Libdft: Practical dynamic data flow tracking for commodity systems

Vasileios P. Kemerlis, Georgios Portokalidis, Kangkook Jee, Angelos D. Keromytis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

124 Scopus citations

Abstract

Dynamic data flow tracking (DFT) deals with tagging and tracking data of interest as they propagate during program execution. DFT has been repeatedly implemented by a variety of tools for numerous purposes, including protection from zero-day and cross-site scripting attacks, detection and prevention of information leaks, and for the analysis of legitimate and malicious software. We present libdft, a dynamic DFT framework that unlike previous work is at once fast, reusable, and works with commodity software and hardware. libdft provides an API for building DFT-enabled tools that work on unmodified binaries, running on common operating systems and hardware, thus facilitating research and rapid prototyping. We explore different approaches for implementing the low-level aspects of instruction-level data tracking, introduce a more efficient and 64-bit capable shadow memory, and identify (and avoid) the common pitfalls responsible for the excessive performance overhead of previous studies. We evaluate libdft using real applications with large codebases like the Apache and MySQL servers, and the Firefox web browser. We also use a series of benchmarks and utilities to compare libdft with similar systems. Our results indicate that it performs at least as fast, if not faster, than previous solutions, and to the best of our knowledge, we are the first to evaluate the performance overhead of a fast dynamic DFT implementation in such depth. Finally, libdft is freely available as open source software.

Original languageEnglish
Title of host publicationVEE'12 - Proceedings of the ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
Pages121-132
Number of pages12
DOIs
StatePublished - 2012
Event8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, VEE'12 - London, United Kingdom
Duration: 3 Mar 20124 Mar 2012

Publication series

NameVEE'12 - Proceedings of the ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments

Conference

Conference8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, VEE'12
Country/TerritoryUnited Kingdom
CityLondon
Period3/03/124/03/12

Keywords

  • data flow tracking
  • dynamic binary instrumentation
  • exploit prevention
  • information leak detection
  • taint analysis

Fingerprint

Dive into the research topics of 'Libdft: Practical dynamic data flow tracking for commodity systems'. Together they form a unique fingerprint.

Cite this