SlideShare una empresa de Scribd logo

Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)

James Clause
James Clause
TecnologíaEducación
1 de 103
Descargar para leer sin conexión
Dytan:A Generic Dynamic Taint Analysis Framework James Clause,Wanchun (Paul) Li, and Alessandro Orso College of Computing Georgia Institute of Technology Partially supported by: NSF awards CCF-0541080 and CCR-0205422 to Georgia Tech, DHS and US Air Force Contract No. FA8750-05-2-0214
C A B Z Dynamic taint analysis (aka dynamic information-flow analysis)
C A B 312 Z Dynamic taint analysis (aka dynamic information-flow analysis)
C A B 312 Z Dynamic taint analysis (aka dynamic information-flow analysis)
C A B 312 Z 3 Dynamic taint analysis (aka dynamic information-flow analysis)
Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope
Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope Attack detection / prevention Detect / prevent attacks such as SQL injection, buffer overruns, stack smashing, cross site scripting e.g., Suh et al. 04, Newsome and Song 05, Halfond et al. 06, Kong et al. 06, Qin et al. 06
Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope Information policy enforcement ensure classified information does not leak outside the system e.g.,Vachharajani et al. 04, McCamant and Ernst 06
Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope Testing Coverage metrics, test data generation heuristic, ... e.g., Masri et al 05, Leek et al. 07
Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scopeData lifetime / scope track how long sensitive data, such as passwords or account numbers, remain in the application e.g., Chow et al. 04
Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope
Motivation Ad-hoc taint analysis implementation Results Ad-hoc taint analysis implementation Ad-hoc taint analysis implementation Results Results
Motivation Ad-hoc taint analysis implementation Results Ad-hoc taint analysis implementation Ad-hoc taint analysis implementation Results Results Ad-hoc taint analysis implementation Results
Motivation Ad-hoc taint analysis implementation Results Ad-hoc taint analysis implementation Ad-hoc taint analysis implementation Results Results Ad-hoc taint analysis implementation Results
Motivation Configuration Dytan Generic Framework Custom Dynamic Taint Analysis Results
Motivation •Flexible Configuration Dytan Generic Framework Custom Dynamic Taint Analysis Results
Motivation •Flexible •Easy to use Configuration Dytan Generic Framework Custom Dynamic Taint Analysis Results
Motivation •Flexible •Easy to use •Accurate Configuration Dytan Generic Framework Custom Dynamic Taint Analysis Results
Outline ✓Motivation & overview • Framework (Dytan) • flexibility • ease of use • accuracy • Empirical evaluation • Conclusions
Framework: flexibility Taint sources Propagation policy Taint sinksConfiguration
Framework: flexibility Taint sources Propagation policy Taint sinks
Framework: flexibility Taint sources Taint sources Propagation policy Taint sinks Which data to tag, and how to tag it
Framework: flexibility Propagation policy Taint sources Propagation policy Taint sinks How tags should be propagated at runtime
Framework: flexibility Taint sinks Taint sources Propagation policy Taint sinks Where and how tags should be checked
Framework: flexibility Taint sources Propagation policy Taint sinks
Taint sources What to tag How to tag
Taint sources What to tag How to tag Identify what program data should be assigned tags
Taint sources What to tag How to tag Identify what program data should be assigned tags • Variables (local or global) • Function parameters • Function return values • Data from an input stream network, filesystem, keyboard, ... • Specific input stream 141.195.121.134:80, a.txt,...
Taint sources What to tag How to tag Identify what program data should be assigned tags • Variables (local or global) • Function parameters • Function return values • Data from an input stream network, filesystem, keyboard, ... • Specific input stream 141.195.121.134:80, a.txt,... Describe how tags should be assigned for identified data
Taint sources What to tag How to tag Identify what program data should be assigned tags • Variables (local or global) • Function parameters • Function return values • Data from an input stream network, filesystem, keyboard, ... • Specific input stream 141.195.121.134:80, a.txt,... Describe how tags should be assigned for identified data • Single tag • One tag per source • Multiple tags per source
Taint sources What to tag How to tag Identify what program data should be assigned tags • Variables (local or global) • Function parameters • Function return values • Data from an input stream network, filesystem, keyboard, ... • Specific input stream 141.195.121.134:80, a.txt,... Describe how tags should be assigned for identified data • Single tag • One tag per source • Multiple tags per source • ...
a.txt Taint sources What to tag: a.txt How to tag: single tag
a.txt Taint sources What to tag: a.txt How to tag: single tag
Taint sources What to tag: a.txt How to tag: single tag a.txt
Taint sources What to tag: a.txt How to tag: single tag a.txt 1 1 1 1 1 1
Taint sources What to tag: a.txt How to tag: single tag a.txt
Taint sources What to tag: a.txt a.txt How to tag: multiple tags
Taint sources What to tag: a.txt a.txt 2 31 4 5 n How to tag: multiple tags
Propagation policy 3 B A12 3 C
Affecting data Mapping function Propagation policy 3 B A12 3 C
Affecting data Mapping function Data that affects the outcome of a statement through Propagation policy 3 B A12 3 C
Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies Propagation policy 3 B A12 3 C
Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies Propagation policy 3 B A12 3 C
Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Propagation policy 3 B A12 3 C
Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Define how tags associated with affecting data should be combined Propagation policy 3 B A12 3 C
Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Define how tags associated with affecting data should be combined • Union Propagation policy 3 B A12 3 C
Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Define how tags associated with affecting data should be combined • Union • Max Propagation policy 3 B A12 3 C
Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Define how tags associated with affecting data should be combined • Union • Max • ... Propagation policy 3 B A12 3 C
if(X) { C = A + B; } Propagation policy
3 if(X) { C = A + B; } 1 2 Propagation policy
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence✔ union max
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence✔ union max ✔
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence✔ union max ✔
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence✔ union max ✔ 1 2
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max ✔ ✔
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max ✔ ✔ ✔
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max ✔ ✔ ✔
