More Web Proxy on the site http://driver.im/

research-article

Understanding and visualizing full systems with data flow tomography

Authors:

Shashidhar Mysore,

Timothy SherwoodAuthors Info & Claims

ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems

Pages 211 - 221

https://doi.org/10.1145/1346281.1346308

Published: 01 March 2008 Publication History

Abstract

It is not uncommon for modern systems to be composed of a variety of interacting services, running across multiple machines in such a way that most developers do not really understand the whole system. As abstraction is layered atop abstraction, developers gain the ability to compose systems of extraordinary complexity with relative ease. However, many software properties, especially those that cut across abstraction layers, become very difficult to understand in such compositions. The communication patterns involved, the privacy of critical data, and the provenance of information, can be difficult to find and understand, even with access to all of the source code. The goal of Data Flow Tomography is to use the inherent information flow of such systems to help visualize the interactions between complex and interwoven components across multiple layers of abstraction. In the same way that the injection of short-lived radioactive isotopes help doctors trace problems in the cardiovascular system, the use of "data tagging" can help developers slice through the extraneous layers of software and pin-point those portions of the system interacting with the data of interest. To demonstrate the feasibility of this approach we have developed a prototype system in which tags are tracked both through the machine and in between machines over the network, and from which novel visualizations of the whole system can be derived. We describe the system-level challenges in creating a working system tomography tool and we qualitatively evaluate our system by examining several example real world scenarios.

Supplementary Material

JPG File (1346308.jpg)

Download
14.58 KB

index.html (index.html)

Slides from the presentation

Download
.99 KB

ZIP File (p211-mysore-slides.zip)

Supplemental material for Understanding and visualizing full systems with data flow tomography

Download
24.24 MB

Audio only (1346308.mp3)

Download
9.89 MB

Video (1346308.mp4)

Download
136.28 MB

References

[1]

M. K. Aguilera, J. C. Mogul, J. L. Wiener, P. Reynolds, and A. Muthitacharoen. Performance debugging for distributed systems of black boxes. In SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 74--89. ACM Press, 2003.

Digital Library

[2]

P. Barham, A. Donnelly, R. Isaacs, and R. Mortier. Using magpie for request extraction and workload modelling. In OSDI'04: Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation. USENIX Association, 2004.

Digital Library

[3]

F. Bellard. QEMU, A fast and portable dynamic translator. In USENIX Annual Technical Conference, April 2005.

Digital Library

[4]

M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In USENIX'06: Proceedings of the 7th conference on USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, 2006.

Digital Library

[5]

S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Secure web applications via automatic partitioning. In In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP'07), October 2007.

Digital Library

[6]

J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium, pages 22--22. USENIX Association, 2004.

Digital Library

[7]

M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: end-to-end containment of internet worms. In SOSP '05: Proceedings of the twentieth ACM symposium on Operating systems principles, pages 133--147. ACM Press, 2005.

Digital Library

[8]

J. R. Crandall and F. T. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. In MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, pages 221--232, Washington, DC, USA, 2004. IEEE Computer Society.

Digital Library

[9]

J. R. Crandall, Z. Su, S. F. Wu, and F. T. Chong. On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, pages 235--248. ACM Press, 2005.

Digital Library

[10]

M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: A Flexible Information Flow Architecture for Software Security. In 34th Intl. Symposium on Computer Architecture (ISCA), 2007.

Digital Library

[11]

J. Dean, J. E. Hicks, C. A. Waldspurger, W. E. Weihl, and G. Chrysos. Profileme: Hardware support for instruction-level profiling on out-of-order processors. In Microarchitecture, 1997. Proceedings. Thirtieth Annual IEEE/ACM International Symposium on, pages 292--302. IEEE Computer Society, 2004.

Digital Library

[12]

P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Mazières, F. Kaashoek, and R. Morris. Labels and event processes in the asbestos operating system. SIGOPS Oper. Syst. Rev., 39(5):17--30, 2005.

Digital Library

[13]

Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan Zhou and Youfeng Wu. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting General Security Attacks. In Annual IEEE/ACM International Symposium on Microarchitecture, 2006.

Digital Library

[14]

Guru Venkataramani, Brandyn Roemer, Yan Solihin and Milos Prvulovic. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging. In 13th International Symposium on High-Performance Computer Architecture (HPCA-13), February 2007.

Digital Library

[15]

A. Haeberlen, P. Kouznetsov, and P. Druschel. Peerreview: Practical accountability for distributed systems. In In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP'07), October 2007.

