TY - GEN
T1 - Taint-exchange
T2 - 6th International Workshop on Security, IWSEC 2011
AU - Zavou, Angeliki
AU - Portokalidis, Georgios
AU - Keromytis, Angelos D.
PY - 2011
Y1 - 2011
N2 - Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the interaction of distributed components, but also for security purposes. This paper presents Taint-Exchange, a generic cross-process and cross-host taint tracking framework. Our goal is to provide researchers with a valuable tool for rapidly developing prototypes that utilize cross-host taint tracking. Taint-Exchange builds on the libdft open source data flow tracking framework for processes, so unlike previous work it does not require extensive maintenance and setup. It intercepts I/O related system calls to transparently multiplex fine-grained taint information into existing communication channels, like sockets and pipes. We evaluate Taint-Exchange using the popular lmbench suite, and show that it incurs only moderate overhead.
AB - Dynamic taint analysis (DTA) has been heavily used by security researchers for various tasks, including detecting unknown exploits, analyzing malware, preventing information leaks, and many more. Recently, it has been also utilized to track data across processes and hosts to shed light on the interaction of distributed components, but also for security purposes. This paper presents Taint-Exchange, a generic cross-process and cross-host taint tracking framework. Our goal is to provide researchers with a valuable tool for rapidly developing prototypes that utilize cross-host taint tracking. Taint-Exchange builds on the libdft open source data flow tracking framework for processes, so unlike previous work it does not require extensive maintenance and setup. It intercepts I/O related system calls to transparently multiplex fine-grained taint information into existing communication channels, like sockets and pipes. We evaluate Taint-Exchange using the popular lmbench suite, and show that it incurs only moderate overhead.
UR - http://www.scopus.com/inward/record.url?scp=80455127247&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80455127247&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-25141-2_8
DO - 10.1007/978-3-642-25141-2_8
M3 - Conference contribution
AN - SCOPUS:80455127247
SN - 9783642251405
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 113
EP - 128
BT - Advances in Information and Computer Security - 6th International Workshop, IWSEC 2011, Proceedings
Y2 - 8 November 2011 through 10 November 2011
ER -