3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max ✔ ✔ ✔ 3
Where to check What to check Taint Sinks How to check
Where to check What to check Location in the program to perform a check Taint Sinks How to check
Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point Taint Sinks How to check
Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point The data whose tags should be checked Taint Sinks How to check
Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point The data whose tags should be checked • Variables • Function parameters • Function return value Taint Sinks How to check
Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point The data whose tags should be checked • Variables • Function parameters • Function return value Taint Sinks How to check Set of conditions to check and a set of actions to perform if the conditions are not met.
Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point The data whose tags should be checked • Variables • Function parameters • Function return value Taint Sinks How to check Set of conditions to check and a set of actions to perform if the conditions are not met. • validate presence of tags (exit or log) • ensure absence of tags (exit or log) • ...
Taint Sinks cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]);
Taint Sinks cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); 2
Taint Sinks cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); 2 3
validate presence of: validate absence of: Taint Sinks function: exec, param: 0 Where / what to check: How to check: Result: cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); 2 3 2 3
validate presence of: validate absence of: Taint Sinks function: exec, param: 0 Where / what to check: How to check: Result: cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); 2 3 2 3 2 3
validate presence of: validate absence of: Taint Sinks function: exec, param: 0 Where / what to check: How to check: Result: cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); ✘ 2 3 2 3 2 3
Framework: ease of use Provide two ways to configure the framework
Framework: ease of use • Basic • Select sources, propagation policies, and sinks from a set of predefined options • XML based configuration Provide two ways to configure the framework
Framework: ease of use • Basic • Select sources, propagation policies, and sinks from a set of predefined options • XML based configuration • Advanced • Suitable for more esoteric applications • Extend OO implementation Provide two ways to configure the framework
Framework: accuracy • Dytan operates at the binary level • consider the actual program semantics • transparently handle libraries • Dytan accounts for both data- and control- flow dependencies
Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
Two common examples: Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
Two common examples: • Implicit operands add %eax, %ebx // A = A + B Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
• Address Generators add %eax, %ebx // A = A + B Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
• Address Generators add %eax, %ebx // A = A + B Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement [ ] *
• Address Generators add %eax, %ebx // A = A + B consumed: %eax, [%ebx] Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement [ ] *
• Address Generators add %eax, %ebx // A = A + B consumed: %eax, [%ebx], %ebx Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement [ ] *
Outline ✓Motivation & overview ✓Framework ✓flexibility ✓ease of use ✓accuracy • Empirical evaluation • Conclusions
Empirical evaluation • RQ1: Can Dytan be used to (easily) implement existing dynamic taint analyses? • RQ2: How do inaccurate propagation policies affect the analysis results? • In addition: discussion on performance
RQ1: flexibility • Selected two techniques: • Overwrite attack detection [Qin et al. 04] • SQL injection detection [Halfond et al. 06] • Used Dytan to re-implement both techniques • Measure implementation time • Validate against the original implementation Goal: show that Dytan can be used to (easily) implement existing dynamic taint analyses
RQ1: results • Implementation time: • Overwrite attack detection: < 1 hour • SQL injection detection: < 1 day • Comparison with original implementations: • Successfully stopped same attacks as the original implementations
RQ2: accuracy impact Goal: measure the effect of inaccurate propagation policies on analysis results
RQ2: accuracy impact • Selected two subjects: • Gzip (75kb w/o libraries) • Firefox (850kb w/o libraries) Goal: measure the effect of inaccurate propagation policies on analysis results
RQ2: accuracy impact • Selected two subjects: • Gzip (75kb w/o libraries) • Firefox (850kb w/o libraries) • Use Dytan to taint program inputs and measure the amount of heap data tainted at program exit Goal: measure the effect of inaccurate propagation policies on analysis results
RQ2: accuracy impact • Selected two subjects: • Gzip (75kb w/o libraries) • Firefox (850kb w/o libraries) • Use Dytan to taint program inputs and measure the amount of heap data tainted at program exit • Compare Dytan against inaccurate policies • no implicit operands (no IM) • no address generators (no AG) • no implicit operands, no address generators (no IM, no AG) Goal: measure the effect of inaccurate propagation policies on analysis results
RQ2: results 0% 25% 50% 75% 100% Firefox (1 page) Firefox (3 pages) Gzip Dytan No IM No AG No IM, no IG
Performance • Measured for gzip: ≈30x for data flow ≈50x for data and control flow • High overhead, but...
Performance • In line with existing implementations • Measured for gzip: ≈30x for data flow ≈50x for data and control flow • High overhead, but...
Performance • In line with existing implementations • Designed for experimentation • Favors flexibility over performance • Measured for gzip: ≈30x for data flow ≈50x for data and control flow • High overhead, but...
Performance • In line with existing implementations • Designed for experimentation • Favors flexibility over performance • Implementation can be further optimized • Measured for gzip: ≈30x for data flow ≈50x for data and control flow • High overhead, but...
Related work • Existing dynamic tainting approaches [Suh et al. 04, Newsome and Song 05, Halfond et al. 06, Kong et al. 06, ...] • Ad-hoc • Other dynamic taint analysis frameworks [Xu et al. 06 and Lam and Chiueh 06] • Focused on security applications • Single taint mark • No control-flow propagation • Operate at the source code level
Conclusions • Dytan • a general framework for dynamic tainting • allows for instantiating and experimenting with different dynamic taint analysis approaches • Initial evaluation • flexible • easy to use • accurate
Future directions • Tool release (documentation, code cleanup) http://www.cc.gatech.edu/~clause/dytan/ (pre-release on request) • Optimization (general and specific) • Applications • Memory protection • Debugging
Questions? http://www.cc.gatech.edu/~clause/dytan/

