• DocumentCode
    144198
  • Title

    To B or not to B: Blessing OS Commands with Software DNA Shotgun Sequencing

  • Author

    Anh Nguyen-Tuong ; Hiser, Jason D. ; Co, Michele ; Davidson, Jack W. ; Knight, Jonathan C. ; Kennedy, N. ; Melski, David ; Ella, William ; Hyde, David

  • Author_Institution
    Univ. of Virginia, Charlottesville, VA, USA
  • fYear
    2014
  • fDate
    13-16 May 2014
  • Firstpage
    238
  • Lastpage
    249
  • Abstract
    We introduce Software DNA Shotgun Sequencing (S3), a novel, biologically-inspired approach to combat OS Injection Attacks, the #2 most dangerous software error as identified by MITRE. To thwart such attacks, researchers have advocated various forms of taint-tracking techniques. Despite promising results, e.g., few missed attacks and few false alarms, taint-tracking has not seen widespread adoption. Impediments to adoption include high overhead and difficulty of deployment. S3 is based on a novel technique: positive taint inference which dynamically reassembles string fragments from a binary to infer blessed, i.e. trusted, parts of an OS command. S3 incurs negligible performance overhead and is easy to deploy as it operates directly on binary programs.
  • Keywords
    DNA; biology computing; operating systems (computers); security of data; binary programs; biologically inspired approach; blessing OS commands; combat OS injection attacks; operating system; software DNA shotgun sequencing; software error; taint tracking techniques; Computer architecture; DNA; Operating systems; Security; Sequential analysis; Servers; command injection; injection; security; taint inference; taint tracking;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Dependable Computing Conference (EDCC), 2014 Tenth European
  • Conference_Location
    Newcastle
  • Type

    conf

  • DOI
    10.1109/EDCC.2014.13
  • Filename
    6821110
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=144198