DTAD: a Dynamic Taint Analysis Detector for Information Security
Information infection and information leakage in computer systems are mainly caused by insecure network access. Considering the particularity of network security, a tool DTAD (Dynamic Taint Analysis Detector) for information flow security detection is designed and implemented, aiming at the problem of data security in network access. This tool performs log recording and state controlling for malicious access and virus vulnerability using the state-control characteristic of virtual machines. Defense systems capture network data by executing applications to determine whether these accesses(i.e. target jumping, function address and instruction access) are legitimate or not. Once an attack is detected, the tool records states of the virtual machine at the process level as well as the kernel level. For attacks caused by malicious code, the tool injects its own diagnostic code into the process space of running programs to substitute the malicious code, as a result, related information for the attacked process is collected. The tool is able to generate precise signatures for network intrusion detection by associating and comparing network data recorded in log files with process information collected by the virtual machine, the whole process is finished automatically. The tool can also precisely identify attack types and provide effective protection measures through fast signature releasing. Experiments have validated the efficiency of the tool in attack recognition and information protection, and indicated that this detection and protection system is effective in recognizing, tracking and processing taint data.
Zhiwen Bai Liming Wang Jinglin Chen Lin Xu Jian Liu Xiyang Liu
Software Engineering Institute,Xidian University,No.2 South TaiBai Road Xian,Shaanxi,710071,China
国际会议
The Ninth International Conference on Web-Age Information Management(第九届web时代信息管理国际会议)(WAIM 2008)
张家界
英文
2008-07-20(万方平台首次上网日期,不代表论文的发表时间)