Skip to main content
SpringerLink
Log in

Dynamic Information-Flow Analysis for Multi-threaded Applications

  • Conference paper
Leveraging Applications of Formal Methods, Verification and Validation. Technologies for Mastering Change (ISoLA 2012)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7609))

Abstract

Information-flow analysis is one of the promising techniques to leverage the detection of software vulnerabilities and confidentiality breaches. However, in the context of multi-threaded applications running on multicore platforms, this analysis becomes highly challenging due to data races and inter-processor dependences. In this paper we first review some of the existing information-flow analysis techniques and we discuss their limits in this particular context. Then, we propose a dedicated runtime predictive approach. It consists in extending information-flow properties computed from a single parallel execution trace to a set of valid serialisations with respect to the execution platform. This approach can be applied for instance in runtime monitoring or security testing of multi-threaded applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, pp. 22–22. USENIX Association, Berkeley (2004)

    Google Scholar 

  2. Crandall, J.R., Wu, S.F., Chong, F.T.: Minos: Architectural support for protecting control data. ACM Trans. Archit. Code Optim. 3(4), 359–389 (2006)

    Article  Google Scholar 

  3. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. SIGARCH Comput. Archit. News 32(5), 85–96 (2004)

    Article  Google Scholar 

  4. Clemente, P., Rouzaud-Cornabas, J., Toinard, C.: Transactions on computational science xi, pp. 131–161. Springer, Heidelberg (2010)

    Book  Google Scholar 

  5. Volpano, D., Smith, G.: A type-based approach to pro-gram security. In: Proceedings of the 7th International Joint Conference on the Theory and Practice of Software Development, pp. 607–621. Springer (1997)

    Google Scholar 

  6. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21 (2003)

    Google Scholar 

  7. Barthe, G., Rezk, T., Russo, A., Sabelfeld, A.: Security of multithreaded programs by compilation. ACM Trans. Inf. Syst. Secur. 13(3), 21:1–21:32 (2010)

    Article  Google Scholar 

  8. Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1998, pp. 355–364. ACM, New York (1998)

    Chapter  Google Scholar 

  9. Grunwald, D., Srinivasan, H.: Data flow equations for explicitly parallel programs. In: PPOPP. ACM (1993)

    Google Scholar 

  10. Krinke, J.: Static slicing of threaded programs. SIGPLAN (1998)

    Google Scholar 

  11. Knoop, J., Bernhard, S., Vollmer, J.: Parallelism for free: efficient and optimal bitvector analyses for parallel programs. ACM Trans. Program. Lang. Syst. (1996)

    Google Scholar 

  12. Farzan, A., Kincaid, Z.: Compositional Bitvector Analysis for Concurrent Programs with Nested Locks. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 253–270. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Krinke, J.: Context-sensitive slicing of concurrent programs. SIGSOFT (2003)

    Google Scholar 

  14. Hammer, C.: Information flow control for java based on path conditions in dependence graphs. In: Secure Software Engineering. IEEE Computer Society (2006)

    Google Scholar 

  15. Liu, Y., Milanova, A.: Static information flow analysis with handling of implicit flows and a study on effects of implicit flows vs explicit flows. In: Software Maintenance and Reengineering. IEEE Computer Society (2010)

    Google Scholar 

  16. Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2005, pp. 190–200. ACM, New York (2005)

    Chapter  Google Scholar 

  17. Buck, B., Hollingsworth, J.K.: An api for runtime code patching. The International Journal of High Performance Computing Applications 14, 317–329 (2000)

    Article  Google Scholar 

  18. Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. In: Proceedings of ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI 2007), San Diego, California, USA, pp. 89–100 (June 2007)

    Google Scholar 

  19. Ganai, M.K., Wang, C.: Interval Analysis for Concurrent Trace Programs Using Transaction Sequence Graphs. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 253–269. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  20. Kundu, S., Ganai, M.K., Wang, C.: Contessa: Concurrency Testing Augmented with Symbolic Analysis. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 127–131. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  21. Wang, C., Ganai, M.: Predicting Concurrency Failures in the Generalized Execution Traces of x86 Executables. In: Khurshid, S., Sen, K. (eds.) RV 2011. LNCS, vol. 7186, pp. 4–18. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Li, T., Ellis, C.S., Lebeck, A.R., Sorin, D.J.: Pulse: a dynamic deadlock detection mechanism using speculative execution. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2005, p. 3. USENIX Association, Berkeley (2005)

    Google Scholar 

  23. Castillo, M., Farina, F., Cordoba, A.: A dynamic deadlock detection/resolution algorithm with linear message complexity. In: Proceedings of the 2012 20th Euromicro International Conference on Parallel, Distributed and Network-based Processing, PDP 2012, pp. 175–179. IEEE Computer Society, Washington, DC (2012)

    Google Scholar 

  24. Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., Anderson, T.: Eraser: a dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst. 15(4), 391–411 (1997)

    Article  Google Scholar 

  25. Serebryany, K., Iskhodzhanov, T.: Threadsanitizer: data race detection in practice. In: Proceedings of the Workshop on Binary Instrumentation and Applications, WBIA 2009, pp. 62–71. ACM, New York (2009)

