Taint-Exchange: A Generic System for Cross-Process and Cross-Host Taint Tracking

Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the intera...

Full description

Saved in:
Bibliographic Details
Published inAdvances in Information and Computer Security pp. 113 - 128
Main Authors Zavou, Angeliki, Portokalidis, Georgios, Keromytis, Angelos D.
Format Book Chapter
LanguageEnglish
Published Berlin, Heidelberg Springer Berlin Heidelberg
SeriesLecture Notes in Computer Science
Subjects
System Call
Taint Propagation
Taint Source
Tainted Data
USENIX Security Symposium
Online AccessGet full text

Cover

Abstract Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the interaction of distributed components, but also for security purposes. This paper presents Taint-Exchange, a generic cross-process and cross-host taint tracking framework. Our goal is to provide researchers with a valuable tool for rapidly developing prototypes that utilize cross-host taint tracking. Taint-Exchange builds on the libdft open source data flow tracking framework for processes, so unlike previous work it does not require extensive maintenance and setup. It intercepts I/O related system calls to transparently multiplex fine-grained taint information into existing communication channels, like sockets and pipes. We evaluate Taint-Exchange using the popular lmbench suite, and show that it incurs only moderate overhead.
AbstractList Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the interaction of distributed components, but also for security purposes. This paper presents Taint-Exchange, a generic cross-process and cross-host taint tracking framework. Our goal is to provide researchers with a valuable tool for rapidly developing prototypes that utilize cross-host taint tracking. Taint-Exchange builds on the libdft open source data flow tracking framework for processes, so unlike previous work it does not require extensive maintenance and setup. It intercepts I/O related system calls to transparently multiplex fine-grained taint information into existing communication channels, like sockets and pipes. We evaluate Taint-Exchange using the popular lmbench suite, and show that it incurs only moderate overhead.
Author Zavou, Angeliki
Keromytis, Angelos D.
Portokalidis, Georgios
Author_xml – sequence: 1
  givenname: Angeliki
  surname: Zavou
  fullname: Zavou, Angeliki
  email: azavou@cs.columbia.edu
  organization: Network Security Lab, Department of Computer Science, Columbia University, New York, USA
– sequence: 2
  givenname: Georgios
  surname: Portokalidis
  fullname: Portokalidis, Georgios
  email: porto@cs.columbia.edu
  organization: Network Security Lab, Department of Computer Science, Columbia University, New York, USA
– sequence: 3
  givenname: Angelos D.
  surname: Keromytis
  fullname: Keromytis, Angelos D.
  email: angelos@cs.columbia.edu
  organization: Network Security Lab, Department of Computer Science, Columbia University, New York, USA