Recomendados

data mining for terror attacks
data mining for terror attacksdata mining for terror attacks
data mining for terror attacksNilu Desai
 
Introduction to ida python
Introduction to ida pythonIntroduction to ida python
Introduction to ida pythongeeksec80
 
Malware Detection With Multiple Features
Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple FeaturesMuhammad Najmi Ahmad Zabidi
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Control Flow Analysis
Control Flow AnalysisControl Flow Analysis
Control Flow AnalysisEdgar Barbosa
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
ISSTA 2017 Impact Paper Award Presentation
ISSTA 2017 Impact Paper Award PresentationISSTA 2017 Impact Paper Award Presentation
ISSTA 2017 Impact Paper Award PresentationAlex Orso
 
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays
 

Recomendados

data mining for terror attacks
data mining for terror attacksdata mining for terror attacks
data mining for terror attacksNilu Desai
 
Introduction to ida python
Introduction to ida pythonIntroduction to ida python
Introduction to ida pythongeeksec80
 
Malware Detection With Multiple Features
Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple FeaturesMuhammad Najmi Ahmad Zabidi
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Control Flow Analysis
Control Flow AnalysisControl Flow Analysis
Control Flow AnalysisEdgar Barbosa
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
ISSTA 2017 Impact Paper Award Presentation
ISSTA 2017 Impact Paper Award PresentationISSTA 2017 Impact Paper Award Presentation
ISSTA 2017 Impact Paper Award PresentationAlex Orso
 
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays
 
Burton - Security, Privacy and Trust
Burton - Security, Privacy and TrustBurton - Security, Privacy and Trust
Burton - Security, Privacy and TrustNational Information Standards Organization (NISO)
 
Bonneau - Complex Networks Foundations of Information Systems - Spring Review...
Bonneau - Complex Networks Foundations of Information Systems - Spring Review...Bonneau - Complex Networks Foundations of Information Systems - Spring Review...
Bonneau - Complex Networks Foundations of Information Systems - Spring Review...The Air Force Office of Scientific Research
 
