research-article

ShadowReplica: efficient parallelization of dynamic data flow tracking

Authors:
Kangkook Jee

Columbia University, New York, NY, USA

Columbia University, New York, NY, USA
View Profile

,
Vasileios P. Kemerlis

Columbia University, New York, NY, USA

Columbia University, New York, NY, USA
View Profile

,
Angelos D. Keromytis

Columbia University, New York, NY, USA

Columbia University, New York, NY, USA
View Profile

,
Georgios Portokalidis

Stevens Institute of Technology, Hoboken, NJ, USA

Stevens Institute of Technology, Hoboken, NJ, USA
View Profile

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications securityNovember 2013Pages 235–246https://doi.org/10.1145/2508859.2516704

Published:04 November 2013Publication History

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 235–246

ABSTRACT

Dynamic data flow tracking (DFT) is a technique broadly used in a variety of security applications that, unfortunately, exhibits poor performance, preventing its adoption in production systems. We present ShadowReplica, a new and efficient approach for accelerating DFT and other shadow memory-based analyses, by decoupling analysis from execution and utilizing spare CPU cores to run them in parallel. Our approach enables us to run a heavyweight technique, like dynamic taint analysis (DTA), twice as fast, while concurrently consuming fewer CPU cycles than when applying it in-line. DFT is run in parallel by a second shadow thread that is spawned for each application thread, and the two communicate using a shared data structure. We avoid the problems suffered by previous approaches, by introducing an off-line application analysis phase that utilizes both static and dynamic analysis methodologies to generate optimized code for decoupling execution and implementing DFT, while it also minimizes the amount of information that needs to be communicated between the two threads. Furthermore, we use a lock-free ring buffer structure and an N-way buffering scheme to efficiently exchange data between threads and maintain high cache-hit rates on multi-core CPUs. Our evaluation shows that ShadowReplica is on average ~2.3× faster than in-line DFT (~2.75× slowdown over native execution) when running the SPEC CPU2006 benchmark, while similar speed ups were observed with command-line utilities and popular server software. Astoundingly, ShadowReplica also reduces the CPU cycles used up to 30%.

