution, in which it mutates c and observes whether any change is induced at e. To preclude non-determinism, LDX couples the executions by sharing syscall outcomes. To handle path differences induced by the perturbation, we develop a novel on-the-fly execution alignment scheme that maintains a counter to reflect the progress of execution. The scheme relies on program analysis and compiler transformation. LDX can effectively detect information leak and security attacks with an average overhead of 6.08% while running the master and the slave concurrently on separate CPUs, much lower than existing systems that require instruction level monitoring. Furthermore, it has much better accuracy in causality inference.
- Lightweight dual-execution engine project website. https://sites.google.com/site/ldxprj.Google Scholar
- M. Attariyan and J. Flinn. Automating configuration troubleshooting with dynamic information flow analysis. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI'10, pages 1--11, Berkeley, CA, USA, 2010. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1924943.1924960.Google Scholar
Digital Library
- T. H. Austin and C. Flanagan. Multiple facets for dynamic information flow. In POPL, 2012.Google Scholar
Digital Library
- G. K. Baah, A. Podgurski, and M. J. Harrold. Causal inference for statistical fault localization. In Proceedings of the 19th International Symposium on Software Testing and Analysis, ISSTA '10, pages 73--84, New York, NY, USA, 2010. ACM. ISBN 978--1--60558--823-0. 10.1145/1831708.1831717. URL http://doi.acm.org/10.1145/1831708.1831717.Google Scholar
Digital Library
- M. Backes, B. Kopf, and A. Rybalchenko. Automatic discovery and quantification of information leaks. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP '09, pages 141--153, Washington, DC, USA, 2009. IEEE Computer Society. ISBN 978-0--7695--3633-0. 10.1109/SP.2009.18. URL http://dx.doi.org/10.1109/SP.2009.18.Google Scholar
Digital Library
- Z. Bai, G. Shu, and A. Podgurski. Numfl: Localizing faults in numerical software using a value-based causal model. In Software Testing, Verification and Validation (ICST), 2015 IEEE 8th International Conference on, pages 1--10, April 2015. 10.1109/ICST.2015.7102597.Google Scholar
Cross Ref
- T. Bao, Y. Zheng, Z. Lin, X. Zhang, and D. Xu. Strict control dependence and its effect on dynamic information flow analyses. In Proceedings of the 19th International Symposium on Software Testing and Analysis, ISSTA '10, pages 13--24, New York, NY, USA, 2010. ACM. ISBN 978--1--60558--823-0. 10.1145/1831708.1831711. URL http://doi.acm.org/10.1145/1831708.1831711.Google Scholar
Digital Library
- E. D. Berger and B. G. Zorn. Diehard: Probabilistic memory safety for unsafe languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '06, pages 158--168, New York, NY, USA, 2006. ACM. ISBN 1--59593--320--4. 10.1145/1133981.1134000. URL http://doi.acm.org/10.1145/1133981.1134000.Google Scholar
Digital Library
- K. P. Birman. Replication and fault-tolerance in the isis system. SIGOPS Oper. Syst. Rev., 19 (5): 79--86, Dec. 1985. ISSN 0163--5980. 10.1145/323627.323636. URL http://doi.acm.org/10.1145/323627.323636.Google Scholar
Digital Library
- D. Black, C. Low, and S. K. Shrivastava. The voltan application programming environment for fail-silent processes. Distributed Systems Engineering, 5 (2): 66--77, 1998.Google Scholar
Cross Ref
- E. Bosman, A. Slowinska, and H. Bos. Minemu: The world's fastest taint tracker. In Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, RAID'11, pages 1--20, Berlin, Heidelberg, 2011. Springer-Verlag. ISBN 978--3--642--23643--3. 10.1007/978--3--642--23644-0_1. URL http://dx.doi.org/10.1007/978--3--642--23644-0_1.Google Scholar