Digital Library

[16]

M. Hauswirth, P. F. Sweeney, A. Diwan, and M. Hind. Vertical profiling: understanding the behavior of object-priented applications. In OOPSLA '04: Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, pages 251--269. ACM Press, 2004.

Digital Library

[17]

A. Ho, M. Fetterman, C. Clark, A. Warfield, and S. Hand. Practical taint-based protection using demand emulation. SIGOPS Oper. Syst.

Digital Library

[18]

J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In 12th Annual Network and Distributed System Security Symposium (NDSS '05), 2005.

[19]

N. Joukov, A. Traeger, R. Iyer, C. P. Wright, and E. Zadok. Operating system profiling via latency analysis. In USENIX'06: Proceedings of the 7th conference on USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, 2006.

Digital Library

[20]

E. Kiciman and B. Livshits. Ajaxscope: A platform for remotely monitoring the client-side behavior of web 2.0 applications. In In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP'07), October 2007.

Digital Library

[21]

J. R. Larus. Whole program paths. In PLDI '99: Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation, pages 259--269. ACM Press, 1999.

Digital Library

[22]

J. Levon and P. Elie. Oprofile: oprofile.sourceforge.net.

[23]

S. Narayanasamy, G. Pokam, and B. Calder. Bugnet: Continuously recording program execution for deterministic replay debugging. In ISCA '05: Proceedings of the 32nd annual international symposium on Computer Architecture, pages 284--295. IEEE Computer Society, 2005.

Digital Library

[24]

G. Portokalidis, A. Slowinska, and H. Bos. Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. SIGOPS Oper. Syst. Rev., 40(4):15--27, 2006.

Digital Library

[25]

Z. A. Shaw. Mongrel: mongrel.rubyforge.org.

[26]

G. E. Suh, J. W. Lee, D. Zhang, and S. Devadas. Secure Program Execution via Dynamic Information Flow Tracking. In ASPLOS-XI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, pages 85--96, New York, NY, USA, 2004. ACM Press.

Digital Library

[27]

P. F. Sweeney, M. Hauswirth, B. Cahoon, P. Cheng, A. Diwan, D. Grove, and M. Hind. Using hardware performance moniters to understand the behavior of java applications. In USENIX 3rd Virtual Machine Research and Technology Symposium (VM'04). ACM Press, 2004.

Digital Library

[28]

Úlfar Erlingsson, S. Valley, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. Xfi: software guards for system address spaces. In USENIX'06: Proceedings of the 7th conference on USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, 2006.

Digital Library

[29]

N. Vachharajani, M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August. Rifle: An architectural framework for user-centric information-flow security. In MICRO 37: Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, pages 243--254. IEEE Computer Society, 2004.

Digital Library

[30]

M. Xu, R. Bodik, and M. D. Hill. A "flight data recorder" for enabling full-system multiprocessor deterministic replay. In ISCA '03: Proceedings of the 30th annual international symposium on Computer architecture, pages 122--135. ACM Press, 2003.

Digital Library

[31]

W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In USENIX-SS'06: Proceedings of the 15th conference on USENIX Security Symposium. USENIX Association, 2006.

Digital Library

[32]

N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in histar. In USENIX'06: Proceedings of the 7th conference on USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, 2006.

Digital Library

Cited By

Kreindl JBonetta DStadler LLeopoldseder DMössenböck HMarr S(2020)Multi-language dynamic taint analysis in a polyglot virtual machineProceedings of the 17th International Conference on Managed Programming Languages and Runtimes10.1145/3426182.3426184(15-29)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.1145/3426182.3426184
Heo IKim MLee YChoi CLee JKang BPaek Y(2015)Implementing an Application-Specific Instruction-Set Processor for System-Level Dynamic Program Analysis EnginesACM Transactions on Design Automation of Electronic Systems10.1145/274623820:4(1-32)Online publication date: 28-Sep-2015
https://dl.acm.org/doi/10.1145/2746238
Osmari DVo HSilva CComba JLins L(2014)Visualization and Analysis of Parallel Dataflow Execution with Smart TracesProceedings of the 2014 27th SIBGRAPI Conference on Graphics, Patterns and Images10.1109/SIBGRAPI.2014.2(165-172)Online publication date: 26-Aug-2014
https://dl.acm.org/doi/10.1109/SIBGRAPI.2014.2
Show More Cited By

