Article

Practical taint-based protection using demand emulation

Authors:

Michael Fetterman,

Christopher Clark,

Andrew Warfield, and

Steven HandAuthors Info & Claims

EuroSys '06: Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006

April 2006

Pages 29 - 41

https://doi.org/10.1145/1217935.1217939

Published: 18 April 2006 Publication History

Abstract

Many software attacks are based on injecting malicious code into a target host. This paper demonstrates the use of a well-known technique, data tainting, to track data received from the network as it propagates through a system and to prevent its execution. Unlike past approaches to taint tracking, which track tainted data by running the system completely in an emulator or simulator, resulting in considerable execution overhead, our work demonstrates the ability to dynamically switch a running system between virtualized and emulated execution. Using this technique, we are able to explore hardware support for taint-based protection that is deployable in real-world situations, as emulation is only used when tainted data is being processed by the CPU. By modifying the CPU, memory, and I/O devices to support taint tracking and protection, we guarantee that data received from the network may not be executed, even if it is written to, and later read from disk. We demonstrate near native speeds for workloads where little taint data is present.

References

[1]

James Newsome and Dawn Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the 12th Annual Network and Distributed System Security Symposium, February 2005.

[2]

Vladimir Kiriansky, Derek Bruening, and Saman Amarasinghe. Secure Execution Via Program Shepherding. In Proceedings of the 11th USENIX Security Symposium, August 2002.

Digital Library

[3]

Wei Xu, Sandeep Bhatkar, and R. Sekar. A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities. Technical Report Technical Report SECLAB-05-05, Department of Computer Science, Stony Brook University, August 2005.

[4]

G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. Secure Program Execution via Dynamic Information Flow Tracking. In Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-XI), pages 85--96, 2004.

Digital Library

[5]

Jedidiah R. Crandall and Frederic T Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. In Proceedings of the 37th International Symposium on Microarchitecture (MICRO), December 2004.

Digital Library

[6]

Shuo Chen, Jun Xu, Nithin Nakka, Abigniew Kalbarezyk, and Ravi Iyer. Defeating Memory Corruption Attacks via Pointer Taintedness Detection. In Proceedings of IEEE International Conference on Dependable Systems and Networks (DSN-2005), June 2005.

Digital Library

[7]

Dana Madsen. An Operating System Analog to the Perl Data Tainting Functionality. In Proceedings of the 23rd National Information Systems Security Conference, June 2000.

[8]

Randal L. Schwartz. Perl Advisor: Taint so Easy, Is It? Unix Review, August 2000.

[9]

David Thomas and Andrew Hung. Programming Ruby: The Pragmatic Programmer's Guide. Addison Wesley Longman, first edition, 2001.

Digital Library

[10]

David Flannagan. JavaScript: The Definitive Guide. O'Reilly, second edition, January 2001.

Digital Library

[11]

Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeffrey Shirley, and David Evans. Automatically Hardening Web Applications Using Precise Tainting. In Proceedings of the 20th IF IP International Information Security Conference (SEC2005), May 2005.

[12]

Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum. Understanding Data Lifetime via Whole System Simulation. In Proceedings of the 13th USENIX Security Symposium, pages 321--336, August 2004.

Digital Library

[13]

Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex Snoeren, Geoff Voelker, and Stefan Savage. Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, October 2005.

Digital Library

[14]

Manuel Costa, Jon Crowcroft, Miguel Castro, Antony Rowstron, Lidong Zhou, Lintao Zhang, and Paul Barham. Vigilante: End-to-End Containment of Internet Worms. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, October 2005.

Digital Library

[15]

Georgios Portokalidis, Asia Slowinska, and Herbert Bos. Argos: an Emulator for Fingerprinting Zero-Day Attacks. In Proceedings of the first EuroSys Conference, April 2006.

Digital Library

[16]

Pax project, http://pax.pgsecurity.com/.

[17]

Edouard Bugnion, Scott Devine, Kinshuk Govil, and Mendel Rosenblum. Disco: Running Commodity Operating Systems on Scalable Multiprocessors. In Proceedings of the 16th ACM Symposium on Operating Systems Principles, pages 143--156, October 1997.