Digital Library
- D. Bruschi, L. Cavallaro, and A. Lanzi. Diversified process replicæ for defeating memory error exploits. Performance, Computing, and Communications Conference, 2002. 21st IEEE International, 0: 434--441, 2007. ISSN 1097--2641. http://doi.ieeecomputersociety.org/10.1109/PCCC.2007.358924.Google Scholar
- R. Capizzi, A. Longo, V. N. Venkatakrishnan, and A. P. Sistla. Preventing information leaks through shadow executions. In ACSAC, 2008.Google Scholar
Digital Library
- M. Castro, R. Rodrigues, and B. Liskov. Base: Using abstraction to improve fault tolerance. ACM Trans. Comput. Syst., 21 (3): 236--269, Aug. 2003. ISSN 0734--2071. 10.1145/859716.859718. URL http://doi.acm.org/10.1145/859716.859718.Google Scholar
Digital Library
- R. Chandra, T. Kim, M. Shah, N. Narula, and N. Zeldovich. Intrusion recovery for database-backed web applications. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP '11, 2011.Google Scholar
Digital Library
- H. Chen, T. Kim, X. Wang, N. Zeldovich, and M. F. Kaashoek. Identifying information disclosure in web applications with retroactive auditing. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14), pages 555--569, Broomfield, CO, Oct. 2014. USENIX Association. ISBN 978--1--931971--16--4. URL https://www.usenix.org/conference/osdi14/technical-sessions/presentation/chen_haogang.Google Scholar
Digital Library
- L. Chen and A. Avizienis. N-version programminc: A fault-tolerance approach to rellablllty of software operatlon. In Fault-Tolerant Computing, 1995, Highlights from Twenty-Five Years., Twenty-Fifth International Symposium on, pages 113--, Jun 1995. 10.1109/FTCSH.1995.532621.Google Scholar
- P. Cheng. From covariation to causation: A causal power theory. Psychological Review, 104, pages 367--405, 1997.Google Scholar
- M. Chereque, D. Powell, P. Reynier, J.-L. Richier, and J. Voiron. Active replication in delta-4. In Fault-Tolerant Computing, 1992. FTCS-22. Digest of Papers., Twenty-Second International Symposium on, pages 28--37, July 1992. 10.1109/FTCS.1992.243618.Google Scholar
Cross Ref
- B.-G. Chun, P. Maniatis, and S. Shenker. Diverse replication for single-machine byzantine-fault tolerance. In USENIX 2008 Annual Technical Conference on Annual Technical Conference, ATC'08, pages 287--292, Berkeley, CA, USA, 2008. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1404014.1404038.Google Scholar
Digital Library
- J. Clause, W. Li, and A. Orso. Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis, ISSTA '07, pages 196--206, New York, NY, USA, 2007. ACM. ISBN 978--1--59593--734--6. 10.1145/1273463.1273490. URL http://doi.acm.org/10.1145/1273463.1273490.Google Scholar
Digital Library
- B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: A secretless framework for security through diversity. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1267336.1267344.Google Scholar
Digital Library
- L. P. Cox, P. Gilbert, G. Lawler, V. Pistol, A. Razeen, B. Wu, and S. Cheemalapati. Spandex: Secure password tracking for android. In 23rd USENIX Security Symposium (USENIX Security 14), pages 481--494, San Diego, CA, Aug. 2014. USENIX Association. ISBN 978--1--931971--15--7. URL https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/cox.Google Scholar
- D. Devriese and F. Piessens. Noninterference through secure multi-execution. In S&P, 2010.Google Scholar
- A. Goel, K. Po, K. Farhadi, Z. Li, and E. de Lara. The taser intrusion recovery system. In Proceedings of the twentieth ACM symposium on Operating systems principles, SOSP '05. ACM, 2005.Google Scholar
Digital Library
