The definition of taint checking is “a feature designed to increase the security of host computers by preventing malicious users from SQL injection and buffer overflow attacks”. Taint analysis is the approach to track information flow and states of the variable in order to counter program exploits. During an occurrence of a security risk, the taint checking tool looks for any tainted variable that might cause SQL injection, memory error, command or format string injection errors. The variables that are changed or affected by the tainted variable in the course of the program are also considered vulnerable, and hence the taint procedure is repeatedly applied to them. It is used in automated fault identification at the production side, like Triage, without any human intervention. Combining it with simple checkpoint mechanism, heavy-weight code bug detection and analysis tools become feasible for onsite diagnosis.
1.1 Several Techniques of Taint Analysis
There are several taint analysis approaches suggested which includes parallelization of the taint computation to efficiently trace the source of any vulnerability by running them in idle cores of multicore machines apart from running actual data computations. TaintCheck is a dynamic taint analysis approach in which works by using binary rewriting during the execution time. Xu et al. approaches this problem by a source to-source transformation of C programs to perform runtime taint-tracking. The untrusted/ malicious input operations are given a specific marking which is reflected in the transformed program. This method considers memory error more pronounced than error propagation due to tainted variables. Format string problems have been first addressed by FormatGuard that imitates the C PreProcessor to use the properties of GNU CPP and estimate the number of arguments expected. If the format string requires a high number of arguments, it alerts the program and kills its execution. Chen et al. aims at decoupling of the analysis and execution flow of the system and parallelize sequential invocations of security checks by running later checks in parallel with earlier ones.
2. Applications of Taint Analysis
From the applications and analysis taint analysis in several instances, it is understood that the technique can be used to protect vulnerable programs in general. Program vulnerabilities occur due to several factors of which some prominent ones are buffer overflows which constitute about 27%, Input Validation attacks like automatic cookie updates in web pages or command or code injection attack where malicious user can execute system level commands with root privileges, SQL injection, and format string attacks. Other errors that could potentially be prevented or eliminated are directory traversal attacks in which the pointer is shifted to a different location so that it will return null or trash value. Cross-site scripting errors (XSS), config errors and tempfile vulnerabilities could be resolved using taint checking with methods similar to input invalidation and pop-up prevention techniques.
No comments:
Post a Comment