{"title":"基于动态污点跟踪的敏感信息泄漏检测方法","authors":"Weiming Li, Yilin Yan, Hao Tu, Jia Xu","doi":"10.1109/APNOMS.2014.6996578","DOIUrl":null,"url":null,"abstract":"Sensitive information leaking of network servers attacked by malwares or hackers is a serious security risk of Internet. The paper presents a dynamic taint tracking based method to automatically detect sensitive data leaking. The method automatically tags sensitive data as taint data and monitors the propagation of taint data in memory. If the sensitive data is sent by sockets or written into files, the method will alert and record detail leaking context. The whole process does not need modifying the network server source code or relying on particular server programming languages. The research is useful to improve security of all kinds of network. In the experiment part, successfully detecting the OpenSSL Heartbleed attack proves the effectiveness of the method.","PeriodicalId":269952,"journal":{"name":"The 16th Asia-Pacific Network Operations and Management Symposium","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A dynamic taint tracking based method to detect sensitive information leaking\",\"authors\":\"Weiming Li, Yilin Yan, Hao Tu, Jia Xu\",\"doi\":\"10.1109/APNOMS.2014.6996578\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Sensitive information leaking of network servers attacked by malwares or hackers is a serious security risk of Internet. The paper presents a dynamic taint tracking based method to automatically detect sensitive data leaking. The method automatically tags sensitive data as taint data and monitors the propagation of taint data in memory. If the sensitive data is sent by sockets or written into files, the method will alert and record detail leaking context. The whole process does not need modifying the network server source code or relying on particular server programming languages. The research is useful to improve security of all kinds of network. In the experiment part, successfully detecting the OpenSSL Heartbleed attack proves the effectiveness of the method.\",\"PeriodicalId\":269952,\"journal\":{\"name\":\"The 16th Asia-Pacific Network Operations and Management Symposium\",\"volume\":\"37 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 16th Asia-Pacific Network Operations and Management Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APNOMS.2014.6996578\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 16th Asia-Pacific Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2014.6996578","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A dynamic taint tracking based method to detect sensitive information leaking
Sensitive information leaking of network servers attacked by malwares or hackers is a serious security risk of Internet. The paper presents a dynamic taint tracking based method to automatically detect sensitive data leaking. The method automatically tags sensitive data as taint data and monitors the propagation of taint data in memory. If the sensitive data is sent by sockets or written into files, the method will alert and record detail leaking context. The whole process does not need modifying the network server source code or relying on particular server programming languages. The research is useful to improve security of all kinds of network. In the experiment part, successfully detecting the OpenSSL Heartbleed attack proves the effectiveness of the method.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
