Results 1 - 10
of
137
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
, 2010
"... Today’s smartphone operating systems fail to provide users with adequate control and visibility into how third-party applications use their private data. We present TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system for the popular Android platform that can simultaneous ..."
Abstract
-
Cited by 527 (26 self)
- Add to MetaCart
Today’s smartphone operating systems fail to provide users with adequate control and visibility into how third-party applications use their private data. We present TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system for the popular Android platform that can simultaneously track multiple sources of sensitive data. TaintDroid’s efficiency to perform real-time analysis stems from its novel system design that leverages the mobile platform’s virtualized system architecture. TaintDroid incurs only 14 % performance overhead on a CPU-bound micro-benchmark with little, if any, perceivable overhead when running thirdparty applications. We use TaintDroid to study the behavior of 30 popular third-party Android applications and find several instances of misuse of users ’ private information. We believe that TaintDroid is the first working prototype demonstrating that dynamic taint tracking and analysis provides informed use of third-party applications in existing smartphone operating systems.
All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask
- In Proceedings of the IEEE Symposium on Security and Privacy
, 2010
"... Abstract—Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discove ..."
Abstract
-
Cited by 106 (5 self)
- Add to MetaCart
(Show Context)
Abstract—Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts. The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context. Keywords-taint analysis, symbolic execution, dynamic analysis I.
Quantitative information flow as network flow capacity
- In ACM Conference on Programming Language Design and Implementation
, 2008
"... Abstract We present a new technique for determining how much informationabout a program's secret inputs is revealed by its public outputs. In ..."
Abstract
-
Cited by 94 (5 self)
- Add to MetaCart
(Show Context)
Abstract We present a new technique for determining how much informationabout a program's secret inputs is revealed by its public outputs. In
Q: Exploit hardening made easy
- IN PROCEEDINGS OF USENIX SECURITY 2011
, 2011
"... Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software defense that stops shellcode, by reusing instructions from large libraries such as libc. Modern operating systems have since enabled address randomization (ASLR), which randomizes the location of libc, ..."
Abstract
-
Cited by 52 (3 self)
- Add to MetaCart
(Show Context)
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software defense that stops shellcode, by reusing instructions from large libraries such as libc. Modern operating systems have since enabled address randomization (ASLR), which randomizes the location of libc, making these techniques unusable in practice. However, modern ASLR implementations leave smaller amounts of executable code unrandomized and it has been unclear whether an attacker can use these small code fragments to construct payloads in the general case. In this paper, we show defenses as currently deployed can be bypassed with new techniques for automatically creating ROP payloads from small amounts of unrandomized code. We propose using semantic program verification techniques for identifying the functionality of gadgets, and design a ROP compiler that is resistant to missing gadget types. To demonstrate our techniques, we build Q, an end-to-end system that automatically generates ROP payloads for a given binary. Q can produce payloads for 80 % of Linux /usr/bin programs larger than 20KB. We also show that Q can automatically perform exploit hardening: given an exploit that crashes with defenses on, Q outputs an exploit that bypasses both W⊕X and ASLR. We show that Q can harden nine realworld Linux and Windows exploits, enabling an attacker to automatically bypass defenses as deployed by industry for those programs.
ROPdefender: A detection tool to defend against return-oriented programming attacks
, 2010
"... Return-oriented programming (ROP) is a technique that enables an adversary to construct malicious programs with the desired behavior by combining short instruction sequences that already reside in the memory space of a program. ROP attacks have already been demonstrated on various processor architec ..."
Abstract
-
Cited by 48 (5 self)
- Add to MetaCart
(Show Context)
Return-oriented programming (ROP) is a technique that enables an adversary to construct malicious programs with the desired behavior by combining short instruction sequences that already reside in the memory space of a program. ROP attacks have already been demonstrated on various processor architectures ranging from PCs to smartphones and special-purpose systems. In this paper, we present our tool, ROPdefender, that dynamically detects conventional ROP attacks (that are based on return instructions) with a reasonable runtime overhead of 2x. In contrast to existing solutions, (i) ROPdefender does not rely on side information (e.g., source code or debugging information) and (ii) it instruments all return instructions issued during program execution including all returns from dynamic libraries, even if the adversary subverts the control-flow by other means. Moreover, ROPdefender can handle Unix signals, non-local control transfers, C++ exceptions, lazy binding, and can be applied to multi-threaded applications such as Mozilla Firefox or Acrobat Reader. Finally our implementation supports mainstream operating systems (Windows and Linux) for the Intel x86 architecture. As proof of concept we show that ROPdefender successfully detects recent Acrobat Reader exploits on Windows.
Efficient and extensible security enforcement using dynamic data flow analysis
- In Computer and Communications Security (CCS
, 2008
"... Current taint tracking systems suffer from high overhead and a lack of generality. In this paper, we solve both of these issues with an extensible system that is an order of magnitude more efficient than previous software taint tracking systems and is fully general to dynamic data flow tracking prob ..."
