SENSITIVE DATA TRACKING USING DYNAMIC TAINT ANALYSIS
First Claim
1. A method of tracking sensitive data through a target application running on a computer system, the method comprising:
- loading a target application for execution by a computer system;
monitoring input data received on at least one input channel of the computer system for a sensitive data indicator;
marking the input data associated with the sensitive data indicator as tainted data when the input data is provided to the target application;
tracking propagation of the tainted data as the target application executes and the tainted data is read from and written to memory locations in the computer system; and
monitoring at least one output channel of the computer system to determine if the tainted data is propagated to the at least one output channel.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for tracking sensitive data uses dynamic taint analysis to track sensitive data as the data flows through a target application running on a computer system. In general, the system and method for tracking sensitive data marks data as tainted when the data input to the target application is indicated as sensitive. The system and method may then track the propagation of the tainted data as the data is read from and written to memory by the target application to detect if the tainted data is output from the application (e.g., leaked). Dynamic binary translation may be used to provide binary instrumentation of the target application for dynamic taint analysis to track propagation of the tainted data at the instruction level and/or the function level. Of course, many alternatives, variations, and modifications are possible without departing from this embodiment.
-
Citations
20 Claims
-
1. A method of tracking sensitive data through a target application running on a computer system, the method comprising:
-
loading a target application for execution by a computer system; monitoring input data received on at least one input channel of the computer system for a sensitive data indicator; marking the input data associated with the sensitive data indicator as tainted data when the input data is provided to the target application; tracking propagation of the tainted data as the target application executes and the tainted data is read from and written to memory locations in the computer system; and monitoring at least one output channel of the computer system to determine if the tainted data is propagated to the at least one output channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A tangible computer-readable medium comprising instructions stored thereon which, when executed by a computer system, cause the computer system to perform the following operations:
-
monitoring input data received on at least one input channel of the computer system for a sensitive data indicator; marking the input data associated with the sensitive data indicator as tainted data when the input data is provided to the target application; tracking propagation of the tainted data as the target application executes and the tainted data is read from and written to memory locations in the computer system; and monitoring at least one output channel of the computer system to determine if the tainted data is propagated to the at least one output channel. - View Dependent Claims (18)
-
-
19. A system comprising:
-
a memory to store a target application and a sensitive data tracker, wherein the sensitive data tracker is configured to monitor input data received on at least one input channel of the computer system for a sensitive data indicator, to mark the input data associated with the sensitive data indicator as tainted data when the input data is provided to the target application, to track propagation of the tainted data as the target application executes and the tainted data is read from and written to memory locations in the computer system, and to monitor at least one output channel of the computer system to determine if the tainted data is propagated to the at least one output channel; and a processor to execute instructions of the target application and the sensitive data tracker. - View Dependent Claims (20)
-
Specification