Practical taint-based protection using demand emulation
- 18 April 2006
- journal article
- conference paper
- Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review
- Vol. 40 (4), 29-41
- https://doi.org/10.1145/1218063.1217939
Abstract
Many software attacks are based on injecting malicious code into a target host. This paper demonstrates the use of a well-known technique, data tainting, to track data received from the network as it propagates through a system and to prevent its execution. Unlike past approaches to taint tracking, which track tainted data by running the system completely in an emulator or simulator, resulting in considerable execution overhead, our work demonstrates the ability to dynamically switch a running system between virtualized and emulated execution. Using this technique, we are able to explore hardware support for taint-based protection that is deployable in real-world situations, as emulation is only used when tainted data is being processed by the CPU. By modifying the CPU, memory, and I/O devices to support taint tracking and protection, we guarantee that data received from the network may not be executed, even if it is written to, and later read from disk. We demonstrate near native speeds for workloads where little taint data is present.Keywords
This publication has 13 references indexed in Scilit:
- ArgosPublished by Association for Computing Machinery (ACM) ,2006
- Minos: Control Data Attack Prevention Orthogonal to Memory ModelPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Scalability, fidelity, and containment in the potemkin virtual honeyfarmPublished by Association for Computing Machinery (ACM) ,2005
- MondrixPublished by Association for Computing Machinery (ACM) ,2005
- Defeating Memory Corruption Attacks via Pointer Taintedness DetectionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Secure program execution via dynamic information flow trackingPublished by Association for Computing Machinery (ACM) ,2004
- Xen and the art of virtualizationPublished by Association for Computing Machinery (ACM) ,2003
- DiscoPublished by Association for Computing Machinery (ACM) ,1997
- Simultaneous multithreadingPublished by Association for Computing Machinery (ACM) ,1995
- Virtualizing the VAX architecturePublished by Association for Computing Machinery (ACM) ,1991