D.: Influence: A quantitative approach for data integrity

A number of systems employ dynamic taint analysis to detect overwrite attacks in commodity software. These sys-tems are based on the premise that low-integrity inputs should not control values such as function pointers and re-turn addresses. Unfortunately, there are several program-ming constructs that can cause false positives and false neg-atives in these systems, which are currently handled by man-ual annotation, ad-hoc rules, or not at all. In this work we propose to use channel capacity, a quan-titative measure of information flow, as a quantitative mea-sure of control. When measuring control, we refer to this measure as influence. We use influence as a theoretical tool to formally investigate programming constructs known to be problematic for dynamic taint analysis. While calculating influence in arbitrary programs is un-decidable in the general case, we propose and implement practical techniques for automatically bounding and prob-abilistically estimating influence in x86 programs. We show that this tool is able to automatically find useful influence bounds in code constructs known to be problematic in dy-namic taint analysis. We also use it to analyze a dynamic taint analysis alert in samba, showing that it is a false pos-itive, and another alert in SQL Server, showing that it is a true positive.