Challenges and Opportunities for Practical and Effective Dynamic Information Flow Tracking

Author:

Brant Christopher1,Shrestha Prakash1,Mixon-Baca Benjamin2,Chen Kejun1,Varlioglu Said3,Elsayed Nelly3,Jin Yier1,Crandall Jedidiah2,Oliveira Daniela1

Affiliation:

1. University of Florida, Gainesville, FL

2. Arizona State University, Tempe, AZ

3. University of Cincinnati, Cincinnati, OH

Abstract

Information flow tracking was proposed more than 40 years ago to address the limitations of access control mechanisms to guarantee the confidentiality and integrity of information flowing within a system, but has not yet been widely applied in practice for security solutions. Here, we survey and systematize literature on dynamic information flow tracking (DIFT) to discover challenges and opportunities to make it practical and effective for security solutions. We focus on common knowledge in the literature and lingering research gaps from two dimensions— (i) the layer of abstraction where DIFT is implemented (software, software/hardware, or hardware) and (ii) the security goal (confidentiality and/or integrity). We observe that two major limitations hinder the practical application of DIFT for on-the-fly security applications: (i) high implementation overhead and (ii) incomplete information flow tracking (low accuracy). We posit, after review of the literature, that addressing these major impedances via hardware parallelism can potentially unleash DIFT’s great potential for systems security, as it can allow security policies to be implemented in a built-in and standardized fashion. Furthermore, we provide recommendations for the next generation of practical and efficient DIFT systems with an eye towards hardware-supported implementations.

Funder

National Science Foundation

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Reference85 articles.

1. Source code vulnerabilities in IoT software systems;Alnaeli Saleh Mohamed;Advances in Science, Technology and Engineering Systems Journal,2017

Cited by 8 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. MaDroid: A maliciousness-aware multifeatured dataset for detecting android malware;Computers & Security;2024-09

2. Design and implementation of an efficient container tag dynamic taint analysis;Computers & Security;2023-12

3. Another Break in the Wall: Harnessing Fault Injection Attacks to Penetrate Software Fortresses;Proceedings of the First International Workshop on Security and Privacy of Sensing Systems;2023-11-12

4. Pervasive Micro Information Flow Tracking;IEEE Transactions on Dependable and Secure Computing;2023-11

5. ARC-FSM-G: Automatic Security Rule Checking for Finite State Machine at the Netlist Abstraction;2023 IEEE International Test Conference (ITC);2023-10-07

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3