1 / 16

Parallelizing Dynamic Information Flow Tracking

This research explores the parallelization of Dynamic Information Flow Tracking (DIFT) to improve security monitoring in software. The study identifies the challenges of traditional sequential DIFT methods, detailing a new approach to parallelize lifeguard monitors to reduce program slowdown significantly. This paper presents a novel Parallel TaintCheck algorithm that allows multiple cores to process information simultaneously, achieving up to 3X to 5X improvement in performance while maintaining effectiveness in bug detection and security attacks. Findings reveal hybrid parallelism can further enhance efficiency even with fewer workers.

valin
Télécharger la présentation

Parallelizing Dynamic Information Flow Tracking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Carnegie Mellon University * University of Texas at Austin § Intel Research Pittsburgh † Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase* Phillip B. Gibbons†Todd C. Mowry* Vijaya Ramachandran§ Shimin Chen†Michael Kozuch†Michael Ryan†

  2. Slows down the program Lifeguards: Pros and Cons + program lifeguard Monitors a running programin order to detect bugs & security attacks • E.g., detect any accessesto unallocated memory 1 1 1 1 1 2 1 1 1 3 1 1 1 4 2 2 2 2 2 2 2 3 3 3 3 3 3 • 3X to 30X program slowdown 4 4 3 4 4 4 Parallelize lifeguards to make them faster Can run lifeguard on separate core 4 4 Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  3. TaintCheck : A Dynamic Information Flow Tracking Lifeguard • Catch security bugs • [NewSome et al NDSS ‘05] • TAINTED/UNTAINTED • Propagation of taint status My PACKET My PACKET R2 R1 R2 DIFT Parallelism Challenge: Embarrassingly sequential lifeguards R1 Mx R1 My Mx My R1 R1 • Memcheck[Nethercote et al PLDI’05] • memory bugs Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  4. A Parallel DIFT Algorithm • Symbolic Inheritance Tracking Ο(n/p) • Inheritance Resolution Ο(n/p) n Asymptotic Linear Speedup Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  5. Symbolic Inheritance Tracking = Mx = My R1 Mx R1 R2 = R1 R2 = R2 R3 R3 segment j + 1 segment j segment j - 1 • Collapsed propagation chain Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  6. Inheritance Resolution • Resolve segments in sequential order • Locations within segment are resolved in parallel Mx My R2 R1 R2 R3 segment j + 1 segment j - 1 segment j Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  7. Symbolic Inheritance Tracking (Harder Case) = R1 = + R2 R2 R1 R1 My R2 R1 Mx = My R1 My = My Mx R1 JMP R1 ? segment j + 1 segment j segment j - 1 • Unary propagation [Costa et al SOSP ‘05] Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  8. Inheritance Resolution (Harder Case) • Detect security attack R1 Mx R2 My R1 R1 My My JMP ? segment j + 1 segment j - 1 segment j Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  9. Implementation : Parallel TaintCheck Algorithm Implementation • Speedup achieved because inheritance information is smaller than code segment Parallel workers Master Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  10. Achieving speedups with few workers 2 workers sequential Constant Factors • Inheritance info ~ ½ segment time Require up to 4 workers to match sequential performance Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  11. Hybrid Parallelism sequential 1 worker 2 workers • Use inheritance tracking as accelerator for taint propagation • Achieves speedup even with 1 worker Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  12. Application Lifeguard Operating System Core 1 Core 2 dispatch capture Log Transport (e.g. L2 cache) Decompress Compress Evaluation • Log Based Architectures [Chen et al ISCA ’08] • Simics simulation • 16 core • 64K execution window • 10 SPEC 2000 integer benchmarks Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  13. Slowdown Improvement using Pure Parallelism Number of Workers 0 workers = Sequential Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  14. gcc slowdown with few workers Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  15. Related Work • Sequential DIFT: [Suh et al ASPLOS 04, Costa et al SOSP ’05, Newsome et al NDSS ’05, Nethercote et al PLDI ’07, Dalton et al ISCA ’07, Venkataramani et al HPCA ‘08] • Parallel DIFT : Speck[Nightingale et al ASPLOS ’08] • Parallel taint analysis lifeguard on commodity CMPs • Parallel compression of code segments • Sequential analysis of compressed segments • Cannot achieve linear speedup (unary propagation not considered) • Video decoder slowdown reduced from 18X to 9X using 9 lifeguard threads. Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

  16. Conclusion • Parallel DIFT algorithm • Symbolic Inheritance Tracking • Unary propagation • Asymptotic Linear speedup • Parallel TaintCheck Lifeguard • Program slowdown reduced from 3X – 5X to 1.2X – 3X with 8 worker threads • Hybrid parallelism is useful with few workers Parallelizing Dynamic Information Flow Tracking Olatunji Ruwase

More Related