An Uneven Distributed System for Dynamic Taint Analysis Framework

Wang, Xuefei; Ma, Hengtai; Ke, Yang; Liu, Hongliang

doi:10.1109/cscloud.2015.20

Cited by 3 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Six of the research works developed framework to automate vulnerability detection in software product (Wang et al 2015;Bagri & Gupta, 2019;Min et al 2019;Wang et al 2020;Zarakovitis et al 2021). Min et al (2019) designed an Android software vulnerability mining framework based on dynamic taint analysis technology.…”

Section: Analysis and Resultsmentioning

confidence: 99%

A systematic literature review of software vulnerability detection

2022

EJCSIT

View full text Add to dashboard Cite

This study provided a systematic literature review of software vulnerability detection (SVD) by searching ACM and IEEE databases for related literatures. Using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) flowchart, a total of 55 studies published in the selected journals and conference proceeding of IEEE and ACM from 2015 to 2021 were reviewed. The objective is to identify, select and critically evaluate research works carried out on software vulnerability detection. The selected articles were grouped into 7 categories across various vulnerability detection evaluation criteria such as neural network – 5 papers, machine learning – 11 papers, static and dynamic analysis – 8 papers, code clone – 3 papers, classification – 4 papers, models – 3 papers, and frameworks – 6 papers. There are 15 articles that could not fall into any of these 7 categories, thus, they were place in others row that used different criteria to implement vulnerability detection. The result showed that many researchers used machine learning strategy to detect vulnerability in software since large volume of data can be reviewed easily with machine learning. Although many systems have been developed for detecting software vulnerability, none is able to show the type of vulnerability detected.

show abstract

Section: Analysis and Resultsmentioning

confidence: 99%

A systematic literature review of software vulnerability detection

2022

EJCSIT

View full text Add to dashboard Cite

show abstract

“…This mechanism is therefore designed to enable enterprises to retain control over their sensitive data while granting employees access to and usage of enterprise cloud services [49]. Wang et al proposed a distributed system for IFT that can test many applications, especially for those that would otherwise be resource-intensive and expensive to run routinely [48,50,51]. A model orthogonal to our work (i.e., CloudMonitor), CloudFence was proposed by Vasilis [52] and is shown in Figure 3 as a generic overview in contrast to CloudMonitor.…”

Section: Studies Using Ift For Cloud Securitymentioning

confidence: 99%

“…However, this particular DFT model concept is different from our CloudMonitor framework because we do not prevent the CSC from having the right to audit the data within our framework (i.e., the audit functions are hard-coded and immutable). Wang et al proposed a distributed system for IFT that can test many applications, especially for those that would otherwise be resource-intensive and expensive to run routinely [48,50,51]. A model orthogonal to our work (i.e., CloudMonitor), CloudFence was proposed by Vasilis [52] and is shown in Figure 3 as a generic overview in contrast to CloudMonitor.…”

Section: Studies Using Ift For Cloud Securitymentioning

confidence: 99%

“…Thus, each time accessing persistent data, and if interprocess communications took place, then propagation of tainted data occurs. Asbestos [47] and Flume [50] exemplify an operating system-based IFT enforcement process. While Flume is a program to run on top of the Linux OS, Asbestos is an OS that can enforce IFT.…”

Section: Tools Selection Overview and Rationalementioning

confidence: 99%

See 1 more Smart Citation

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

Alqahtani,

Almutairi,

Sheldon

2024

Future Internet

View full text Add to dashboard Cite

This study provides a comprehensive review and comparative analysis of existing Information Flow Tracking (IFT) tools which underscores the imperative for mitigating data leakage in complex cloud systems. Traditional methods impose significant overhead on Cloud Service Providers (CSPs) and management activities, prompting the exploration of alternatives such as IFT. By augmenting consumer data subsets with security tags and deploying a network of monitors, IFT facilitates the detection and prevention of data leaks among cloud tenants. The research here has focused on preventing misuse, such as the exfiltration and/or extrusion of sensitive data in the cloud as well as the role of anonymization. The CloudMonitor framework was envisioned and developed to study and design mechanisms for transparent and efficient IFT (eIFT). The framework enables the experimentation, analysis, and validation of innovative methods for providing greater control to cloud service consumers (CSCs) over their data. Moreover, eIFT enables enhanced visibility to assess data conveyances by third-party services toward avoiding security risks (e.g., data exfiltration). Our implementation and validation of the framework uses both a centralized and dynamic IFT approach to achieve these goals. We measured the balance between dynamism and granularity of the data being tracked versus efficiency. To establish a security and performance baseline for better defense in depth, this work focuses primarily on unique Dynamic IFT tracking capabilities using e.g., Infrastructure as a Service (IaaS). Consumers and service providers can negotiate specific security enforcement standards using our framework. Thus, this study orchestrates and assesses, using a series of real-world experiments, how distinct monitoring capabilities combine to provide a comparatively higher level of security. Input/output performance was evaluated for execution time and resource utilization using several experiments. The results show that the performance is unaffected by the magnitude of the input/output data that is tracked. In other words, as the volume of data increases, we notice that the execution time grows linearly. However, this increase occurs at a rate that is notably slower than what would be anticipated in a strictly proportional relationship. The system achieves an average CPU and memory consumption overhead profile of 8% and 37% while completing less than one second for all of the validation test runs. The results establish a performance efficiency baseline for a better measure and understanding of the cost of preserving confidentiality, integrity, and availability (CIA) for cloud Consumers and Providers (C&P). Consumers can scrutinize the benefits (i.e., security) and tradeoffs (memory usage, bandwidth, CPU usage, and throughput) and the cost of ensuring CIA can be established, monitored, and controlled. This work provides the primary use-cases, formula for enforcing the rules of data isolation, data tracking policy framework, and the basis for managing confidential data flow and data leak prevention using the CloudMonitor framework.

show abstract

CloudMonitor: Data Flow Filtering as a Service

Fahad

Sheldon

2019

2019 International Conference on Computational Science and Computational Intelligence (CSCI)

View full text Add to dashboard Cite

An Uneven Distributed System for Dynamic Taint Analysis Framework

Cited by 3 publications

References 13 publications

A systematic literature review of software vulnerability detection

A systematic literature review of software vulnerability detection

Cloud Security Using Fine-Grained Efficient Information Flow Tracking

CloudMonitor: Data Flow Filtering as a Service

Contact Info

Product

Resources

About