HexTaint: Ensuring Data Flow Integrity using Dynamic Taint Analysis
Primary Investigator:
Mathias Payer
Priyam Biswas, Mathias Payer
Abstract
The security and privacy of our data is threatened by security vulnerabilities in the programs that access the data. Memory safety vulnerabilities like buffer overflow attacks, use-after free attacks, or format string attacks accord for the majority of software vulnerabilities. These vulnerabilities allow an attacker to corrupt the data flow in programs which eventually results in a potential threat for the whole system.
Our low-overhead defense mechanism, TaintGuard, detects data corruption using Dynamic Taint Analysis (DTA). DTA efficiently determines unsafe data flow paths. TaintGuard first defines the operational semantics of the underlying taint-flow policy and then instruments the source program on LLVM bitcode level. In addition to the detection of unsafe data flow paths, TaintGuard develops filters to safeguard data integrity.