Taint-Exchange: A Generic System for Cross-Process and Cross-Host Taint Tracking
Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the intera...
Saved in:
Published in | Advances in Information and Computer Security pp. 113 - 128 |
---|---|
Main Authors | , , |
Format | Book Chapter |
Language | English |
Published |
Berlin, Heidelberg
Springer Berlin Heidelberg
|
Series | Lecture Notes in Computer Science |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Abstract | Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the interaction of distributed components, but also for security purposes. This paper presents Taint-Exchange, a generic cross-process and cross-host taint tracking framework. Our goal is to provide researchers with a valuable tool for rapidly developing prototypes that utilize cross-host taint tracking. Taint-Exchange builds on the libdft open source data flow tracking framework for processes, so unlike previous work it does not require extensive maintenance and setup. It intercepts I/O related system calls to transparently multiplex fine-grained taint information into existing communication channels, like sockets and pipes. We evaluate Taint-Exchange using the popular lmbench suite, and show that it incurs only moderate overhead. |
---|---|
AbstractList | Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the interaction of distributed components, but also for security purposes. This paper presents Taint-Exchange, a generic cross-process and cross-host taint tracking framework. Our goal is to provide researchers with a valuable tool for rapidly developing prototypes that utilize cross-host taint tracking. Taint-Exchange builds on the libdft open source data flow tracking framework for processes, so unlike previous work it does not require extensive maintenance and setup. It intercepts I/O related system calls to transparently multiplex fine-grained taint information into existing communication channels, like sockets and pipes. We evaluate Taint-Exchange using the popular lmbench suite, and show that it incurs only moderate overhead. |
Author | Zavou, Angeliki Keromytis, Angelos D. Portokalidis, Georgios |
Author_xml | – sequence: 1 givenname: Angeliki surname: Zavou fullname: Zavou, Angeliki email: azavou@cs.columbia.edu organization: Network Security Lab, Department of Computer Science, Columbia University, New York, USA – sequence: 2 givenname: Georgios surname: Portokalidis fullname: Portokalidis, Georgios email: porto@cs.columbia.edu organization: Network Security Lab, Department of Computer Science, Columbia University, New York, USA – sequence: 3 givenname: Angelos D. surname: Keromytis fullname: Keromytis, Angelos D. email: angelos@cs.columbia.edu organization: Network Security Lab, Department of Computer Science, Columbia University, New York, USA |
BookMark | eNo1kEFPAjEQhatiIiC_wEv_QLXT6e623ghRMCGRRDw3u6VFQFvT7kH_vRVxLi_z5uVN8o3IIMTgCLkBfgucN3e6UQxZLQUTFUhgwqgzMsJiHHdxToZQAzBEqS_IpMT_b7wakCFHLphuJF6RSc57Xqbmmis9JKt1uws9e_iyb23Yuns6pXMXXNpZ-vKde_dBfUx0lmLObJWidTnTNmxOziLmnh4b6Dq19rAL22ty6dv37CYnHZPXx4f1bMGWz_On2XTJ9shVz1BVzkoPSoGXurYIyvtNi17whuNGK6y8aqTzrgHvEL1WtZSd6ECB6qzHMYG_3vyZyluXTBfjIRvg5heZKQwMmkLBHBGZggx_APcPWtU |
ContentType | Book Chapter |
Copyright | Springer-Verlag Berlin Heidelberg 2011 |
Copyright_xml | – notice: Springer-Verlag Berlin Heidelberg 2011 |
DOI | 10.1007/978-3-642-25141-2_8 |
DatabaseTitleList | |
DeliveryMethod | fulltext_linktorsrc |
Discipline | Computer Science |
EISBN | 3642251412 9783642251412 |
EISSN | 1611-3349 |
Editor | Iwata, Tetsu Nishigaki, Masakatsu |
Editor_xml | – sequence: 1 givenname: Tetsu surname: Iwata fullname: Iwata, Tetsu email: iwata@cse.nagoya-u.ac.jp – sequence: 2 givenname: Masakatsu surname: Nishigaki fullname: Nishigaki, Masakatsu email: nisigaki@inf.shizuoka.ac.jp |
EndPage | 128 |
GroupedDBID | -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS ADCXD AEFIE ALMA_UNASSIGNED_HOLDINGS EJD F5P FEDTE HVGLF LAS LDH P2P RIG RNI RSU SVGTG VI1 ~02 |
ID | FETCH-LOGICAL-j308t-385ec4f1881f496c318ffda3f20703d9835f874efe71fe33f98644b2b1818bcf3 |
ISBN | 9783642251405 3642251404 |
ISSN | 0302-9743 |
IngestDate | Tue Oct 01 19:01:31 EDT 2024 |
IsDoiOpenAccess | false |
IsOpenAccess | true |
IsPeerReviewed | true |
IsScholarly | true |
Language | English |
LinkModel | OpenURL |
MergedId | FETCHMERGED-LOGICAL-j308t-385ec4f1881f496c318ffda3f20703d9835f874efe71fe33f98644b2b1818bcf3 |
OpenAccessLink | http://www1.cs.columbia.edu/%7Eangelos/Papers/2011/taint_xchg.pdf |
PageCount | 16 |
ParticipantIDs | springer_books_10_1007_978_3_642_25141_2_8 |
PublicationPlace | Berlin, Heidelberg |
PublicationPlace_xml | – name: Berlin, Heidelberg |
PublicationSeriesTitle | Lecture Notes in Computer Science |
PublicationSubtitle | 6th International Workshop, IWSEC 2011, Tokyo, Japan, November 8-10, 2011. Proceedings |
PublicationTitle | Advances in Information and Computer Security |
Publisher | Springer Berlin Heidelberg |
Publisher_xml | – name: Springer Berlin Heidelberg |
RelatedPersons | Kleinberg, Jon M. Mattern, Friedemann Nierstrasz, Oscar Steffen, Bernhard Kittler, Josef Vardi, Moshe Y. Weikum, Gerhard Sudan, Madhu Naor, Moni Mitchell, John C. Terzopoulos, Demetri Pandu Rangan, C. Kanade, Takeo Hutchison, David Tygar, Doug |
RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David organization: Lancaster University, Lancaster, UK – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo organization: Carnegie Mellon University, Pittsburgh, USA – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef organization: University of Surrey, Guildford, UK – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. organization: Cornell University, Ithaca, USA – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann organization: ETH Zurich, Zurich, Switzerland – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. organization: Stanford University, Stanford, USA – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni organization: Weizmann Institute of Science, Rehovot, Israel – sequence: 8 givenname: Oscar surname: Nierstrasz fullname: Nierstrasz, Oscar organization: University of Bern, Bern, Switzerland – sequence: 9 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. organization: Indian Institute of Technology, Madras, India – sequence: 10 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard organization: University of Dortmund, Dortmund, Germany – sequence: 11 givenname: Madhu surname: Sudan fullname: Sudan, Madhu organization: Massachusetts Institute of Technology, USA – sequence: 12 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri organization: University of California, Los Angeles, USA – sequence: 13 givenname: Doug surname: Tygar fullname: Tygar, Doug organization: University of California, Berkeley, USA – sequence: 14 givenname: Moshe Y. surname: Vardi fullname: Vardi, Moshe Y. organization: Rice University, Houston, USA – sequence: 15 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard organization: Max-Planck Institute of Computer Science, Saarbrücken, Germany |
SSID | ssj0000609089 ssj0002792 |
Score | 2.0104983 |
Snippet | Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware,... |
SourceID | springer |
SourceType | Publisher |
StartPage | 113 |
SubjectTerms | System Call Taint Propagation Taint Source Tainted Data USENIX Security Symposium |
Title | Taint-Exchange: A Generic System for Cross-Process and Cross-Host Taint Tracking |
URI | http://link.springer.com/10.1007/978-3-642-25141-2_8 |
hasFullText | 1 |
inHoldings | 1 |
isFullTextHit | |
isPrint | |
link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3da9swEBdp97aHfbOVbuhhTwsqliU7cmEPpcsIpSt7aEfZi_GHNLxsMTTK6PYP9N_uSSc7TjMG3YsJwrGl-yV3p7v7nQh5KzmvE5MpBvimTOpCsAz2GSyVKiqzUlZaOb7zp7N0diFPLpPL0ehmULW0suVB9eevvJL_QRXGAFfHkr0Hsv1DYQA-A75wBYThesf53QyzYnkxZu99PWsgFdmutrg7qyGE020fN_9a_GpXWMj4Tf9o5k2vGsENb-fglNfNOlbetOtUj75qf_624fBi9-V2Of5wsPGLK5qFZdNr5BIj5d13tW6q0Bjd1zQeO7vMAkEBZ-tHZu3Sjv0zXMf1at7ZVCdJvXx_GpIdZ63FNa_XiOppK1Y5_kcrL08rkaBlYOeXDJShAM0Nex9UhhqVdepaMApseRoUMOdiYMs5Es-3zMSwMiR1_CR4G2dxrnbIziQD5fjgaHpy-qUP1kVp5PKjvYl3XRcxPYWTcqShbtLYbXKwiL7XFbYzvvPGrQy8d2zOH5OHjuxCHQsFRPmEjPTiKXnUiZYG0T4jnzfBPaRHNEBLEVoK0NINaClAS9fQUv8E2kH7nFx8nJ4fz1g4jIN9F5GyTKhEV9JwpbiRWVqBLTCmLoSJndGoM_DkjZpIbfSEGy2EcX3_ZRmX4EKqsjLiBdldtAv9ktBaKRnr2OmCQk7iWtWwTanB91U8qrhOXpF3nUhy9_da5l1vbZBfLnKQX-7ll4P89u5z8z7ZtVcr_Rr8SFu-CSjfAhvfbRY |
link.rule.ids | 785,786,790,799,27958 |
linkProvider | Library Specific Holdings |
openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Advances+in+Information+and+Computer+Security&rft.au=Zavou%2C+Angeliki&rft.au=Portokalidis%2C+Georgios&rft.au=Keromytis%2C+Angelos+D.&rft.atitle=Taint-Exchange%3A+A+Generic+System+for+Cross-Process+and+Cross-Host+Taint+Tracking&rft.series=Lecture+Notes+in+Computer+Science&rft.pub=Springer+Berlin+Heidelberg&rft.isbn=9783642251405&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=113&rft.epage=128&rft_id=info:doi/10.1007%2F978-3-642-25141-2_8 |
thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0302-9743&client=summon |
thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0302-9743&client=summon |
thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0302-9743&client=summon |