TaintEraser
- 18 February 2011
- journal article
- Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review
- Vol. 45 (1), 142-154
- https://doi.org/10.1145/1945023.1945039
Abstract
We present TaintEraser, a new tool that tracks the movement of sensitive user data as it flows through off-the-shelf applications. TaintEraser uses application-level dynamic taint analysis to let users run applications in their own environment while preventing unwanted information exposure. It is made possible by techniques we developed for accurate and efficient tainting: (1) Semantic-aware instruction-level tainting is critical to track taint accurately, without explosion or loss. (2) Function summaries provide an interface to handle taint propagation within the kernel and reduce the overhead of instruction-level tracking. (3) On-demand instrumentation enables fast loading of large applications. Together, these techniques let us analyze large, multi-threaded, networked applications in near real-time. In tests on Internet Explorer, Yahoo! Messenger, and Windows Notepad, Taint- Eraser generated no false positives and instrumented fewer than 5% of the executed instructions while precisely scrubbing user-defined sensitive data that would otherwise have been exposed to restricted output channels. Our research provides the first evidence that it is viable to track taint accurately and efficiently for real, interactive applications running on commodity hardware.Keywords
This publication has 17 references indexed in Scilit:
- Tainting is not pointlessACM SIGOPS Operating Systems Review, 2010
- Measuring channel capacity to distinguish undue influencePublished by Association for Computing Machinery (ACM) ,2009
- Privacy oraclePublished by Association for Computing Machinery (ACM) ,2008
- Process-shared and persistent code cachesPublished by Association for Computing Machinery (ACM) ,2008
- DytanPublished by Association for Computing Machinery (ACM) ,2007
- LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007), 2006
- Practical taint-based protection using demand emulationACM SIGOPS Operating Systems Review, 2006
- TaintTrace: Efficient Flow Tracing with Dynamic Binary RewritingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Labels and event processes in the asbestos operating systemPublished by Association for Computing Machinery (ACM) ,2005
- PinPublished by Association for Computing Machinery (ACM) ,2005