Embedded TaintTracker: Lightweight Run-Time Tracking of Taint Data against Buffer Overflow Attacks
Summary :
A buffer overflow attack occurs when a program writes data outside the allocated memory in an attempt to invade a system. Approximately forty percent of all software vulnerabilities over the past several years are attributed to buffer overflow. Taint tracking is a novel technique to prevent buffer overflow. Previous studies on taint tracking ran a victim's program on an emulator to dynamically instrument the code for tracking the propagation of taint data in memory and checking whether malicious code is executed. However, the critical problem of this approach is its heavy performance overhead. Analysis of this overhead shows that 60% of the overhead is from the emulator, and the remaining 40% is from dynamic instrumentation and taint information maintenance. This article proposes a new taint-style system called Embedded TaintTracker to eliminate the overhead in the emulator and dynamic instrumentation by compressing a checking mechanism into the operating system (OS) kernel and moving the instrumentation from runtime to compilation time. Results show that the proposed system outperforms the previous work, TaintCheck, by at least 8 times on throughput degradation, and is about 17.5 times faster than TaintCheck when browsing 1 KB web pages.
- Publication
- IEICE TRANSACTIONS on Information Vol.E94-D No.11 pp.2129-2138
- Publication Date
- 2011/11/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.E94.D.2129
- Type of Manuscript
- Special Section PAPER (Special Section on Information and Communication System Security)
- Category
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Yuan-Cheng LAI, Ying-Dar LIN, Fan-Cheng WU, Tze-Yau HUANG, Frank C. LIN, "Embedded TaintTracker: Lightweight Run-Time Tracking of Taint Data against Buffer Overflow Attacks" in IEICE TRANSACTIONS on Information,
vol. E94-D, no. 11, pp. 2129-2138, November 2011, doi: 10.1587/transinf.E94.D.2129.
Abstract: A buffer overflow attack occurs when a program writes data outside the allocated memory in an attempt to invade a system. Approximately forty percent of all software vulnerabilities over the past several years are attributed to buffer overflow. Taint tracking is a novel technique to prevent buffer overflow. Previous studies on taint tracking ran a victim's program on an emulator to dynamically instrument the code for tracking the propagation of taint data in memory and checking whether malicious code is executed. However, the critical problem of this approach is its heavy performance overhead. Analysis of this overhead shows that 60% of the overhead is from the emulator, and the remaining 40% is from dynamic instrumentation and taint information maintenance. This article proposes a new taint-style system called Embedded TaintTracker to eliminate the overhead in the emulator and dynamic instrumentation by compressing a checking mechanism into the operating system (OS) kernel and moving the instrumentation from runtime to compilation time. Results show that the proposed system outperforms the previous work, TaintCheck, by at least 8 times on throughput degradation, and is about 17.5 times faster than TaintCheck when browsing 1 KB web pages.
URL: https://globals.ieice.org/en_transactions/information/10.1587/transinf.E94.D.2129/_p
Copy
@ARTICLE{e94-d_11_2129,
author={Yuan-Cheng LAI, Ying-Dar LIN, Fan-Cheng WU, Tze-Yau HUANG, Frank C. LIN, },
journal={IEICE TRANSACTIONS on Information},
title={Embedded TaintTracker: Lightweight Run-Time Tracking of Taint Data against Buffer Overflow Attacks},
year={2011},
volume={E94-D},
number={11},
pages={2129-2138},
abstract={A buffer overflow attack occurs when a program writes data outside the allocated memory in an attempt to invade a system. Approximately forty percent of all software vulnerabilities over the past several years are attributed to buffer overflow. Taint tracking is a novel technique to prevent buffer overflow. Previous studies on taint tracking ran a victim's program on an emulator to dynamically instrument the code for tracking the propagation of taint data in memory and checking whether malicious code is executed. However, the critical problem of this approach is its heavy performance overhead. Analysis of this overhead shows that 60% of the overhead is from the emulator, and the remaining 40% is from dynamic instrumentation and taint information maintenance. This article proposes a new taint-style system called Embedded TaintTracker to eliminate the overhead in the emulator and dynamic instrumentation by compressing a checking mechanism into the operating system (OS) kernel and moving the instrumentation from runtime to compilation time. Results show that the proposed system outperforms the previous work, TaintCheck, by at least 8 times on throughput degradation, and is about 17.5 times faster than TaintCheck when browsing 1 KB web pages.},
keywords={},
doi={10.1587/transinf.E94.D.2129},
ISSN={1745-1361},
month={November},}
Copy
TY - JOUR
TI - Embedded TaintTracker: Lightweight Run-Time Tracking of Taint Data against Buffer Overflow Attacks
T2 - IEICE TRANSACTIONS on Information
SP - 2129
EP - 2138
AU - Yuan-Cheng LAI
AU - Ying-Dar LIN
AU - Fan-Cheng WU
AU - Tze-Yau HUANG
AU - Frank C. LIN
PY - 2011
DO - 10.1587/transinf.E94.D.2129
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E94-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2011
AB - A buffer overflow attack occurs when a program writes data outside the allocated memory in an attempt to invade a system. Approximately forty percent of all software vulnerabilities over the past several years are attributed to buffer overflow. Taint tracking is a novel technique to prevent buffer overflow. Previous studies on taint tracking ran a victim's program on an emulator to dynamically instrument the code for tracking the propagation of taint data in memory and checking whether malicious code is executed. However, the critical problem of this approach is its heavy performance overhead. Analysis of this overhead shows that 60% of the overhead is from the emulator, and the remaining 40% is from dynamic instrumentation and taint information maintenance. This article proposes a new taint-style system called Embedded TaintTracker to eliminate the overhead in the emulator and dynamic instrumentation by compressing a checking mechanism into the operating system (OS) kernel and moving the instrumentation from runtime to compilation time. Results show that the proposed system outperforms the previous work, TaintCheck, by at least 8 times on throughput degradation, and is about 17.5 times faster than TaintCheck when browsing 1 KB web pages.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
