TY - GEN
T1 - Scaling application-level dynamic taint analysis to enterprise-scale distributed systems
AU - Fu, Xiaoqin
AU - Cai, Haipeng
N1 - Publisher Copyright:
© 2020 Copyright held by the owner/author(s).
PY - 2020/6/27
Y1 - 2020/6/27
N2 - With the increasing deployment of enterprise-scale distributedsystems, effective and practical defenses for such systems againstvarious security vulnerabilities such as sensitive data leaks areurgently needed. However, most existing solutions are limited tocentralized programs. For real-world distributed systems which areof large scales, current solutions commonly face one or more ofscalability, applicability, and portability challenges. To overcomethese challenges, we develop a novel dynamic taint analysis forenterprise-scale distributed systems. To achieve scalability, we usea multi-phase analysis strategy to reduce the overall cost. We inferimplicit dependencies via partial-ordering method events in distributed programs to address the applicability challenge. To achievegreater portability, the analysis is designed to work at an application level without customizing platforms. Empirical results haveshown promising scalability and capabilities of our approach.
AB - With the increasing deployment of enterprise-scale distributedsystems, effective and practical defenses for such systems againstvarious security vulnerabilities such as sensitive data leaks areurgently needed. However, most existing solutions are limited tocentralized programs. For real-world distributed systems which areof large scales, current solutions commonly face one or more ofscalability, applicability, and portability challenges. To overcomethese challenges, we develop a novel dynamic taint analysis forenterprise-scale distributed systems. To achieve scalability, we usea multi-phase analysis strategy to reduce the overall cost. We inferimplicit dependencies via partial-ordering method events in distributed programs to address the applicability challenge. To achievegreater portability, the analysis is designed to work at an application level without customizing platforms. Empirical results haveshown promising scalability and capabilities of our approach.
KW - Distributed systems
KW - Dynamic taint analysis
KW - New bugs
KW - Scalability
UR - https://www.scopus.com/pages/publications/85094153970
U2 - 10.1145/3377812.3390910
DO - 10.1145/3377812.3390910
M3 - Conference contribution
AN - SCOPUS:85094153970
T3 - Proceedings - International Conference on Software Engineering
SP - 270
EP - 271
BT - Proceedings - 2020 ACM/IEEE 42nd International Conference on Software Engineering
PB - IEEE Computer Society
T2 - 42nd ACM/IEEE International Conference on Software Engineering, ICSE-Companion 2020
Y2 - 27 June 2020 through 19 July 2020
ER -