2016 Symposium Posters

Posters > 2016

HexTaint: Ensuring Data Flow Integrity using Dynamic Taint Analysis


PDF

Primary Investigator:
Mathias Payer

Project Members
Priyam Biswas, Mathias Payer
Abstract
The security and privacy of our data is threatened by security vulnerabilities in the programs that access the data. Memory safety vulnerabilities like buffer overflow attacks, use-after free attacks, or format string attacks accord for the majority of software vulnerabilities. These vulnerabilities allow an attacker to corrupt the data flow in programs which eventually results in a potential threat for the whole system. Our low-overhead defense mechanism, TaintGuard, detects data corruption using Dynamic Taint Analysis (DTA). DTA efficiently determines unsafe data flow paths. TaintGuard first defines the operational semantics of the underlying taint-flow policy and then instruments the source program on LLVM bitcode level. In addition to the detection of unsafe data flow paths, TaintGuard develops filters to safeguard data integrity.

Our annual information security symposium will take place on April 3rd and 4th, 2018.
Purdue University, West Lafayette, IN