Digital Library

[18]

Dean M. Tullsen, Susan Eggers, and Henry M. Levy. Simultaneous Multithreading: Maximizing On-Chip Parallelism. In Proceedings of the 22th Annual International Symposium on Computer Architecture, 1995.

Digital Library

[19]

Emmett Witchel, Junghwan Rhee, and Krste Asanovic. Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, October 2005.

Digital Library

[20]

Paul Starzetz. Quick Analysiss {sic} of the recent crc32 ssh(d) bug. Email to [email protected], February 2001.

[21]

Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the Art of Virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, pages 164--177, October 2003.

Digital Library

[22]

Fabrice Bellard. QEMU, a Fast and Portable Dynamic Translator. In Proceedings of the 2005 USENIX Annual Technical Conference, April 2005.

Digital Library

[23]

Carl A. Waldspurger. Memory Resource Management in VMware ESX Server. In OSDI 2002: Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, December 2002.

Digital Library

[24]

P. H. Gum. System/370 Extended Architecture: Facilities for Virtual Machines. IBM Journal of Research and Development, 27(6): 530--544, November 1983.

Digital Library

[25]

Judith S. Hall and Paul T. Robinson. Virtualizing the VAX Architecture. In ISCA '91: Proceedings of the 18th Annual International Symposium on Computer Architecture, pages 380--389, New York, NY, 1991.

Digital Library

[26]

Christopher Clark, Keir Fraser, Steven Hand, Jacob Gorm Hansen, Eric Jul, Christian Limpach, Ian Pratt, and Andrew Warfield. Live Migration of Virtual Machines. In Proceedings of the 2nd Symposium on Networked Systems Design and Implementation, May 2005.

Digital Library

[27]

Andrew Warfield, Steven Hand, Keir Fraser, and Tim Deegan. Facilitating the Development of Soft Devices. In Proceedings of the 2005 USENIX Annual Technical Conference, April 2005.

Digital Library

[28]

George C. Necula, Scott McPeak, S. R. Rahul, and Westley Weimer. Cil: Intermediate Language and Tools for Analysis and Transformation of C Programs. In Proceedings of the 11th Annual Conference on Compiler Construction, April 2002.

Digital Library

[29]

Steven K. Reinhardt, Babak Falsafi, and David A. Wood. Kernel Support for the Wisconsin Wind Tunnel. In Proceedings of the 2nd USENIX Symposium on Microkernels and Other Kernel Architectures, September 1993.

Digital Library

[30]

Feng Qin, Shan Lu, and Yuanyuan Zhou. SafeMem: Exploiting ECC-Memory for Detecting Memory Leaks and Memory Corruption During Production Runs. In Proceedings of the 11th International Symposium on High-Performance Computer Architecture (HPCA-11), February 2005.

Digital Library

Cited By

Kiperberg MZaidenberg N(2024)PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory TrackerSN Computer Science10.1007/s42979-023-02555-w5:2Online publication date: 20-Jan-2024
https://doi.org/10.1007/s42979-023-02555-w
Yang ZYuan ZJin SChen XSun LDu XLi WZhang H(2022)FSAFlow: Lightweight and Fast Dynamic Path Tracking and Control for Privacy Protection on Android Using Hybrid Analysis with State-Reduction Strategy2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833764(2114-2129)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833764
Kreindl JBonetta DStadler LLeopoldseder DMössenböck HKuchen HSinger J(2021)Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimizationProceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3475738.3480939(70-87)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3475738.3480939
Show More Cited By

Index Terms

Practical taint-based protection using demand emulation

Recommendations

Practical taint-based protection using demand emulation
Proceedings of the 2006 EuroSys conference

Many software attacks are based on injecting malicious code into a target host. This paper demonstrates the use of a well-known technique, data tainting, to track data received from the network as it propagates through a system and to prevent its ...
Read More
Transparently bridging semantic gap in CPU management for virtualized environments

Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunction with virtual desktop infrastructure and cloud computing. Unpredictable workloads, however, aggravate the semantic gap between the virtual ...
Read More
High performance network virtualization with SR-IOV