Data Sharing Guidebook
Data Sharing GuidebookData Sharing Guidebook
Data Sharing Guidebookdenicew
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015abhi75
 
PII_IQPC_May_04
PII_IQPC_May_04PII_IQPC_May_04
PII_IQPC_May_04John Grover
 
Proposal for System Analysis and Desing
Proposal for System Analysis and DesingProposal for System Analysis and Desing
Proposal for System Analysis and DesingMd Khaza Main Uddin
 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Canada
 
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...Steve Kramer
 
Altman RDAP11 Policy-based Data Management
Altman RDAP11 Policy-based Data ManagementAltman RDAP11 Policy-based Data Management
Altman RDAP11 Policy-based Data ManagementASIS&T
 
Privacy and Auditing in Clouds
Privacy and Auditing in CloudsPrivacy and Auditing in Clouds
Privacy and Auditing in CloudsTyrone Grandison
 
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train Coaches
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train CoachesIRJET- AC Duct Monitoring and Cleaning Vehicle for Train Coaches
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train CoachesIRJET Journal
 
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...IRJET Journal
 
PAACDA Comprehensive Data Corruption Detection Algorithm.docx
PAACDA Comprehensive Data Corruption Detection Algorithm.docxPAACDA Comprehensive Data Corruption Detection Algorithm.docx
PAACDA Comprehensive Data Corruption Detection Algorithm.docxShakas Technologies
 
Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Ram Shankar Siva Kumar
 
Ws For Aqm
Ws For AqmWs For Aqm
Ws For AqmRudolf Husar
 
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...In-Memory Computing Summit
 
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...ServiceWave 2010
 
Self-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policiesSelf-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policiesNECST Lab @ Politecnico di Milano
 
Maturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management StrategyMaturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management StrategyPrivacera
 
GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012Bizagi Inc
 
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...James Clause
 
Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)James Clause
 

Más contenido relacionado

Similar a Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)

Bonneau - Complex Networks Foundations of Information Systems - Spring Review...
Bonneau - Complex Networks Foundations of Information Systems - Spring Review...Bonneau - Complex Networks Foundations of Information Systems - Spring Review...
Bonneau - Complex Networks Foundations of Information Systems - Spring Review...The Air Force Office of Scientific Research
 
Data Sharing Guidebook
Data Sharing GuidebookData Sharing Guidebook
Data Sharing Guidebookdenicew
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015abhi75
 
Proposal for System Analysis and Desing
Proposal for System Analysis and DesingProposal for System Analysis and Desing
Proposal for System Analysis and DesingMd Khaza Main Uddin
 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Canada
 
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...Steve Kramer
 
Altman RDAP11 Policy-based Data Management
Altman RDAP11 Policy-based Data ManagementAltman RDAP11 Policy-based Data Management
Altman RDAP11 Policy-based Data ManagementASIS&T
 
Privacy and Auditing in Clouds
Privacy and Auditing in CloudsPrivacy and Auditing in Clouds
Privacy and Auditing in CloudsTyrone Grandison
 
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train Coaches
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train CoachesIRJET- AC Duct Monitoring and Cleaning Vehicle for Train Coaches
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train CoachesIRJET Journal
 
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...IRJET Journal
 
PAACDA Comprehensive Data Corruption Detection Algorithm.docx
PAACDA Comprehensive Data Corruption Detection Algorithm.docxPAACDA Comprehensive Data Corruption Detection Algorithm.docx
PAACDA Comprehensive Data Corruption Detection Algorithm.docxShakas Technologies
 
Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Ram Shankar Siva Kumar
 
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...In-Memory Computing Summit
 
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...ServiceWave 2010
 
Self-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policiesSelf-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policiesNECST Lab @ Politecnico di Milano
 
Maturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management StrategyMaturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management StrategyPrivacera
 
GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012Bizagi Inc
 

Similar a Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007) (20)

Burton - Security, Privacy and Trust
Burton - Security, Privacy and TrustBurton - Security, Privacy and Trust
Burton - Security, Privacy and Trust
 
Bonneau - Complex Networks Foundations of Information Systems - Spring Review...
Bonneau - Complex Networks Foundations of Information Systems - Spring Review...Bonneau - Complex Networks Foundations of Information Systems - Spring Review...
Bonneau - Complex Networks Foundations of Information Systems - Spring Review...
 
