|![[Search]](http://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](http://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](http://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](http://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](http://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory Systems Research Group Seminar > Pointless Tainting? Evaluating the practicality of pointer tainting
Pointless Tainting? Evaluating the practicality of pointer taintingAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Eiko Yoneki. This talk evaluates pointer tainting, an incarnation of Dynamic Information Flow Tracking (DIFT). Pointer tainting has been used for two main purposes: detection of privacy-breaching malware (e.g., trojan keyloggers obtaining the characters typed by a user), and detection of memory corruption attacks against non-control data (e.g., a buffer over?ow that modi?es a user’s privilege level). The technique is considered one of the only methods for detecting them in unmodi?ed binaries. Unfortunately, almost all of the incarnations of pointer tainting are ?awed. We found that pointer tainting generates itself the conditions for false positives. We analyse the problems in detail and investigate various ways to improve the technique. Most have serious drawbacks in that they are either impractical (and incur many false pos- itives still), and/or cripple the technique’s ability to detect attacks. We argue that depending on architecture and operating system, pointer tainting may have some value in detecting memory corruption attacks (albeit with false negatives and not on the popular x86 architecture), but it is not suitable for automated detecting of privacy-breaching malware such as keyloggers. Bio: Asia Slowinska is a third-year PhD student at the Vrije Universiteit Amsterdam. Her research concerns intrusion detection, signature generation, and honeypots. Currently she’s interning with MSRC . This talk is part of the Computer Laboratory Systems Research Group Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsNeuropsychiatry discussion group My List Cambridge Public Policy Lecture SeriesOther talksIs the price right? The feasibility and effectiveness of food pricing strategies to stimulate healthy eating Lifestyle and cancer prevention – the elephant in the room Optimisation of chiral structures for micro-scale propulsion Modeling Tumorigenesis and Drug Resistance in Three Dimensions Myths and realities of food consumption and cuisine in Ancient Greece Continuum Models of Active Nematics |
Asia Slowinska (Vrije Universiteit Amsterdam)
Thursday 26 March 2009, 16:00-16:30