BookMark eNo1kEFPAjEQhatiIiC_wEv_QLXT6e623ghRMCGRRDw3u6VFQFvT7kH_vRVxLi_z5uVN8o3IIMTgCLkBfgucN3e6UQxZLQUTFUhgwqgzMsJiHHdxToZQAzBEqS_IpMT_b7wakCFHLphuJF6RSc57Xqbmmis9JKt1uws9e_iyb23Yuns6pXMXXNpZ-vKde_dBfUx0lmLObJWidTnTNmxOziLmnh4b6Dq19rAL22ty6dv37CYnHZPXx4f1bMGWz_On2XTJ9shVz1BVzkoPSoGXurYIyvtNi17whuNGK6y8aqTzrgHvEL1WtZSd6ECB6qzHMYG_3vyZyluXTBfjIRvg5heZKQwMmkLBHBGZggx_APcPWtU
ContentType Book Chapter
Copyright Springer-Verlag Berlin Heidelberg 2011
Copyright_xml – notice: Springer-Verlag Berlin Heidelberg 2011
DOI 10.1007/978-3-642-25141-2_8
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISBN 3642251412
9783642251412
EISSN 1611-3349
Editor Iwata, Tetsu
Nishigaki, Masakatsu
Editor_xml – sequence: 1
  givenname: Tetsu
  surname: Iwata
  fullname: Iwata, Tetsu
  email: iwata@cse.nagoya-u.ac.jp
– sequence: 2
  givenname: Masakatsu
  surname: Nishigaki
  fullname: Nishigaki, Masakatsu
  email: nisigaki@inf.shizuoka.ac.jp
EndPage 128
GroupedDBID -DT
-GH
-~X
1SB
29L
2HA
2HV
5QI
875
AASHB
ABMNI
ACGFS
ADCXD
AEFIE
ALMA_UNASSIGNED_HOLDINGS
EJD
F5P
FEDTE
HVGLF
LAS
LDH
P2P
RIG
RNI
RSU
SVGTG
VI1
~02
ID FETCH-LOGICAL-j308t-385ec4f1881f496c318ffda3f20703d9835f874efe71fe33f98644b2b1818bcf3
ISBN 9783642251405
3642251404
ISSN 0302-9743
IngestDate Tue Oct 01 19:01:31 EDT 2024
IsDoiOpenAccess false
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Language English
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-j308t-385ec4f1881f496c318ffda3f20703d9835f874efe71fe33f98644b2b1818bcf3
OpenAccessLink http://www1.cs.columbia.edu/%7Eangelos/Papers/2011/taint_xchg.pdf
PageCount 16
ParticipantIDs springer_books_10_1007_978_3_642_25141_2_8
PublicationPlace Berlin, Heidelberg
PublicationPlace_xml – name: Berlin, Heidelberg
PublicationSeriesTitle Lecture Notes in Computer Science
PublicationSubtitle 6th International Workshop, IWSEC 2011, Tokyo, Japan, November 8-10, 2011. Proceedings
PublicationTitle Advances in Information and Computer Security
Publisher Springer Berlin Heidelberg
Publisher_xml – name: Springer Berlin Heidelberg
RelatedPersons Kleinberg, Jon M.
Mattern, Friedemann
Nierstrasz, Oscar
Steffen, Bernhard
Kittler, Josef
Vardi, Moshe Y.
Weikum, Gerhard
Sudan, Madhu
Naor, Moni
Mitchell, John C.
Terzopoulos, Demetri
Pandu Rangan, C.
Kanade, Takeo
Hutchison, David
Tygar, Doug
RelatedPersons_xml – sequence: 1
  givenname: David
  surname: Hutchison
  fullname: Hutchison, David
  organization: Lancaster University, Lancaster, UK
– sequence: 2
  givenname: Takeo
  surname: Kanade
  fullname: Kanade, Takeo
  organization: Carnegie Mellon University, Pittsburgh, USA
– sequence: 3
  givenname: Josef
  surname: Kittler
  fullname: Kittler, Josef
  organization: University of Surrey, Guildford, UK
– sequence: 4
  givenname: Jon M.
  surname: Kleinberg
  fullname: Kleinberg, Jon M.
  organization: Cornell University, Ithaca, USA
– sequence: 5
  givenname: Friedemann
  surname: Mattern
  fullname: Mattern, Friedemann
  organization: ETH Zurich, Zurich, Switzerland
– sequence: 6
  givenname: John C.
  surname: Mitchell
  fullname: Mitchell, John C.
  organization: Stanford University, Stanford, USA
– sequence: 7
  givenname: Moni
  surname: Naor
  fullname: Naor, Moni
  organization: Weizmann Institute of Science, Rehovot, Israel
– sequence: 8
