1 / 16

Taint Analysis Review

Taint Analysis Review. 王卓. Agenda. Overview People Tools. Overview. Taint analysis 主要原理 : 将来自于网络等不被信任的渠道的数据都会被标记为“被污染”的,由此产生的一系列算术和逻辑操作新生成的数据也会继承源数据的“是否被 污染”的属性。然后根据指令的操作数或者函数参数的污染状态查找软件漏洞。. 相关论文. Dawn Song.

beau-cherry
Download Presentation

Taint Analysis Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Taint Analysis Review 王卓

  2. Agenda • Overview • People • Tools

  3. Overview • Taint analysis • 主要原理:将来自于网络等不被信任的渠道的数据都会被标记为“被污染”的,由此产生的一系列算术和逻辑操作新生成的数据也会继承源数据的“是否被 污染”的属性。然后根据指令的操作数或者函数参数的污染状态查找软件漏洞。

  4. 相关论文

  5. Dawn Song • Associate ProfessorComputer Science Division University of California, Berkeley • Panorama: capturing system-wide information flow for malware detection and analysis • Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software

  6. Omer Tripp a PhD candidate at Tel-Aviv University TAJ: Effective Taint Analysis of Web Applications PLDI 09 Learning Minimal Abstractions POPL2011

  7. James Clause • An assistant professor at the University of Delaware. • Research interests: software engineering with emphasis on debugging and program analysis • Penumbra: automatically identifying failure-relevant inputs using dynamic tainting ISSTA09 • Dytan ISSTA2007 • Effective memory protection using dynamic tainting ASE07

  8. Tielei Wang • 北京大学计算机科学技术研究所 • TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability DetectionIEEE S&P • IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution NDSS2009

  9. Taintcheck • Author: James Newsome, Dawn Song • Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software NDSS05 • The first practical taint tool. • Based on Valgrind.

  10. LIFT • LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks • Feng Qin, Ohio State University Cheng Wang, Intel Corporation Zhenmin Li, University of Illinois at Urbana-Champaign • A low-overhead attack discoverer.: 1.Fast Path 2.Merged Check 3.Fast Switch

  11. Dytan • Dytan: A Generic Dynamic Taint Analysis Framework ISSTA 2007 • James Clause, Wanchun (Paul) Li, and Alessandro Orso • Highlight: Control flow Taint

  12. Buzzfuzz • Taint-based Directed Whitebox Fuzzing ICSE2009 • Vijay Ganesh and Tim Leek and Martin Rinard MIT • Using taint analysis to direct fuzzing.

  13. TaintScope • TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection • Tielei Wang, Tao Wei1, Guofei Gu, Wei Zou • Key words: Fuzzing, Taint analysis, Symbolic execution • The approach: (1) byte analysis (2) checksum information

  14. Thank you!

More Related