TY - JOUR
T1 - Tell You a Definite Answer
T2 - Whether Your Data is Tainted during Thread Scheduling
AU - Zhang, Xiaodong
AU - Yang, Zijiang
AU - Zheng, Qinghua
AU - Hao, Yu
AU - Liu, Pei
AU - Liu, Ting
N1 - Publisher Copyright:
© 1976-2012 IEEE.
PY - 2020/9/1
Y1 - 2020/9/1
N2 - With the advent of multicore processors, there is a great need to write parallel programs to take advantage of parallel computing resources. However, due to the nondeterminism of parallel execution, the malware behaviors sensitive to thread scheduling are extremely difficult to detect. Dynamic taint analysis is widely used in security problems. By serializing a multithreaded execution and then propagating taint tags along the serialized schedule, existing dynamic taint analysis techniques lead to under-Tainting with respect to other possible interleavings under the same input. In this paper, we propose an approach called DSTAM that integrates symbolic analysis and guided execution to systematically detect tainted instances on all possible executions under a given input. Symbolic analysis infers alternative interleavings of an executed trace that cover new tainted instances, and computes thread schedules that guide future executions. Guided execution explores new execution traces that drive future symbolic analysis. We have implemented a prototype as part of an educational tool that teaches secure C programming, where accuracy is more critical than efficiency. To the best of our knowledge, DSTAM is the first algorithm that addresses the challenge of taint analysis for multithreaded program under fixed inputs.
AB - With the advent of multicore processors, there is a great need to write parallel programs to take advantage of parallel computing resources. However, due to the nondeterminism of parallel execution, the malware behaviors sensitive to thread scheduling are extremely difficult to detect. Dynamic taint analysis is widely used in security problems. By serializing a multithreaded execution and then propagating taint tags along the serialized schedule, existing dynamic taint analysis techniques lead to under-Tainting with respect to other possible interleavings under the same input. In this paper, we propose an approach called DSTAM that integrates symbolic analysis and guided execution to systematically detect tainted instances on all possible executions under a given input. Symbolic analysis infers alternative interleavings of an executed trace that cover new tainted instances, and computes thread schedules that guide future executions. Guided execution explores new execution traces that drive future symbolic analysis. We have implemented a prototype as part of an educational tool that teaches secure C programming, where accuracy is more critical than efficiency. To the best of our knowledge, DSTAM is the first algorithm that addresses the challenge of taint analysis for multithreaded program under fixed inputs.
KW - Taint analysis
KW - encoding
KW - guided execution
KW - multithreaded programs
KW - symbolic analysis
UR - https://www.scopus.com/pages/publications/85054355936
U2 - 10.1109/TSE.2018.2871666
DO - 10.1109/TSE.2018.2871666
M3 - 文章
AN - SCOPUS:85054355936
SN - 0098-5589
VL - 46
SP - 916
EP - 931
JO - IEEE Transactions on Software Engineering
JF - IEEE Transactions on Software Engineering
IS - 9
M1 - 8472790
ER -