Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception
Frederico Araujo and Kevin W. Hamlen, The University of Texas at Dallas
An enhanced dynamic taint-tracking semantics is presented and implemented, facilitating fast and precise runtime secret redaction from legacy processes, such as those compiled from C/C++. The enhanced semantics reduce the annotation burden imposed upon developers seeking to add secret-redaction capabilities to legacy code, while curtailing over-tainting and label creep.
An implementation for LLVM’s DataFlow Sanitizer automatically instruments taint-tracking and secretredaction support into annotated C/C++ programs at compile-time, yielding programs that can self-censor their address spaces in response to emerging cyber-attacks. The technology is applied to produce the first information flow-based honey-patching architecture for the Apache web server. Rather than merely blocking intrusions, the modified server deceptively diverts attacker connections to secret-sanitized process clones that monitor attacker activities and disinform adversaries with honey-data.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {190958,
author = {Frederico Araujo and Kevin W, Hamlen},
title = {Compiler-instrumented, Dynamic {Secret-Redaction} of Legacy Processes for Attacker Deception},
booktitle = {24th USENIX Security Symposium (USENIX Security 15)},
year = {2015},
isbn = {978-1-939133-11-3},
address = {Washington, D.C.},
pages = {145--159},
url = {https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/araujo},
publisher = {USENIX Association},
month = aug
}
