Uma Representação Intermediária para a Detecção de Vazamentos Implícitos de Informação
Resumo
O rastreamento preciso e eficiente do fluxo de informação em um programa é um dos grandes temas abordados dentro da segurança computacional. Esse tipo de análise detecta vulnerabilidades como vazamento de segredos ou ataques de fluxo contaminado. Um dos maiores desafios nesse campo é a detecção dos chamados fluxos implícitos. Informação trafega implicitamente pelo programa quando dados são influenciados pelo resultado de testes condicionais. Neste artigo propomos uma análise estática que detecta tais fluxos. Ao contrário de trabalhos anteriores, nós o fazemos de forma eficiente. Como testemunho desse pragmatismo, implementamos nossa análise em LLVM, um compilador de qualidade industrial. Fomos capazes de auditar programas cujos grafos de propagação de informação possuem mais de 16 milhões de arestas.Referências
Bhatkar, E., Duvarney, D. C., and Sekar, R. (2003). Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In USENIX Security, pages 105–120.
Clause, J., Li, W., and Orso, A. (2007). Dytan: a generic dynamic taint analysis framework. In ISSTA, pages 196–206. ACM.
Cytron, R., Ferrante, J., Rosen, B. K., Wegman, M. N., and Zadeck, F. K. (1989). An efficient method of computing static single assignment form. In POPL, pages 25–35.
Denning, D. E. and Denning, P. J. (1977). Certification of programs for secure information flow. Commun. ACM, 20:504–513.
Hamlen, K. W., Morrisett, G., and Schneider, F. B. (2006). Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst., 28(1):175–205.
Hammer, C. and Snelting, G. (2009). Flow-sensitive, context-sensitive, and objectsensitive information flow control based on program dependence graphs. International Journal of Information Security, 8(6):399–422.
Hunt, S. and Sands, D. (2006). On flow-sensitive security types. In POPL, pages 79–90. ACM.
Jovanovic, N., Kruegel, C., and Kirda, E. (2006). Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In Symposium on Security and Privacy, pages 258–263. IEEE.
Lattner, C. and Adve, V. S. (2004). LLVM: A compilation framework for lifelong program analysis & transformation. In CGO, pages 75–88. IEEE.
Nethercote, N. and Seward, J. (2007). Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI, pages 89–100. ACM.
Pierce, B. C. (2004). Types and Programming Languages. MIT Press, 1st edition.
Quadros, G. S. and Pereira, F. M. Q. (2011). Static detection of address leaks. In SBSeg, pages 23–37.
Quadros, G. S. and Pereira, F. M. Q. (2012). A static analysis tool to detect address leaks. In CBSoft – Tools.
Quadros, G. S., Souza, R. M., and Pereira, F. M. Q. (2012). Dynamic detection of address leaks. In SBSeg, pages 61–75.
Rimsa, A. A., D’Amorim, M., Pereira, F. M. Q., and Bigonha, R. (2012). Efficient static checker for tainted variable attacks. Science of Computer Programming, 13(2):2–24.
Russo, A. and Sabelfeld, A. (2010). Dynamic vs. static flow-sensitive security analysis. In CSF, pages 186–199. IEEE Computer Society.
Sabelfeld, A. and Russo, A. (2009). From dynamic to static and back: Riding the roller coaster of information-flow control research. In Ershov Memorial Conference.
Shacham, H. (2007). The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In CCS, pages 552–561. ACM.
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., and Boneh, D. (2004). On the effectiveness of address-space randomization. In CSS, pages 298–307. ACM.
Tripp, O., Pistoia, M., Fink, S., Sridharan, M., and Weisman, O. (2009). TAJ: Effective taint analysis of web applications. In PLDI, pages 87–97. ACM.
Volpano, D., Irvine, C., and Smith, G. (1996). A sound type system for secure flow analysis. J. Comput. Secur., 4(2-3):167–187.
