Conference Papers: SHRIFT System-Wide HybRid Information Flow Tracking

Using data flow tracking technology, one can observe how data flows from inputs (sources) to outputs (sinks) of a software system. It has been proposed to do runtime data flow tracking at various layers simultaneously (operating system, application, data base, window man- ager, etc.), and connect the monitors' observations to exploit semantic information about the layers to make analyses more precise. This has im- plications on performance -- multiple monitors running in parallel -- and on methodology -- there needs to be one dedicated monitor per layer. We address both aspects of the problem. We replace a runtime monitor at a layer L by its statically computed input-output dependencies. At runtime, these relations are used by monitors at other layers to model flows of data through L, thus allowing cross-layer system-wide tracking. We achieve this in three steps: (1) static analysis of the application at layer L, (2) instrumentation of the application's source and sink instruc- tions and (3) runtime execution of the instrumented application in com- bination with monitors at other layers. The result allows for system-wide tracking of data dissemination, across and through multiple applications. We implement our solution at the Java Bytecode level, and connect it to a runtime OS-level monitor. In terms of precision and performance, we outperform binary-level approaches and can exploit high-level semantics.