Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University.

Slides:

Advertisements

Similar presentations

Android Application Development A Tutorial Driven Course.

Advertisements

CSC 360- Instructor: K. Wu Overview of Operating Systems.

Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.

DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis Lok Kwong Yan, and Heng Yin Syracuse University.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Introduction to Android Mohammad A. Gowayyed CS334-Spring 2014.

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P

DEPARTMENT OF COMPUTER ENGINEERING

ANDROID OPERATING SYSTEM Guided By,Presented By, Ajay B.N Somashekar B.T Asst Professor MTech 2 nd Sem (CE)Dept of CS & E.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Dynamic Tainting for Deployed Java Programs Du Li Advisor: Witawas Srisa-an University of Nebraska-Lincoln 1.

Mobile Application Development

KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.

ThreadsThreads operating systems. ThreadsThreads A Thread, or thread of execution, is the sequence of instructions being executed. A process may have.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Tanenbaum 8.3 See references

Mobile Application Development with ANDROID Tejas Lagvankar UMBC 29 April 2009.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis Authors: Heng Yin, Dawn Song, Manuel Egele, Christoper Kruegel, and.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Presented By: Steven Zittrower William Enck ( Penn St) (Duke)

D2Taint: Differentiated and Dynamic Information Flow Tracking on Smartphones for Numerous Data Sources Boxuan Gu, Xinfeng Li, Gang Li, Adam C. Champion,

Authors: William Enck The Pennsylvania State University Peter Gilbert Duke University Byung-Gon Chun Intel Labs Landon P. Cox Duke University Jaeyeon Jung.

Presented by: Kushal Mehta University of Central Florida Michael Spreitzenbarth, Felix Freiling Friedrich-Alexander- University Erlangen, Germany michael.spreitzenbart,

01. Introduction to Android Prof. Oum Saokosal Master of Engineering in Information Systems, South Korea

Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.

Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

Parallelizing Security Checks on Commodity Hardware E.B. Nightingale, D. Peek, P.M. Chen and J. Flinn U Michigan.

Android for Java Developers Denver Java Users Group Jan 11, Mike

An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko

University of Central Florida TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones Written by Enck, Gilbert,

Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:

CS533 Concepts of Operating Systems Jonathan Walpole.

Lecture 3 Process Concepts. What is a Process? A process is the dynamic execution context of an executing program. Several processes may run concurrently,

Android Security Auditing Slides and projects at samsclass.info.

1 Threads Chapter 11 from the book: Inter-process Communications in Linux: The Nooks & Crannies by John Shapley Gray Publisher: Prentice Hall Pub Date:

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

Chapter 4 – Threads (Pgs 153 – 174). Threads  A "Basic Unit of CPU Utilization"  A technique that assists in performing parallel computation by setting.

Accelerating Dynamic Software Analyses Joseph L. Greathouse Ph.D. Candidate Advanced Computer Architecture Laboratory University of Michigan December 1,

Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 4: Threads.

DATA COMPROMISE Controlling the flow of sensitive electronic information remains a major challenge, ranging from theft to accidental violation of policies.

Mobile Application Development with ANDROID Umang Patel(6537) LDCE.

Enforcing Executing-Implies-Verified with the Integrity-Aware Processor Michael LeMay Carl A. Gunter University of Illinois at Urbana-Champaign Modified.

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.

VMM Based Rootkit Detection on Android

Flashback : A Lightweight Extension for Rollback and Deterministic Replay for Software Debugging Sudarshan M. Srinivasan, Srikanth Kandula, Christopher.

Enhancing Mobile Apps to Use Sensor Hubs without Programmer Effort Haichen Shen, Aruna Balasubramanian, Anthony LaMarca, David Wetherall 1.

Operating System Concepts

Android operating system N. Sravani M. Tech(CSE) (09251D5804)

Accelerometer based motion gestures for mobile devices Presented by – Neel Parikh Advisor Committee members Dr. Chris Pollett Dr. Robert Chun Dr. Mark.

Just-In-Time Compilation. Introduction Just-in-time compilation (JIT), also known as dynamic translation, is a method to improve the runtime performance.

Computer System Structures

Introduction to threads

Android Mobile Application Development

Virtualization.

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

Android Runtime – Dalvik VM

CASE STUDY 1: Linux and Android

TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime Sadiq Basha.

MobiSys 2017 Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation Qiang Zeng joint work with Lannan.

Introduction to Operating Systems

OS Virtualization.

Ali Razeen, Alvin R. Lebeck, David Liu,

Reverse engineering through full system simulations

Mobile Programming Dr. Mohsin Ali Memon.