Data Sharing Guidebook
Data Sharing GuidebookData Sharing Guidebook
Data Sharing Guidebook
 
Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015Isf 2015 continuous diagnostics monitoring may 2015
Isf 2015 continuous diagnostics monitoring may 2015
 
PII_IQPC_May_04
PII_IQPC_May_04PII_IQPC_May_04
PII_IQPC_May_04
 
Proposal for System Analysis and Desing
Proposal for System Analysis and DesingProposal for System Analysis and Desing
Proposal for System Analysis and Desing
 
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...Cisco Connect Halifax 2018 Application insight and zero trust policies with...
Cisco Connect Halifax 2018 Application insight and zero trust policies with...
 
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...
Finding Key Influencers and Viral Topics in Twitter Networks Related to ISIS ...
 
Altman RDAP11 Policy-based Data Management
Altman RDAP11 Policy-based Data ManagementAltman RDAP11 Policy-based Data Management
Altman RDAP11 Policy-based Data Management
 
Privacy and Auditing in Clouds
Privacy and Auditing in CloudsPrivacy and Auditing in Clouds
Privacy and Auditing in Clouds
 
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train Coaches
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train CoachesIRJET- AC Duct Monitoring and Cleaning Vehicle for Train Coaches
IRJET- AC Duct Monitoring and Cleaning Vehicle for Train Coaches
 
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...
IRJET- A Data Stream Mining Technique Dynamically Updating a Model with Dynam...
 
PAACDA Comprehensive Data Corruption Detection Algorithm.docx
PAACDA Comprehensive Data Corruption Detection Algorithm.docxPAACDA Comprehensive Data Corruption Detection Algorithm.docx
PAACDA Comprehensive Data Corruption Detection Algorithm.docx
 
Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security Strata San Jose 2016 - Reduce False Positives in Security
Strata San Jose 2016 - Reduce False Positives in Security
 
Ws For Aqm
Ws For AqmWs For Aqm
Ws For Aqm
 
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...
IMC Summit 2016 Breakout - Girish Kathalagiri - Decision Making with MLLIB, S...
 
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...
Roman Khazankin (Vienna University of Technology): Providence: A Framework fo...
 
Self-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policiesSelf-adaptive container monitoring with performance-aware Load-Shedding policies
Self-adaptive container monitoring with performance-aware Load-Shedding policies
 
Maturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management StrategyMaturing Your Organization's Information Risk Management Strategy
Maturing Your Organization's Information Risk Management Strategy
 
GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012
 

Más de James Clause

Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...James Clause
 
Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)James Clause
 
Enabling and Supporting the Debugging of Field Failures (Job Talk)
Enabling and Supporting the Debugging of Field Failures (Job Talk)Enabling and Supporting the Debugging of Field Failures (Job Talk)
Enabling and Supporting the Debugging of Field Failures (Job Talk)James Clause
 
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)James Clause
 
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...James Clause
 
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)James Clause
 
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)James Clause
 
Initial Explorations on Design Pattern Energy Usage (GREENS 12)
Initial Explorations on Design Pattern Energy Usage (GREENS 12)Initial Explorations on Design Pattern Energy Usage (GREENS 12)
Initial Explorations on Design Pattern Energy Usage (GREENS 12)James Clause
 
Enabling and Supporting the Debugging of Software Failures (PhD Defense)
Enabling and Supporting the Debugging of Software Failures (PhD Defense)Enabling and Supporting the Debugging of Software Failures (PhD Defense)
Enabling and Supporting the Debugging of Software Failures (PhD Defense)James Clause
 
Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)James Clause
 
Effective Memory Protection Using Dynamic Tainting (ASE 2007)
Effective Memory Protection Using Dynamic Tainting (ASE 2007)Effective Memory Protection Using Dynamic Tainting (ASE 2007)
Effective Memory Protection Using Dynamic Tainting (ASE 2007)James Clause
 
Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)
Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)
Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)James Clause
 
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)James Clause
 
Camouflage: Automated Anonymization of Field Data (ICSE 2011)
Camouflage: Automated Anonymization of Field Data (ICSE 2011)Camouflage: Automated Anonymization of Field Data (ICSE 2011)
Camouflage: Automated Anonymization of Field Data (ICSE 2011)James Clause
 

Más de James Clause (14)

Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
 
Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)
 
Enabling and Supporting the Debugging of Field Failures (Job Talk)
Enabling and Supporting the Debugging of Field Failures (Job Talk)Enabling and Supporting the Debugging of Field Failures (Job Talk)
Enabling and Supporting the Debugging of Field Failures (Job Talk)
 
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
 
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
 
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
 
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
 
Initial Explorations on Design Pattern Energy Usage (GREENS 12)
Initial Explorations on Design Pattern Energy Usage (GREENS 12)Initial Explorations on Design Pattern Energy Usage (GREENS 12)
Initial Explorations on Design Pattern Energy Usage (GREENS 12)
 
