Pointless tainting? Evaluating the practicality of pointer tainting

Proceedings of the 4th ACM European Conference on Computer Systems, EuroSys'09

Volumn , Issue , 2009, Pages 61-74

  Slowinska, Asia ^a   Bos, Herbert ^a  

^a VU UNIVERSITY AMSTERDAM   (Netherlands)

Author keywords

Dynamic taint analysis; Pointer tainting

Indexed keywords

BUFFER OVERFLOWS; CONTROL DATA; CONTROL FLOWS; DYNAMIC INFORMATION FLOW TRACKING; FALSE POSITIVE; KEYLOGGERS; MALWARES; MEMORY CORRUPTION ATTACKS; OPERATING SYSTEMS; POINTER TAINTING; SYSTEM SECURITY; TROJANS;

COMPUTER CRIME; COMPUTER OPERATING SYSTEMS;

DYNAMIC ANALYSIS;

EID: 70349160649     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1519065.1519073     Document Type: Conference Paper

References (33)

1. P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing memory error exploits with WIT. In SP '08: 2008 IEEE Symposium on Security and Privacy, 2008.
2. F. Bellard. Qemu, a fast and portable dynamic translator. In ATEC '05: 2005 USENIX Annual Technical Conference, 2005.
3. S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In SSYM'05:14th USENIX Security Symposium, 2005.
4. M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In OSDI '06: 7th symposium on Operating systems design and implementation, 2006.
5. L. Cavallaro, P. Saxena, and R. Sekar. On the limits of information flow techniques for malware analysis and containment. In DIMVA '08: 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2008.
6. S. Chen, K. Pattabiraman, Z. Kalbarczyk, and R. K. Iyer. Formal reasoning of various categories of widely exploited security vulnerabilities using pointer taintedness semantics. In Proc. of IFIP SEC, 2004.
7. S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and I. Rav-ishankar. Defeating memory corruption attacks via pointer taintedness detection. In DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and Networks, 2005.
8. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-control-data attacks are realistic threats. In SSYM'05: 14th USENIX Security Symposium, 2005.
9. M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham. Vigilante: End-to-end containment of internet worms. In 20th ACM Symposium on Operating Systems Principles (SOSP), 2005.
10. C. Cowan, C. Pu, D. Maier, H. Hintony, Walpole J., P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Stack-guard: Automatic adaptive detection and prevention of buffer-overflow attacks. In 7th USENIX Security Symposium, 1998.
11. J. Crandall and F. Chong. Minos: Control data attack prevention orthogonal to memory model. In 37th Intera-tional Symposium on Micro architecture, 2004.
12. M. Dalton, H. Kannan, and C. Kozyrakis. Deconstructing hardware architectures for security. In 5th Workshop on Duplicating, Deconstructing, and Debunking, 2006.
13. M. Dalton, H. Kannan, and C. Kozyrakis. Raksha: a flexible information flow architecture for software security. In 1SCA '07: Proceedings of the 34th annual international symposium on Computer architecture, 2007.
14. M. Dalton, H. Kannan, and C. Kozyrakis. Real-world buffer overflow protection for userspace and kernelspace. In SSYM'08: 17th Usenix Security Symposium, 2008.
15. D. Denning and P. Denning. Certification of programs for secure information flow. Commnic. ACM, 20(7), 1977.
16. M. Egele, Ch. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic Spyware Analysis. In ATC'07: 2007 USENIX Annual Technical Conference, 2007.
17. K. Elphinstone, G. Klein, P. Derrin, T. Roscoe, and G. Heiser. Towards a practical, verified kernel. In HOTOS'07:11th USENIX workshop onHottopics inoperating systems, 2007.
18. J. Giffin, S. Jha, and B. Miller. Efficient context-sensitive intrusion detection. In The 11th Annual Network and Distributed System Security Symposium (NDSS), 2004.
19. A. Ho, M. Fetterman, C. Clark, A. Warfield, and S. Hand. Practical taint-based protection using demand emulation. In EuroSys '06: 1st European Conference on Computer Systems, 2006.
20. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In USENIX 2002 Annual Technical Conference, 2002.
21. S. Katsunuma, H. Kurita, R. Shioya, K. Shimizu, H. Me, M. Goshima, and S. Sakai. Base address recognition with data flow tracking for injection attack detection. In PRDC '06: 12th Pacific Rim International Symposium on Dependable Computing, 2006.
22. J. Newsome and D. Song. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In 12th Annual Network and Distributed System Security Symposium (NDSS), 2005.
23. G. Portokalidis and H. Bos. Eudaemon: Involuntary and on-demand emulation against zero-day exploits. In EuroSys '08: 3rd European Conf. on Computer Systems, 2008.
24. G. Portokalidis, A. Slowinska, and H. Bos. Ar-gos: an emulator for fingerprinting zero-day attacks. In EuroSys '06: 1st European Conference on Computer Systems, 2006.
25. ProcessLibrary.com. zango.exe. http://www.processlibrary.com/directory/ files/zango/.
26. Niels Provos. Improving host security with system call policies. In 12th USENIX Security Symposium, 2003.
27. Dan Raywood. Sinowal trojan steals data from around 500,000 cards and accounts. SC Magazine, Oct 2008.
28. A. Slowinska and H. Bos. The age of data: pinpointing guilty bytes in polymorphic buffer overflows on heap or stack. In ACSA'C07, 2007.
29. E. Suh, J. Lee, D. Zhang, and S. Devadas. Secure program execution via dynamic information flow tracking. SIGARCH Comput. Archit. News, 32(5):85-96, 2004.
30. G. Venkataramani, I. Doudalis, Y Solihin, and M. Prvulovic. Flexitaint: A programmable accelerator for dynamic taint propagation. In HPCA '08, 2008.
31. W. Xu, S. Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In 15th USENIX Security Symposium, 2006.
32. H. Yin, Z. Liang, and D. Song. HookFinder: Identifying and understanding malware hooking behaviors. In 15th Annual Network and Distributed System Security Symposium (NDSS'08), 2008.
33. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. In CCS '07: Proc. of the 14th ACM conference on Computer and communications security, 2007.