Abstract
As the growth of computing technologies and smart service, the dimension for importance of security of a system has been increased dramatically. Many researches for solving threats of software vulnerabilities have been proposed in worldwide. Ordinary program testing method for finding defects in software can be categorized into black-box testing and white-box testing. In Black-box testing, the tester does not need to tasks recognization of the internal structure of program, whereas in white-box testing, the tester checks to tasks recognization of internal structure of program. Taint analysis is an efficient black-box testing method for finding exploited crashes by tracking external input to the program. However, taint analysis method is too heavy and slow to provide for commercial analysis program, because of large amount of computation and shadow memory usage. Recent, many experimental approaches to weight down and to speed up the analysis process, but it were lacking in commercial use. In this paper, we propose a method to reduce shadow memory usage by selectively not trace the definite untainting memories. Our evaluation result shows that we can reduce number of taint operation by significant amount.
An Erratum for this chapter can be found at http://dx.doi.org/10.1007/978-3-319-09156-3_56
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
2012 Annual Report PandaLabs, http://press.pandasecurity.com/press-room/reports
Min, J.-W., Choi, Y.-H., Eom, J.-H., Chung, T.-M.: Explicit Untainting to Reduce Shadow Memory Usage and Access Frequency in Taint Analysis. In: Murgante, B., Misra, S., Carlini, M., Torre, C.M., Nguyen, H.-Q., Taniar, D., Apduhan, B.O., Gervasi, O. (eds.) ICCSA 2013, Part III. LNCS, vol. 7973, pp. 175–186. Springer, Heidelberg (2013)
Kang, M., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic taint analysis with targeted control-flow propagation. In: 18th Annual Network and Distributed System Security Symposium (2011)
Miller, C., et al.: Crash Analysis with Bitblaze. Blackhat, USA (2010)
Schwartz, E.J., Avgerinos, T., Brumley, D.: All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask). In: IEEE Symposium on Security and Privacy (2010)
Brumley, D., Jager, I., Avgerinos, T., Schwartz, E.J.: BAP: A Binary Analysis Platform. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 463–469. Springer, Heidelberg (2011)
Song, D., et al.: BitBlaze: A New Approach to Computer Security via Binary Analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)
Clause, J., Li, W., Orso, A.: Dytan: A Generic Dynamic Taint Analysis Framework. In: Proceedings of the 2007 International Symposium on Software Testing and Analysis. ACM (2007)
Avgerinos, T., Cha, S.K., Hao, B.L.T., Brumley, D.: AEG: Automatic Exploit Generation. In: Proceedings of the Network and Distributed System Security Symposium (2011)
Miller, C., et al.: Crash Analysis with BitBlaze. Blackhat, USA (2010)
Choi, Y.-H., Chung, T.-M.: A Framework for Dynamic Taint Analysis of Binary Executable File. In: Proc. ICISA 2013, Pattaya, pp. 374–375 (2013)
Scholten, M.: Taint Analysis in Practice, pp. 1–29. Vrije Universiteit Amsterdam, Amsterdam (2007)
Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. Technical report, School of Computer Science Carnegie Mellon University (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Choi, Y.H., Park, MW., Eom, JH., Chung, TM. (2014). Retracted: Explicit Untainting to Reduce Shadow Memory Usage in Dynamic Taint Analysis. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2014. ICCSA 2014. Lecture Notes in Computer Science, vol 8583. Springer, Cham. https://doi.org/10.1007/978-3-319-09156-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-09156-3_13
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09155-6
Online ISBN: 978-3-319-09156-3
eBook Packages: Computer ScienceComputer Science (R0)