LDX: Causality Inference by Lightweight Dual Execution

Causality inference, such as dynamic taint anslysis, has many applications (e.g., information leak detection). It determines whether an event e is causally dependent on a preceding event c during execution. We develop a new causality inference engine LDX. Given an execution, it spawns a slave execution, in which it mutates c and observes whether any change is induced at e. To preclude non-determinism, LDX couples the executions by sharing syscall outcomes. To handle path differences induced by the perturbation, we develop a novel on-the-fly execution alignment scheme that maintains a counter to reflect the progress of execution. The scheme relies on program analysis and compiler transformation. LDX can effectively detect information leak and security attacks with an average overhead of 6.08% while running the master and the slave concurrently on separate CPUs, much lower than existing systems that require instruction level monitoring. Furthermore, it has much better accuracy in causality inference.

[1]  G. Miller,et al.  Language and Perception , 1976 .

[2]  Kenneth P. Birman,et al.  Replication and fault-tolerance in the ISIS system , 1985, SOSP '85.

[3]  Santosh K. Shrivastava,et al.  Preventing state divergence in replicated distributed programs , 1990, Proceedings Ninth Symposium on Reliable Distributed Systems.

[4]  P. Reynier,et al.  Active replication in Delta-4 , 1992, [1992] Digest of Papers. FTCS-22: The Twenty-Second International Symposium on Fault-Tolerant Computing.

[5]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[6]  P. Cheng From covariation to causation: A causal power theory. , 1997 .

[7]  John P. McDermott,et al.  Doc, Wyatt, and Virgil: prototyping storage jamming defenses , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[8]  Santosh K. Shrivastava,et al.  The Voltan application programming environment for fail-silent processes , 1998, Distributed Syst. Eng..

[9]  Miguel Castro,et al.  BASE: using abstraction to improve fault tolerance , 2001, SOSP.

[10]  Eyal de Lara,et al.  The taser intrusion recovery system , 2005, SOSP '05.

[11]  A. Gopnik,et al.  Young Children Infer Causal Strength From Probabilities and Interventions , 2005, Psychological science.

[12]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[13]  Satish Narayanasamy,et al.  Recording shared memory dependencies using strata , 2006, ASPLOS XII.

[14]  Emery D. Berger,et al.  DieHard: probabilistic memory safety for unsafe languages , 2006, PLDI '06.

[15]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[16]  Hari Balakrishnan,et al.  Tolerating byzantine faults in transaction processing systems using commit barrier scheduling , 2007, SOSP.

[17]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[18]  Lorenzo Cavallaro,et al.  Diversified Process Replicæ for Defeating Memory Error Exploits , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[19]  Landon P. Cox,et al.  TightLip: Keeping Applications from Spilling the Beans , 2007, NSDI.

[20]  Derek Hower,et al.  Rerun: Exploiting Episodes for Lightweight Memory Race Recording , 2008, 2008 International Symposium on Computer Architecture.

[21]  Scott Shenker,et al.  Diverse Replication for Single-Machine Byzantine-Fault Tolerance , 2008, USENIX Annual Technical Conference.

[22]  Xiangyu Zhang,et al.  Efficient program execution indexing , 2008, PLDI '08.

[23]  A. Prasad Sistla,et al.  Preventing Information Leaks through Shadow Executions , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[24]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[25]  Stephen McCamant,et al.  Quantitative information flow as network flow capacity , 2008, PLDI '08.

[26]  Emery D. Berger,et al.  Archipelago: trading address space for reliability and security , 2008, ASPLOS.

[27]  Frederic T. Chong,et al.  Complete information flow tracking from the gates up , 2009, ASPLOS.

[28]  Michael Franz,et al.  Multi-variant execution: run-time defense against malicious code injection attacks , 2009 .

[29]  Yuanyuan Zhou,et al.  PRES: probabilistic replay with execution sketching on multiprocessors , 2009, SOSP '09.

[30]  Michael Backes,et al.  Automatic Discovery and Quantification of Information Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[31]  Frederic T. Chong,et al.  Execution leases: A hardware-supported mechanism for enforcing strong non-interference , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[32]  Josep Torrellas,et al.  Capo: a software-hardware interface for practical deterministic multiprocessor replay , 2009, ASPLOS.

[33]  Xi Wang,et al.  Intrusion Recovery Using Selective Re-execution , 2010, OSDI.

[34]  Andy Podgurski,et al.  Causal inference for statistical fault localization , 2010, ISSTA '10.

[35]  Xiangyu Zhang,et al.  Strict control dependence and its effect on dynamic information flow analyses , 2010, ISSTA '10.

[36]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[37]  Pasquale Malacaria,et al.  Quantifying information leaks in software , 2010, ACSAC '10.

[38]  Francesco Sorrentino,et al.  PENELOPE: weaving threads to expose atomicity violations , 2010, FSE '10.

[39]  J. Bennett,et al.  Enquiry Concerning Human Understanding , 2010 .

[40]  Mona Attariyan,et al.  Automating Configuration Troubleshooting with Dynamic Information Flow Analysis , 2010, OSDI.

[41]  Frederic T. Chong,et al.  Caisson: a hardware description language for secure information flow , 2011, PLDI '11.

[42]  Herbert Bos,et al.  Minemu: The World's Fastest Taint Tracker , 2011, RAID.

[43]  Nickolai Zeldovich,et al.  Intrusion recovery for database-backed web applications , 2011, SOSP.

[44]  Stephen McCamant,et al.  DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation , 2011, NDSS.

[45]  Satish Narayanasamy,et al.  DoublePlay: parallelizing sequential logging and replay , 2011, ASPLOS XVI.

[46]  Frederic T. Chong,et al.  Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).

[47]  Thomas H. Austin,et al.  Multiple facets for dynamic information flow , 2012, POPL '12.

[48]  Angelos D. Keromytis,et al.  libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.

[49]  Jason Nieh,et al.  Transparent mutable replay for multicore debugging and patch validation , 2013, ASPLOS '13.

[50]  Feng Cao,et al.  MFL: Method-Level Fault Localization with Causal Inference , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[51]  Bi Wu,et al.  SpanDex: Secure Password Tracking for Android , 2014, USENIX Security Symposium.

[52]  Mário S. Alvim,et al.  Quantifying Information Flow for Dynamic Secrets , 2014, 2014 IEEE Symposium on Security and Privacy.

[53]  Xi Wang,et al.  Identifying Information Disclosure in Web Applications with Retroactive Auditing , 2014, OSDI.

[54]  Cristian Cadar,et al.  VARAN the Unbelievable: An Efficient N-version Execution Framework , 2015, ASPLOS.

[55]  Andy Podgurski,et al.  NUMFL: Localizing Faults in Numerical Software Using a Value-Based Causal Model , 2015, 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST).

[56]  Xiangyu Zhang,et al.  Dual Execution for On the Fly Fine Grained Execution Comparison , 2015, ASPLOS.