Please enable JavaScript.

Coggle requires JavaScript to display documents.

‎2014 - Survey of Dynamic Taint Analysis (Information (Survey (DYTAN…

- - - - Tracing information flow without source code by observing runtime behavior
      - DTA marks certain inputs to program as tainted, and then propagates values operated with tainted inputs
      - Analyze execution paths that an attacker may use to exploit a
        system
      - Based on the observation that ifor an attacker to change the execution of a program illegitimately, attacker must cause a value that is normally derived from a trusted source to instead be derived from his own input.
      - Data that originates or derived from an untrusted input as being tainted.
      - Taint Propagation
        
        Process that tainted object affect another object through computing in programs
      - Taint Sink
    - - Builds a logical formula describing a program execution path
  - - - Dimensions of DTA
        
        Propagation policy
        
        Describes how taint markings
        should be propagated during execution
        
        Taint sources
        
        Description of program data that should be initialized with taint markings
        
        Taint sinks
        
        A location in the code where users want to perform some check on the taint markings of one or more memory locations
        
        Aspects
        
        ID
        
        Memory location
        
        Code location
        
        Checking operations
      - Tools
        
        PIN dynamic instrumentation framework
      - Instruments the x86 executable on the fly to produce an instrumented executable
    - - BitBlaze
      - Propose advanced idea to vanilla dynamic taint analysis that propagates additional taint along targeted control dependencies in order to ameliorate under-tainting caused by implicit flows
      - Steps
        
        Offline analysis
        
        Detects and diagnoses under-tainting, generates DTA++ rules
        
        Generate DTA++ rules by using vanilla dynamic taint propagation
        
        If the condition at the branch is tainted, the values written by each control-dependent instruction should also be tainted.
        
        Online analysis
        
        Uses propagation rules generated by offline phase, performs future runs of dynamic taint analysis.
    - - Instruments the code to perform taint marking and propagation
      - Lam and Chiueh
        
        Instruments the code to perform taint marking and propagation
      - Chess and Jacob West’s
        
        DTA is used to find software vulnerability