Enabling and Supporting the Debugging of Software Failures (PhD Defense)
Enabling and Supporting the Debugging of Software Failures (PhD Defense)Enabling and Supporting the Debugging of Software Failures (PhD Defense)
Enabling and Supporting the Debugging of Software Failures (PhD Defense)
 
Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)
 
Effective Memory Protection Using Dynamic Tainting (ASE 2007)
Effective Memory Protection Using Dynamic Tainting (ASE 2007)Effective Memory Protection Using Dynamic Tainting (ASE 2007)
Effective Memory Protection Using Dynamic Tainting (ASE 2007)
 
Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)
Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)
Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)
 
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
 
Camouflage: Automated Anonymization of Field Data (ICSE 2011)
Camouflage: Automated Anonymization of Field Data (ICSE 2011)Camouflage: Automated Anonymization of Field Data (ICSE 2011)
Camouflage: Automated Anonymization of Field Data (ICSE 2011)
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)

  • 1. Dytan:A Generic Dynamic Taint Analysis Framework James Clause,Wanchun (Paul) Li, and Alessandro Orso College of Computing Georgia Institute of Technology Partially supported by: NSF awards CCF-0541080 and CCR-0205422 to Georgia Tech, DHS and US Air Force Contract No. FA8750-05-2-0214
  • 2. C A B Z Dynamic taint analysis (aka dynamic information-flow analysis)
  • 3. C A B 312 Z Dynamic taint analysis (aka dynamic information-flow analysis)
  • 4. C A B 312 Z Dynamic taint analysis (aka dynamic information-flow analysis)
  • 5. C A B 312 Z 3 Dynamic taint analysis (aka dynamic information-flow analysis)
  • 6. Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope
  • 7. Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope Attack detection / prevention Detect / prevent attacks such as SQL injection, buffer overruns, stack smashing, cross site scripting e.g., Suh et al. 04, Newsome and Song 05, Halfond et al. 06, Kong et al. 06, Qin et al. 06
  • 8. Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope Information policy enforcement ensure classified information does not leak outside the system e.g.,Vachharajani et al. 04, McCamant and Ernst 06
  • 9. Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope Testing Coverage metrics, test data generation heuristic, ... e.g., Masri et al 05, Leek et al. 07
  • 10. Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scopeData lifetime / scope track how long sensitive data, such as passwords or account numbers, remain in the application e.g., Chow et al. 04
  • 11. Dynamic tainting applications Information policy enforcement Attack detection / prevention Testing Data lifetime / scope
  • 12. Motivation Ad-hoc taint analysis implementation Results Ad-hoc taint analysis implementation Ad-hoc taint analysis implementation Results Results
  • 13. Motivation Ad-hoc taint analysis implementation Results Ad-hoc taint analysis implementation Ad-hoc taint analysis implementation Results Results Ad-hoc taint analysis implementation Results
  • 14. Motivation Ad-hoc taint analysis implementation Results Ad-hoc taint analysis implementation Ad-hoc taint analysis implementation Results Results Ad-hoc taint analysis implementation Results
  • 17. Motivation •Flexible •Easy to use Configuration Dytan Generic Framework Custom Dynamic Taint Analysis Results
  • 18. Motivation •Flexible •Easy to use •Accurate Configuration Dytan Generic Framework Custom Dynamic Taint Analysis Results
  • 19. Outline ✓Motivation & overview • Framework (Dytan) • flexibility • ease of use • accuracy • Empirical evaluation • Conclusions
  • 26. Taint sources What to tag How to tag
  • 27. Taint sources What to tag How to tag Identify what program data should be assigned tags
  • 28. Taint sources What to tag How to tag Identify what program data should be assigned tags • Variables (local or global) • Function parameters • Function return values • Data from an input stream network, filesystem, keyboard, ... • Specific input stream 141.195.121.134:80, a.txt,...
  • 29. Taint sources What to tag How to tag Identify what program data should be assigned tags • Variables (local or global) • Function parameters • Function return values • Data from an input stream network, filesystem, keyboard, ... • Specific input stream 141.195.121.134:80, a.txt,... Describe how tags should be assigned for identified data
  • 30. Taint sources What to tag How to tag Identify what program data should be assigned tags • Variables (local or global) • Function parameters • Function return values • Data from an input stream network, filesystem, keyboard, ... • Specific input stream 141.195.121.134:80, a.txt,... Describe how tags should be assigned for identified data • Single tag • One tag per source • Multiple tags per source
  • 31. Taint sources What to tag How to tag Identify what program data should be assigned tags • Variables (local or global) • Function parameters • Function return values • Data from an input stream network, filesystem, keyboard, ... • Specific input stream 141.195.121.134:80, a.txt,... Describe how tags should be assigned for identified data • Single tag • One tag per source • Multiple tags per source • ...
