Litcius/Paper detail

DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection

Tapti Palit, Jarin Firose Moon, Fabian Monrose, Michalis Polychronakis

202131 citationsDOI

Abstract

As control flow hijacking attacks become more challenging due to the deployment of various exploit mitigation technologies, the leakage of sensitive process data through the exploitation of memory disclosure vulnerabilities is becoming an increasingly important threat. To make matters worse, recently introduced transient execution attacks provide a new avenue for leaking confidential process data. As a response, various approaches for selectively protecting subsets of critical in-memory data have been proposed, which though either require a significant code refactoring effort, or do not scale for large applications.In this paper we present DynPTA, a selective data protection approach that combines static analysis with scoped dynamic data flow tracking (DFT) to keep a subset of manually annotated sensitive data always encrypted in memory. DynPTA ameliorates the inherent overapproximation of pointer analysis—a significant challenge that has prevented previous approaches from supporting large applications—by relying on lightweight label lookups to determine if potentially sensitive data is actually sensitive. Labeled objects are tracked only within the subset of value flows that may carry potentially sensitive data, requiring only a fraction of the program’s code to be instrumented for DFT. We experimentally evaluated DynPTA with real-world applications and demonstrate that it can prevent memory disclosure (Heartbleed) and transient execution (Spectre) attacks from leaking the protected data, while incurring a modest runtime overhead of up to 19.2% when protecting the private TLS key of Nginx with OpenSSL.

Topics & Concepts

Computer scienceExploitPointer (user interface)Dynamic program analysisStatic analysisOverhead (engineering)EncryptionTaint checkingComputer securityExecutableDynamic dataSide channel attackProcess (computing)ConfidentialityEmbedded systemData flow diagramCryptographyOperating systemDatabaseSoftwareComputer hardwareProgramming languageSecurity and Verification in ComputingAdvanced Malware Detection TechniquesDigital and Cyber Forensics
DynPTA: Combining Static and Dynamic Analysis for Practical Selective Data Protection | Litcius