Progress report
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

Progress Report PowerPoint PPT Presentation


  • 55 Views
  • Uploaded on
  • Presentation posted in: General

Progress Report. Bin Zeng Friday 02/07/2014. Finished. Add the taint sink checking for indirect control flow transfers such as ret, indirect call etc. Add the taint tag initialization for taint sources such as file input r ead function Wrote the paper Still some more writing to do.

Download Presentation

Progress Report

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Progress report

Progress Report

Bin Zeng

Friday 02/07/2014


Finished

Finished

  • Add the taint sink checking for indirect control flow transfers such as ret, indirect call etc.

  • Add the taint tag initialization for taint sources such as file input

    • read function

  • Wrote the paper

    • Still some more writing to do


Indirect call instrumentation

Indirect Call Instrumentation

callq *-8(%rbp)

leaq-8(%rbp), %rax

shrq $3, %rax

addq $17592186044416, %rax# 0x100000000000

movq (%rax), %al

cmpb $0, %al

jne 0

callq *-8(%rbp)


Ret instruction instrumentation

Ret Instruction Instrumentation

ret

movq%rsp, %rcx

shrq $3, %rcx

addq $17592186044416, %rcx# 0x100000000000

movq (%rcx), %cl

cmpb $0, %cl

jne 0

ret


File read instrumentation

File read instrumentation

%92 = load i32* %fd, align 4

%93 = ptrtoint i8** %vbuf.addr to i64

%94 = lshr i64 %93, 3

%95 = add i64 %94, 2147450880

%96 = inttoptr i64 %95 to i8*

%97 = load i8* %96

%98 = load i8** %vbuf.addr, align 8

%99 = ptrtoint i64* %count.addr to i64

%100 = lshr i64 %99, 3

%101 = add i64 %100, 2147450880

%102 = inttoptr i64 %101 to i8*

%103 = load i8* %102

%104 = load i64* %count.addr, align 8

%ss_sptr_int28 = load i64* @__dtt_stack_pointer

%ss_sptr29 = inttoptr i64 %ss_sptr_int28 to i8*

%105 = ptrtoint i8* %ss_sptr29 to i64

%106 = sub i64 %105, 4

store i64 %106, i64* @__dtt_stack_pointer

%107 = inttoptr i64 %106 to i8*

%108 = getelementptr i8* %107, i32 0

store i8 0, i8* %108

%109 = getelementptr i8* %107, i32 1

store i8 %91, i8* %109

%110 = getelementptr i8* %107, i32 2

store i8 %97, i8* %110

%111 = getelementptr i8* %107, i32 3

store i8 %103, i8* %111

%call = call i64 @read(i32 %92, i8* %98, i64 %104)

call void @__dtt_taint_read(i8* %98, i64 %call, i32 1)


Compiler optimization on taint tracking

Compiler optimization on taint tracking


Compiler optimization on taint tracking1

Compiler optimization on taint tracking


Paper writing

Paper Writing

  • Read lots of papers while I was writing the related work section.

  • Taint tracking is a different field from sandboxing, CFI etc.

  • The paper is in good shape


Next step

Next Step

  • Write the paper

  • Number collection


  • Login