Virtualization poses new challenges to I/O performance. The single-root I/O virtualization (SR-IOV) standard allows an I/O device to be shared by multiple Virtual Machines (VMs), without losing performance. We propose a generic virtualization ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '06: Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006

April 2006

420 pages

ISBN:1595933220

DOI:10.1145/1217935

Conference Chair:
Yolande Berbers
K. U. Leuven, Belgium
,
Program Chair:
Willy Zwaenepoel
EPFL

ACM SIGOPS Operating Systems Review Volume 40, Issue 4
Proceedings of the 2006 EuroSys conference
October 2006
383 pages
ISSN:0163-5980
DOI:10.1145/1218063
Issue’s Table of Contents

Copyright © 2006 Authors.

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

EUROSYS06

Sponsor:

SIGOPS

EUROSYS06: Eurosys 2006 Conference

April 18 - 21, 2006

Leuven, Belgium

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

160
Total Citations
View Citations
959
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)4

Other Metrics

View Author Metrics

Citations

Cited By

Kiperberg MZaidenberg N(2024)PDIFT++: System-Wide Memory Tracking Using a Single-Process Memory TrackerSN Computer Science10.1007/s42979-023-02555-w5:2Online publication date: 20-Jan-2024
https://doi.org/10.1007/s42979-023-02555-w
Yang ZYuan ZJin SChen XSun LDu XLi WZhang H(2022)FSAFlow: Lightweight and Fast Dynamic Path Tracking and Control for Privacy Protection on Android Using Hybrid Analysis with State-Reduction Strategy2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833764(2114-2129)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833764
Kreindl JBonetta DStadler LLeopoldseder DMössenböck HKuchen HSinger J(2021)Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimizationProceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes10.1145/3475738.3480939(70-87)Online publication date: 29-Sep-2021
https://dl.acm.org/doi/10.1145/3475738.3480939
Kan XSun CLiu SHuang YTan GMa SZhang Y(2021)Sdft: A PDG-based Summarization for Efficient Dynamic Data Flow Tracking2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS54544.2021.00080(702-713)Online publication date: Dec-2021
https://doi.org/10.1109/QRS54544.2021.00080
Xiao QSubialdea BBauer LReiter MLobo JStoller SLiu P(2020)Metering Graphical Data Leakage with SnowmanProceedings of the 25th ACM Symposium on Access Control Models and Technologies10.1145/3381991.3395598(1-12)Online publication date: 10-Jun-2020
https://dl.acm.org/doi/10.1145/3381991.3395598
Li YLiu CJi YGong SXu H(2020)Spatio-Temporal Deep Residual Network with Hierarchical Attentions for Video Event RecognitionACM Transactions on Multimedia Computing, Communications, and Applications10.1145/337802616:2s(1-21)Online publication date: 21-Jun-2020
https://dl.acm.org/doi/10.1145/3378026
Montenegro MNieva SPeña RSegura C(2020)Extending Liquid Types to ArraysACM Transactions on Computational Logic10.1145/336274021:2(1-41)Online publication date: 21-Jan-2020
https://dl.acm.org/doi/10.1145/3362740
Zhu SYang XYu JFang ZWang MHuang Q(2020)Proposal Complementary Action DetectionACM Transactions on Multimedia Computing, Communications, and Applications10.1145/336184516:2s(1-12)Online publication date: 21-Jun-2020
https://dl.acm.org/doi/10.1145/3361845
Si WLiu CBi ZShan M(2020)Modeling Long-Term Dependencies from Videos Using Deep Multiplicative Neural NetworksACM Transactions on Multimedia Computing, Communications, and Applications10.1145/335779716:2s(1-19)Online publication date: 14-Jul-2020
https://dl.acm.org/doi/10.1145/3357797
Wang FKo RMickens JLorch JYu M(2019)RiverbedProceedings of the 16th USENIX Conference on Networked Systems Design and Implementation10.5555/3323234.3323285(615-629)Online publication date: 26-Feb-2019
https://dl.acm.org/doi/10.5555/3323234.3323285
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents