论文信息 - DsVD: An Effective Low-Overhead Dynamic Software Vulnerability Discoverer

DsVD: An Effective Low-Overhead Dynamic Software Vulnerability Discoverer

Dynamic taint analysis based software vulnerability and malware detection is an effective method to detect a wide range of vulnerabilities. Unfortunately, existing systems suffer from requirement of source code, high overhead or shortage of discovery rules, which limit their usage. This paper proposes a low-overhead vulnerability discovery system called DsVD (Dynamic Software Vulnerabilities Discoverer). DsVD works on X86 executables and does not need any hardware change. A new taint state called controlled-taint is introduced to detect more types of vulnerabilities. Our experiments show that DsVD can effectively detect various software vulnerabilities. DsVD incurs very low overhead, only 3.1 times on average forSPECINT2006 benchmarks. With some optimizations such as Irrelevant API Filter and Basic Block Handling, it can reduce runtime overhead by a factor of 4-11 times.

[1] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[2] Nicholas Nethercote,et al. Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[3] Heng Yin,et al. Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[4] Cheng Wang,et al. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[5] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[6] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[7] Calvin Lin,et al. Efficient and extensible security enforcement using dynamic data flow analysis , 2008, CCS.

[8] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.

[9] George C. Necula,et al. CCured: type-safe retrofitting of legacy code , 2002, SIGP.

[10] Tzi-cker Chiueh,et al. A General Dynamic Information Flow Tracking Framework for Security Applications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).