Measuring channel capacity to distinguish undue influence

Authors:
James Newsome;Stephen McCamant;Dawn Song
Affiliations:
Bosch Research and Technology Center;University of California, Berkeley;University of California, Berkeley
Venue:
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Year:
2009

Citing 25
Cited 17

Cryptography and data security

Cryptography and data security
A Discipline of Programming

A Discipline of Programming
Secure program execution via dynamic information flow tracking

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
RIFLE: An Architectural Framework for User-Centric Information-Flow Security

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Belief in Information Flow

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Vigilante: end-to-end containment of internet worms

Proceedings of the twentieth ACM symposium on Operating systems principles
Replayer: automatic protocol replay by binary analysis

Proceedings of the 13th ACM conference on Computer and communications security
Minos: Architectural support for protecting control data

ACM Transactions on Architecture and Code Optimization (TACO)
Assessing security threats of looping constructs

Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation

Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Understanding data lifetime via whole system simulation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Panorama: capturing system-wide information flow for malware detection and analysis

Proceedings of the 14th ACM conference on Computer and communications security
Better bug reporting with better privacy

Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Dynamic spyware analysis

ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Quantitative information flow as network flow capacity

Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Lagrange multipliers and maximum information leakage in different observational models

Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Loop-extended symbolic execution on binary programs

Proceedings of the eighteenth international symposium on Software testing and analysis
Model counting: a new strategy for obtaining good bounds

AAAI'06 Proceedings of the 21st national conference on Artificial intelligence - Volume 1
Automatic Discovery and Quantification of Information Leaks

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
A decision procedure for bit-vectors and arrays

CAV'07 Proceedings of the 19th international conference on Computer aided verification
Provably correct runtime enforcement of non-interference properties

ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Tainting is not pointless

ACM SIGOPS Operating Systems Review
On bounding problems of quantitative information flow

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
On information flow for intrusion detection: what if accurate full-system dynamic information flow tracking was possible?

Proceedings of the 2010 workshop on New security paradigms
Quantifying information leaks in software

Proceedings of the 26th Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
TaintEraser: protecting sensitive data leaks using application-level taint tracking

ACM SIGOPS Operating Systems Review
Non-uniform distributions in quantitative information-flow

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
These aren't the droids you're looking for: retrofitting android to protect data from imperious applications

Proceedings of the 18th ACM conference on Computer and communications security
Calculating bounds on information leakage using two-bit patterns

Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Implementing erasure policies using taint analysis

NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Automatic quantification of cache side-channels

CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Holographic vulnerability studies: vulnerabilities as fractures in interpretation as information flows across abstraction boundaries

Proceedings of the 2012 workshop on New security paradigms
Data flow analysis of embedded program expressions

AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
QUAIL: a quantitative security analyzer for imperative code

CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
SAT-Based analysis and quantification of information flow in programs

QEST'13 Proceedings of the 10th international conference on Quantitative Evaluation of Systems
CacheAudit: a tool for the static analysis of cache side channels

SEC'13 Proceedings of the 22nd USENIX conference on Security
On bounding problems of quantitative information flow

Journal of Computer Security - ESORICS 2010

Quantified Score

Hi-index	0.00

Visualization

Abstract

The channel capacity of a program is a quantitative measure of the amount of control that the inputs to a program have over its outputs. Because it corresponds to worst-case assumptions about the probability distribution over those inputs, it is particularly appropriate for security applications where the inputs are under the control of an adversary. We introduce a family of complementary techniques for measuring channel capacity automatically using a decision procedure (SAT or #SAT solver), which give either exact or narrow probabilistic bounds. We then apply these techniques to the problem of analyzing false positives produced by dynamic taint analysis used to detect control-flow hijacking in commodity software. Dynamic taint analysis is based on the principle that an attacker should not be able to control values such as function pointers and return addresses, but it uses a simple binary approximation of control that commonly leads to both false positive and false negative errors. Based on channel capacity, we propose a more refined quantitative measure of influence, which can effectively distinguish between true attacks and false positives. We use a practical implementation of our influence measuring techniques, integrated with a dynamic taint analysis operating on x86 binaries, to classify tainting warnings produced by vulnerable network servers, such as those attacked by the Blaster and SQL Slammer worms. Influence measurement correctly distinguishes real attacks from tainting false positives, a task that would otherwise need to be done manually.