Dynamic taint analysis for vulnerability exploits detection

Author

Tang, Heping ; Huang, Shuguang ; Li, Yongliang ; Bao, Lei

Author_Institution

Dept. of Network Eng., Electron. Eng. Inst., Hefei, China

Volume

2

fYear

2010

fDate

16-18 April 2010

Abstract

Untrusted Data originating from network input and configuration files, causes many software security problems. Keeping track of the propagation of untrusted data in program runtime is the main idea of dynamic taint analysis for vulnerability exploits detection. In this method data from network user input and configuration files were labeled as taint. In virtue of data flow analysis we design taint propagating algorithm, and define several taint detection policies for security-critical function which used taint data in dangerous ways that could cause vulnerability exploit. A vulnerability exploit detection prototype system was implemented. In contrast to other taint analysis systems, our prototype system has higher accuracy and vulnerability exploits coverage and low workloads.

Keywords

data flow analysis; safety-critical software; configuration files; data flow analysis; dynamic taint analysis; network user input; security-critical function; taint propagating algorithm; vulnerability exploit detection prototype system; Algorithm design and analysis; Data analysis; Data engineering; Data security; Databases; Hardware; Heuristic algorithms; Monitoring; Prototypes; Runtime; Data flow analysis; Dynamic taint analysis; Tainted scenes analysis; Vulnerability exploits detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Engineering and Technology (ICCET), 2010 2nd International Conference on

Conference_Location

Chengdu

Print_ISBN

978-1-4244-6347-3

Type

conf

DOI

10.1109/ICCET.2010.5485224

Filename

5485224