DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1085478
Title:
MITOS: Optimal Decisioning for the indirect Flow Propagation Dilemma in Dynamic Information Flow Tracking Systems
Descriptive Note:
Technical Report,30 Jun 2015,01 Jul 2019
Corporate Author:
University of Florida Gainesville United States
Report Date:
2019-12-01
Pagination or Media Count:
32.0
Abstract:
Dynamic Information Flow Tracking DIFT is a technique for tracking the information as it flows through a programs execution. Specifically, some inputs or data get tainted and then these taint marks tags propagate usually at the instruction-level. While DIFT has been a fundamental concept in computer and network security for the past decade, it still faces open challenges that impede its widespread application in practice one of them being the indirect flow propagation dilemma should the tags involved in an indirect flow, e.g., in a control or address dependency, be propagated Propagating all these tags, as is done for direct flows, leads to overtainting, while not propagating those leads to undertainting. In this work, we analytically model that decisioning problem for indirect flows, by optimally weighting various tradeoffs including undertainting versus overtainting. Towards tackling this problem, we design and implement MITOS, a distributed-optimization algorithm that optimally decides about the propagation of indirect flows. We also perform a case-study scenario with a real in-memory only attack and show that MITOS improves simultaneously i systems spatiotemporal overhead and ii systems fingerprint on suspected bytes up to 167 compared to traditional DIFT, even though these metrics usually conflict.
Distribution Statement:
APPROVED FOR PUBLIC RELEASE
