Pointless tainting?: evaluating the practicality of pointer tainting

12 years 11 months ago
Pointless tainting?: evaluating the practicality of pointer tainting
This paper evaluates pointer tainting, an incarnation of Dynamic Information Flow Tracking (DIFT), which has recently become an important technique in system security. Pointer tainting has been used for two main purposes: detection of privacy-breaching malware (e.g., trojan keyloggers obtaining the characters typed by a user), and detection of memory corruption attacks against non-control data (e.g., a buffer overflow that modifies a user’s privilege level). In both of these cases the attacker does not modify control data such as stored branch targets, so the control flow of the target program does not change. Phrased differently, in terms of instructions executed, the program behaves ‘normally’. As a result, these attacks are exceedingly difficult to detect. Pointer tainting is considered one of the only methods for detecting them in unmodified binaries. Unfortunately, almost all of the incarnations of pointer tainting are flawed. In particular, we demonstrate that the ap...
Asia Slowinska, Herbert Bos
Added 10 Mar 2010
Updated 10 Mar 2010
Type Conference
Year 2009
Authors Asia Slowinska, Herbert Bos
Comments (0)