An Input Data Related Behavior Extracting and Measuring Model

It is difficult to dynamically assess the runtime trustworthiness of a software program. Improperly validated user input is the underlying root cause for a wide variety of attacks on applications. This paper proposes an approach for constructing a trusted software behaviour model related with the input data for identifying and tracking the insecure information flows based on dynamic tainting analysis and dynamic slicing technology. It can tag and track user input at runtime and prevents its improper use to maliciously affect the execution of the program. We regard an instruction as a basic analysis unit and focus on information flow caused by variable assignment, the information flow of each instruction is defined as its behaviour specification. During the execution, instructions that use untrusted variable are tracked to determine whether the address modified by the instructions belongs to the specification or not. A method of extraction and checking of the behaviour specification was researched and designed. In order to prove for efficiency and performance of the model, a set of tests were conducted, and preliminary results show the validity of our approach.

[1]  Jeffrey K. Hollingsworth,et al.  The dynamic probe class library-an infrastructure for developing instrumentation for performance tools , 2001, Proceedings 15th International Parallel and Distributed Processing Symposium. IPDPS 2001.

[2]  Frederic T. Chong,et al.  Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[3]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[4]  Weibo Gong,et al.  Anomaly detection using call stack information , 2003, 2003 Symposium on Security and Privacy, 2003..

[5]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  Anh Nguyen-Tuong,et al.  Automatically Hardening Web Applications Using Precise Tainting , 2005, SEC.

[7]  Li Wen Context Sensitive Host-Based IDS Using Hybrid Automaton , 2009 .

[8]  Christoph C. Michael,et al.  Using Finite Automata to Mine Execution Data for Intrusion Detection: A Preliminary Report , 2000, Recent Advances in Intrusion Detection.

[9]  Guru Venkataramani,et al.  FlexiTaint: A programmable accelerator for dynamic taint propagation , 2008, 2008 IEEE 14th International Symposium on High Performance Computer Architecture.

[10]  Christopher Krügel,et al.  Secure Input for Web Applications , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[11]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[12]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[13]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[14]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1988, SIGP.

[15]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[16]  Bo Zhao,et al.  Research on trusted computing and its development , 2010, Science China Information Sciences.

[17]  Ravishankar K. Iyer,et al.  Defeating memory corruption attacks via pointer taintedness detection , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[18]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.