Dynamic Tracking of Information Flow Signatures for Security Checking
نویسندگان
چکیده
Memory-based attacks represent one of the largest attack classes in the field. Many techniques have been proposed to protect applications from certain classes of memory exploits, however, few of these techniques can protect the application from all memory attacks, and few permit the protection of only select variables. We present a technique to provide protection of select variables from a wide range of memory attacks. The protection is provided by computing the dependence tree of each critical variable, ensuring that no variable or instruction within the dependence tree is corrupted by utilizing hardware supported runtime checks. We evaluate the technique using software based emulation.
منابع مشابه
End-to-end Multilevel Hybrid Information Flow Control
We present models and soundness results for hybrid information flow, i.e. for mechanisms that enforce noninterference-style security guarantees using a combination of static analysis and dynamic taint tracking. Our analysis has the following characteristics: (i) we formulate hybrid information flow as an endto-end property, in contrast to disruptive monitors that prematurely terminate or otherw...
متن کاملA Hybrid System Approach to Model Dynamic Information Flow Tracking
Control theory is used in several disciplines such as mechanical engineering, communication, and computer engineering. This paper examines the application of control theory to computer security, specifically in the area of Dynamic Information Flow Tracking (DIFT). Control theory can be used to model the destruction of information in DIFT. The DIFT system examined in this paper utilizes a taint ...
متن کاملGPU Taint Tracking
Dynamic tainting tracks the influence of certain inputs (taint sources) through execution and it is a powerful tool for information flow analysis and security. Taint tracking has primarily targeted CPU program executions. Motivated by recent recognition of information leaking in GPU memory and GPU-resident malware, this paper presents the first design and prototype implementation of a taint tra...
متن کاملTracking Dependent Information Flows
Ensuring the compliance of developed software with security requirements is a challenging task due to imprecision on the security guidelines definition, and to the lack of automatic and formal means to lead this verification. In this paper, we present our approach that aims at integrating the formal specification and verification of security guidelines in early stages of the development life cy...
متن کاملLJGS: Gradual Security Types for Object-Oriented Languages
LJGS is a lightweight Java core calculus with a gradual security type system. The calculus guarantees secure information flow for sequential, class-based, typed object-oriented programming with mutable objects and virtual method calls. An LJGS program is composed of fragments that are checked either statically or dynamically. Statically checked fragments adhere to a security type system so that...
متن کامل