On the limits of information flow techniques for malware analysis and containment

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5137 LNCS, Issue , 2008, Pages 143-163

  Cavallaro, Lorenzo ^a   Saxena, Prateek ^b   Sekar, R ^c  

^a UNIVERSITY OF MILAN   (Italy)

^b UNIVERSITY OF CALIFORNIA   (United States)

^c Stony Brook University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; STATIC ANALYSIS;

DISTRIBUTION MODELS; INFORMATION FLOWS; INFORMATION-FLOW ANALYSIS; INTERNATIONAL CONFERENCES; MALWARE; MALWARE ANALYSIS; SOFTWARE DISTRIBUTIONS; SOFTWARE SECURITY; VIRTUALIZATION; VULNERABILITY ASSESSMENTS;

SOFTWARE ARCHITECTURE;

EID: 49949117136     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-70542-0_8     Document Type: Conference Paper

References (46)

1. Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: IEEE Symposium on Security and Privacy (2007)
2. Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., Evans, D.: Automatically Hardening Web Applications Using Precise Tainting. In: 20th IFIP International Information Security Conference (2005)
3. Bala, V., Duesterwald, E., Banerjia, S.: Dynamo: a transparent dynamic optimization system. SIGPLAN Not. 35(5) (2000)
4. Barthe, G., Pichardie, D., Rezk, T.: A certified lightweight non-interference java bytecode verifier. Programming Languages and Systems (2007)
5. Barthe, G., Rezk, T., Warmer, M.: Preventing timing leaks through transactional branching instructions. In: Proceedings of 3rd Workshop on Quantitative Aspects of Programming Languages (QAPL 2005) (2005)
6. Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, vol. 1, MITRE Corp. (1973)
7. Bellard, F.: Qemu, a fast and portable dynamic translator. In: ATEC 2005: Proceedings of the USENIX Annual Technical Conference 2005 on USENIX Annual Technical Conference (2005)
8. Biba, K.J.: Integrity considerations for secure computer systems. Technical Report. ESDTR-76-372, USAF Electronic Systems Division, Hanscom Air Force Base, Bedford, Massachusetts (1977)
9. Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: Exe: automatically generating inputs of death. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security (2006)
10. Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., Iyer, R.K.: Defeating memory corruption attacks via pointer taintedness detection. In: IEEE International. Conference on Dependable Systems and Networks (DSN) (2005)
11. Chen, S., Xu, J., Nakka, N., Kalbarczyk, Z., Iyer, R.K.: Defeating Memory Corruption Attacks via Pointer Taintedness Detection. In: DSN 2005: Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN 2005) (2005)
12. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Communications of the ACM 20(7) (1977)
13. Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic spyware analysis. In: Usenix Tech Conference (2007)
14. Fenton, J.S.: Memoryless subsystems. Computing Journal 17(2) (1974)
15. Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: Proceedings of the Network and Distributed System. Security Symposium. (NDSS 2005) (2005)
16. Kong, J., Zou, C.C., Zhou, H.: Improving Software Security via Runtime Instruction-level Taint Checking. In: ASID 2006: Proceedings of the 1st workshop on Architectural and sys tern support for improving software dependability (2006)
17. Luk, C., Colin, R., Mutli, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Janapa Reddi, V., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. SIGPLAN Not. 40(6) (2005)
18. McAfee. W32/hiv. virus information library (2000)
19. McAfee. W32/mydoom@mm. virus information library (2004)
20. McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: IEEE Symposium on Security and Privacy (1994)
21. Medel, R.: Typed Assembly Languages for Software Security. PhD thesis, Department, of Computer Science, Stevens Institute of Technology (2006)
22. Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for maiware detection. In: Choi, L., Paek, Y., Cho, S. (eds.) ACSAC 2007. LNCS, vol. 4697. Springer, Heidelberg (2007)
23. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: ACM POPL, pp. 228-241 (1999)
24. Nanda, S., Li, W., Lam, L., Chiueh, T.: BIRD: Binary interpretation using runtime disassembly. In: IEEE/ACM Conference on Code Generation and Optimization (CGO) (2006)
25. Necula, G.G.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Langauges (POPL 1997) (1997)
26. Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. In: ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI 2007) (2007)
27. Perl. Perl taint mode, http://www.perl.org
28. Pietraszek, T., Berghe, C.V.: Defending against injection attacks through context-sensitive suing evaluation. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 124-145. Springer, Heidelberg (2006)
29. Portokalidis, G., Slowinska, A., Bos, H.: Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation. SIGOPS Oper. Syst. Rev. 40(4) (2006)
30. Qin, F., Wang, C., Li, Z., Kim, H., Zhou, Y., Wu, Y.: LIFT: A low-overhead practical information flow tracking system for detecting general security attacks. In: IEEE/ACM International Symposium, on Microarchitecture (2006)
31. Wojtczuk, R.N.: The Advanced return-into-lib(c) Exploits: PaX Case Study. Phrack Magazine 0x:0b(0x3o). Phile #0x04 of 0x0e (2001)
32. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1) (2003)
33. Saxena, P., Sekar, R., Puranik, V.: A practical technique for integrity protection from untrusted plug-ins. Technical Report SECLAB08-01, Stony Brook University (2008)
34. Stinson, E., Mitchell, J.C.: Characterizing bots' remote control behavior. In: Hammerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 89-108. Springer, Heidelberg (2007)
35. Clad "RORIV" Strife and Xdream ROJIV Blue. Ret. onto Ret into Vsyscalls
36. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure Program Execution via Dynamic Information Flow Tracking. In: ASPLOS-XI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems (2004)
37. Szor, P.: The Art. of Computer Virus Research and Defense. Symantec Press (2005)
38. TrendMicro. Bkdr.surila.g (w32/ratos). virus encyclopedia (2004)
39. Vasudevan, A.: WiLDCAT: An Integrated Stealth Environment for Dynamic Malware Analysis. PhD thesis, The University of Texas at Arlington, USA (2007)
40. Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. In: Proceeding of the Network and Distributed System Security Symposium (NDSS) (2007)
41. Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security (JCS) 4(3) (1996)
42. Volpano, D.M.: Safety versus secrecy. In: Cortesi, A., Filé, G. (eds.) SAS 1999. LNCS, vol. 1694. Springer, Heidelberg (1999)
43. Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: A practical approach to defeat, a wide range of attacks. In: USENIX Security Symposium (2006)
44. Yin, H., Liang, Z., Song, D.: Hookfinder: Identifying and understanding maiware hooking behaviors. In: NDSS (2008)
45. Yin, H., Song, D., Manuel, E., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for maiware detection and analysis. In: Proceedings of the 14th ACM Conferences on Computer and Communication Security (CCS 2007) (2007)
46. Yu, D., Islam, N.: A typed assembly language for confidentiality. In: Sestoft, P. (ed.) ESOP 2006 and ETAPS 2006. LNCS, vol. 3924, pp. 162-179. Springer, Heidelberg (2006)