- J. Heusser and P. Malacaria. Quantifying information leaks in software. In Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC '10, pages 261--269, New York, NY, USA, 2010. ACM. ISBN 978--1--4503-0133--6. 10.1145/1920261.1920300. URL http://doi.acm.org/10.1145/1920261.1920300.Google Scholar
Digital Library
- P. Hosek and C. Cadar. Varan the unbelievable: An efficient n-version execution framework. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '15, pages 339--353, New York, NY, USA, 2015. ACM. ISBN 978--1--4503--2835--7. 10.1145/2694344.2694390. URL http://doi.acm.org/10.1145/2694344.2694390.Google Scholar
Digital Library
- D. R. Hower and M. D. Hill. Rerun: Exploiting episodes for lightweight memory race recording. In Proceedings of the 35th Annual International Symposium on Computer Architecture, ISCA '08, pages 265--276, Washington, DC, USA, 2008. IEEE Computer Society. ISBN 978-0--7695--3174--8. 10.1109/ISCA.2008.26. URL http://dx.doi.org/10.1109/ISCA.2008.26.Google Scholar
Digital Library
- D. Hume. An enquiry concerning human understanding. 1748.Google Scholar
- M. G. Kang, S. McCamant, P. Poosankam, and D. Ong. DTA+: Dynamic taint analysis with targeted control-flow propagation. In A. Perrig, editor, NDSS 2011, 18th Annual Network & Distributed System Security Symposium, Washington, DC, USA, Feb. 2011. Internet Society. URL http://www.isoc.org/isoc/conferences/ndss/11/pdf/5_4.pdf.Google Scholar
- V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis. Libdft: Practical dynamic data flow tracking for commodity systems. In Proceedings of the 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, VEE '12, pages 121--132, New York, NY, USA, 2012. ACM. ISBN 978--1--4503--1176--2. 10.1145/2151024.2151042. URL http://doi.acm.org/10.1145/2151024.2151042.Google Scholar
Digital Library
- W. M. Khoo. wmkhoo/taintgrind - github, Nov. 2013. URL https://github.com/wmkhoo/taintgrind/.Google Scholar
- D. Kim, Y. Kwon, W. N. Sumner, X. Zhang, and D. Xu. Dual execution for on the fly fine grained execution comparison. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '15, pages 325--338, New York, NY, USA, 2015. ACM. ISBN 978--1--4503--2835--7. 10.1145/2694344.2694394. URL http://doi.acm.org/10.1145/2694344.2694394.Google Scholar
Digital Library
- T. Kim, X. Wang, N. Zeldovich, and M. F. Kaashoek. Intrusion recovery using selective re-execution. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, OSDI'10. USENIX Association, 2010.Google Scholar
Digital Library
- A. Kushnir and A. Gopnik. Young children infer causal strength from probabilities and interventions. Psychological Science, 16 (9), pages 678--683, 2005.Google Scholar
- D. Lewis. Counterfactuals. Oxford: Blackwell, 1973.Google Scholar
- X. Li, M. Tiwari, J. K. Oberg, V. Kashyap, F. T. Chong, T. Sherwood, and B. Hardekopf. Caisson: A hardware description language for secure information flow. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, pages 109--120, New York, NY, USA, 2011. ACM. ISBN 978--1--4503-0663--8. 10.1145/1993498.1993512. URL http://doi.acm.org/10.1145/1993498.1993512.Google Scholar
Digital Library
- V. B. Lvin, G. Novark, E. D. Berger, and B. G. Zorn. Archipelago: Trading address space for reliability and security. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIII, pages 115--124, New York, NY, USA, 2008. ACM. ISBN 978--1--59593--958--6. 10.1145/1346281.1346296. URL http://doi.acm.org/10.1145/1346281.1346296.Google Scholar
Digital Library
- P. Mardziel, M. S. Alvim, M. Hicks, and M. R. Clarkson. Quantifying information flow for dynamic secrets. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP '14, pages 540--555, Washington, DC, USA, 2014. IEEE Computer Society. ISBN 978--1--4799--4686-0. 10.1109/SP.2014.41. URL http://dx.doi.org/10.1109/SP.2014.41.Google Scholar