    Chapter  Google Scholar 

  26. Bayer, U., Kirda, E., Kruegel, C.: Improving the efficiency of dynamic malware analysis. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC 2010, pp. 1871–1878. ACM, New York (2010)

    Chapter  Google Scholar 

  27. Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 6:1–6:42 (2008)

    Article  Google Scholar 

  28. Zhu, D.Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: Tainteraser: protecting sensitive data leaks using application-level taint tracking. SIGOPS Oper. Syst. Rev. 45(1), 142–154 (2011)

    Article  Google Scholar 

  29. Cristia, M., Mata, P.: Runtime enforcement of noninterference by duplicating processes and their memories. In: WSEGI (2009)

    Google Scholar 

  30. Waddington, Roy, Schmidt: Dynamic analysis and profiling of multi-threaded systems

    Google Scholar 

  31. Hazelwood, K., Lueck, G., Cohn, R.: Scalable support for multithreaded applications on dynamic binary instrumentation systems. In: Proceedings of the 2009 International Symposium on Memory Management, ISMM 2009, pp. 20–29. ACM, New York (2009)

    Chapter  Google Scholar 

  32. Nethercote, N.: Dynamic Binary Analysis and Instrumentation. PhD thesis, Computer Laboratory, University of Cambridge, United Kingdom (November 2004)

    Google Scholar 

  33. Uh, G.R., Cohn, R., Yadavalli, B., Peri, R., Ayyagari, R.: Analyzing dynamic binary instrumentation overhead. In: Workshop on Binary Instrumentation and Application, San Jose, CA (October 2007)

    Google Scholar 

  34. Venkataramani, G., Roemer, B., Solihin, Y., Prvulovic, M.: Memtracker: Efficient and programmable support for memory access monitoring and debugging. In: Proceedings of the 2007 IEEE 13th International Symposium on High Performance Computer Architecture, HPCA 2007, pp. 273–284. IEEE Computer Society, Washington, DC (2007)

    Chapter  Google Scholar 

  35. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. SIGPLAN Not. 39(11), 85–96 (2004)

    Article  Google Scholar 

  36. Venkataramani, G., Doudalis, I., Solihin, Y., Prvulovic, M.: Flexitaint: A programmable accelerator for dynamic taint propagation. In: 14th International Symposium on High Performance Computer Architecture (2008)

    Google Scholar 

  37. Corliss, M.L., Lewis, E.C., Roth, A.: Dise: a programmable macro engine for customizing applications. SIGARCH Comput. Archit. News 31(2), 362–373 (2003)

    Article  Google Scholar 

  38. Zhou, Y., Zhou, P., Qin, F., Liu, W., Torrellas, J.: Efficient and flexible architectural support for dynamic monitoring. ACM Trans. Archit. Code Optim. 2(1), 3–33 (2005)

    Article  Google Scholar 

  39. Shetty, R., Kharbutli, M., Solihin, Y., Prvulovic, M.: Heapmon: a helper-thread approach to programmable, automatic, and low-overhead memory bug detection. IBM J. Res. Dev. 50(2/3), 261–275 (2006)

    Article  Google Scholar 

  40. Nagarajan, V., Kim, H.-S., Wu, Y.: Gupta, R.: Dynamic information flow tracking on multicores. In: Workshop on Interaction between Compilers and Computer Architectures, Salt Lake City (February 2008)

    Google Scholar 

  41. Chen, S., Kozuch, M., Strigkos, T., Falsafi, B., Gibbons, P.B., Mowry, T.C., Ramachandran, V., Ruwase, O., Ryan, M., Vlachos, E.: Flexible hardware acceleration for instruction-grain program monitoring. In: Proceedings of the 35th Annual International Symposium on Computer Architecture, ISCA 2008, pp. 377–388. IEEE Computer Society, Washington, DC (2008)

    Google Scholar 

  42. Goodstein, M.L., Vlachos, E., Chen, S., Gibbons, P.B., Kozuch, M.A., Mowry, T.C.: Butterfly analysis: adapting dataflow analysis to dynamic parallel monitoring. In: Proceedings of the Fifteenth Edition of ASPLOS on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2010, pp. 257–270. ACM, New York (2010)

    Chapter  Google Scholar 

  43. Sifakis, E., Mounier, L.: Extended dynamic taint analysis of multi-threaded applications. Technical Report TR-2012-08, VERIMAG, University of Grenoble (June 2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. VERIMAG Laboratory, University of Grenoble, 2 Av. Vignate, 38610, Gieres, France

    Laurent Mounier & Emmanuel Sifakis

Authors
  1. Laurent Mounier
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuel Sifakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Informatik, Universität Potsdam, August-Bebel-Straße 89, 14482, Potsdam, Germany

    Tiziana Margaria

  2. Fakultät für Informatik, Technische Universität Dortmund, Otto-Hahn-Straße 14, 44227, Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mounier, L., Sifakis, E. (2012). Dynamic Information-Flow Analysis for Multi-threaded Applications. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. Technologies for Mastering Change. ISoLA 2012. Lecture Notes in Computer Science, vol 7609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34026-0_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34026-0_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34025-3

  • Online ISBN: 978-3-642-34026-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation