David (Yu) Zhu
David Wetherall
Abstract
We present TaintEraser, a new tool that tracks the movement of sensitive user data as it flows through off-the-shelf applications. TaintEraser uses application-level dynamic taint analysis to let users run applications in their own environment while preventing unwanted information exposure. It is made possible by techniques we developed for accurate and efficient tainting: (1) Semantic-aware instruction-level tainting is critical to track taint accurately, without explosion or loss. (2) Function summaries provide an interface to handle taint propagation within the kernel and reduce the overhead of instruction-level tracking. (3) On-demand instrumentation enables fast loading of large applications. Together, these techniques let us analyze large, multi-threaded, networked applications in near real-time. In tests on Internet Explorer, Yahoo! Messenger, and Windows Notepad, Taint- Eraser generated no false positives and instrumented fewer than 5% of the executed instructions while precisely scrubbing user-defined sensitive data that would otherwise have been exposed to restricted output channels. Our research provides the first evidence that it is viable to track taint accurately and efficiently for real, interactive applications running on commodity hardware.
- Derek Bruening and Vladimir Kiriansky. Process-Shared and Persistent Code Caches. In VEE, 2008. Google Scholar
Digital Library
- W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting. In IEEE Symposium on Computers and Communications, 2006. Google ScholarDigital Library
- Sonia Chiasson, P. C. van Oorschot, and Robert Biddle. A usability study and critique of two password managers. In USENIX Security, 2006. Google ScholarDigital Library
- Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. Understanding data lifetime via whole system simulation. In USENIX Security Symposium, 2004. Google ScholarDigital Library
- James Clause, Wanchun Li, and Alessandro Orso. Dytan: a generic dynamic taint analysis framework. In ISSTA '07: Proceedings of the 2007 international symposium on Software testing and analysis, pages 196--206, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- Alexei Czeskis, David J. St. Hilaire, Karl Koscher, Steven D. Gribble, Tadayoshi Kohno, and Bruce Schneier. Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications. In HotSec, 2008. Google ScholarDigital Library
- Michael Dalton, Hari Kannan, and Christos Kozyrakis. Tainting is not pointless. SIGOPS Oper. Syst. Rev., 44(2):88--92, 2010. Google ScholarDigital Library
- Petros Efstathopoulos, Maxwell Krohn, Steve VanDeBogart, Cliff Frey, David Ziegler, Eddie Kohler, David Mazi`eres, Frans Kaashoek, and Robert Morris. Labels and event processes in the asbestos operating system. In SOSP, 2005. Google ScholarDigital Library
- Alex Ho, Michael Fetterman, Christopher Clark, Andrew Warfield, and Steven Hand. Practical taint-based protection using demand emulation. SIGOPS Oper. Syst. Rev., 40(4), 2006. Google ScholarDigital Library
- Jaeyeon Jung, Anmol Sheth, Ben Greenstein, David Wetherall, Gabriel Maganis, and Tadayoshi Kohno. Privacy Oracle: a System for Finding Application Leaks with Black Box Differential Testing. In CCS, 2008. Google ScholarDigital Library
- Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In PLDI, 2005. Google ScholarDigital Library
- John Markoff. Surveillance of Skype Messages Found in China. The New York Times, October 2008.Google Scholar
- Andy McCue. IT bosses ban Google Desktop over security fears. http://preview.tinyurl.com/yemm68u.Google Scholar
- Vijay Nagarajan, Ho-Seop Kim, Youfeng Wu, and Rajiv Gupta. Dynamic Information Flow Tracking on Multicores. In Interact, 2008.Google Scholar
- James Newsome, Stephen McCamant, and Dawn Song. Measuring channel capacity to distinguish undue influence. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, 2009. Google ScholarDigital Library
- James Newsome and Dawn Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In NDSS, 2005.Google Scholar
- Objective Development. Little Snitch. http://www.obdev.at/products/littlesnitch/.Google Scholar
- PrivacyEraser Computing. Privacy Eraser. http://www.privacyeraser.com/.Google Scholar
- Feng Qin, Cheng Wang, Zhenmin Li, Ho seop Kim, Yuanyuan Zhou, and Youfeng Wu. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. In MICRO, 2006. Google ScholarDigital Library
- Andrei Sabelfeld and Andrew C. Myers. Language-based information-flow security. IEEE JSAC, 21:2003, 2003.Google ScholarDigital Library
- Prateek Saxena, R Sekar, and Varun Puranik. Efficient Fine-Grained Binary Instrumentation with Applications to Taint-Tracking. In CGO, 2008. Google ScholarDigital Library
- Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask). In IEEE Symposium on Security and Privacy, 2010. Google ScholarDigital Library
- Asia Slowinska and Herbert Bos. Pointless tainting?: evaluating the practicality of pointer tainting. In EuroSys '09: Proceedings of the 4th ACM European conference on Computer systems, pages 61--74, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. Secure program execution via dynamic information flow tracking. In ASPLOS-XI: Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, pages 85--96, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- Neil Vachharajani, Matthew J. Bridges, Jonathan Chang, Ram Rangan, Guilherme Ottoni, Jason A. Blome, George A. Reis, Manish Vachharajani, and David I. August. RIFLE: An architectural framework for user-centric information-flow security. In MICRO, 2004. Google ScholarDigital Library
- Jaikumar Vijayan. Leaked house ethics document spreads on the net vis p2p. http://preview.tinyurl.com/y97f8n5.Google Scholar
- Cheng Wang, Shiliang Hu, Ho-Seop Kim, Sreekumar R. Nair, Mauricio Breternitz Jr, Zhiwei Ying, and Youfeng Wu. StarDBT: An Efficient Multi-platform Dynamic Binary Translation System. In Asia-Pacific Computer Systems Architecture Conference, 2007. Google ScholarDigital Library
- XiaoFeng Wang, Zhuowei Li, Ninghui Li, and Jong Youl Choi. PRECIP: Practical and Retrofittable Confidential Information Protection. In NDSS, February 2008.Google Scholar
- Msdn documentation - wcsncpy. http://msdn.microsoft.com/en-us/library/ms860450.aspx.Google Scholar
- Wei Xu, Sandeep Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In USENIX Security Symposium, 2006. Google ScholarDigital Library
- Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda. Panorama: capturing system-wide information flow for malware detection and analysis. In CCS, 2007. Google ScholarDigital Library
- Aydan R. Yumerefendi, Benjamin Mickle, and Landon P. Cox. TightLip: Keeping Applications from Spilling the Beans. In NSDI, April 2007. Google ScholarDigital Library
- Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. Making information flow explicit in HiStar. In OSDI, 2006. Google ScholarDigital Library
Index Terms
- TaintEraser: protecting sensitive data leaks using application-level taint tracking
Recommendations
PIITracker: Automatic Tracking of Personally Identifiable Information in Windows
EuroSec'18: Proceedings of the 11th European Workshop on Systems SecurityPersonally Identifiable Information (PII) is information that can be used on its own or with other information to distinguish or trace an individual's identity. To investigate an application for PII tracking, a reverse engineer has to put considerable ...
Tainting is not pointless
Pointer tainting is a form of Dynamic Information Flow Tracking used primarily to prevent software security attacks such as buffer overflows. Researchers have also applied pointer tainting to malware and virus analysis.
A recent paper by Slowinska and ...
Compiler-based Attack Origin Tracking with Dynamic Taint Analysis
Information Security and Cryptology – ICISC 2021AbstractOver the last decade, many exploit mitigations based on Control Flow Integrity (CFI) have been developed to secure programs from being hijacked by attackers. However, most of them only abort the protected application after attack detection, ...
Comments