ABSTRACT
Dynamic data flow tracking (DFT) is a technique broadly used in a variety of security applications that, unfortunately, exhibits poor performance, preventing its adoption in production systems. We present ShadowReplica, a new and efficient approach for accelerating DFT and other shadow memory-based analyses, by decoupling analysis from execution and utilizing spare CPU cores to run them in parallel. Our approach enables us to run a heavyweight technique, like dynamic taint analysis (DTA), twice as fast, while concurrently consuming fewer CPU cycles than when applying it in-line. DFT is run in parallel by a second shadow thread that is spawned for each application thread, and the two communicate using a shared data structure. We avoid the problems suffered by previous approaches, by introducing an off-line application analysis phase that utilizes both static and dynamic analysis methodologies to generate optimized code for decoupling execution and implementing DFT, while it also minimizes the amount of information that needs to be communicated between the two threads. Furthermore, we use a lock-free ring buffer structure and an N-way buffering scheme to efficiently exchange data between threads and maintain high cache-hit rates on multi-core CPUs. Our evaluation shows that ShadowReplica is on average ~2.3× faster than in-line DFT (~2.75× slowdown over native execution) when running the SPEC CPU2006 benchmark, while similar speed ups were observed with command-line utilities and popular server software. Astoundingly, ShadowReplica also reduces the CPU cycles used up to 30%.
- M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity. In Proc. of CCS, 2005. Google ScholarDigital Library
- A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools (2nd Edition). Addison-Wesley Longman Publishing Co., Inc., 2006. Google ScholarDigital Library
- M. Attariyan and J. Flinn. Automating configuration troubleshooting with dynamic information flow analysis. In Proc. of OSDI, 2010. Google ScholarDigital Library
- D. Bruening and Q. Zhao. Practical memory checking with dr. memory. In Proc. of CGO, 2011. Google ScholarDigital Library
- D. Bruening, Q. Zhao, and S. Amarasinghe. Transparent dynamic instrumentation. In Proc. of VEE, 2012. Google ScholarDigital Library
- Y. Chen and H. Chen. Scalable deterministic replay in a parallel full-system emulator. In Proc. of PPoPP, 2013. Google ScholarDigital Library
- V. Chipounov, V. Kuznetsov, and G. Candea. S2E: a platform for in-vivo multi-path analysis of software systems. In Proc. of ASPLOS, 2011. Google ScholarDigital Library
- J. Chow, T. Garfinkel, and P. Chen. Decoupling dynamic program analysis from execution in virtual environments. In Proc. of USENIX ATC, 2008. Google ScholarDigital Library
- J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. In Proc. of USENIX Security, 2004. Google ScholarDigital Library
- J. Clause, W. Li, and A. Orso. Dytan: A Generic Dynamic Taint Analysis Framework. In Proc. of ISSTA, 2007. Google ScholarDigital Library
- M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In Proc. of SOSP, 2005. Google ScholarDigital Library
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proc. of OSDI, 2010. Google ScholarDigital Library
- P. Festa, P. M. Pardalos, and M. G. Resende. Feedback set problems. Handbook of combinatorial optimization, 4:209--258, 1999.Google Scholar
- J. Ha, M. Arnold, S. M. Blackburn, and K. S. McKinley. A concurrent dynamic analysis framework for multicore hardware. In Proc. of OOPSLA, 2009. Google ScholarDigital Library
- Hex-Rays. The IDA Pro Disassembler and Debugger, cited Aug. 2013. http://www.hex-rays.com/products/ida/.Google Scholar
- A. Jaleel, R. S. Cohn, C.-K. Luk, and B. Jacob. Cmp$im: A pin-based on-the-fly multi-core cache simulator. In Proc. of MoBS, 2008.Google Scholar
- K. Jee. Bug 56113. GCC Bugzilla, cited Aug. 2013. http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56113.Google Scholar
- K. Jee, G. Portokalidis, V. P. Kemerlis, S. Ghosh, D. I. August, and A. D. Keromytis. A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware. In Proc. of NDSS, 2012.Google Scholar
- V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis. libdft: practical dynamic data flow tracking for commodity systems. In Proc. of VEE, 2012. Google ScholarDigital Library
- L. Lamport. Specifying Concurrent Program Modules. ACM Transactions on Programming Languages and Systems (TOPLAS), 1983. Google ScholarDigital Library
- K. H. Lee, X. Zhang, and D. Xu. High Accuracy Attack Provenance via Binary-based Execution Partition. In Proc. of NDSS, 2013.Google Scholar
- C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Proc. of PLDI, 2005. Google ScholarDigital Library
- N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Proc. of PLDI, 2007. Google ScholarDigital Library
- J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proc. of NDSS, 2005.Google Scholar
- E. B. Nightingale, D. Peek, P. M. Chen, and J. Flinn. Parallelizing security checks on commodity hardware. In Proc. of ASPLOS, 2008. Google ScholarDigital Library
- G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: Versatile protection for smartphones. In Proc. of ACSAC, 2010. Google ScholarDigital Library
- G. Portokalidis, A. Slowinska, and H. Bos. Argos: an Emulator for Fingerprinting Zero-Day Attacks. In Proc. of EuroSys, 2006. Google ScholarDigital Library
- F. Qin, C. Wang, Z. Li, H.-s. Kim, Y. Zhou, and Y. Wu. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. In Proc. of MICRO, 2006. Google ScholarDigital Library
- A. Slowinska, T. Stancescu, and H. Bos. Howard: a dynamic excavator for reverse engineering data structures. In Proc. of NDSS, 2011.Google Scholar
- R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. In Proc. of SOSP, 1993. Google ScholarDigital Library
- S. Wallace and K. Hazelwood. Superpin: Parallelizing dynamic instrumentation for real-time performance. In Proc. of CGO, 2007. Google ScholarDigital Library
- H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. In Proc. of CCS, 2007. Google ScholarDigital Library
- Q. Zhao, I. Cutcutache, and W. Wong. PiPA: pipelined profiling and analysis on multi-core systems. In Proc. of CGO, 2008. Google ScholarDigital Library
- D. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall. TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking. In SIGOPS Oper. Syst. Rev., 2011. Google ScholarDigital Library
Index Terms
- ShadowReplica: efficient parallelization of dynamic data flow tracking
Recommendations
A Synergetic Approach to Throughput Computing on x86-Based Multicore Desktops
In the era of multicores, many applications that require substantial computing power and data crunching can now run on desktop PCs. However, to achieve the best possible performance, developers must write applications in a way that exploits both ...
A case study on compiler optimizations for the Intel® Core™ 2 duo processor
The complexity of modern processors poses increasingly more difficult challenges to software optimization. Modern optimizing compilers have become essential tools for leveraging the power of recent processors by means of high-level optimizations to ...
Parallelization of a color-entropy preprocessed Chan–Vese model for face contour detection on multi-core CPU and GPU
Highlights- We introduce a novel way to parallelize a face contour detecting application.
- ...
AbstractFace tracking is an important computer vision technology that has been widely adopted in many areas, from cell phone applications to industry robots. In this paper, we introduce a novel way to parallelize a face contour detecting ...
Comments