  givenname: Oscar
  surname: Nierstrasz
  fullname: Nierstrasz, Oscar
  organization: University of Bern, Bern, Switzerland
– sequence: 9
  givenname: C.
  surname: Pandu Rangan
  fullname: Pandu Rangan, C.
  organization: Indian Institute of Technology, Madras, India
– sequence: 10
  givenname: Bernhard
  surname: Steffen
  fullname: Steffen, Bernhard
  organization: University of Dortmund, Dortmund, Germany
– sequence: 11
  givenname: Madhu
  surname: Sudan
  fullname: Sudan, Madhu
  organization: Massachusetts Institute of Technology, USA
– sequence: 12
  givenname: Demetri
  surname: Terzopoulos
  fullname: Terzopoulos, Demetri
  organization: University of California, Los Angeles, USA
– sequence: 13
  givenname: Doug
  surname: Tygar
  fullname: Tygar, Doug
  organization: University of California, Berkeley, USA
– sequence: 14
  givenname: Moshe Y.
  surname: Vardi
  fullname: Vardi, Moshe Y.
  organization: Rice University, Houston, USA
– sequence: 15
  givenname: Gerhard
  surname: Weikum
  fullname: Weikum, Gerhard
  organization: Max-Planck Institute of Computer Science, Saarbrücken, Germany
SSID ssj0000609089
ssj0002792
Score 2.0104983
Snippet Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware,...
SourceID springer
SourceType Publisher
StartPage 113
SubjectTerms System Call
Taint Propagation
Taint Source
Tainted Data
USENIX Security Symposium
Title Taint-Exchange: A Generic System for Cross-Process and Cross-Host Taint Tracking
URI http://link.springer.com/10.1007/978-3-642-25141-2_8
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3da9swEBdp97aHfbOVbuhhTwsqliU7cmEPpcsIpSt7aEfZi_GHNLxsMTTK6PYP9N_uSSc7TjMG3YsJwrGl-yV3p7v7nQh5KzmvE5MpBvimTOpCsAz2GSyVKiqzUlZaOb7zp7N0diFPLpPL0ehmULW0suVB9eevvJL_QRXGAFfHkr0Hsv1DYQA-A75wBYThesf53QyzYnkxZu99PWsgFdmutrg7qyGE020fN_9a_GpXWMj4Tf9o5k2vGsENb-fglNfNOlbetOtUj75qf_624fBi9-V2Of5wsPGLK5qFZdNr5BIj5d13tW6q0Bjd1zQeO7vMAkEBZ-tHZu3Sjv0zXMf1at7ZVCdJvXx_GpIdZ63FNa_XiOppK1Y5_kcrL08rkaBlYOeXDJShAM0Nex9UhhqVdepaMApseRoUMOdiYMs5Es-3zMSwMiR1_CR4G2dxrnbIziQD5fjgaHpy-qUP1kVp5PKjvYl3XRcxPYWTcqShbtLYbXKwiL7XFbYzvvPGrQy8d2zOH5OHjuxCHQsFRPmEjPTiKXnUiZYG0T4jnzfBPaRHNEBLEVoK0NINaClAS9fQUv8E2kH7nFx8nJ4fz1g4jIN9F5GyTKhEV9JwpbiRWVqBLTCmLoSJndGoM_DkjZpIbfSEGy2EcX3_ZRmX4EKqsjLiBdldtAv9ktBaKRnr2OmCQk7iWtWwTanB91U8qrhOXpF3nUhy9_da5l1vbZBfLnKQX-7ll4P89u5z8z7ZtVcr_Rr8SFu-CSjfAhvfbRY
link.rule.ids 785,786,790,799,27958
linkProvider Library Specific Holdings
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Advances+in+Information+and+Computer+Security&rft.au=Zavou%2C+Angeliki&rft.au=Portokalidis%2C+Georgios&rft.au=Keromytis%2C+Angelos+D.&rft.atitle=Taint-Exchange%3A+A+Generic+System+for+Cross-Process+and+Cross-Host+Taint+Tracking&rft.series=Lecture+Notes+in+Computer+Science&rft.pub=Springer+Berlin+Heidelberg&rft.isbn=9783642251405&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=113&rft.epage=128&rft_id=info:doi/10.1007%2F978-3-642-25141-2_8
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0302-9743&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0302-9743&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0302-9743&client=summon