PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory Tracker

Michael Kiperberg; Nezer Zaidenberg

doi:10.1007/s42979-023-02555-w

PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory Tracker

Michael Kiperberg
, Nezer Zaidenberg

Department of Computer Science

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

Information-flow tracking is useful for preventing malicious code execution and sensitive information leakage. Unfortunately, the performance penalty of the currently available solutions is too high for real-world applications. This paper presents PDIFT++, a hybrid system-wide dynamic information-flow tracker. PDIFT++ uses a hypervisor for coarse memory tracking and an emulator for fine memory tracking. The switching between the two modes allows PDIFT++ to achieve high performance without compromising the memory tracking precision. In addition, PDIFT++ provides system-wide tracking by monitoring system calls that can transmit information between two processes and between a process and a file system. The results show that PDIFT++ induces a performance penalty of 26% on average.

Original language	English
Article number	226
Journal	SN Computer Science
Volume	5
Issue number	2
DOIs	https://doi.org/10.1007/s42979-023-02555-w
State	Published - Feb 2024

Keywords

DIFT
Emulator
Hypervisor
Virtualization

Access to Document

10.1007/s42979-023-02555-w

Cite this

@article{30aecf200eb04e03b898faa9af075634,

title = "PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory Tracker",

abstract = "Information-flow tracking is useful for preventing malicious code execution and sensitive information leakage. Unfortunately, the performance penalty of the currently available solutions is too high for real-world applications. This paper presents PDIFT++, a hybrid system-wide dynamic information-flow tracker. PDIFT++ uses a hypervisor for coarse memory tracking and an emulator for fine memory tracking. The switching between the two modes allows PDIFT++ to achieve high performance without compromising the memory tracking precision. In addition, PDIFT++ provides system-wide tracking by monitoring system calls that can transmit information between two processes and between a process and a file system. The results show that PDIFT++ induces a performance penalty of 26\% on average.",

keywords = "DIFT, Emulator, Hypervisor, Virtualization",

author = "Michael Kiperberg and Nezer Zaidenberg",

note = "Publisher Copyright: {\textcopyright} 2024, The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd.",

year = "2024",

month = feb,

doi = "10.1007/s42979-023-02555-w",

language = "אנגלית",

volume = "5",

journal = "SN Computer Science",

issn = "2662-995X",

publisher = "Springer",

number = "2",

}

TY - JOUR

T1 - PDIFT++

T2 - System-Wide Memory Tracking Using a Single-Process Memory Tracker

AU - Kiperberg, Michael

AU - Zaidenberg, Nezer

PY - 2024/2

Y1 - 2024/2

N2 - Information-flow tracking is useful for preventing malicious code execution and sensitive information leakage. Unfortunately, the performance penalty of the currently available solutions is too high for real-world applications. This paper presents PDIFT++, a hybrid system-wide dynamic information-flow tracker. PDIFT++ uses a hypervisor for coarse memory tracking and an emulator for fine memory tracking. The switching between the two modes allows PDIFT++ to achieve high performance without compromising the memory tracking precision. In addition, PDIFT++ provides system-wide tracking by monitoring system calls that can transmit information between two processes and between a process and a file system. The results show that PDIFT++ induces a performance penalty of 26% on average.

AB - Information-flow tracking is useful for preventing malicious code execution and sensitive information leakage. Unfortunately, the performance penalty of the currently available solutions is too high for real-world applications. This paper presents PDIFT++, a hybrid system-wide dynamic information-flow tracker. PDIFT++ uses a hypervisor for coarse memory tracking and an emulator for fine memory tracking. The switching between the two modes allows PDIFT++ to achieve high performance without compromising the memory tracking precision. In addition, PDIFT++ provides system-wide tracking by monitoring system calls that can transmit information between two processes and between a process and a file system. The results show that PDIFT++ induces a performance penalty of 26% on average.

KW - DIFT

KW - Emulator

KW - Hypervisor

KW - Virtualization

UR - https://www.scopus.com/pages/publications/85182633162

U2 - 10.1007/s42979-023-02555-w

DO - 10.1007/s42979-023-02555-w

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85182633162

SN - 2662-995X

VL - 5

JO - SN Computer Science

JF - SN Computer Science

IS - 2

M1 - 226

ER -

PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory Tracker

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this