Volpano, D. M. (1999). Safety versus secrecy. In SAS, pages 303–311. Springer-Verlag.
Zhang, R., Huang, S., Qi, Z., and Guan, H. (2011). Combining static and dynamic analysis to discover software vulnerabilities. In IMIS, pages 175–181. IEEE Computer Society.
Clause, J., Li, W., and Orso, A. (2007). Dytan: a generic dynamic taint analysis framework. In ISSTA, pages 196–206. ACM.
Cytron, R., Ferrante, J., Rosen, B. K., Wegman, M. N., and Zadeck, F. K. (1989). An efficient method of computing static single assignment form. In POPL, pages 25–35.
Denning, D. E. and Denning, P. J. (1977). Certification of programs for secure information flow. Commun. ACM, 20:504–513.
Hamlen, K. W., Morrisett, G., and Schneider, F. B. (2006). Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst., 28(1):175–205.
Hammer, C. and Snelting, G. (2009). Flow-sensitive, context-sensitive, and objectsensitive information flow control based on program dependence graphs. International Journal of Information Security, 8(6):399–422.
Hunt, S. and Sands, D. (2006). On flow-sensitive security types. In POPL, pages 79–90. ACM.
Jovanovic, N., Kruegel, C., and Kirda, E. (2006). Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In Symposium on Security and Privacy, pages 258–263. IEEE.
Lattner, C. and Adve, V. S. (2004). LLVM: A compilation framework for lifelong program analysis & transformation. In CGO, pages 75–88. IEEE.
Nethercote, N. and Seward, J. (2007). Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI, pages 89–100. ACM.
Pierce, B. C. (2004). Types and Programming Languages. MIT Press, 1st edition.
Quadros, G. S. and Pereira, F. M. Q. (2011). Static detection of address leaks. In SBSeg, pages 23–37.
Quadros, G. S. and Pereira, F. M. Q. (2012). A static analysis tool to detect address leaks. In CBSoft – Tools.
Quadros, G. S., Souza, R. M., and Pereira, F. M. Q. (2012). Dynamic detection of address leaks. In SBSeg, pages 61–75.
Rimsa, A. A., D’Amorim, M., Pereira, F. M. Q., and Bigonha, R. (2012). Efficient static checker for tainted variable attacks. Science of Computer Programming, 13(2):2–24.
Russo, A. and Sabelfeld, A. (2010). Dynamic vs. static flow-sensitive security analysis. In CSF, pages 186–199. IEEE Computer Society.
Sabelfeld, A. and Russo, A. (2009). From dynamic to static and back: Riding the roller coaster of information-flow control research. In Ershov Memorial Conference.
Shacham, H. (2007). The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In CCS, pages 552–561. ACM.
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., and Boneh, D. (2004). On the effectiveness of address-space randomization. In CSS, pages 298–307. ACM.
Tripp, O., Pistoia, M., Fink, S., Sridharan, M., and Weisman, O. (2009). TAJ: Effective taint analysis of web applications. In PLDI, pages 87–97. ACM.
Volpano, D., Irvine, C., and Smith, G. (1996). A sound type system for secure flow analysis. J. Comput. Secur., 4(2-3):167–187.
Volpano, D. M. (1999). Safety versus secrecy. In SAS, pages 303–311. Springer-Verlag.
Zhang, R., Huang, S., Qi, Z., and Guan, H. (2011). Combining static and dynamic analysis to discover software vulnerabilities. In IMIS, pages 175–181. IEEE Computer Society.
Publicado
11/11/2013
Como Citar
SILVA, Bruno R.; PEREIRA, Fernando M. Q.; OLIVEIRA, Leonardo B..
Uma Representação Intermediária para a Detecção de Vazamentos Implícitos de Informação. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 13. , 2013, Manaus.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2013
.
p. 212-225.
DOI: https://doi.org/10.5753/sbseg.2013.19547.
