Practical Taint-Based Protection using Demand Emulation
Alex Ho
Many software attacks are based on injecting malicious code into a
target host. This talk demonstrates the use of a well-known
technique, data tainting, to track data received from the network as
it propagates through a system and to prevent its execution. Unlike
past approaches to taint tracking, which track tainted data by running
the system completely in an emulator or simulator, resulting in
considerable execution overhead, our work demonstrates the ability to
dynamically switch a running system between virtualized and emulated
execution. Using this technique, we are able to explore hardware
support for taint-based protection that is deployable in real-world
situations, as emulation is only used when tainted data is being
processed by the CPU. By modifying the CPU, memory, and I/O devices
to support taint tracking and protection, we guarantee that data
received from the network may not be executed, even if it is written
to, and later read from disk. We demonstrate near native speeds for
workloads where little taint data is present.
|