Taint tracking mechanism for computer security

Assignee

• VMware LLC · US

Inventors

• Edward N. Leake · Mountain View, US
• Geoffrey Pike · San Francisco, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/552
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Mechanisms have been developed for securing computational systems against certain forms of attack. In particular, it has been discovered that, by maintaining and propagating taint status for memory locations in correspondence with information flows of instructions executed by a computing system, it is possible to provide a security response if and when a control transfer (or other restricted use) is attempted based on tainted data. In some embodiments, memory management facilities and related exception handlers can be exploited to facilitate taint status propagation and/or security responses. Taint tracking through registers of a processor (or through other storage for which access is not conveniently mediated using a memory management facility) may be provided using an instrumented execution mode of operation. For example, the instrumented mode may be triggered by an attempt to propagate tainted information to a register. In some embodiments, an instrumented mode of operation may be more generally employed. For example, data received from an untrusted source or via an untrusted path is often transferred into a memory buffer for processing by a particular service, routine, process,…