Digital Library
- S. McCamant and M. D. Ernst. Quantitative information flow as network flow capacity. In Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '08, pages 193--205, New York, NY, USA, 2008. ACM. ISBN 978--1--59593--860--2. 10.1145/1375581.1375606. URL http://doi.acm.org/10.1145/1375581.1375606.Google Scholar
Digital Library
- J. McDermott, R. Gelinas, and S. Ornstein. Doc, wyatt, and virgil: prototyping storage jamming defenses. In Computer Security Applications Conference, 1997. Proceedings., 13th Annual, pages 265--273, Dec 1997. 10.1109/CSAC.1997.646199.Google Scholar
Digital Library
- G. Miller and P. N. Johnson-Laird. Language and perception. Cambridge: Cambridge University Press, 1976.Google Scholar
- P. Montesinos, M. Hicks, S. T. King, and J. Torrellas. Capo: A software-hardware interface for practical deterministic multiprocessor replay. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIV, pages 73--84, New York, NY, USA, 2009. ACM. ISBN 978--1--60558--406--5. 10.1145/1508244.1508254. URL http://doi.acm.org/10.1145/1508244.1508254.Google Scholar
Digital Library
- S. Narayanasamy, C. Pereira, and B. Calder. Recording shared memory dependencies using strata. SIGPLAN Not., 41 (11): 229--240, Oct. 2006. ISSN 0362--1340. 10.1145/1168918.1168886. URL http://doi.acm.org/10.1145/1168918.1168886.Google Scholar
Digital Library
- S. Park, Y. Zhou, W. Xiong, Z. Yin, R. Kaushik, K. H. Lee, and S. Lu. Pres: Probabilistic replay with execution sketching on multiprocessors. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles, SOSP '09, pages 177--192, New York, NY, USA, 2009. ACM. ISBN 978--1--60558--752--3. 10.1145/1629575.1629593. URL http://doi.acm.org/10.1145/1629575.1629593.Google Scholar
Digital Library
- F. Qin, C. Wang, Z. Li, H.-s. Kim, Y. Zhou, and Y. Wu. Lift: A low-overhead practical information flow tracking system for detecting security attacks. In Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 39, pages 135--148, Washington, DC, USA, 2006. IEEE Computer Society. ISBN 0--7695--2732--9. 10.1109/MICRO.2006.29. URL http://dx.doi.org/10.1109/MICRO.2006.29.Google Scholar
Digital Library
- B. Salamat. Multi-variant Execution: Run-time Defense Against Malicious Code Injection Attacks. PhD thesis, Irvine, CA, USA, 2009. AAI3359500.Google Scholar
Digital Library
- G. Shu, B. Sun, A. Podgurski, and F. Cao. Mfl: Method-level fault localization with causal inference. In Software Testing, Verification and Validation (ICST), 2013 IEEE Sixth International Conference on, pages 124--133, March 2013. 10.1109/ICST.2013.31.Google Scholar
- D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. Bitblaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security, ICISS '08, pages 1--25, Berlin, Heidelberg, 2008. Springer-Verlag. ISBN 978--3--540--89861-0. 10.1007/978--3--540--89862--7_1. URL http://dx.doi.org/10.1007/978--3--540--89862--7_1.Google Scholar
Digital Library
- F. Sorrentino, A. Farzan, and P. Madhusudan. Penelope: Weaving threads to expose atomicity violations. In Proceedings of the Eighteenth ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE '10, pages 37--46, New York, NY, USA, 2010. ACM. ISBN 978--1--60558--791--2. 10.1145/1882291.1882300. URL http://doi.acm.org/10.1145/1882291.1882300.Google Scholar
Digital Library
- Tiwari, Li, Wassel, Chong, and Sherwood]2009microM. Tiwari, X. Li, H. Wassel, F. Chong, and T. Sherwood. Execution leases: A hardware-supported mechanism for enforcing strong non-interference. In Microarchitecture, 2009. MICRO-42. 42nd Annual IEEE/ACM International Symposium on, pages 493--504, Dec 2009.Google Scholar
