Parallelizing Dynamic Information Flow Tracking

1
Parallelizing Dynamic Information Flow Tracking

• Olatunji Ruwase
• Phillip B. Gibbons Todd C. Mowry Vijaya
  Ramachandran
• Shimin Chen Michael Kozuch Michael Ryan

2
Lifeguards Pros and Cons

• Monitors a running programin order to detect
  bugs security attacks
• E.g., detect any accessesto unallocated memory

program
lifeguard

• 3X to 30X program slowdown

Parallelize lifeguards to make them faster
Can run lifeguard on separate core
3
TaintCheck A Dynamic Information Flow Tracking
Lifeguard
My
PACKET
DIFT Parallelism Challenge Embarrassingly
sequential lifeguards
R1
My
R1
R1

• Memcheck Nethercote et al PLDI05
• memory bugs

• Catch security bugs
• NewSome et al NDSS 05
• TAINTED/UNTAINTED
• Propagation of taint status

4
A Parallel DIFT Algorithm
n
Asymptotic Linear Speedup

• Symbolic Inheritance Tracking ?(n/p)
• Inheritance Resolution ?(n/p)

5
Symbolic Inheritance Tracking

Mx

My
R1

R1
R2

R2
R3
segment j 1
segment j
segment j - 1

• Collapsed propagation chain

6
Inheritance Resolution
Mx
My
R2
R1
R2
R3
segment j 1
segment j - 1
segment j

• Resolve segments in sequential order
• Locations within segment are resolved in parallel

7
Symbolic Inheritance Tracking (Harder Case)


R2
R1
R2

R1
My

My
Mx
JMP
R1
?
segment j 1
segment j
segment j - 1

• Unary propagation Costa et al SOSP 05

8
Inheritance Resolution (Harder Case)
R1
Mx
R2
My
R1
R1
My
JMP
My
?
segment j 1
segment j - 1
segment j

• Detect security attack

9
Implementation Parallel TaintCheck
Algorithm
Implementation

• Speedup achieved because inheritance information
  is smaller than code segment

10
Achieving speedups with few workers
2 workers
sequential
Constant Factors
time

• Inheritance info ½ segment

Require up to 4 workers to match sequential
performance
11
Hybrid Parallelism
sequential
1 worker
2 workers

• Use inheritance tracking as accelerator for taint
  propagation
• Achieves speedup even with 1 worker

12
Evaluation

• Log Based Architectures Chen et al ISCA 08
• Simics simulation
• 16 core
• 64K execution window

• 10 SPEC 2000 integer benchmarks

13
Slowdown Improvement using Pure Parallelism
Number of Workers
0 workers Sequential
14
gcc slowdown with few workers
15
Related Work

• Sequential DIFT Suh et al ASPLOS 04, Costa et
  al SOSP 05,
• Newsome et al NDSS 05, Nethercote et al
  PLDI 07,
• Dalton et al ISCA 07, Venkataramani et al
  HPCA 08
• Parallel DIFT Speck Nightingale et al ASPLOS
  08
• Parallel taint analysis lifeguard on commodity
  CMPs
• Parallel compression of code segments
• Sequential analysis of compressed segments
• Cannot achieve linear speedup (unary propagation
  not considered)
• Video decoder slowdown reduced from 18X to 9X
  using 9 lifeguard threads.

16
Conclusion

• Parallel DIFT algorithm
• Symbolic Inheritance Tracking
• Unary propagation
• Asymptotic Linear speedup
• Parallel TaintCheck Lifeguard
• Program slowdown reduced from 3X 5X to 1.2X
  3X with 8 worker threads
• Hybrid parallelism is useful with few workers

17
Hybrid Parallelism vs Pure Parallelism
Improvement Pure Parallelism Slowdown
Hybrid Parallelism Slowdown