- 學位論文
高效率弱耦合Java應用程式汙染源追蹤技術
Efficient Decoupled Taint Analysis for Java Applications
本文將於2024/09/01開放下載。若您希望在開放下載時收到通知,可將文章加入收藏。
摘要
動態資訊流追蹤的技術發展至今已久,許多相關的研究主要著重於編譯器部分編譯原始碼的過程進行改寫,並嵌入汙染傳播邏輯。也因此汙染傳播邏輯嵌入的作法需要仰賴編譯器的改寫或特定執行環境的高度耦合。此外動態資訊流追蹤的技術因為影響執行效能問題,常造成該技術不易導入產品的使用環境當中。在本研究裡,結合了低耦合的設計讓汙染傳播端的程式邏輯與目標分析程式分離開來,大幅優化目標程式在運行時的分析效能問題。在原程式的執行過程中,會透過動態改寫的方式注入bytecode來追蹤程式執行時的特定資訊,並且實作使用Bytecode Instrumentation Translator對該程式進行改寫並生成汙染語意版本的bytecode。最後再透過重播的方式讓汙染語意版本的程式與原程式有相同的程式執行路徑。此設計方式可在不修改執行環境及編譯器下完成,並且讓汙染傳遞分析執行在原生的執行環境當中。
並列摘要
The technology of dynamic information flow tracking has been developed for a long time. Many related pieces of research mainly focus on the process of compiling the source code in the compiler part and embedding taint propagation logic. Therefore, the practice of taint propagation logic embedding relies on the rewriting of the compiler or coupling of a particular execution environment. In addition, the technology of dynamic information flow tracking often affects the implementation performance, which often makes the technology difficult to import into the production environment. In this study, the decoupled design is combined to separate the logic of the taint propagation from the target analysis program, greatly optimizing the analysis performance of the target program at runtime. During the execution of the original target program, the bytecode is instrumented by a dynamic rewriting technique to track the specific information when the program is executed. Then the translator that uses the bytecode rewriting technique rewrites the bytecode to generate the bytecode of the taint semantic version. Finally, the program of the taint semantic version has the same program behavior as the original program through the replay. This design can be done without modifying the execution environment and the compiler and allowing the taint propagation analysis to be performed in the native execution environment.
參考文獻
[1] ASM: Java bytecode manipulation and analysis framework. Available: https://asm.ow2.io/
[2] J. Clause, W. Li, and A. Orso, "Dytan: A Generic Dynamic Taint Analysis Framework," presented at the ISSTA ACM, 2007.
[3] V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis, "Libdft: Practical Dynamic Data Flow Trackingfor Commodity Systems," in 8th ACM SIGPLA/SIGOPS New York, 2012, pp. 121-132.
[4] S. K. Nair, P. N. D. Simpson, B. Crispo, and A. Tanenbaum, "Trishul: A Policy Enforcement Architecture forJava Virtual Machines," Electronic Notes in Theoretical Computer Science, 2008.
[5] D. Chandra and M. Franz, "Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine," presented at the Twenty-Third Annual Computer Security Applications Conference, 2007.
延伸閱讀
- Yang, M. H. (2018). 具高能源效益之分散式稀疏訊號重建與事件區域偵測演算法設計及效能分析 [doctoral dissertation, National Chiao Tung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0030-0205201911103685
- 余慶聰、王宗源(2003)。低放射性廢棄物整桶計測校正技術之應用。化學,61(3),475-481。https://doi.org/10.6623/chem.2003049
- 陳嘉玫、林哲銘、歐雅惠、賴谷鑫(2015)。以汙染傳遞為基礎之行動軟體威脅行為偵測。電子商務學報,17(3),375-392。https://doi.org/10.6188/JEB.2015.17(3).04
- Chen, H. W. (2020). Auto-Classifying-Fixing Build Errors in Java-Based Open Source Projects [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU202003828
- Wang, P. Y. (2004). Design and Implementation of Asynchronous Java Processor [master's thesis, Tatung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0081-0607200917234448