PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory Tracker

PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory Tracker

Information-flow tracking is useful for preventing malicious code execution and sensitive information leakage. Unfortunately, the performance penalty of the currently available solutions is too high for real-world applications. This paper presents PDIFT++, a hybrid system-wide dynamic information-fl...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:SN computer science 2024-02, Vol.5 (2), p.226, Article 226
Hauptverfasser: Kiperberg, Michael, Zaidenberg, Nezer
Format: Artikel
Sprache:eng
Schlagworte:
Computer Imaging
Computer Science
Computer Systems Organization and Communication Networks
Data integrity
Data Structures and Information Theory
Hybrid systems
Information flow
Information Systems and Communication Service
Java
Malware
Original Research
Pattern Recognition and Graphics
Prevention
Propagation
Recent Trends on Information Systems Security and Privacy
Security systems
Software
Software Engineering/Programming and Operating Systems
Tracking
Vision
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Information-flow tracking is useful for preventing malicious code execution and sensitive information leakage. Unfortunately, the performance penalty of the currently available solutions is too high for real-world applications. This paper presents PDIFT++, a hybrid system-wide dynamic information-flow tracker. PDIFT++ uses a hypervisor for coarse memory tracking and an emulator for fine memory tracking. The switching between the two modes allows PDIFT++ to achieve high performance without compromising the memory tracking precision. In addition, PDIFT++ provides system-wide tracking by monitoring system calls that can transmit information between two processes and between a process and a file system. The results show that PDIFT++ induces a performance penalty of 26% on average.
ISSN:2661-8907
2662-995X
2661-8907
DOI:10.1007/s42979-023-02555-w