You are here
Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception
Frederico Araujo and Kevin W. Hamlen, The University of Texas at Dallas
An enhanced dynamic taint-tracking semantics is presented and implemented, facilitating fast and precise runtime secret redaction from legacy processes, such as those compiled from C/C++. The enhanced semantics reduce the annotation burden imposed upon developers seeking to add secret-redaction capabilities to legacy code, while curtailing over-tainting and label creep.
An implementation for LLVM’s DataFlow Sanitizer automatically instruments taint-tracking and secretredaction support into annotated C/C++ programs at compile-time, yielding programs that can self-censor their address spaces in response to emerging cyber-attacks. The technology is applied to produce the first information flow-based honey-patching architecture for the Apache web server. Rather than merely blocking intrusions, the modified server deceptively diverts attacker connections to secret-sanitized process clones that monitor attacker activities and disinform adversaries with honey-data.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Frederico Araujo and Kevin W, Hamlen},
title = {Compiler-instrumented, Dynamic {Secret-Redaction} of Legacy Processes for Attacker Deception},
booktitle = {24th USENIX Security Symposium (USENIX Security 15)},
year = {2015},
isbn = {978-1-939133-11-3},
address = {Washington, D.C.},
pages = {145--159},
url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/araujo},
publisher = {USENIX Association},
month = aug
}
connect with us