Title :
To B or not to B: Blessing OS Commands with Software DNA Shotgun Sequencing
Author :
Anh Nguyen-Tuong ; Hiser, Jason D. ; Co, Michele ; Davidson, Jack W. ; Knight, Jonathan C. ; Kennedy, N. ; Melski, David ; Ella, William ; Hyde, David
Author_Institution :
Univ. of Virginia, Charlottesville, VA, USA
Abstract :
We introduce Software DNA Shotgun Sequencing (S3), a novel, biologically-inspired approach to combat OS Injection Attacks, the #2 most dangerous software error as identified by MITRE. To thwart such attacks, researchers have advocated various forms of taint-tracking techniques. Despite promising results, e.g., few missed attacks and few false alarms, taint-tracking has not seen widespread adoption. Impediments to adoption include high overhead and difficulty of deployment. S3 is based on a novel technique: positive taint inference which dynamically reassembles string fragments from a binary to infer blessed, i.e. trusted, parts of an OS command. S3 incurs negligible performance overhead and is easy to deploy as it operates directly on binary programs.
Keywords :
DNA; biology computing; operating systems (computers); security of data; binary programs; biologically inspired approach; blessing OS commands; combat OS injection attacks; operating system; software DNA shotgun sequencing; software error; taint tracking techniques; Computer architecture; DNA; Operating systems; Security; Sequential analysis; Servers; command injection; injection; security; taint inference; taint tracking;
Conference_Titel :
Dependable Computing Conference (EDCC), 2014 Tenth European
Conference_Location :
Newcastle
DOI :
10.1109/EDCC.2014.13
