Static Detection of Address Leaks

Gabriel Quadros SilvaFernando Magno Quintão Pereira

Taint analysis is a form of program analysis that determines if values produced by unsafe sources might flow into sensitive functions. In this paper we use taint analysis to establish if an adversary might discover the address of any program variable at runtime. The knowledge of an internal program address seems, in principle, a harmless information; however, it gives a malicioususer the means to circumvent a protection mechanism known as address space layout randomization, typically used in modern operating systems to hinder buffer overflow attacks, for instance. We depart from previous taint analyses because we also track indirect information leaks, in which confidential data is first stored in memory, from where it flows into some sensitive operation. We have implemented our analysis into the LLVM compiler and have used it to report 204 warnings in a test suite that contains over 1.3 million lines of C code, and includes traditional benchmarks such as SPEC CPU 2006. Our current implementation reduces by more than 14 times the number of sensitive operations that a developer would have to inspect in order to find address leaks manually.Furthermore, our analysis is remarkably efficient: it has been able to processmore than 8.2 million assembly instructions in 19.7 seconds!

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: