TY - GEN
T1 - FLOWDIST
T2 - 30th USENIX Security Symposium, USENIX Security 2021
AU - Fu, Xiaoqin
AU - Cai, Haipeng
N1 - Publisher Copyright:
© 2021 by The USENIX Association. All rights reserved.
PY - 2021
Y1 - 2021
N2 - Dynamic information flow analysis (DIFA) supports various security applications such as malware analysis and vulnerability discovery. Yet traditional DIFA approaches have limited utility for distributed software due to applicability, portability, and scalability barriers. We present FLOWDIST, a DIFA for common distributed software that overcomes these challenges. FLOWDIST works at purely application level to avoid platform customizations hence achieve high portability. It infers implicit, interprocess dependencies from global partially ordered execution events to address applicability to distributed software. Most of all, it introduces a multi-staged refinement-based scheme for application-level DIFA, where an otherwise expensive data flow analysis is reduced by method-level results from a cheap pre-analysis, to achieve high scalability while remaining effective. Our evaluation of FLOWDIST on 12 real-world distributed systems against two peer tools revealed its superior effectiveness with practical efficiency and scalability. It has found 18 known and 24 new vulnerabilities, with 17 confirmed and 2 fixed. We also present and evaluate two alternative designs of FLOWDIST for both design justification and diverse subject accommodations.
AB - Dynamic information flow analysis (DIFA) supports various security applications such as malware analysis and vulnerability discovery. Yet traditional DIFA approaches have limited utility for distributed software due to applicability, portability, and scalability barriers. We present FLOWDIST, a DIFA for common distributed software that overcomes these challenges. FLOWDIST works at purely application level to avoid platform customizations hence achieve high portability. It infers implicit, interprocess dependencies from global partially ordered execution events to address applicability to distributed software. Most of all, it introduces a multi-staged refinement-based scheme for application-level DIFA, where an otherwise expensive data flow analysis is reduced by method-level results from a cheap pre-analysis, to achieve high scalability while remaining effective. Our evaluation of FLOWDIST on 12 real-world distributed systems against two peer tools revealed its superior effectiveness with practical efficiency and scalability. It has found 18 known and 24 new vulnerabilities, with 17 confirmed and 2 fixed. We also present and evaluate two alternative designs of FLOWDIST for both design justification and diverse subject accommodations.
UR - https://www.scopus.com/pages/publications/85114469711
M3 - Conference contribution
AN - SCOPUS:85114469711
T3 - Proceedings of the 30th USENIX Security Symposium
SP - 2093
EP - 2110
BT - Proceedings of the 30th USENIX Security Symposium
PB - USENIX Association
Y2 - 11 August 2021 through 13 August 2021
ER -