2 research outputs found
Detile: Fine-Grained Information Leak Detection in Script Engines
Memory disclosure attacks play an important role in the exploitation of
memory corruption vulnerabilities. By analyzing recent research, we observe
that bypasses of defensive solutions that enforce control-flow integrity or
attempt to detect return-oriented programming require memory disclosure attacks
as a fundamental first step. However, research lags behind in detecting such
information leaks.
In this paper, we tackle this problem and present a system for fine-grained,
automated detection of memory disclosure attacks against scripting engines. The
basic insight is as follows: scripting languages, such as JavaScript in web
browsers, are strictly sandboxed. They must not provide any insights about the
memory layout in their contexts. In fact, any such information potentially
represents an ongoing memory disclosure attack. Hence, to detect information
leaks, our system creates a clone of the scripting engine process with a
re-randomized memory layout. The clone is instrumented to be synchronized with
the original process. Any inconsistency in the script contexts of both
processes appears when a memory disclosure was conducted to leak information
about the memory layout. Based on this detection approach, we have designed and
implemented Detile (\underline{det}ection of \underline{i}nformation
\underline{le}aks), a prototype for the JavaScript engine in Microsoft's
Internet Explorer 10/11 on Windows 8.0/8.1. An empirical evaluation shows that
our tool can successfully detect memory disclosure attacks even against this
proprietary software
Towards Practical Avoidance of Information Leakage in Enterprise Networks
Preventing exfiltration of sensitive data is a central challenge facing many modern networking environments. In this paper, we propose a network-wide method of confining and controlling the flow of sensitive data within a network. Our approach is based on black-box differencing – we run two logical copies of the network, one with private data scrubbed, and compare outputs of the two to determine if and when private data is being leaked. To ensure outputs of the two copies match, we build upon recent advances that enable computing systems to execute deterministically at scale and with low overheads. We believe our approach could be a useful building block towards building general-purpose schemes that leverage black-box differencing to mitigate leakage of private data.