On the Limits of Information Flow Techniques for Malware Analysis and Containment

  • Lorenzo Cavallaro
  • Prateek Saxena
  • R. Sekar
Conference paper

DOI: 10.1007/978-3-540-70542-0_8

Volume 5137 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Cavallaro L., Saxena P., Sekar R. (2008) On the Limits of Information Flow Techniques for Malware Analysis and Containment. In: Zamboni D. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2008. Lecture Notes in Computer Science, vol 5137. Springer, Berlin, Heidelberg

Abstract

Taint-tracking is emerging as a general technique in software security to complement virtualization and static analysis. It has been applied for accurate detection of a wide range of attacks on benign software, as well as in malware defense. Although it is quite robust for tackling the former problem, application of taint analysis to untrusted (and potentially malicious) software is riddled with several difficulties that lead to gaping holes in defense. These holes arise not only due to the limitations of information flow analysis techniques, but also the nature of today’s software architectures and distribution models. This paper highlights these problems using an array of simple but powerful evasion techniques that can easily defeat taint-tracking defenses. Given today’s binary-based software distribution and deployment models, our results suggest that information flow techniques will be of limited use against future malware that has been designed with the intent of evading these defenses.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Lorenzo Cavallaro
    • 1
  • Prateek Saxena
    • 2
  • R. Sekar
    • 3
  1. 1.Dipartimento di Informatica e ComunicazioneUniversità degli Studi di MilanoItaly
  2. 2.Computer Science DepartmentUniversity of California at BerkeleyUSA
  3. 3.Computer Science DepartmentStony Brook UniversityUSA