應用於程式行為分析之彈性資訊流追蹤技術

Abstract

隨著網際網路的普及下，開放原始碼專案的風氣也日益盛行，網路上隨手可得大大小小實用的開放專案。然而，由於開放原始碼將內部的原始碼公開，人們往往會掉以輕心地認為這類型開放的程式在執行上都會遵照說明文件所寫的內容，也經過了足夠人員的審查，不會執行額外不當的操作，因此在使用上常常會直接將程式執行，而不會真的實際查看原始碼的內容，這些行為可能就會使得使用者在不知情的情況下執行不安全的操作。因此在此篇論文中，我們提出了一套基於程式碼轉換的彈性資訊流追蹤系統，此系統會自動將開放原始碼專案的程式碼做轉換與添加，讓程式具有資訊流追蹤的能力，使用者即可利用此轉換完成的原始碼幫助使用者監控程式執行中的資訊流流動，此外我們也結合了資料探勘技術，利用程式執行所產生的資訊流訊息以分析出該程式的執行行為，讓使用者能夠對該程式的行為有一定的了解，並確認程式是否如期運作。在本研究中，我們加入了一些彈性分析的機制，使用者可選擇想要追蹤的特定資料型態，且我們的系統也設有動態開關資訊流追蹤的機制，以降低不必要的程式執行負擔。從實驗中顯示我們的系統能夠幫助使用者監控程式的內部資訊流流動，並且具有一定的程式分析能力。

Open source project has been widely developed and released thanks to the rapid growth of the Internet. Many useful open source projects can be found on the Internet. However, using open source project might be insecure even though it provides all the source code. The reason is that for users who just want to use the program as a tool, they might not actually check the containing code. The execution behavior of the program might not be the same as you think. Hence, in this research, we propose an elastic information flow tracking framework based on source code transformation. Our system can automatically transform the target source code to apply elastic information flow tracking capability. Users can use the transformed program to monitor the information flows within the project. We also use the machine learning technique to analyze the information extracted from program runtime and try to infer the underlying program behavior. Our framework can help user to have the knowledge of the program and make sure the program is executing as expected. We also provide some flexible mechanisms in our research. Users can decide the data types they want to track. And we have a dynamic switch mechanism let users to turn on or turn off the tracking process during program runtime to reduce the performance overhead. Evaluation results show that our system can help users to monitor the information flows within the program and also has the effectiveness to analyze the program behavior.