Paging Andrew Whitaker CSE451.

Presentation transcript:

Better Performance Through Thread-local Emulation Ali Razeen, Valentin Pistol, Alexander Meijer, and Landon P. Cox Duke University

Goal: Track how apps use data 2

3

4

“What is the app doing?” What is the app doing after taking a picture? Is it creating multiple copies of the picture? 5

Dynamic taint tracking 6 Log when photos are saved as files 01: Image pic = takePicWithCamera(); 02: Image newPic = copy(pic); 03: crop(newPic); 04: modify(newPic); 05: writeToFile(newPic, “my_picture.png”); Mark as “taint source” Tainted due to “taint propagation rules” Mark the file system as a “taint sink”

Dynamic taint tracking Detecting and defeating malware TaintCheck (Newsome `05), Panorama (Yin`07) Attest to the authenticity of sensor data YouProve (Gilbert `11) Minimize exposure of sensitive data Clean OS (Tang `12) Manage app data in logical units Pebbles (Spahn `14) Track how apps use passwords SpanDex (Cox `14) Improve energy efficiency of apps MobileHub (Shen `15) 7

YouProve [Gilbert `11] 8 Was the swan really there?

YouProve [Gilbert `11] 9 Prove that camera images are authentic 01: Image pic = takePicWithCamera(); 02: Image newPic = copy(pic); 03: crop(newPic); 04: modify(newPic); 05: writeToFile(newPic, “my_picture.png”); The camera is a taint source The file system is a taint sink Original

YouProve [Gilbert `11] 10 OriginalnewPic Picture analyzer Authenticity certificate

TaintDroid [Enck ‘10] Implemented within the Dalvik VM – Dalvik is a managed runtime like the Java VM Reasonably good performance – Overhead of about 14% – Running apps on a VM is slow to begin with – Taint tracking logic does not add significant overhead Hardware Linux Kernel Android Platform Dalvik VM Core Libraries 11

The trend to native code 12 Tracking native code is expensive! 10 to 30x slowdown TaintCheck (Newsome ‘05), Dytan (Clause ’07)

Selective taint tracking Perform tracking only the camera is used – 1. Disassemble an app’s instructions – 2. Perform taint propagation – 3. Execute the app instruction – 4. Proceed until app stops using tainted data Otherwise, apps run normally Implemented using page protections Demand Emulation (Ho ’06) Overhead is amortized over app’s lifetime! 13

Apps are multi-threaded takePicWithCamera() Only emulate the threads handling tainted data UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 14

Thread-local emulation takePicWithCamera() How can we interpose on memory accesses on a thread-level basis? Worker Thread 2 Worker Thread 3 UI Thread Worker Thread 1 Only the threads handling tainted data are emulated 15

16 UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 Memory How does emulator access tainted data in protected page? Tainted data in protected page Memory organized in pages Remove page protections Not emulated!

17 UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 Memory Emulate everything! We want thread-local emulation

Page table tricks 18 UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 Virtual Memory Physical Memory

Alternative approaches Software Techniques: – Virtual page table tricks (Appel and Li ’91) Hardware techniques: – ARM memory domains – Virtualization features Dune (Belay ’12) 19

Limitations 20 Tainted data on UI thread!

Conclusion Dynamic taint tracking is useful Modern mobile platforms exhibit a shift to native code Need native code taint tracking Require thread-local emulation for performance Plenty of research and implementation questions left 21

Thread-level Memory Access UI Thread Worker Thread 1 Worker Thread 2 Worker Thread 3 Process Emulator implemented as thread-specific signal handler. Page protections at thread-granularity.

The Elephant in the Room 23 Implicit Flows

Might not be a problem. YouProve (Gilbert’11) May be quantified in certain contexts. SpanDex (Cox ‘14) Ideas from static taint analysis may be used. MobileHub (Shen ’15) 24

Implicit Flows 25 01: int someVal = getTaintedValue(); 02: bool lessThanTwenty = false; 03: if (someVal < 20) { 04: lessThanTwenty = true; 05: } 06: if (lessThanTwenty) { 07: doSomethingHere(); 08: } Should this be tainted? Exploitable by malicious apps. Unclear.

YouProve [Gilbert `11] 26 Prove that sensor data is authentic. 01: Image pic = takePicWithCamera(); 02: Image newPic = copy(pic); 03: crop(newPic); 04: modify(newPic); 05: writeToFile(newPic, “my_picture.png”) Original Authenticity certificate will not be generated!