ABSTRACT
Dynamic taint tracking is an information flow analysis that can be applied to many areas of testing. Phosphor is the first portable, accurate and performant dynamic taint tracking system for Java. While previous systems for performing general-purpose taint tracking in the JVM required specialized research JVMs, Phosphor works with standard off-the-shelf JVMs (such as Oracle's HotSpot and OpenJDK's IcedTea). Phosphor also differs from previous portable JVM taint tracking systems that were not general purpose (e.g. tracked only tags on Strings and no other type), in that it tracks tags on all variables. We have also made several enhancements to Phosphor, to track taint tags through control flow (in addition to data flow), as well as to track an arbitrary number of relationships between taint tags (rather than be limited to only 32 tags). In this demonstration, we show how developers writing testing tools can benefit from Phosphor, and explain briefly how to interact with it.
- J. Bell and G. Kaiser. Phosphor: Illuminating dynamic data flow in commodity jvms. In OOPSLA, 2014. Google ScholarDigital Library
- E. Bruneton, R. Lenglet, and T. Coupaye. Asm: A code manipulation tool to implement adaptable systems. In In Adaptable and extensible component systems, 2002.Google Scholar
- D. Chandra and M. Franz. Fine-grained information flow analysis and enforcement in a java virtual machine. In ACSAC, 2007.Google ScholarCross Ref
- E. Chin and D. Wagner. Efficient character-level taint tracking for java. In ACM Workshop on Secure Web Services, 2009. Google ScholarDigital Library
- J. Clause, W. Li, and A. Orso. Dytan: A generic dynamic taint analysis framework. In ISSTA, 2007. Google ScholarDigital Library
- G. Denaro, A. Margara, M. Pezze, and M. Vivanti. Dynamic data flow testing of object oriented systems. In ICSE, 2015.Google ScholarCross Ref
- W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, 2010. Google ScholarDigital Library
- M. Ganai, D. Lee, and A. Gupta. Dtam: Dynamic taint analysis of multi-threaded programs for relevancy. In FSE, 2012. Google ScholarDigital Library
- V. Haldar, D. Chandra, and M. Franz. Dynamic taint propagation for java. In ACSAC, 2005. Google ScholarDigital Library
- W. G. J. Halfond, A. Orso, and P. Manolios. Using positive tainting and syntax-aware evaluation to counter sql injection attacks. In FSE, 2006. Google ScholarDigital Library
- C. Huo and J. Clause. Improving oracle quality by detecting brittle assertions and unused inputs in tests. In FSE, 2014. Google ScholarDigital Library
- T. R. Leek, G. Z. Baker, R. E. Brown, M. A. Zhivich, and R. P. Lippmann. Coverage maximization using dynamic taint tracing. Technical Report TR-1112, MIT Lincoln Lab, 2007.Google Scholar
- S. K. Nair, P. N. D. Simpson, B. Crispo, and A. S. Tanenbaum. A virtual machine based information flow control system for policy enforcement. Electron. Notes Theor. Comput. Sci., 197(1):3–16, Feb. 2008. Google ScholarDigital Library
- R. Spahn, J. Bell, M. Lee, S. Bhamidipati, R. Geambasu, and G. Kaiser. Pebbles: Fine-grained data management abstractions for modern operating systems. In OSDI, 2014. Google ScholarDigital Library
Index Terms
- Dynamic taint tracking for Java with phosphor (demo)
Recommendations
A Practical Approach for Dynamic Taint Tracking with Control-flow Relationships
Dynamic taint tracking, a technique that traces relationships between values as a program executes, has been used to support a variety of software engineering tasks. Some taint tracking systems only consider data flows and ignore control flows. As a ...
Phosphor: illuminating dynamic data flow in commodity jvms
OOPSLA '14Dynamic taint analysis is a well-known information flow analysis problem with many possible applications. Taint tracking allows for analysis of application data flow by assigning labels to data, and then propagating those labels through data flow. Taint ...
Phosphor: illuminating dynamic data flow in commodity jvms
OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & ApplicationsDynamic taint analysis is a well-known information flow analysis problem with many possible applications. Taint tracking allows for analysis of application data flow by assigning labels to data, and then propagating those labels through data flow. Taint ...
Comments