An Enhanced Dynamic Information Flow Tracking Method with Reverse Stack Execution

Author(s):  
Anna Trikalinou ◽  
Nikolaos Bourbakis

Memory errors have long been a critical security issue primarily for C/C++ programming languages and are still considered one of the top three most dangerous software errors according to the MITRE ranking. In this paper the authors focus on their exploitation via control-flow hijacking and data-only attacks (stack, and partially heap (G. Novarck & E. Berger, 2010)) by proposing a synergistic security methodology, which can accurately detect and thwart them. Their methodology is based on the Dynamic Information Flow Tracking (DIFT) technique and improves its data-only attack detection by utilizing features from the Reverse Stack Execution (RSE) security technique. Thus, the authors can significantly lower the resource consumption of the latter methodology, while increasing the former's accuracy. Their proof-of-concept compiler implementation verifies their assumptions and is able to protect vulnerable C programs against various real-world attack scenarios.

2004 ◽  
Vol 32 (5) ◽  
pp. 85-96 ◽  
Author(s):  
G. Edward Suh ◽  
Jae W. Lee ◽  
David Zhang ◽  
Srinivas Devadas

Author(s):  
Christian Pilato ◽  
Kaijie Wu ◽  
Siddharth Garg ◽  
Ramesh Karri ◽  
Francesco Regazzoni

2023 ◽  
Vol 55 (1) ◽  
pp. 1-33
Author(s):  
Christopher Brant ◽  
Prakash Shrestha ◽  
Benjamin Mixon-Baca ◽  
Kejun Chen ◽  
Said Varlioglu ◽  
...  

Information flow tracking was proposed more than 40 years ago to address the limitations of access control mechanisms to guarantee the confidentiality and integrity of information flowing within a system, but has not yet been widely applied in practice for security solutions. Here, we survey and systematize literature on dynamic information flow tracking (DIFT) to discover challenges and opportunities to make it practical and effective for security solutions. We focus on common knowledge in the literature and lingering research gaps from two dimensions— (i) the layer of abstraction where DIFT is implemented (software, software/hardware, or hardware) and (ii) the security goal (confidentiality and/or integrity). We observe that two major limitations hinder the practical application of DIFT for on-the-fly security applications: (i) high implementation overhead and (ii) incomplete information flow tracking (low accuracy). We posit, after review of the literature, that addressing these major impedances via hardware parallelism can potentially unleash DIFT’s great potential for systems security, as it can allow security policies to be implemented in a built-in and standardized fashion. Furthermore, we provide recommendations for the next generation of practical and efficient DIFT systems with an eye towards hardware-supported implementations.


Sign in / Sign up

Export Citation Format

Share Document