Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Taint Analysis Review

advertisement 
王卓
Agenda
 Overview
 People
 Tools
Overview
 Taint analysis
 主要原理:将来自于网络等不被信任的渠道的数据都会被标
记为“被污染”的,由此产生的一系列算术和逻辑操作新
生成的数据也会继承源数据的“是否被 污染”的属性。然
后根据指令的操作数或者函数参数的污染状态查找软件漏
洞。
相关论文
Dawn Song
 Associate Professor
Computer Science Division
University of California, Berkeley
 Panorama: capturing system-wide information flow
for malware detection and analysis
 Dynamic Taint Analysis for Automatic Detection,
Analysis, and Signature Generation of Exploits on
Commodity Software
Omer Tripp
a PhD candidate at
Tel-Aviv University
TAJ: Effective Taint Analysis of Web Applications
PLDI 09
Learning Minimal Abstractions
POPL2011
James Clause
 An assistant professor
at the University of Delaware.
 Research interests: software engineering with emphasis on
debugging and program analysis
 Penumbra: automatically identifying failure-
relevant inputs using dynamic tainting ISSTA09
 Dytan ISSTA2007
 Effective memory protection using dynamic
tainting ASE07
Tielei Wang
 北京大学计算机科学技术研究所
 TaintScope: A Checksum-Aware Directed Fuzzing Tool
for Automatic Software Vulnerability Detection
IEEE S&P
 IntScope: Automatically Detecting Integer Overflow
Vulnerability in X86 Binary Using Symbolic Execution
NDSS2009
Taintcheck
 Author: James Newsome, Dawn Song
 Dynamic Taint Analysis for Automatic Detection,
Analysis, and Signature Generation of Exploits on
Commodity Software NDSS05
 The first practical taint tool.
 Based on Valgrind.
LIFT
 LIFT: A Low-Overhead Practical Information Flow
Tracking System for Detecting Security Attacks
 Feng Qin, Ohio State University
Cheng Wang, Intel Corporation
Zhenmin Li, University of Illinois at Urbana-Champaign
 A low-overhead attack discoverer.:
1.Fast Path
2.Merged Check
3.Fast Switch
Dytan
 Dytan: A Generic Dynamic Taint Analysis Framework
ISSTA 2007
 James Clause, Wanchun (Paul) Li,
and Alessandro Orso
 Highlight: Control flow Taint
Buzzfuzz
 Taint-based Directed Whitebox Fuzzing
ICSE2009
 Vijay Ganesh and Tim Leek and Martin Rinard
MIT
 Using taint analysis to direct fuzzing.
TaintScope
 TaintScope: A Checksum-Aware Directed Fuzzing Tool
for Automatic Software Vulnerability Detection
 Tielei Wang, Tao Wei1, Guofei Gu, Wei Zou
 Key words: Fuzzing, Taint analysis, Symbolic execution
 The approach: (1) byte analysis
(2) checksum information
Related documents
ISM SEMINAR SERIES Summer Term 2013
ISM SEMINAR SERIES Summer Term 2013
Vocabulary Workshop - Level C - Unit 11
Vocabulary Workshop - Level C - Unit 11
Panorama: Capturing System-wide Information Flow for Malware
Panorama: Capturing System-wide Information Flow for Malware
All You Ever Wanted to Know About Dynamic Taint Analysis
All You Ever Wanted to Know About Dynamic Taint Analysis
Farm-specific strategies for the reduction of boar taint
Farm-specific strategies for the reduction of boar taint
the presentation. - Boars heading for 2018
the presentation. - Boars heading for 2018
FLAX: Systematic Discovery of Client-Side Validation Vulnerabilities
FLAX: Systematic Discovery of Client-Side Validation Vulnerabilities
Fuzzing Web Applications and Services
Fuzzing Web Applications and Services
Authors: William Enck The Pennsylvania State University
Authors: William Enck The Pennsylvania State University
Cross-Site Scripting Prevention with Dynamic Data Tainting
Cross-Site Scripting Prevention with Dynamic Data Tainting
Security Defect Metrics for Targeted Fuzzing - Dustin
Security Defect Metrics for Targeted Fuzzing - Dustin
Document13545863 13545863
Document13545863 13545863
Iron Chef: John Henry Challenge
Iron Chef: John Henry Challenge
PPTX - Jonathan Burket
PPTX - Jonathan Burket
D T A , A
D T A , A
TaintDroid_XSS_detection
TaintDroid_XSS_detection
Performing Binary Fuzzing using Concolic Execution Steven Valdez
Performing Binary Fuzzing using Concolic Execution Steven Valdez
TAJ
TAJ
Fuzzable
Fuzzable
Segment your data - Research Services Bureau
Segment your data - Research Services Bureau
PRIVEXEC: Private Execution as an Operating System Service
PRIVEXEC: Private Execution as an Operating System Service
smartPhone_leakageDe..
smartPhone_leakageDe..
Download
advertisement