Indiana University Bloomington

School of Informatics and Computing


 Computer Science Program




 Home

 Contacts

 Courses

 Academics

 Careers

 Research

 People

 Calendar

 Resources

 Facilities



Pervasive Technology Labs

Computing Research Association

Association for Computing Machinery

Technical Report TR670:
Leapfrog: Enhancing Information Protection in Commodity Applications with Dataflow Control

XiaoFeng Wang, Zhuowei Li and Rui Wang
Unknown Date
Abstract:
Commodity applications can pose a serious threat to users' confidential information when they do not have sufficient security features or are configured improperly. This problem is difficult due to the unavailability of these applications' source code, which renders the techniques such as compiler-level security enhancement hard to apply. Existing solutions rely on either system-call level control, which is often too coarse-grained, or instruction-level dataflow tracking, which is too expensive to operate online. In this paper, we present a new solution called Leapfrog which retrofits binary executables with mandatory dataflow control. Our technique enables a "patched" application to perform fine-grained dataflow control at a performance penalty which in many cases can be neglected. This is achieved through a novel technique that tracks sensitive data flows only at a small set of program locations: each location uses the program's internal state and pre-computed conditions to predict the path the data flows will go through and the next location they will reach. As a result, the sensitive data can be followed until they are to be sent out to the Internet, where they are controlled according to security policies. Such dataflow tracking and control is supported by an offline analysis which identifies the execution paths for processing sensitive data and the conditions for the data to propagate along these paths. We further mitigate the coverage concern of this analysis through enforcing a security policy that disallows highly sensitive data to be processed by unknown execution paths without disrupting a program's operations. Leapfrog works on multithreaded applications and can attach code to an application without functionally altering its executable files. Our evaluations show that our technique effectively protects sensitive information in misconfigured applications and those with security flaws, and also incurs a small runtime overhead.

Available as:

There is help available if you want further information about the available file formats and software to display and print these files.

Return to the Technical Report Index


[Site Map]


Home  ||   ResearchTechnical Reports | Funding | Active Awards


Valid HTML 4.01!

  Page Owner: Webmaster
  
IU School of Informatics and Computing—Bloomington
Computer Science Program
Email: info@IU CS Program