{"title":"A dynamic taint tracking based method to detect sensitive information leaking","authors":"Weiming Li, Yilin Yan, Hao Tu, Jia Xu","doi":"10.1109/APNOMS.2014.6996578","DOIUrl":null,"url":null,"abstract":"Sensitive information leaking of network servers attacked by malwares or hackers is a serious security risk of Internet. The paper presents a dynamic taint tracking based method to automatically detect sensitive data leaking. The method automatically tags sensitive data as taint data and monitors the propagation of taint data in memory. If the sensitive data is sent by sockets or written into files, the method will alert and record detail leaking context. The whole process does not need modifying the network server source code or relying on particular server programming languages. The research is useful to improve security of all kinds of network. In the experiment part, successfully detecting the OpenSSL Heartbleed attack proves the effectiveness of the method.","PeriodicalId":269952,"journal":{"name":"The 16th Asia-Pacific Network Operations and Management Symposium","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 16th Asia-Pacific Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2014.6996578","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Sensitive information leaking of network servers attacked by malwares or hackers is a serious security risk of Internet. The paper presents a dynamic taint tracking based method to automatically detect sensitive data leaking. The method automatically tags sensitive data as taint data and monitors the propagation of taint data in memory. If the sensitive data is sent by sockets or written into files, the method will alert and record detail leaking context. The whole process does not need modifying the network server source code or relying on particular server programming languages. The research is useful to improve security of all kinds of network. In the experiment part, successfully detecting the OpenSSL Heartbleed attack proves the effectiveness of the method.