Digital Library
- Tiwari, Wassel, Mazloom, Mysore, Chong, and Sherwood]2009asplosM. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. Complete information flow tracking from the gates up. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIV, pages 109--120, New York, NY, USA, 2009. ACM. ISBN 978--1--60558--406--5. 10.1145/1508244.1508258. URL http://doi.acm.org/10.1145/1508244.1508258.Google Scholar
Digital Library
- M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levin, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood. Crafting a usable microkernel, processor, and i/o system with strict and provable information flow security. In Proceedings of the 38th Annual International Symposium on Computer Architecture, ISCA '11, pages 189--200, New York, NY, USA, 2011. ACM. ISBN 978--1--4503-0472--6. 10.1145/2000064.2000087. URL http://doi.acm.org/10.1145/2000064.2000087.Google Scholar
Digital Library
- A. Tulley and S. Shrivastava. Preventing state divergence in replicated distributed programs. In Reliable Distributed Systems, 1990. Proceedings., Ninth Symposium on, pages 104--113, Oct 1990. 10.1109/RELDIS.1990.93956.Google Scholar
Cross Ref
- B. Vandiver, H. Balakrishnan, B. Liskov, and S. Madden. Tolerating Byzantine Faults in Transaction Processing Systems Using Commit Barrier Scheduling. In ACM SOSP, Stevenson, WA, October 2007.Google Scholar
Digital Library
- K. Veeraraghavan, D. Lee, B. Wester, J. Ouyang, P. M. Chen, J. Flinn, and S. Narayanasamy. Doubleplay: Parallelizing sequential logging and replay. ACM Trans. Comput. Syst., 30 (1): 3:1--3:24, Feb. 2012. ISSN 0734--2071. 10.1145/2110356.2110359. URL http://doi.acm.org/10.1145/2110356.2110359.Google Scholar
Digital Library
- N. Viennot, S. Nair, and J. Nieh. Transparent mutable replay for multicore debugging and patch validation. In Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '13, pages 127--138, New York, NY, USA, 2013. ACM. ISBN 978--1--4503--1870--9. 10.1145/2451116.2451130. URL http://doi.acm.org/10.1145/2451116.2451130.Google Scholar
Digital Library
- B. Xin, W. N. Sumner, and X. Zhang. Efficient program execution indexing. In Proceedings of the 2008 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '08, pages 238--248, New York, NY, USA, 2008. ACM. ISBN 978--1--59593--860--2. 10.1145/1375581.1375611. URL http://doi.acm.org/10.1145/1375581.1375611.Google Scholar
Digital Library
- A. R. Yumerefendi, B. Mickle, and L. P. Cox. Tightlip: Keeping applications from spilling the beans. In Proceedings of the 4th USENIX Conference on Networked Systems Design and Implementation, NSDI'07, pages 12--12, Berkeley, CA, USA, 2007. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1973430.1973442.Google Scholar
Index Terms
LDX: Causality Inference by Lightweight Dual Execution
Recommendations
LDX: Causality Inference by Lightweight Dual Execution
ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating SystemsCausality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine ...
LDX: Causality Inference by Lightweight Dual Execution
ASPLOS'16Causality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine ...
A catalogue of bug patterns for exception handling in aspect-oriented programs
PLoP '08: Proceedings of the 15th Conference on Pattern Languages of ProgramsAspects allow a developer to externally add new functionality to a program. This additional functionality may also throw new exceptions that will flow through the program execution until they are handled. Moreover, aspects can also be used to handle ...







Comments