CHEN Kai, ZHANG Yingjun. Statically-Directed Dynamic Taint Analysis[J]. Chinese Journal of Electronics, 2014, 23(1): 18-24.
Citation: CHEN Kai, ZHANG Yingjun. Statically-Directed Dynamic Taint Analysis[J]. Chinese Journal of Electronics, 2014, 23(1): 18-24.

Statically-Directed Dynamic Taint Analysis

Funds:  This work is supported by the National Natural Science Foundation of China (No.61100226), the National High Technology Research and Development Program of China (863 Program) (No.SQ2013GX02D01211) and the Innovation Program of Institute of Information Engineering Chinese Academy of Sciences (No.Y3Z0071502).
  • Received Date: 2012-03-01
  • Rev Recd Date: 2013-04-01
  • Publish Date: 2014-01-05
  • Taint analysis is a popular method in software analysis field including vulnerability/malware analysis. By identifying taint source and making suitable taint propagation rules, we could directly know whether variables in software have any relationship with input data. Static taint analysis method is efficient, but it is imprecise since runtime information is lacked. Dynamic taint analysis method usually instruments every instruction in software to catch the taint propagation process. However, this is inefficient since it usually takes lots of time for context switches between original code and instrumenting code. In this paper, we propose a statically-directed dynamic taint analysis method to increase the efficiency of taint analysis process without any loss of accuracy. In this way, there is no need to instrument every instruction. Several experiments are made on our prototype SDTaint and the results show that our method is several times more efficient than traditional dynamic taint analysis method.
  • loading
  • J. Tucek, J. Newsome, S. Lu, C. Huang, S. Xanthos, D. Brumley, Y. Zhou and D. Song,"Sweeper: A lightweight end-to-end system for defending against fast worms", ACM SIGOPS Operating Systems Review, Vol.41, No.3, pp.115-128, 2007.
    G. Portokalidis, A. Slowinska and H. Bos,"Argos: An emulator for ?ngerprinting zero-day attacks for advertised honeypots with automatic signature generation", ACM SIGOPS Operating Systems Review, Vol.40. No.4, pp.15-27, 2006.
    V. Ganesh, T. Leek and M. Rinard,"Taint-based directed whitebox fuzzing", Proc. of the 31st International Conference on Software Engineering, Vancouver, Canada, pp.474-484, 2009.
    T.Wang, T.Wei, G. Gu andW. Zou,"Taintscope: A checksumaware directed fuzzing tool for automatic software vulnerability detection", Proc. of IEEE Symposium on Security and Privacy, Claremont Resort, USA, pp.497-512, 2010.
    J. Wei, B. Payne, J. Giffin and C. Pu,"Soft-timer driven transient kernel control ?ow attacks and defense", Proc. of Computer Security Applications Conference, Anaheim, California, USA, pp.97-107, 2008.
    D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M.G. Kang, Z. Liang, J. Newsome, P. Poosankam and P. Saxena,"Bitblaze: A new approach to computer security via binary analysis", Proc. of the 4th International Conference on Information Systems Security, Hyderabad, India, pp.1-25, 2008.
    J. Clause, W. Li and A. Orso, Dytan: A generic dynamic taint analysis framework", Proc. of the international symposium on Software testing and analysis, London, United Kingdom, pp.196-206, 2007.
    J. Newsome and D. Song,"Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software", Proc. of the 12th Annual Network and Distributed System Security Symposium, San Diego, California, 2005.
    E. Schwartz, T. Avgerinos and D. Brumley,"All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)", Proc. of IEEE Symposium on Security and Privacy, Claremont Resort, USA, pp.317-331, 2010.
    L. Lam and T. Chiueh,"A general dynamic information flow tracking framework for security applications", Proc. of Computer Security Applications Conference, Miami, USA, pp.463472, 2006.
    M. Dalton, H. Kannan and C. Kozyrakis,"Raksha: A flexible information flow architecture for software security", ACM SIGARCH Computer Architecture News, Vol.35, No.2, pp.482493, 2007.
    G.E. Suh, J.W. Lee, D. Zhang and S. Devadas,"Secure program execution via dynamic information flow tracking", ACM SIGPLAN Notices, Vol.39, No.11, pp.85-96, 2004.
    W. Xu, S. Bhatkar and R. Sekar,"Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks", Proc. of 15th USENIX Security Symposium, Vancouver, Canada, pp.121-136, 2006.
    W. Chang, B. Streiff and C. Lin,"Efficient and extensible security enforcement using dynamic data flow analysis", Proc. of the 15th ACM Conference on Computer and Communications Security, Alexandria, USA, pp.39-50, 2008.
    G. Wassermann and Z. Su,"Static detection of cross-site scripting vulnerabilities", Proc. of ACM/IEEE 30th International Conference on Software Engineering, Leipzig, Germany, pp.171-180, 2008.
    K. Chen and D. Wagner,"Large-scale analysis of format string vulnerabilities in debian linux", Proc. of the 2007 Workshop on Programming Languages and Analysis for Security, San Diego, USA, pp.75-84, 2007.
    G. Portokalidis and H. Bos,"Eudaemon: Involuntary and ondemand emulation against zero-day exploits", Proc. of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, Glasgow, Scotland UK, pp.287-299, 2008.
    P. Saxena, S. Hanna, P. Poosankam and D. Song,"Flax: Systematic discovery of client-side validation vulnerabilities in rich web applications", Proc. of 17th Annual Network & Distributed System Security Symposium, San Diego, USA, 2010.
    B. Davis and H. Chen,"Dbtaint: Cross-application information flow tracking via databases", Proc. of the USENIX Conference on Web Application Development, Boston, USA, pp.12-12, 2010.
    K. Chen, D. Feng, P. Su, Y. Zhang,"Black-box testing based on colorful taint analysis", Science China Information Sciences, Vol.55, No.1, pp.171-183, 2012.
    K. Chen, Y. Lian and Y. Zhang,"Automatically generating patch in binary programs using attribute-based taint analysis", Proc. of the 12th International Conference on Information and Communications Security, Barcelona, Spain, pp.367-382, 2010.
    A. Slowinska and H. Bos,"Pointless tainting?: Evaluating the practicality of pointer tainting", Proc. of the 4th ACM European Conference on Computer Systems, Nuremberg, Germany, pp.61-74, 2009.
    D.Molnar and D.Wagner,"Catchconv: Symbolic execution and run-time type inference for integer conversion errors", Technical Report No. UCB/EECS-2007-23, Berkeley, 2007.
    J. Yang, C. Sar, P. Twohey, C. Cadar and D. Engler,"Automatically generating malicious disks using symbolic execution", Proc. of the IEEE Symposium on Security and Privacy, Oakland, USA, 2006.
    K. Chen, Y. Zhang and Y. Lian,"Vulnerability-based backdoors: Threats from two-step trojans", Proc. of the 7th International Conference on Software Security and Reliability, Washington, USA, 2013.
    C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. Reddi and K. Hazelwood,"Pin: Building customized program analysis tools with dynamic instrumentation", Proc. of the ACM SIGPLAN Conference on Programming Language Design and Implementation, Chicago, USA, pp.190-200, 2005.
  • 加载中


    通讯作者: 陈斌,
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (327) PDF downloads(1198) Cited by()
    Proportional views


    DownLoad:  Full-Size Img  PowerPoint