A dynamic taint tracking based method to detect sensitive information leaking

Abstract

Sensitive information leaking of network servers attacked by malwares or hackers is a serious security risk of Internet. The paper presents a dynamic taint tracking based method to automatically detect sensitive data leaking. The method automatically tags sensitive data as taint data and monitors the propagation of taint data in memory. If the sensitive data is sent by sockets or written into files, the method will alert and record detail leaking context. The whole process does not need modifying the network server source code or relying on particular server programming languages. The research is useful to improve security of all kinds of network. In the experiment part, successfully detecting the OpenSSL Heartbleed attack proves the effectiveness of the method.