  • 32. a.txt Taint sources What to tag: a.txt How to tag: single tag
  • 33. a.txt Taint sources What to tag: a.txt How to tag: single tag
  • 34. Taint sources What to tag: a.txt How to tag: single tag a.txt
  • 35. Taint sources What to tag: a.txt How to tag: single tag a.txt 1 1 1 1 1 1
  • 36. Taint sources What to tag: a.txt How to tag: single tag a.txt
  • 37. Taint sources What to tag: a.txt a.txt How to tag: multiple tags
  • 38. Taint sources What to tag: a.txt a.txt 2 31 4 5 n How to tag: multiple tags
  • 40. Affecting data Mapping function Propagation policy 3 B A12 3 C
  • 41. Affecting data Mapping function Data that affects the outcome of a statement through Propagation policy 3 B A12 3 C
  • 42. Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies Propagation policy 3 B A12 3 C
  • 43. Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies Propagation policy 3 B A12 3 C
  • 44. Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Propagation policy 3 B A12 3 C
  • 45. Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Define how tags associated with affecting data should be combined Propagation policy 3 B A12 3 C
  • 46. Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Define how tags associated with affecting data should be combined • Union Propagation policy 3 B A12 3 C
  • 47. Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Define how tags associated with affecting data should be combined • Union • Max Propagation policy 3 B A12 3 C
  • 48. Affecting data Mapping function Data that affects the outcome of a statement through • Data dependencies • Control dependencies A policy can consider both or only data dependencies Define how tags associated with affecting data should be combined • Union • Max • ... Propagation policy 3 B A12 3 C
  • 49. if(X) { C = A + B; } Propagation policy
  • 50. 3 if(X) { C = A + B; } 1 2 Propagation policy
  • 51. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max
  • 52. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence✔ union max
  • 53. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence✔ union max ✔
  • 54. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence✔ union max ✔
  • 55. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence✔ union max ✔ 1 2
  • 56. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max
  • 57. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max ✔ ✔
  • 58. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max ✔ ✔ ✔
  • 59. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max ✔ ✔ ✔
  • 60. 3 if(X) { C = A + B; } 1 2 Propagation policy Affecting data: control dependence Mapping function: data dependence union max ✔ ✔ ✔ 3
  • 61. Where to check What to check Taint Sinks How to check
  • 62. Where to check What to check Location in the program to perform a check Taint Sinks How to check
  • 63. Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point Taint Sinks How to check
  • 64. Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point The data whose tags should be checked Taint Sinks How to check
  • 65. Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point The data whose tags should be checked • Variables • Function parameters • Function return value Taint Sinks How to check
  • 66. Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point The data whose tags should be checked • Variables • Function parameters • Function return value Taint Sinks How to check Set of conditions to check and a set of actions to perform if the conditions are not met.
  • 67. Where to check What to check Location in the program to perform a check • Function entry / exit • Statement type • Specific program point The data whose tags should be checked • Variables • Function parameters • Function return value Taint Sinks How to check Set of conditions to check and a set of actions to perform if the conditions are not met. • validate presence of tags (exit or log) • ensure absence of tags (exit or log) • ...
  • 68. Taint Sinks cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]);
  • 69. Taint Sinks cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); 2
  • 70. Taint Sinks cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); 2 3
  • 71. validate presence of: validate absence of: Taint Sinks function: exec, param: 0 Where / what to check: How to check: Result: cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); 2 3 2 3
  • 72. validate presence of: validate absence of: Taint Sinks function: exec, param: 0 Where / what to check: How to check: Result: cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); 2 3 2 3 2 3
  • 73. validate presence of: validate absence of: Taint Sinks function: exec, param: 0 Where / what to check: How to check: Result: cmd = read(file); args = read(socket); cmd = trim(cmd + args); ... tok[] = parse(cmd); exec(tok[0], tok[1]); ✘ 2 3 2 3 2 3
  • 74. Framework: ease of use Provide two ways to configure the framework
  • 75. Framework: ease of use • Basic • Select sources, propagation policies, and sinks from a set of predefined options • XML based configuration Provide two ways to configure the framework
