DocumentCode :
517925
Title :
Dynamic taint analysis for vulnerability exploits detection
Author :
Tang, Heping ; Huang, Shuguang ; Li, Yongliang ; Bao, Lei
Author_Institution :
Dept. of Network Eng., Electron. Eng. Inst., Hefei, China
Volume :
2
fYear :
2010
fDate :
16-18 April 2010
Abstract :
Untrusted Data originating from network input and configuration files, causes many software security problems. Keeping track of the propagation of untrusted data in program runtime is the main idea of dynamic taint analysis for vulnerability exploits detection. In this method data from network user input and configuration files were labeled as taint. In virtue of data flow analysis we design taint propagating algorithm, and define several taint detection policies for security-critical function which used taint data in dangerous ways that could cause vulnerability exploit. A vulnerability exploit detection prototype system was implemented. In contrast to other taint analysis systems, our prototype system has higher accuracy and vulnerability exploits coverage and low workloads.
Keywords :
data flow analysis; safety-critical software; configuration files; data flow analysis; dynamic taint analysis; network user input; security-critical function; taint propagating algorithm; vulnerability exploit detection prototype system; Algorithm design and analysis; Data analysis; Data engineering; Data security; Databases; Hardware; Heuristic algorithms; Monitoring; Prototypes; Runtime; Data flow analysis; Dynamic taint analysis; Tainted scenes analysis; Vulnerability exploits detection;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Engineering and Technology (ICCET), 2010 2nd International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-6347-3
Type :
conf
DOI :
10.1109/ICCET.2010.5485224
Filename :
5485224
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=517925
بازگشت