progress report
Download
Skip this Video
Download Presentation
Progress Report

Loading in 2 Seconds...

play fullscreen
1 / 9

Progress Report - PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on

Progress Report. Bin Zeng Friday 02/07/2014. Finished. Add the taint sink checking for indirect control flow transfers such as ret, indirect call etc. Add the taint tag initialization for taint sources such as file input r ead function Wrote the paper Still some more writing to do.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Progress Report' - sulwyn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
progress report

Progress Report

Bin Zeng

Friday 02/07/2014

finished
Finished
  • Add the taint sink checking for indirect control flow transfers such as ret, indirect call etc.
  • Add the taint tag initialization for taint sources such as file input
    • read function
  • Wrote the paper
    • Still some more writing to do
indirect call instrumentation
Indirect Call Instrumentation

callq *-8(%rbp)

leaq-8(%rbp), %rax

shrq $3, %rax

addq $17592186044416, %rax# 0x100000000000

movq (%rax), %al

cmpb $0, %al

jne 0

callq *-8(%rbp)

ret instruction instrumentation
Ret Instruction Instrumentation

ret

movq%rsp, %rcx

shrq $3, %rcx

addq $17592186044416, %rcx# 0x100000000000

movq (%rcx), %cl

cmpb $0, %cl

jne 0

ret

file read instrumentation
File read instrumentation

%92 = load i32* %fd, align 4

%93 = ptrtoint i8** %vbuf.addr to i64

%94 = lshr i64 %93, 3

%95 = add i64 %94, 2147450880

%96 = inttoptr i64 %95 to i8*

%97 = load i8* %96

%98 = load i8** %vbuf.addr, align 8

%99 = ptrtoint i64* %count.addr to i64

%100 = lshr i64 %99, 3

%101 = add i64 %100, 2147450880

%102 = inttoptr i64 %101 to i8*

%103 = load i8* %102

%104 = load i64* %count.addr, align 8

%ss_sptr_int28 = load i64* @__dtt_stack_pointer

%ss_sptr29 = inttoptr i64 %ss_sptr_int28 to i8*

%105 = ptrtoint i8* %ss_sptr29 to i64

%106 = sub i64 %105, 4

store i64 %106, i64* @__dtt_stack_pointer

%107 = inttoptr i64 %106 to i8*

%108 = getelementptr i8* %107, i32 0

store i8 0, i8* %108

%109 = getelementptr i8* %107, i32 1

store i8 %91, i8* %109

%110 = getelementptr i8* %107, i32 2

store i8 %97, i8* %110

%111 = getelementptr i8* %107, i32 3

store i8 %103, i8* %111

%call = call i64 @read(i32 %92, i8* %98, i64 %104)

call void @__dtt_taint_read(i8* %98, i64 %call, i32 1)

paper writing
Paper Writing
  • Read lots of papers while I was writing the related work section.
  • Taint tracking is a different field from sandboxing, CFI etc.
  • The paper is in good shape
next step
Next Step
  • Write the paper
  • Number collection
ad