TY - GEN
T1 - LeakProber
T2 - 1st ACM Conference on Data and Application Security and Privacy, CODASPY'11
AU - Yu, Junfeng
AU - Zhang, Shengzhi
AU - Liu, Peng
AU - Li, ZhiTang
PY - 2011
Y1 - 2011
N2 - In this paper, we present the design, implementation, and evaluation of LeakProber, a framework that leverages the whole system dynamic instrumentation and the inter-procedural analysis to enable data propagation path profiling in production system. We integrate both the static analysis and runtime tracking to establish a holistic and practical approach to generating the sensitive data propagation graph (sDPG) with minimum runtime overhead. We evaluate our system on several data stealing attacks scenario for generating sDPG. The sDPG generated by our system captures multiple aspects of data accessing patterns and provides clear insights into the data leakage path. We also measure the performance of our system and find that it degrades the production system about 6% in the trace-on mode. When our prototype works in the trace-off mode, the runtime overhead is even lower, on an average of 1.5% across each benchmark we run. We believe that it is feasible to directly apply our prototype into production system environment.
AB - In this paper, we present the design, implementation, and evaluation of LeakProber, a framework that leverages the whole system dynamic instrumentation and the inter-procedural analysis to enable data propagation path profiling in production system. We integrate both the static analysis and runtime tracking to establish a holistic and practical approach to generating the sensitive data propagation graph (sDPG) with minimum runtime overhead. We evaluate our system on several data stealing attacks scenario for generating sDPG. The sDPG generated by our system captures multiple aspects of data accessing patterns and provides clear insights into the data leakage path. We also measure the performance of our system and find that it degrades the production system about 6% in the trace-on mode. When our prototype works in the trace-off mode, the runtime overhead is even lower, on an average of 1.5% across each benchmark we run. We believe that it is feasible to directly apply our prototype into production system environment.
UR - http://www.scopus.com/inward/record.url?scp=79952781843&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79952781843&partnerID=8YFLogxK
U2 - 10.1145/1943513.1943525
DO - 10.1145/1943513.1943525
M3 - Conference contribution
AN - SCOPUS:79952781843
SN - 9781450304665
T3 - CODASPY'11 - Proceedings of the 1st ACM Conference on Data and Application Security and Privacy
SP - 75
EP - 84
BT - CODASPY'11 - Proceedings of the 1st ACM Conference on Data and Application Security and Privacy
Y2 - 21 February 2011 through 23 February 2011
ER -