Practical Dynamic Data Flow Analysis in Java
- Speaker: Prof Jonathan Bell
- George Mason University
- Date: Friday, Mar. 31, 2017
- Time: 1:00pm - 2:00pm
- Location: Room T3 (NVC)
Dynamic taint tracking is a form of information flow analysis that identifies relationships between data during program execution. Inputs to the program are labeled with a marker (“tainted”), and these markers are propagated through data flow. While dynamic taint tracking is traditionally used for information flow control, or detection of code-injection attacks, it also has many software engineering applications. However, prior to my work, Phosphor (OOOPSLA '14), there was no practical dynamic taint tracking system for Java. In this talk, I will describe the applications and implementation of Phosphor. I will also discuss one particular application of taint tracking that I’ve explored, which allows end-users to monitor the usage of their data at a unique level abstraction in unmodified mobile apps (Pebbles - OSDI '14).
Jon is an Assistant Professor directing research in Software Engineering and Software Systems at George Mason University. His research makes it easier for developers to create reliable software. Jon’s recent work in accelerating software testing has been recognized with an ACM SIGSOFT Distinguished Paper Award (ICSE ’14 – Unit Test Virtualization with VMVM), and has been the basis for an industrial collaboration with Electric Cloud. His research interests bring him to publish at venues such as ICSE, FSE, ISSTA, OOPSLA, OSDI and EuroSys. Jon actively participates in the artifact evaluation program committees of ISSTA and OOPSLA, and has served several years as the Student Volunteer chair for OOPSLA. Some of his most recent publications include Efficient Dependency Detection for Safe Java Test Acceleration (FSE ’15), Pebbles: Fine-Grained Data Management Abstractions for Modern Operating Systems (OSDI ’14) and Phosphor: Illuminating Dynamic Data Flow in Off-The Shelf JVMs (OOPSLA ’14).