Index Terms

Understanding and visualizing full systems with data flow tomography

Recommendations

Understanding and visualizing full systems with data flow tomography
ASPLOS '08

It is not uncommon for modern systems to be composed of a variety of interacting services, running across multiple machines in such a way that most developers do not really understand the whole system. As abstraction is layered atop abstraction, ...
Understanding and visualizing full systems with data flow tomography
ASPLOS '08

It is not uncommon for modern systems to be composed of a variety of interacting services, running across multiple machines in such a way that most developers do not really understand the whole system. As abstraction is layered atop abstraction, ...
Understanding and visualizing full systems with data flow tomography
ASPLOS '08

It is not uncommon for modern systems to be composed of a variety of interacting services, running across multiple machines in such a way that most developers do not really understand the whole system. As abstraction is layered atop abstraction, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems

March 2008

352 pages

ISBN:9781595939586

DOI:10.1145/1346281

General Chair:
Susan Eggers
University of Washington, USA
,
Program Chair:
James Larus
Microsoft Research, USA

ACM SIGARCH Computer Architecture News Volume 36, Issue 1
ASPLOS '08
March 2008
339 pages
ISSN:0163-5964
DOI:10.1145/1353534
Issue’s Table of Contents
ACM SIGOPS Operating Systems Review Volume 42, Issue 2
ASPLOS '08
March 2008
339 pages
ISSN:0163-5980
DOI:10.1145/1353535
Issue’s Table of Contents
ACM SIGPLAN Notices Volume 43, Issue 3
ASPLOS '08
March 2008
339 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1353536
Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASPLOS08

Sponsor:

ASPLOS08: Architectural Support for Programming Languages and Operating Systems

March 1 - 5, 2008

WA, Seattle, USA

Acceptance Rates

ASPLOS XIII Paper Acceptance Rate 31 of 127 submissions, 24%;

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

50
Total Citations
View Citations
1,348
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)1

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kreindl JBonetta DStadler LLeopoldseder DMössenböck HMarr S(2020)Multi-language dynamic taint analysis in a polyglot virtual machineProceedings of the 17th International Conference on Managed Programming Languages and Runtimes10.1145/3426182.3426184(15-29)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.1145/3426182.3426184
Heo IKim MLee YChoi CLee JKang BPaek Y(2015)Implementing an Application-Specific Instruction-Set Processor for System-Level Dynamic Program Analysis EnginesACM Transactions on Design Automation of Electronic Systems10.1145/274623820:4(1-32)Online publication date: 28-Sep-2015
https://dl.acm.org/doi/10.1145/2746238
Osmari DVo HSilva CComba JLins L(2014)Visualization and Analysis of Parallel Dataflow Execution with Smart TracesProceedings of the 2014 27th SIBGRAPI Conference on Graphics, Patterns and Images10.1109/SIBGRAPI.2014.2(165-172)Online publication date: 26-Aug-2014
https://dl.acm.org/doi/10.1109/SIBGRAPI.2014.2
Rehman AOliveira ATripunitara MFischmeister S(2014)The use of mTags for mandatory securitySoftware—Practice & Experience10.1002/spe.222244:12(1511-1523)Online publication date: 1-Dec-2014
https://dl.acm.org/doi/10.1002/spe.2222
Whelan RLeek TKaeli D(2013)Architecture-Independent dynamic information flow trackingProceedings of the 22nd international conference on Compiler Construction10.1007/978-3-642-37051-9_8(144-163)Online publication date: 16-Mar-2013
https://dl.acm.org/doi/10.1007/978-3-642-37051-9_8
Lefebvre GCully BHead CSpear MHutchinson NFeeley MWarfield A(2012)Execution miningACM SIGPLAN Notices10.1145/2365864.215104447:7(145-158)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2365864.2151044
Greathouse JXin HLuo YAustin T(2012)A case for unlimited watchpointsACM SIGPLAN Notices10.1145/2248487.215099447:4(159-172)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2248487.2150994
Greathouse JXin HLuo YAustin T(2012)A case for unlimited watchpointsACM SIGARCH Computer Architecture News10.1145/2189750.215099440:1(159-172)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2189750.2150994
Lefebvre GCully BHead CSpear MHutchinson NFeeley MWarfield AHand Sda Silva D(2012)Execution miningProceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments10.1145/2151024.2151044(145-158)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2151024.2151044
Greathouse JXin HLuo YAustin THarris TScott M(2012)A case for unlimited watchpointsProceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems10.1145/2150976.2150994(159-172)Online publication date: 3-Mar-2012
https://dl.acm.org/doi/10.1145/2150976.2150994
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten