Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROSYS
2009
ACM
2009
ACM
Pointless tainting?: evaluating the practicality of pointer tainting
This paper evaluates pointer tainting, an incarnation of Dynamic Information Flow Tracking (DIFT), which has recently become an important technique in system security. Pointer tainting has been used for two main purposes: detection of privacy-breaching malware (e.g., trojan keyloggers obtaining the characters typed by a user), and detection of memory corruption attacks against non-control data (e.g., a buffer overflow that modifies a user’s privilege level). In both of these cases the attacker does not modify control data such as stored branch targets, so the control flow of the target program does not change. Phrased differently, in terms of instructions executed, the program behaves ‘normally’. As a result, these attacks are exceedingly difficult to detect. Pointer tainting is considered one of the only methods for detecting them in unmodified binaries. Unfortunately, almost all of the incarnations of pointer tainting are flawed. In particular, we demonstrate that the ap...
Real-time TrafficEUROSYS 2009 | Memory Corruption Attacks | Paper Evaluates Pointer | Pointer Tainting | System Software |
| Added | 10 Mar 2010 |
| Updated | 10 Mar 2010 |
| Type | Conference |
| Year | 2009 |
| Where | EUROSYS |
| Authors | Asia Slowinska, Herbert Bos |
Comments (0)
Researcher Info
|
