Program analysis and transformations for Security
A vast majority of security problems in the real-world can be traced back to software vulnerabilities. In spite of increased efforts by software vendors to address them, there has been an enormous increase in software vulnerability reports over the past decade. Automated techniques are therefore needed to stem this rising tide. Two basic approaches have been explored in this context:
- static analysis techniques that analyze program source code and warn programmers about likely security vulnerabilities, and
- runtime monitoring techniques that detect (and often, prevent) attempts to exploit these vulnerabilities.
We are interested in both techniques, and have been influential in the second area. Many of our techniques have taken the form of source-to-source transformations on programs. The transformed programs contain additional runtime instrumentation, dynamic analysis and/or policy checking code that can prevent certain classes of attacks from succeeding. For instance, we have developed several techniques [19, 15] that use randomization to provide probabilistic defense against memory corruption attacks. We have also developed techniques that can detect all memory errors in C programs [20]. Memory error defenses continue to be an important area of research within the lab.
More recently, we showed that fine-grained dynamic taint analysis (also called information flow tracking) can be used together with security policies to detect a wide range of attacks that exploit software vulnerabilities [18]. Taint analysis has become very popular in security, and out ongoing work is exploring several interesting new applications of this technique, including the development of novel intrusion detection techniques [14], and malware defense [16].
Related Publications
- [1] Code-Pointer Integrity
- , , , , and
The Continuing Arms Race: Code-Reuse Attacks and Defenses (Morgan-Claypool and ACM Press) January, 2018. - [2] Memory corruption mitigation via hardening and testing
PhD Dissertation (Stony Brook University) May, 2017.- [3] Extracting Instruction Semantics Via Symbolic Execution of Code Generators
- and
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2016. - [4] Securing Web Applications
PhD Dissertation (Stony Brook University) May, 2016.- [5] JaTE: Transparent and Efficient JavaScript Confinement
- , and
Annual Computer Security Applications Conference (ACSAC) December, 2015. - [6] Automatic Generation of Assembly to IR Translators Using Compilers
- and
Workshop on Architectural and Microarchitectural Support for Binary Translation (AMAS-BT) February, 2015. - [7] Checking Correctness of Code Generator Architecture Specifications
- , and
ACM/IEEE International Symposium on Code Generation and Optimization (CGO) February, 2015. - [8] Code-Pointer Integrity
- , , , , and
USENIX Operating System Design and Implementation (OSDI) October, 2014. - [9] Eternal War in Memory
- , , and
IEEE Security and Privacy Magazine (S&P Magazine) May, 2014. - [10] SoK: Eternal War in Memory
- , , and
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2013. - [11] Light-weight Bounds Checking
- , and
ACM/IEEE International Symposium on Code Generation and Optimization (CGO) April, 2012. - [12] Taint-Enhanced Anomaly Detection
- and
International Conference on Information Systems Security (ICISS) December, 2011. - [13] PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs
- , , , , and
ACM Symposium on Information, Computer and Communications Security (ASIACCS) March, 2010. - [14] Anomalous Taint Detection (Extended Abstract)
- and
Recent Advances in Intrusion Detection (RAID) September, 2008. (Full version available as Technical Report SECLAB08-06). - [15] Data Space Randomization
- and
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008. - [16] On the Limits of Information Flow Techniques for Malware Analysis and Containment
- , and
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008. (Supercedes SECLAB07-03, November 2007). - [17] Provably Correct Runtime Enforcement of Non-Interference Properties
- , , and
International Conference on Information and Communications Security (ICICS) December, 2006. (Supercedes Technical Report SECLAB-04-01, Stony Brook University, March, 2004.). - [18] Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
- , and
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]). - [19] Efficient Techniques for Comprehensive Protection from Memory Error Exploits
- , and
USENIX Security Symposium (USENIX Security) August, 2005. - [20] An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs
- , and
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) November, 2004.