BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Pointless Tainting? Evaluating the practicality of pointer taintin
 g - Asia Slowinska (Vrije Universiteit Amsterdam)
DTSTART:20090326T160000Z
DTEND:20090326T163000Z
UID:TALK17038@talks.cam.ac.uk
CONTACT:Eiko Yoneki
DESCRIPTION:This talk evaluates pointer tainting\, an incarnation of Dynam
 ic Information Flow Tracking (DIFT). Pointer tainting has been used for tw
 o main purposes: detection of privacy-breaching malware (e.g.\, trojan key
 loggers obtaining the characters typed by a user)\, and detection of memor
 y corruption attacks against non-control data (e.g.\, a buffer over?ow tha
 t modi?es a user’s privilege level). The technique is considered one of 
 the only methods for detecting them in unmodi?ed binaries. Unfortunately\,
  almost all of the incarnations of pointer tainting are ?awed. We found th
 at pointer tainting generates itself the conditions for false positives. W
 e analyse the problems in detail and investigate various ways to improve t
 he technique. Most have serious drawbacks in that they are either impracti
 cal (and incur many false pos- itives still)\, and/or cripple the techniqu
 e’s ability to detect attacks. We argue that depending on architecture a
 nd operating system\, pointer tainting may have some value in detecting me
 mory corruption attacks (albeit with false negatives and not on the popula
 r x86 architecture)\, but it is not suitable for automated detecting of pr
 ivacy-breaching malware such as keyloggers.\n\n\nBio: Asia Slowinska is a 
 third-year PhD student at the Vrije Universiteit Amsterdam. Her research c
 oncerns intrusion detection\, signature generation\, and honeypots. Curren
 tly she's interning with MSRC. \n
LOCATION:FW26\, Computer Laboratory\, William Gates Builiding
END:VEVENT
END:VCALENDAR