Stony Brook University Logo Department of Computer Science Stony Brook Search Button
Secure Systems Lab

Research on Information Flow Analysis and Applications

Information flow analysis has long played an important role in security. Recently, it has become very popular in systems security, and has been used for exploit defense as well as malware analysis.

We showed in  [17] that fine-grained taint-tracking can be combined with simple and general security policies for blocking most common software vulnerability exploits that rely on subverting the privileges of a victim application. Such exploits include SQL injection, command injection, cross-site scripting, path traversals, memory exploits, and so on. By operating as compile-time transformation on C-programs, our technique can protect most programs written in C, as well as interpreted languages such as PHP whose interpreters are written in C. Moreover, our work provided dramatic improvement in performance over previous fine-grained taint-tracking techniques.

We recently developed static binary rewriting techniques for taint-tracking on binaries  [13]. By leveraging novel optimization techniques, our implementation provided 3 to 6 times performance improvement over previous techniques, while remaining robust enough to handle large applications such as Firefox.

Source-code and binary instrumentation approaches may raise robustness and compatibility concerns among those who deploy and administer software systems. To address this problem, we recently developed an efficient blackbox technique for inferring taint by observing inputs and outputs  [8].

Information flow remains as one of the main focus areas of our research. Our ongoing research is concerned with applying information flow for whole-system integrity protection  [12], as well as portection of shared memory plug-ins; enhancing the accuracy of anomaly detection  [18, 9]; and so on.

Related Publications

[1]  Provenance-based Integrity Protection for Windows
Wai-Kit Sze and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2015.
[2]  WebSheets: Web Applications for Non-Programmers
Riccardo Pelizzi and R. Sekar
New Security Paradigms Workshop (NSPW) September, 2015.
[3]  Towards More Usable Information Flow Policies for Contemporary Operating Systems
Wai-Kit Sze, Bhuvan Mital and R. Sekar
ACM Symposium on Access Control Models and Technologies (SACMAT) June, 2014.
Honorable mention for Best paper.
[4]  Comprehensive Integrity Protection for Desktop Linux (Demo)
Wai-Kit Sze and R. Sekar
ACM Symposium on Access Control Models and Technologies (SACMAT) June, 2014.
[5]  A Portable User-Level Approach for System-wide Integrity Protection
Wai-Kit Sze and R. Sekar
Annual Computer Security Applications Conference (ACSAC) December, 2013.
[6]  Protection, Usability and Improvements in Reflected XSS Filters
Riccardo Pelizzi and R. Sekar
ACM Symposium on Information, Computer and Communications Security (ASIACCS) May, 2012.
[7]  Taint-Enhanced Anomaly Detection
Lorenzo Cavallaro and R. Sekar
International Conference on Information Systems Security (ICISS) December, 2011.
[8]  An Efficient Black-box Technique for Defeating Web Application Attacks
R. Sekar
ISOC Network and Distributed Systems Symposium (NDSS) February, 2009.
[9]  Anomalous Taint Detection (Extended Abstract)
Lorenzo Cavallaro and R. Sekar
Recent Advances in Intrusion Detection (RAID) September, 2008. (Full version available as Technical Report SECLAB08-06).
[10]  A Practical Technique for Containment of Untrusted Plug-ins
Prateek Saxena, R. Sekar, Mithun Iyer and Varun Puranik
Technical Report (TR) August, 2008.
[11]  On the Limits of Information Flow Techniques for Malware Analysis and Containment
Lorenzo Cavallaro, Prateek Saxena and R. Sekar
Detection of Intrusions, Malware and Vulnerability Analysis (DIMVA) July, 2008. (Supercedes SECLAB07-03, November 2007).
[12]  Practical Proactive Integrity Preservation: A Basis for Malware Defense
Weiqing Sun, R. Sekar, Gaurav Poothia and Tejas Karandikar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2008.
[13]  Efficient Fine-Grained Binary Instrumentation with Applications to Taint-Tracking
Prateek Saxena, R. Sekar and Varun Puranik
ACM/IEEE International Symposium on Code Generation and Optimization (CGO) April, 2008.
[14]  Comprehensive Memory Error Protection via Diversity and Taint-Tracking
Lorenzo Cavallaro
PhD Dissertation (Stony Brook University) February, 2008.
[15]  Static Binary Analysis And Transformation For Sandboxing Untrusted Plugins
Prateek Saxena
Master's Thesis (Stony Brook University) August, 2007.
[16]  Provably Correct Runtime Enforcement of Non-Interference Properties
V.N. Venkatakrishnan, Wei Xu, Daniel DuVarney and R. Sekar
International Conference on Information and Communications Security (ICICS) December, 2006. (Supercedes Technical Report SECLAB-04-01, Stony Brook University, March, 2004.).
[17]  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks
Wei Xu, Sandeep Bhatkar and R. Sekar
USENIX Security Symposium (USENIX Security) August, 2006. (An earlier version appeared as Technical Report SECLAB-05-06, November 2005. Also supercedes Technical Report SECLAB-05-05 A Unified Approach for Preventing Attacks Exploiting a Range of Software Vulnerabilities, August 2005, and Technical Report SECLAB-05-04 Practical dynamic taint analysis for countering input validation attacks on web applications, May 2005, [PDF]).
[18]  Dataflow Anomaly Detection
Sandeep Bhatkar, Abhishek Chaturvedi and R. Sekar
IEEE Symposium on Security and Privacy (IEEE S&P) May, 2006. (Supercedes Technical Report SECLAB-05-03 Improving Attack Detection in Host-Based IDS by Learning Properties of System Call Arguments, July 2005.).

Research Areas

Source-code analysis/transformation
Binary analysis/rewriting
Policy/Specification Languages
OS and Virtualization Techniques
Learning/anomaly detection
Formal methods/Foundations

Research Problems

Randomization/Memory Errors
Information flow analysis
Automated Exploit Defenses
Virtual Network Lab
Safe execution/attack recovery
Automated signature generation
Malware/Untrusted code defense
Intrusion/Anomaly detection
Fast packet matching
Policy generation tools

Local Search

Home Contact NSI Computer Science Stony Brook University

Copyright © 1999-2013 Secure Systems Laboratory, Stony Brook University. All rights reserved.