References

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity. In Proc. of CCS, 2005. Google ScholarDigital Library
A. V. Aho, M. S. Lam, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools (2nd Edition). Addison-Wesley Longman Publishing Co., Inc., 2006. Google ScholarDigital Library
M. Attariyan and J. Flinn. Automating configuration troubleshooting with dynamic information flow analysis. In Proc. of OSDI, 2010. Google ScholarDigital Library
D. Bruening and Q. Zhao. Practical memory checking with dr. memory. In Proc. of CGO, 2011. Google ScholarDigital Library
D. Bruening, Q. Zhao, and S. Amarasinghe. Transparent dynamic instrumentation. In Proc. of VEE, 2012. Google ScholarDigital Library
Y. Chen and H. Chen. Scalable deterministic replay in a parallel full-system emulator. In Proc. of PPoPP, 2013. Google ScholarDigital Library
V. Chipounov, V. Kuznetsov, and G. Candea. S2E: a platform for in-vivo multi-path analysis of software systems. In Proc. of ASPLOS, 2011. Google ScholarDigital Library
J. Chow, T. Garfinkel, and P. Chen. Decoupling dynamic program analysis from execution in virtual environments. In Proc. of USENIX ATC, 2008. Google ScholarDigital Library
J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding Data Lifetime via Whole System Simulation. In Proc. of USENIX Security, 2004. Google ScholarDigital Library
J. Clause, W. Li, and A. Orso. Dytan: A Generic Dynamic Taint Analysis Framework. In Proc. of ISSTA, 2007. Google ScholarDigital Library
M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-End Containment of Internet Worms. In Proc. of SOSP, 2005. Google ScholarDigital Library
W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proc. of OSDI, 2010. Google ScholarDigital Library
P. Festa, P. M. Pardalos, and M. G. Resende. Feedback set problems. Handbook of combinatorial optimization, 4:209--258, 1999.Google Scholar
J. Ha, M. Arnold, S. M. Blackburn, and K. S. McKinley. A concurrent dynamic analysis framework for multicore hardware. In Proc. of OOPSLA, 2009. Google ScholarDigital Library
Hex-Rays. The IDA Pro Disassembler and Debugger, cited Aug. 2013. http://www.hex-rays.com/products/ida/.Google Scholar
A. Jaleel, R. S. Cohn, C.-K. Luk, and B. Jacob. Cmp$im: A pin-based on-the-fly multi-core cache simulator. In Proc. of MoBS, 2008.Google Scholar
K. Jee. Bug 56113. GCC Bugzilla, cited Aug. 2013. http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56113.Google Scholar
K. Jee, G. Portokalidis, V. P. Kemerlis, S. Ghosh, D. I. August, and A. D. Keromytis. A General Approach for Efficiently Accelerating Software-based Dynamic Data Flow Tracking on Commodity Hardware. In Proc. of NDSS, 2012.Google Scholar
V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis. libdft: practical dynamic data flow tracking for commodity systems. In Proc. of VEE, 2012. Google ScholarDigital Library
L. Lamport. Specifying Concurrent Program Modules. ACM Transactions on Programming Languages and Systems (TOPLAS), 1983. Google ScholarDigital Library
K. H. Lee, X. Zhang, and D. Xu. High Accuracy Attack Provenance via Binary-based Execution Partition. In Proc. of NDSS, 2013.Google Scholar
C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Proc. of PLDI, 2005. Google ScholarDigital Library
N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Proc. of PLDI, 2007. Google ScholarDigital Library
J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proc. of NDSS, 2005.Google Scholar
E. B. Nightingale, D. Peek, P. M. Chen, and J. Flinn. Parallelizing security checks on commodity hardware. In Proc. of ASPLOS, 2008. Google ScholarDigital Library
G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos. Paranoid Android: Versatile protection for smartphones. In Proc. of ACSAC, 2010. Google ScholarDigital Library
G. Portokalidis, A. Slowinska, and H. Bos. Argos: an Emulator for Fingerprinting Zero-Day Attacks. In Proc. of EuroSys, 2006. Google ScholarDigital Library
F. Qin, C. Wang, Z. Li, H.-s. Kim, Y. Zhou, and Y. Wu. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. In Proc. of MICRO, 2006. Google ScholarDigital Library
A. Slowinska, T. Stancescu, and H. Bos. Howard: a dynamic excavator for reverse engineering data structures. In Proc. of NDSS, 2011.Google Scholar
R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient software-based fault isolation. In Proc. of SOSP, 1993. Google ScholarDigital Library
S. Wallace and K. Hazelwood. Superpin: Parallelizing dynamic instrumentation for real-time performance. In Proc. of CGO, 2007. Google ScholarDigital Library
H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. In Proc. of CCS, 2007. Google ScholarDigital Library
Q. Zhao, I. Cutcutache, and W. Wong. PiPA: pipelined profiling and analysis on multi-core systems. In Proc. of CGO, 2008. Google ScholarDigital Library
D. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall. TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking. In SIGOPS Oper. Syst. Rev., 2011. Google ScholarDigital Library

Index Terms

ShadowReplica: efficient parallelization of dynamic data flow tracking

Recommendations

A Synergetic Approach to Throughput Computing on x86-Based Multicore Desktops

In the era of multicores, many applications that require substantial computing power and data crunching can now run on desktop PCs. However, to achieve the best possible performance, developers must write applications in a way that exploits both ...
Read More
A case study on compiler optimizations for the Intel® Core™ 2 duo processor

The complexity of modern processors poses increasingly more difficult challenges to software optimization. Modern optimizing compilers have become essential tools for leveraging the power of recent processors by means of high-level optimizations to ...
Read More
Parallelization of a color-entropy preprocessed Chan–Vese model for face contour detection on multi-core CPU and GPU
Highlights
- We introduce a novel way to parallelize a face contour detecting application.
- ...
Abstract
Face tracking is an important computer vision technology that has been widely adopted in many areas, from cell phone applications to industry robots. In this paper, we introduce a novel way to parallelize a face contour detecting ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
November 2013
1530 pages
ISBN:9781450324779
DOI:10.1145/2508859
General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 4 November 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
information flow tracking
optimization
parallelization
security
Qualifiers
- research-article
Conference

Acceptance Rates
CCS '13 Paper Acceptance Rate105of530submissions,20%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 34
  Total Citations
  View Citations
- 560
  Total Downloads
- Downloads (Last 12 months)16
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

ShadowReplica: efficient parallelization of dynamic data flow tracking

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Synergetic Approach to Throughput Computing on x86-Based Multicore Desktops

A case study on compiler optimizations for the Intel® Core™ 2 duo processor

Parallelization of a color-entropy preprocessed Chan–Vese model for face contour detection on multi-core CPU and GPU