Influence: A Quantitative Approach for Data Integrity (CMU-CyLab-08-005)
نویسندگان
چکیده
A number of systems employ dynamic taint analysis to detect overwrite attacks in commodity software. These systems are based on the premise that low-integrity inputs should not control values such as function pointers and return addresses. Unfortunately, there are several programming constructs that can cause false positives and false negatives in these systems, which are currently handled by manual annotation, ad-hoc rules, or not at all. In this work we propose to use channel capacity, a quantitative measure of information flow, as a quantitative measure of control. When measuring control, we refer to this measure as influence. We use influence as a theoretical tool to formally investigate programming constructs known to be problematic for dynamic taint analysis. While calculating influence in arbitrary programs is undecidable in the general case, we propose and implement practical techniques for automatically bounding and probabilistically estimating influence in x86 programs. We show that this tool is able to automatically find useful influence bounds in code constructs known to be problematic in dynamic taint analysis. We also use it to analyze a dynamic taint analysis alert in samba, showing that it is a false positive, and another alert in SQL Server, showing that it is a true positive.
منابع مشابه
Towards Generating High Coverage Vulnerability-based Signatures with Protocol-level Constraint-guided Exploration (CMU-CyLab-08-009)
Signature-based input filtering is an important and widely deployed defense. But current signature generation methods have limited coverage and the generated signatures can be easily evaded by an attacker with small variations of the exploit message. In this paper, we propose protocol-level constraint-guided exploration, a new approach towards generating high coverage vulnerability-based signat...
متن کاملAutomated Verification of Security Protocol Implementations (CMU-CyLab-08-002)
We present a method that combines software model checking with a standard protocol security model to provide meaningful security analysis of protocol implementations in a completely automated manner. Our approach incorporates a standard symbolic attacker model and provides analogous guarantees about protocol implementations as previous work does for protocol specifications. We have implemented ...
متن کاملEfficient TCB Reduction and Attestation (CMU-CyLab-09-003)
We develop a special-purpose hypervisor called TrustVisor that facilitates the execution of security-sensitive code in isolation from commodity OSes and applications. TrustVisor provides code and execution integrity as well as data secrecy and integrity for protected code, even in the presence of a compromised OS. These strong properties can be attested to a remote verifier. TrustVisor only add...
متن کاملxDomain: Cross-border Proofs of Access (CMU-CyLab-09-005)
A number of research systems have demonstrated the benefits of accompanying each request with a machine-checkable proof that the request complies with access-control policy — a technique called proof-carrying authorization. Numerous authorization logics have been proposed as vehicles by which these proofs can be expressed and checked. A challenge in building such systems is how to allow delegat...
متن کامل