Fellow: Michael E. Locasto
I3P Member hosting fellow: George Mason Univeristy
Title of Proposal: Open Taint: Flexible and Automatic Dataflow Tagging and Conrol for User-Level Programs.
Abstract:
Dataflow analysis has traditionally been used by software developers to design the control mechanisms for how their system processes and stores a variety of data. In the security space, dataflow analysis techniques have recently focused on tainted dataflow analysis, in which a small and static set of rules governing the flow of very specific types of information is encoded into a runtime monitoring system. These rules express the concept that data derived from untrusted sources such as a network socket should not enter the program counter, the instruction register, or form part of an argument to a sensitive system call (e.g., execve).
Current systems are typically heavyweight, do not provide a control API between the supervised program and the monitoring environment, and mix both policy (what specific types of data are allowed to flow where) with mechanism (the internal details of how “tainted” information is propagated throughout a system). Such systems lack the flexibility to redefine, modify, or otherwise update the current dataflow policy or dynamically describe new types of data as the supervised program executes. The current “detection” conditions listed above mainly focus on preventing the successful exercise of code injection vulnerabilities.
This proposal aims to address these shortcomings by developing an efficient, automatic, and largely transparent framework for information flow control of user–level program binaries. We are interested in creating an efficient runtime system for observing and controlling dynamic information flow through program binaries. We plan to create a suite of tools that will allow users to reliably detect binary code injection attacks, characterize new vulnerabilities, track the flow of sensitive information throughout a system (a vital first step toward detecting and controlling information leaks), and help automatically validate runtime self–healing repairs (a new concept in the systems security space).
This problem is difficult and worthwhile. Attacks can be subtle, and most Commercial–Off–The-Shelf (COTS) software is not instrumented to extract detailed forensic or auditing information about how it handles data at a very fine granularity. As such, these software programs require an external mechanism (i.e., a runtime environment) to provide dataflow tagging, tracking, and enforcement as a system service. The advent of dynamic binary instrumentation presents the opportunity for implementing an information flow tracing system for widespread use.
One vital and novel part of our proposal is the development of a policy language that supplies two capabilities: (1) automatic tagging of certain types of data flows and (2) expressing rules about permissible flows. This language is a creative and original concept; most prior work on this topic encodes a small, static set of rules in the source code of the system: a conglomeration of policy and mechanism that is neither scalable nor extensible. A more detailed overview of our system is provided in Section 2.1.
The focus of this research agenda crosscuts three research areas of the I3P Cyber Security Research and Devel¬opment Agenda: Discovery and Analysis of Security Properties and Vulnerabilities; Secure System and Network Response and Recovery; and Traceback, Identification, and Forensics. This proposal will have tangible benefits to both the systems security community as well as the critical information infrastructure of the United States. The pro¬posal is also well positioned to leverage interaction with some key personnel at Dartmouth College, particularly the security hardware expertise in Sean Smith’s PKI/Trust Lab and the deep expertise in data structures and algorithms of other faculty members.
Fellow: Shishir Nagaraja
I3P Member hosting fellow: University of Illinois at Urbana-Champaign
Title of Proposal: Structure of Peer-to-peer Botnets: Strengths and Limitations
Abstract:
I propose a program of research to study properties of peer-to-peer botnet structures in order to understand their fundamental limits and guide the design of defensive measures. My research will build upon my own experience with attacks and defenses on distributed, self-organizing systems from my Ph.D. thesis. I will follow an interdisciplinary approach, combining results from research in peer-to-peer networking, anonymous communication, biological systems, and social networks, in order to design botnet countermeasures and understand their effectiveness.
See also: Past Participants in the I3P Postdoctoral Fellowship Program
