Cavallaro, Lorenzo, Saxena, Prateek and Sekar, R. (2008) On the Limits of Information Flow Techniques for Malware Analysis and Containment In: GI SIG SIDAR Conference on Detection of Intrusions and Malware Vulnerability Assessment (DIMVA). .
Full text access: Open
Taint-tracking is emerging as a general technique in software security to complement virtualization and static analysis. It has been applied for accurate detection of a wide range of attacks on benign software, as well as in malware defense. Although it is quite robust for tackling the former problem, application of taint analysis to untrusted (and potentially malicious) software is riddled with several difficulties that lead to gaping holes in defense. These holes arise not only due to the limitations of information flow analysis techniques, but also the nature of today’s software architectures and distribution models. This paper highlights these problems using an array of simple but powerful evasion techniques that can easily defeat taint-tracking defenses. Given today’s binary-based software distribution and deployment models, our results suggest that information flow techniques will be of limited use against future malware that has been designed with the intent of evading these defenses.
This is a Submitted version This version's date is: 10/7/2008 This item is not peer reviewed
https://repository.royalholloway.ac.uk/items/2557bfdb-6da9-39b5-bcbe-23fd6bb8c064/1/
Deposited by Research Information System (atira) on 31-May-2012 in Royal Holloway Research Online.Last modified on 31-May-2012