Open AccessProceedings Article
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
James Newsome,Dawn Song +1 more
TLDR
TaintCheck as mentioned in this paper performs dynamic taint analysis by performing binary rewriting at run time, which can reliably detect most types of exploits and produces no false positives for any of the many different programs that were tested.Abstract:
Software vulnerabilities have had a devastating effect on the Internet. Worms such as CodeRed and Slammer can compromise hundreds of thousands of hosts within hours or even minutes, and cause millions of dollars of damage [26, 43]. To successfully combat these fast automatic Internet attacks, we need fast automatic attack detection and filtering mechanisms. In this paper we propose dynamic taint analysis for automatic detection of overwrite attacks, which include most types of exploits. This approach does not need source code or special compilation for the monitored program, and hence works on commodity software. To demonstrate this idea, we have implemented TaintCheck, a mechanism that can perform dynamic taint analysis by performing binary rewriting at run time. We show that TaintCheck reliably detects most types of exploits. We found that TaintCheck produced no false positives for any of the many different programs that we tested. Further, we describe how TaintCheck could improve automatic signature generation inread more
Citations
More filters
Journal ArticleDOI
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
William Enck,Peter Gilbert,Seungyeop Han,Vasant Tendulkar,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +8 more
TL;DR: TaintDroid as mentioned in this paper is an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data by leveraging Android's virtualized execution environment.
Proceedings ArticleDOI
Valgrind: a framework for heavyweight dynamic binary instrumentation
TL;DR: Valgrind is described, a DBI framework designed for building heavyweight DBA tools that can be used to build more interesting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.
Proceedings ArticleDOI
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
William Enck,Peter Gilbert,Byung-Gon Chun,Landon P. Cox,Jaeyeon Jung,Patrick McDaniel,Anmol Sheth +6 more
TL;DR: Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, this work found 68 instances of misappropriation of users' location and device identification information across 20 applications.
Proceedings ArticleDOI
Polygraph: automatically generating signatures for polymorphic worms
TL;DR: Polygraph as mentioned in this paper is a signature generation system that successfully produces signatures that match polymorphic worms by using multiple disjoint content substrings, which correspond to protocol framing, return addresses, and poorly obfuscated code.
Journal ArticleDOI
A survey on automated dynamic malware-analysis techniques and tools
TL;DR: An overview of techniques based on dynamic analysis that are used to analyze potentially malicious samples and analysis programs that employ these techniques to assist human analysts in assessing whether a given sample deserves closer manual inspection due to its unknown malicious behavior is provided.
References
More filters
Proceedings Article
Bro: a system for detecting network intruders in real-time
TL;DR: Bro as mentioned in this paper is a stand-alone system for detecting network intruders in real-time by passively monitoring a network link over which the intruder's traffic transits, which emphasizes high-speed (FDDI-rate) monitoring, realtime notification, clear separation between mechanism and policy and extensibility.
Journal ArticleDOI
Bro: a system for detecting network intruders in real-time
Vern Paxson,Vern Paxson +1 more
TL;DR: An overview of the Bro system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility, is given.
Proceedings ArticleDOI
A sense of self for Unix processes
TL;DR: A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls, and initial experiments suggest that the definition is stable during normal behaviour for standard UNIX programs.
Proceedings Article
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
Crispin Cowan,Calton Pu,Dave Maier,Heather Hintony,Jonathan Walpole,Peat Bakke,Steve Beattie,Aaron Grier,Perry Wagle,Qian Zhang +9 more
TL;DR: StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance.
Proceedings Article
How to Own the Internet in Your Spare Time
TL;DR: This work develops and evaluates several new, highly virulent possible techniques: hit-list scanning, permutation scanning, self-coordinating scanning, and use of Internet-sized hit-lists (which creates a flash worm).