DOG: Efficient Information Flow Tracing and Program Monitoring with Dynamic Binary Rewriting
نویسندگان
چکیده
In this paper, we present DOG (Dynamic Observant Guard), an efficient information flow tracing and program monitoring system. Our system is based on dynamic binary rewriting. We proposed a number of novel techniques such as memory mapping to reduce overhead in tracing of data and monitoring of program execution. We have demonstrated that our system is effective in protecting against various kinds of exploits. We also evaluated our system performance with SPEC2000 INT [5] benchmark. Our system achieved an average slowdown of 5.5 times compared against the native execution, offering significant improvements over similar tools.
منابع مشابه
Partial Data Traces: Efficient Generation and Representation
Binary manipulation techniques are increasing in popularity. They support program transformations tailored toward certain program inputs, and these transformations have been shown to yield performance gains beyond the scope of static code optimizations without profile-directed feedback. They even deliver moderate gains in the presence of profile-guided optimizations. In addition, transformation...
متن کاملDynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)
This paper addresses the process of dynamic data ow analysis using virtual code integration (VCI), often refered to as dynamic binary rewriting. This article will try to demonstrate all of the techniques that were applied in the SpiderPig project [15]. It will also discuss the main di erences between the methods that were employed and those used in other available software, as well as introduci...
متن کاملDDB: Deadlock Debugger
Deadlocks are challenging to debug because they may occur rarely, based on a particular thread interleaving and are often hard to reproduce in a debugger. We introduce DDB, a debugging environment targeted at replaying deadlocks in large software systems that use the pthreads library. It does this without the need to modify the production software and incurs a minimum overhead at runtime. DDB’s...
متن کاملProxy-Annotated Control Flow Graphs: Deterministic Context-Sensitive Monitoring for Intrusion Detection
Model or specification based intrusion detection systems have been effective in detecting known and unknown host based attacks with few false alarms [12, 15]. In this approach, a model of program behavior is developed either manually, by using a high level specification language, or automatically, by static or dynamic analysis of the program. The actual program execution is then monitored using...
متن کاملVulnerability-Specific Execution Filtering with Log-Based Architecture Lifeguards
Instruction-grain dynamic monitoring tools can detect bugs and prevent security violations in executing programs. Traditionally, instructions from the monitoring tool are inserted into the currently executing program using well-established techniques such as binary rewriting, software-based emulation, or binary instrumentation in order to provide timely detection and possibly mitigation. Those ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005