Abstract
-
Cited by 46 (2 self)
- Add to MetaCart
(Show Context)
Current taint tracking systems suffer from high overhead and a lack of generality. In this paper, we solve both of these issues with an extensible system that is an order of magnitude more efficient than previous software taint tracking systems and is fully general to dynamic data flow tracking problems. Our system uses a compiler to transform untrusted programs into policy-enforcing programs, and our system can be easily reconfigured to support new analyses and policies without modifying the compiler or runtime system. Our system uses a sound and sophisticated static analysis that can dramatically reduce the amount of data that must be dynamically tracked. For server programs, our system’s average overhead is 0.65% for taint tracking, which is comparable to the best hardware-based solutions. For a set of compute-bound benchmarks, our system produces no runtime overhead because our compiler can prove the absence of vulnerabilities, eliminating the need to dynamically track taint. After modifying these benchmarks to contain format string vulnerabilities, our system’s overhead is less than 13%, which is over 6 × lower than the previous best solutions. We demonstrate the flexibility and power of our system by applying it to file disclosure vulnerabilities, a problem that taint tracking cannot handle. To prevent such vulnerabilities, our system introduces an average runtime overhead of 0.25 % for three open source server programs.
Vision: automated security validation of mobile apps at app markets
- in Proceedings the second international workshop on Mobile cloud computing and services, ser. MCS
"... Smartphones and “app ” markets are raising concerns about how third-party applications may misuse or improperly handle users’ privacy-sensitive data. Fortunately, unlike in the PC world, we have a unique opportunity to improve the security of mobile applications thanks to the centralized nature of a ..."
Abstract
-
Cited by 46 (2 self)
- Add to MetaCart
(Show Context)
Smartphones and “app ” markets are raising concerns about how third-party applications may misuse or improperly handle users’ privacy-sensitive data. Fortunately, unlike in the PC world, we have a unique opportunity to improve the security of mobile applications thanks to the centralized nature of app distribution through popular app markets. Thorough validation of apps applied as part of the app market admission process has the potential to significantly enhance mobile device security. In this paper, we propose AppInspector, an automated security validation system that analyzes apps and generates reports of potential security and privacy violations. We describe our vision for making smartphone apps more secure through automated validation and outline key challenges such as detecting and analyzing security and privacy violations, ensuring thorough test coverage, and scaling to large numbers of apps.
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
- TRANSACTIONS ON SOFTWARE ENGINEERING
, 2008
"... Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL injection, which can give attackers unrestricted access to the databases that underlie Web ..."
Abstract
-
Cited by 44 (2 self)
- Add to MetaCart
(Show Context)
Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL injection, which can give attackers unrestricted access to the databases that underlie Web applications and has become increasingly frequent and serious. This paper presents a new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques. From a conceptual standpoint, the approach is based on the novel idea of positive tainting and on the concept of syntax-aware evaluation. From a practical standpoint, our technique is precise and efficient, has minimal deployment requirements, and incurs a negligible performance overhead in most cases. We have implemented our techniques in the Web Application SQL-injection Preventer (WASP) tool, which we used to perform an empirical evaluation on a wide range of Web applications that we subjected to a large and varied set of attacks and legitimate accesses. WASP was able to stop all of the otherwise successful attacks and did not generate any false positives.
Automating configuration troubleshooting with dynamic information flow analysis
- in OSDI. USENIX Association, 2010
"... Software misconfigurations are time-consuming and enormously frustrating to troubleshoot. In this paper, we show that dynamic information flow analysis helps solve these problems by pinpointing the root cause of configuration errors. We have built a tool called ConfAid that instruments application b ..."
Abstract
-
Cited by 44 (4 self)
- Add to MetaCart
(Show Context)
Software misconfigurations are time-consuming and enormously frustrating to troubleshoot. In this paper, we show that dynamic information flow analysis helps solve these problems by pinpointing the root cause of configuration errors. We have built a tool called ConfAid that instruments application binaries to monitor the causal dependencies introduced through control and data flow as the program executes — ConfAid uses these dependencies to link the erroneous behavior to specific tokens in configuration files. Our results using ConfAid to solve misconfigurations in OpenSSH, Apache, and Postfix show that ConfAid identifies the source of the misconfiguration as the first or second most likely root cause for 18 out of 18 real-world configuration errors and for 55 out of 60 randomly generated errors. ConfAid runs in only a few minutes, making it an attractive alternative to manual debugging. 1
libdft: Practical Dynamic Data Flow Tracking for Commodity Systems
"... Dynamic data flow tracking (DFT) deals with tagging and tracking data of interest as they propagate during program execution. DFT has been repeatedly implemented by a variety of tools for numerous purposes, including protection from zero-day and cross-site scripting attacks, detection and prevention ..."
Abstract
-
Cited by 38 (11 self)
- Add to MetaCart
(Show Context)
Dynamic data flow tracking (DFT) deals with tagging and tracking data of interest as they propagate during program execution. DFT has been repeatedly implemented by a variety of tools for numerous purposes, including protection from zero-day and cross-site scripting attacks, detection and prevention of information leaks, and for the analysis of legitimate and malicious software. We present libdft, a dynamic DFT framework that unlike previous work is at once fast, reusable, and works with commodity software and hardware. libdft provides an API for building DFT-enabled tools that work on unmodified binaries, running on common operating systems and hardware, thus facilitating research and rapid prototyping. We explore different approaches for implementing the low-level aspects of instruction-level data tracking, introduce a more efficient and 64-bit capable shadow memory, and identify (and avoid) the common pitfalls responsible for the excessive performance overhead of previous studies. We evaluate libdft using real applications with large codebases like the Apache and MySQL servers, and the Firefox web browser. We also use a series of benchmarks and utilities to compare libdft with similar systems. Our results indicate that it performs at least as fast, if not faster, than previous solutions, and to the best of our knowledge, we are the first to evaluate the performance overhead of a fast dynamic DFT implementation in such depth. Finally, libdft is freely available as open source software.
