| Title | Detecting Attack Surface With Full-System Taint Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Fursova, Natalia, Dovgalyuk, Pavel, Vasiliev, Ivan, Klimushenkova, Maria, Egorov, Danila |
| Conference Name | 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C) |
| Keywords | attack surface, composability, Conferences, dynamic analysis, fuzzing, Malware, Metrics, pubcrawl, security, software certification, software quality, software reliability, taint analysis, Task Analysis, virtual machine introspection, Virtual machining |
| Abstract | Attack surface detection for the complex software is needed to find targets for the fuzzing, because testing the whole system with many inputs is not realistic. Researchers that previously applied taint analysis for dealing with different security tasks in the virtual machines did not examined how to apply it for attack surface detection. I.e., getting the program modules and functions, that may be affected by input data. We propose using taint tracking within a virtual machine and virtual machine introspection to create a new approach that can detect the internal module interfaces that can be fuzz tested to assure that software is safe or find the vulnerabilities. |
| DOI | 10.1109/QRS-C55045.2021.00174 |
| Citation Key | fursova_detecting_2021 |
Detecting Attack Surface With Full-System Taint Analysis