Logo image
autoMPI: automated multiple perspective attack investigation with semantics aware execution partitioning
Accepted manuscript   Open access   Peer reviewed

autoMPI: automated multiple perspective attack investigation with semantics aware execution partitioning

Mohannad Alhanahnah, Shiqing Ma, Ashish Gehani, Gabriela F. Ciocarlie, Vinod Yegneswaran, Somesh Jha and Xiangyu Zhang
IEEE Transactions on Software Engineering
12/2022
DOI:
https://doi.org/10.7282/00000289

Abstract

Index Terms—Static analysis Dynamic analysis Annotation Provenance
Multiple Perspective attack Investigation (MPI) is a technique to partition application dependencies based on high-level semantics. It facilitates provenance analysis by generating succinct causal graphs. It involves an annotation process that identifies variables and data structures corresponding to the partitions and the communication channels between them. Though the amount of annotation is small, this process requires a detailed understanding of the source code. In this work, autoMPI, we extend the capability of MPI by automating the identifying annotation requirements. We leverage a hybrid analysis approach, performing a differential analysis based on crafted inputs. Static analysis is conducted to identify the annotation sites within the application code afterward automatically. Our evaluation shows the proposed approach can significantly facilitate the annotation process. It correctly identifies all required annotation sites within an average 16 seconds analysis time for the majority of analyzed programs with average precision and recall 72.5% and 100%, respectively.
pdf
autoMPI-TSE221.43 MBDownloadView
Accepted Manuscript (AM) Open Access
url
https://doi.org/10.1109/TSE.2022.3231242View
Version of Record (VoR) IEEE
url
Report an accessibility issueView
Please complete a content remediation request to report an accessibility issue with a library electronic resource, website, or service.

Metrics

426 File downloads
67 Record Views

Details

Logo image