Program analysis and transformations for Security
A vast majority of security problems in the real-world can be traced back to software vulnerabilities. In spite of increased efforts by software vendors to address them, there has been an enormous increase in software vulnerability reports over the past decade. Automated techniques are therefore needed to stem this rising tide. Two basic approaches have been explored in this context:
- static analysis techniques that analyze program source code and warn programmers about likely security vulnerabilities, and
- runtime monitoring techniques that detect (and often, prevent) attempts to exploit these vulnerabilities.
We are interested in both techniques, and have been influential in the second area. Many of our techniques have taken the form of source-to-source transformations on programs. The transformed programs contain additional runtime instrumentation, dynamic analysis and/or policy checking code that can prevent certain classes of attacks from succeeding. For instance, we have developed several techniques [6, 2] that use randomization to provide probabilistic defense against memory corruption attacks. We have also developed techniques that can detect all memory errors in C programs [7]. Memory error defenses continue to be an important area of research within the lab.
More recently, we showed that fine-grained dynamic taint analysis (also called information flow tracking) can be used together with security policies to detect a wide range of attacks that exploit software vulnerabilities [5]. Taint analysis has become very popular in security, and out ongoing work is exploring several interesting new applications of this technique, including the development of novel intrusion detection techniques [1], and malware defense [3].
Related Publications
- [1] Anomalous Taint Detection (Extended Abstract)
- and
Recent Advances in Intrusion Detection (RAID) September, 2008. (Full version available as Technical Report SECLAB08-06). - [2] Data Space Randomization
- and
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008. - [3] On the Limits of Information Flow Techniques for Malware Analysis and Containment
- , and
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008. (Supercedes SECLAB07-03, November 2007). - [4] Provably Correct Runtime Enforcement of Non-Interference Properties
- , , and
International Conference on Information and Communications Security (ICICS) December, 2006. (Supercedes Technical Report SECLAB-04-01, Stony Brook University, March, 2004.). - [5] Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
- , and
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]). - [6] Efficient Techniques for Comprehensive Protection from Memory Error Exploits
- , and
USENIX Security Symposium (USENIX Security) August, 2005. - [7] An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs
- , and
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2004.