  • 76. Framework: ease of use • Basic • Select sources, propagation policies, and sinks from a set of predefined options • XML based configuration • Advanced • Suitable for more esoteric applications • Extend OO implementation Provide two ways to configure the framework
  • 77. Framework: accuracy • Dytan operates at the binary level • consider the actual program semantics • transparently handle libraries • Dytan accounts for both data- and control- flow dependencies
  • 78. Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
  • 79. Two common examples: Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
  • 80. Two common examples: • Implicit operands add %eax, %ebx // A = A + B Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
  • 81. Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
  • 82. Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
  • 83. • Address Generators add %eax, %ebx // A = A + B Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement
  • 84. • Address Generators add %eax, %ebx // A = A + B Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement [ ] *
  • 85. • Address Generators add %eax, %ebx // A = A + B consumed: %eax, [%ebx] Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement [ ] *
  • 86. • Address Generators add %eax, %ebx // A = A + B consumed: %eax, [%ebx], %ebx Two common examples: • Implicit operands add %eax, %ebx // A = A + B produced: %eax, %eflags Framework: accuracy The most common source of inaccuracy is incorrectly identifying the information produced and consumed by a statement [ ] *
  • 87. Outline ✓Motivation & overview ✓Framework ✓flexibility ✓ease of use ✓accuracy • Empirical evaluation • Conclusions
  • 88. Empirical evaluation • RQ1: Can Dytan be used to (easily) implement existing dynamic taint analyses? • RQ2: How do inaccurate propagation policies affect the analysis results? • In addition: discussion on performance
  • 89. RQ1: flexibility • Selected two techniques: • Overwrite attack detection [Qin et al. 04] • SQL injection detection [Halfond et al. 06] • Used Dytan to re-implement both techniques • Measure implementation time • Validate against the original implementation Goal: show that Dytan can be used to (easily) implement existing dynamic taint analyses
  • 90. RQ1: results • Implementation time: • Overwrite attack detection: < 1 hour • SQL injection detection: < 1 day • Comparison with original implementations: • Successfully stopped same attacks as the original implementations
  • 91. RQ2: accuracy impact Goal: measure the effect of inaccurate propagation policies on analysis results
  • 92. RQ2: accuracy impact • Selected two subjects: • Gzip (75kb w/o libraries) • Firefox (850kb w/o libraries) Goal: measure the effect of inaccurate propagation policies on analysis results
  • 93. RQ2: accuracy impact • Selected two subjects: • Gzip (75kb w/o libraries) • Firefox (850kb w/o libraries) • Use Dytan to taint program inputs and measure the amount of heap data tainted at program exit Goal: measure the effect of inaccurate propagation policies on analysis results
  • 94. RQ2: accuracy impact • Selected two subjects: • Gzip (75kb w/o libraries) • Firefox (850kb w/o libraries) • Use Dytan to taint program inputs and measure the amount of heap data tainted at program exit • Compare Dytan against inaccurate policies • no implicit operands (no IM) • no address generators (no AG) • no implicit operands, no address generators (no IM, no AG) Goal: measure the effect of inaccurate propagation policies on analysis results
  • 95. RQ2: results 0% 25% 50% 75% 100% Firefox (1 page) Firefox (3 pages) Gzip Dytan No IM No AG No IM, no IG
  • 96. Performance • Measured for gzip: ≈30x for data flow ≈50x for data and control flow • High overhead, but...
  • 97. Performance • In line with existing implementations • Measured for gzip: ≈30x for data flow ≈50x for data and control flow • High overhead, but...
  • 98. Performance • In line with existing implementations • Designed for experimentation • Favors flexibility over performance • Measured for gzip: ≈30x for data flow ≈50x for data and control flow • High overhead, but...
  • 99. Performance • In line with existing implementations • Designed for experimentation • Favors flexibility over performance • Implementation can be further optimized • Measured for gzip: ≈30x for data flow ≈50x for data and control flow • High overhead, but...
  • 100. Related work • Existing dynamic tainting approaches [Suh et al. 04, Newsome and Song 05, Halfond et al. 06, Kong et al. 06, ...] • Ad-hoc • Other dynamic taint analysis frameworks [Xu et al. 06 and Lam and Chiueh 06] • Focused on security applications • Single taint mark • No control-flow propagation • Operate at the source code level
  • 101. Conclusions • Dytan • a general framework for dynamic tainting • allows for instantiating and experimenting with different dynamic taint analysis approaches • Initial evaluation • flexible • easy to use • accurate
  • 102. Future directions • Tool release (documentation, code cleanup) http://www.cc.gatech.edu/~clause/dytan/ (pre-release on request) • Optimization (general and specific) • Applications • Memory protection • Debugging