Phosphor: Illuminating Dynamic Data Flow in the JVM
作者: Gail E. Kaiser , Jonathan Schaffer Bell
DOI: 10.7916/D8QJ7FFX
关键词: Virtual machine 、 Scala 、 Taint checking 、 Software portability 、 Operating system 、 Source code 、 Tracking system 、 Data flow diagram 、 Computer science 、 Java
摘要: Dynamic taint analysis is a well-known information flow problem with many possible applications. Taint tracking allows for of application data by assigning labels to inputs, and then propagating those through flow. systems traditionally compromise among performance, precision, accuracy, portability. Performance can be critical, as these are typically intended deployed software, hence must have low overhead. To in securityconscious settings, also accurate precise. portable order easily adopted real world purposes, without requiring recompilation the operating system or language interpreter, access source code. We present PHOSPHOR, dynamic Java Virtual Machine (JVM) that simultaneously achieves our goals Moreover, knowledge, it first general purpose JVM. evaluated PHOSPHOR’s performance on two commonly used JVM languages (Java Scala), versions JVMs (Oracle’s HotSpot OpenJDK’s IcedTea) Android’s Dalvik Machine, finding its impressive: 3% (53% average), using DaCapo macro benchmark suite. This paper describes approach PHOSPHOR uses achieve
columbia.edu
sci-hub.st 参考文章(32)
M. A. Zhivich, T. R. Leek, R. P. Lippmann, R. E. Brown, G. Z. Baker, Coverage Maximization Using Dynamic Taint Tracing ,(2007)
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans, Automatically Hardening Web Applications Using Precise Tainting information security conference. pp. 295- 307 ,(2004) , 10.1007/0-387-25660-1_20
Frank Yellin, Tim Lindholm, The Java Virtual Machine Specification ,(1996)
Sandeep Bhatkar, R. Sekar, Wei Xu, Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks usenix security symposium. pp. 9- ,(2006)
David M. Eyers, Peter Pietzuch, Ioannis Papagiannis, Matteo Migliavacca, Brian Shand, Jean Bacon, DEFCON: high-performance event processing with information security usenix annual technical conference. pp. 1- 1 ,(2010)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Matej Vitásek, Walter Binder, Matthias Hauswirth, ShadowData: shadowing heap objects in Java workshop on program analysis for software tools and engineering. pp. 17- 24 ,(2013) , 10.1145/2462029.2462032
Andreas Sewe, Mira Mezini, Aibek Sarimbekov, Walter Binder, Da capo con scala: design and analysis of a scala benchmark suite for the java virtual machine conference on object-oriented programming systems, languages, and applications. ,vol. 46, pp. 657- 676 ,(2011) , 10.1145/2048066.2048118
Malay Ganai, Dongyoon Lee, Aarti Gupta, DTAM Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering - FSE '12. pp. 46- ,(2012) , 10.1145/2393596.2393650
Shiyi Wei, Barbara G. Ryder, Practical blended taint analysis for JavaScript international symposium on software testing and analysis. pp. 336- 346 ,(2013) , 10.1145/2483760.2483788