Uma Representação Intermediária para a Detecção de Vazamentos Implícitos de Informação
Abstract
Information flow tracking is one of the core areas in software security. One of the key challenges in this field is to detect the so called implicit flows. Such flows are caused by conditional tests, which give an adversary the means to discover information about the program by analyzing the paths that it did or did not take during execution. This paper proposes a static analysis that detects implicit information flows. Our analysis is sound and efficient. To demonstrate its effectiveness, we have implemented it in LLVM, an industrial-strength compiler. We have been able to use it to analyze programs having information flow chains with more than 16 million edges.References
Bhatkar, E., Duvarney, D. C., and Sekar, R. (2003). Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In USENIX Security, pages 105–120.
Clause, J., Li, W., and Orso, A. (2007). Dytan: a generic dynamic taint analysis framework. In ISSTA, pages 196–206. ACM.
Cytron, R., Ferrante, J., Rosen, B. K., Wegman, M. N., and Zadeck, F. K. (1989). An efficient method of computing static single assignment form. In POPL, pages 25–35.
Denning, D. E. and Denning, P. J. (1977). Certification of programs for secure information flow. Commun. ACM, 20:504–513.
Hamlen, K. W., Morrisett, G., and Schneider, F. B. (2006). Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst., 28(1):175–205.
Hammer, C. and Snelting, G. (2009). Flow-sensitive, context-sensitive, and objectsensitive information flow control based on program dependence graphs. International Journal of Information Security, 8(6):399–422.
Hunt, S. and Sands, D. (2006). On flow-sensitive security types. In POPL, pages 79–90. ACM.
Jovanovic, N., Kruegel, C., and Kirda, E. (2006). Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In Symposium on Security and Privacy, pages 258–263. IEEE.
Lattner, C. and Adve, V. S. (2004). LLVM: A compilation framework for lifelong program analysis & transformation. In CGO, pages 75–88. IEEE.
Nethercote, N. and Seward, J. (2007). Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI, pages 89–100. ACM.
Pierce, B. C. (2004). Types and Programming Languages. MIT Press, 1st edition.
Quadros, G. S. and Pereira, F. M. Q. (2011). Static detection of address leaks. In SBSeg, pages 23–37.
Quadros, G. S. and Pereira, F. M. Q. (2012). A static analysis tool to detect address leaks. In CBSoft – Tools.
Quadros, G. S., Souza, R. M., and Pereira, F. M. Q. (2012). Dynamic detection of address leaks. In SBSeg, pages 61–75.
Rimsa, A. A., D’Amorim, M., Pereira, F. M. Q., and Bigonha, R. (2012). Efficient static checker for tainted variable attacks. Science of Computer Programming, 13(2):2–24.
Russo, A. and Sabelfeld, A. (2010). Dynamic vs. static flow-sensitive security analysis. In CSF, pages 186–199. IEEE Computer Society.
Sabelfeld, A. and Russo, A. (2009). From dynamic to static and back: Riding the roller coaster of information-flow control research. In Ershov Memorial Conference.
Shacham, H. (2007). The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In CCS, pages 552–561. ACM.
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., and Boneh, D. (2004). On the effectiveness of address-space randomization. In CSS, pages 298–307. ACM.
Tripp, O., Pistoia, M., Fink, S., Sridharan, M., and Weisman, O. (2009). TAJ: Effective taint analysis of web applications. In PLDI, pages 87–97. ACM.
Volpano, D., Irvine, C., and Smith, G. (1996). A sound type system for secure flow analysis. J. Comput. Secur., 4(2-3):167–187.
Volpano, D. M. (1999). Safety versus secrecy. In SAS, pages 303–311. Springer-Verlag.
Zhang, R., Huang, S., Qi, Z., and Guan, H. (2011). Combining static and dynamic analysis to discover software vulnerabilities. In IMIS, pages 175–181. IEEE Computer Society.
Clause, J., Li, W., and Orso, A. (2007). Dytan: a generic dynamic taint analysis framework. In ISSTA, pages 196–206. ACM.
Cytron, R., Ferrante, J., Rosen, B. K., Wegman, M. N., and Zadeck, F. K. (1989). An efficient method of computing static single assignment form. In POPL, pages 25–35.
Denning, D. E. and Denning, P. J. (1977). Certification of programs for secure information flow. Commun. ACM, 20:504–513.
Hamlen, K. W., Morrisett, G., and Schneider, F. B. (2006). Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst., 28(1):175–205.
Hammer, C. and Snelting, G. (2009). Flow-sensitive, context-sensitive, and objectsensitive information flow control based on program dependence graphs. International Journal of Information Security, 8(6):399–422.
Hunt, S. and Sands, D. (2006). On flow-sensitive security types. In POPL, pages 79–90. ACM.
Jovanovic, N., Kruegel, C., and Kirda, E. (2006). Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In Symposium on Security and Privacy, pages 258–263. IEEE.
Lattner, C. and Adve, V. S. (2004). LLVM: A compilation framework for lifelong program analysis & transformation. In CGO, pages 75–88. IEEE.
Nethercote, N. and Seward, J. (2007). Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI, pages 89–100. ACM.
Pierce, B. C. (2004). Types and Programming Languages. MIT Press, 1st edition.
Quadros, G. S. and Pereira, F. M. Q. (2011). Static detection of address leaks. In SBSeg, pages 23–37.
Quadros, G. S. and Pereira, F. M. Q. (2012). A static analysis tool to detect address leaks. In CBSoft – Tools.
Quadros, G. S., Souza, R. M., and Pereira, F. M. Q. (2012). Dynamic detection of address leaks. In SBSeg, pages 61–75.
Rimsa, A. A., D’Amorim, M., Pereira, F. M. Q., and Bigonha, R. (2012). Efficient static checker for tainted variable attacks. Science of Computer Programming, 13(2):2–24.
Russo, A. and Sabelfeld, A. (2010). Dynamic vs. static flow-sensitive security analysis. In CSF, pages 186–199. IEEE Computer Society.
Sabelfeld, A. and Russo, A. (2009). From dynamic to static and back: Riding the roller coaster of information-flow control research. In Ershov Memorial Conference.
Shacham, H. (2007). The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In CCS, pages 552–561. ACM.
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., and Boneh, D. (2004). On the effectiveness of address-space randomization. In CSS, pages 298–307. ACM.
Tripp, O., Pistoia, M., Fink, S., Sridharan, M., and Weisman, O. (2009). TAJ: Effective taint analysis of web applications. In PLDI, pages 87–97. ACM.
Volpano, D., Irvine, C., and Smith, G. (1996). A sound type system for secure flow analysis. J. Comput. Secur., 4(2-3):167–187.
Volpano, D. M. (1999). Safety versus secrecy. In SAS, pages 303–311. Springer-Verlag.
Zhang, R., Huang, S., Qi, Z., and Guan, H. (2011). Combining static and dynamic analysis to discover software vulnerabilities. In IMIS, pages 175–181. IEEE Computer Society.
Published
2013-11-11
How to Cite
SILVA, Bruno R.; PEREIRA, Fernando M. Q.; OLIVEIRA, Leonardo B..
Uma Representação Intermediária para a Detecção de Vazamentos Implícitos de Informação. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 13. , 2013, Manaus.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2013
.
p. 212-225.
DOI: https://doi.org/10.5753/sbseg.2013.19547.
