TaintStream: Fine-Grained Taint Tracking for Big Data Platforms through Dynamic Code Translation (ESEC/FSE 2021 - Research Papers)

Who

Chengxu Yang, Yuanchun Li, Mengwei Xu, Zhenpeng Chen, Yunxin Liu, Gang Huang, Xuanzhe Liu

Track

ESEC/FSE 2021 Research Papers

Time Zone

The program is currently displayed in (GMT+03:00) Athens.

Use conference time zone: (GMT+03:00) AthensSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 27 Aug 2021 17:00 - 17:10 - Dependability—Software Security 2 Chair(s): Vaggelis Atlidakis
Sat 28 Aug 2021 05:00 - 05:10 - Dependability—Software Security 2 Chair(s): Arie Gurfinkel

Abstract

Big data has become valuable property for enterprises and enabled various intelligent applications. Today, it is common to host data in big data platforms (e.g., Spark), where developers can submit scripts to process the original and intermediate data tables. Meanwhile, it is highly desirable to manage the data to comply with various privacy requirements. To enable flexible and automated privacy policy enforcement, we propose TaintStream, a fine-grained taint tracking framework for Spark-like big data platforms. TaintStream works by automatically injecting taint tracking logic into the data processing scripts, and the injected scripts are dynamically translated to maintain a taint tag for each cell during execution. The dynamic translation rules are carefully designed to guarantee non-interference in the original data operation. By defining different semantics of taint tags, TaintStream can enable various data management applications such as access control, data retention, and user data erasure. Our experiments on a self-crafted benchmarksuite show that TaintStream is able to achieve accurate cell-level taint tracking with a precision of 93.0% and less than 15% overhead. We also demonstrate the usefulness of TaintStream through several real-world use cases of privacy policy enforcement.

Link to Preprint

https://github.com/PrivacyStreams/TaintStream/raw/master/TaintStream.pdf

DOI

https://doi.org/10.1145/3468264.3468532

Chengxu Yang

Peking University

China

Yuanchun Li

Microsoft Research

China

Mengwei Xu

Beijing University of Posts and Telecommunications

China

Zhenpeng Chen

Peking University

China

Yunxin Liu

Tsinghua University

China

Gang Huang

Peking University

China

Xuanzhe Liu

Peking University

China

Time Zone

The program is currently displayed in (GMT+03:00) Athens.

Use conference time zone: (GMT+03:00) AthensSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 27 Aug
Displayed time zone: Athens change

17:00 - 18:00	Dependability—Software Security 2Research Papers / Industry Papers / Journal First +12h Chair(s): Vaggelis Atlidakis Brown University

17:00 10m Paper		TaintStream: Fine-Grained Taint Tracking for Big Data Platforms through Dynamic Code Translation Research Papers Chengxu Yang Peking University, Yuanchun Li Microsoft Research, Mengwei Xu Beijing University of Posts and Telecommunications, Zhenpeng Chen Peking University, Yunxin Liu Tsinghua University, Gang Huang Peking University, Xuanzhe Liu Peking University DOI Pre-print
17:10 10m Paper		How to Better Distinguish Security Bug Reports (using Dual Hyperparameter Optimization) Journal First Rui Shu North Carolina State University, Tianpei Xia North Carolina State University, Jianfeng Chen North Carolina State University, Laurie Williams North Carolina State University, Tim Menzies North Carolina State University
17:20 10m Paper		A Comprehensive Study on Learning-Based PE Malware Family Classification Methods Industry Papers Yixuan Ma State Key Laboratory of Communication Content Cognition; Tianjin University, Shuang Liu Tianjin University, Jiajun Jiang Tianjin University, Guanhong Chen Tianjin University, Keqiu Li Tianjin University DOI
17:30 30m Live Q&A		Q&A (Dependability—Software Security 2) Research Papers

Sat 28 Aug
Displayed time zone: Athens change

05:00 - 06:00	Dependability—Software Security 2Research Papers / Industry Papers / Journal First Chair(s): Arie Gurfinkel University of Waterloo

05:00 10m Paper		TaintStream: Fine-Grained Taint Tracking for Big Data Platforms through Dynamic Code Translation Research Papers Chengxu Yang Peking University, Yuanchun Li Microsoft Research, Mengwei Xu Beijing University of Posts and Telecommunications, Zhenpeng Chen Peking University, Yunxin Liu Tsinghua University, Gang Huang Peking University, Xuanzhe Liu Peking University DOI Pre-print
05:10 10m Paper		How to Better Distinguish Security Bug Reports (using Dual Hyperparameter Optimization) Journal First Rui Shu North Carolina State University, Tianpei Xia North Carolina State University, Jianfeng Chen North Carolina State University, Laurie Williams North Carolina State University, Tim Menzies North Carolina State University
05:20 10m Paper		A Comprehensive Study on Learning-Based PE Malware Family Classification Methods Industry Papers Yixuan Ma State Key Laboratory of Communication Content Cognition; Tianjin University, Shuang Liu Tianjin University, Jiajun Jiang Tianjin University, Guanhong Chen Tianjin University, Keqiu Li Tianjin University DOI
05:30 30m Live Q&A		Q&A (Dependability—Software Security 2) Research Papers