Secure program execution via dynamic information flow tracking
read more
Citations
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
Control-flow integrity
Panorama: capturing system-wide information flow for malware detection and analysis
References
The SimpleScalar tool set, version 2.0
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SPEC CPU2000: measuring CPU performance in the New Millennium
Cyclone: A Safe Dialect of C
Related Papers (5)
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
Frequently Asked Questions (15)
Q2. What have the authors stated for future works in "Secure program execution via dynamic information flow tracking" ?
The authors plan to investigate other applications of information flow tracking with more complicated security policies.
Q3. What is the algorithm used to annotate a binary?
The annotation algorithm uses a set S to track all the registers that contribute to the branch condition, and attempts to find all the load instructions that can affect the value in the branch register.
Q4. How much performance degradation does twolf have?
If the authors assume a mechanism to decouple data and tag computations, even twolf with a 32 KB tag cache has only 5% performance degradation.
Q5. Why is the snprintf statement causing the format string vulnerability?
the snprintf statement causes the format string vulnerability because argv[1] is directly given to the function without a format string.
Q6. How does vudo detect a duplicated input?
vudo requires three dependencies to detect since it reads a spurious pointer to a node of a double-linked list (copy), reads the prev field using a proper offset with the pointer to the node (load-address), and updates the prev->next field (store-address).
Q7. What is a special type of a heap overflow attack?
Null HTTPd: By passing a negative content length value to the server, attacks can modify the allocation size of the read buffer, which results in a heap overflow.• vudo:
Q8. What is the second way to ensure the safety of spurious data?
The second way to ensure the safety of spurious data is to check the bound using conditional branches as shown in the switch example.
Q9. What is the common case of a per-byte security tag?
If there is a store operation with a small granularity for a page that currently has per-quadword security tags, the operating system reallocates the space for per-byte tags and initializes them properly.
Q10. What are the dependencies of the processor?
The authors categorize these dependencies into four types: copy dependency, computation dependency, load-address dependency, and store-address dependency.•
Q11. What are the two techniques that are targeted to prevent stack smashing attacks?
Both techniques only work for specific type of buffer overflow attacks that modify a return address in a stack, and require recompilation.
Q12. Does the overhead for small tag caches affect the performance of the benchmark parser?
given that the authors have only 0.21% overhead for security tags, small tag caches do not hurt the performance for Policy 1 as shown in Figure 6.
Q13. What is the common case of writing each byte separately?
Even though a program can manipulate values in memory with byte granularity, writing each byte separately is not the common case.
Q14. What is the disadvantage of program shepherding?
As a result, the existing program shepherding schemes only allows code that is originally loaded, which prevents legitimate use of dynamic code.
Q15. What is the advantage of having a software layer rather than a processor checking a security?
The advantage of having a software layer rather than a processor itself checking a security policy is that the policies can be more complex.