PPT-Taint tracking Suman Jana

Dynamic Taint Analysis Track information flow through a program at runtime Identify sources of taint TaintSeed What are you tracking Untrusted input Sensitive data Taint Policy . Data tainting and analysis. Roadmap. Background. TaintDroid. JavaScript. Conclusion. Background. In smartphone, we. . use third-party applications such as . - Google map, Angry bird … . etc. More than 10Billion Apps. (but might have been afraid to ask). IEEE S&P 2010. Overview. Two Main Contributions. Precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Yinzhi Cao. Reference: . http. ://www.cs.tau.ac.il/~. omertrip/pldi09/TAJ.ppt. www.cs.cmu.edu/~. soonhok/talks/20110301.pdf. 2. Motivating Example. *. * Inspired by . Refl1. in. SecuriBench Micro. Taint Flow #1. Suman Jana. Dynamic Taint Analysis. Track information flow through a program at runtime. Identify sources of taint – . “. TaintSeed. ”. What are you tracking?. Untrusted input. Sensitive data. Taint Policy – . Dawn Song, . Kostya. . Serebryany. ,. Peter . Collingbourne. . Techniques for bug finding. Automatic test case generation. Lower coverage . Lower false positives . Higher false negatives. Fuzzing . Yinzhi Cao. Reference: . http. ://www.cs.tau.ac.il/~. omertrip/pldi09/TAJ.ppt. www.cs.cmu.edu/~. soonhok/talks/20110301.pdf. 2. Motivating Example. *. * Inspired by . Refl1. in. SecuriBench Micro. Taint Flow #1. Roadmap. Background. TaintDroid. JavaScript. Conclusion. Background. In smartphone, we. . use third-party applications such as . - Google map, Angry bird … . etc. More than 10Billion Apps. Because it’s useful.. Dawn Song, . Kostya. . Serebryany. ,. Peter . Collingbourne. . Techniques for bug finding. Automatic test case generation. Lower coverage . Lower false positives . Higher false negatives. Fuzzing . Narayanan. Vitaly. Shmatikov. Protecting User Privacy from Perceptual Applications . 2. What does this all mean for a. security & privacy researcher?. The Future of Computing?. They Are Watching…. including Merck, Pharmacia, and Pfizer. She has been with Bristol - Mye rs Squibb for the past 9 years. Jana has a Bachelor’s degree in Chemistry/Biochemistry, and started in the industry as a for Jana Rosenmann was named Head of Unmanned Aerial Systems (UAS) program me line in March 2017. In this position she is operationally responsible for UAS program me s in Airbus Defence and Spa By establishing the Jana L. Edge Endowed International Transcultural Nursing Scholarship, Jana will assist nursing students to have the opportunity to travel internationally, and thereby see nursing f *some slides are borrowed from . Baishakhi. Ray and . Ras. . Bodik. Our Goal. Program . Analyzer . Source code. Security bugs. Program analyzer must be able to understand program properties. (e.g., can a variable be NULL at a particular program point? ). Realtime. Privacy. Monitoring On Smartphones. Authors:. William . Enck. The . Pennsylvania State . University . Peter Gilbert Duke University . Byung-Gon. Chun Intel Labs . Landon . P. . Cox Duke University .