| Privacy leakage detection is essential for safeguarding cloud environments.Current related work mostly uses dynamic taint analysis techniques to analyze private data flow of malicious programs,however privacy data requires to be prior assigned,taint information is lost after dynamic migration and analysis is limited within a single virtual machine.By creating virtual machine to simulate the target environment and considering potential privacy leakage scenarios,research is carried out from perspectives of within and across virtual machines to tackle above problems.Techniques such as event-driven interfaces and code instrumentation are adopted to automatically locate four types of private data including keystroke records,sensitive files,clipboard contents,and sensitive memory contents.During dynamic migration or network transmission,the taint information is transferred synchronously in the form of consecutive segments or additional information so that it is efficiently re-located on the destination virtual machine.After located,privacy data is mark as taint source and tracked as taint propagation so that leakage pathways are recorded in real time if taint leak happens.Testing with Heart Bleed and other typical malicious samples,experimental results show that the proposed method can accurately auto-locate the privacy data,efficiently recover taint information on the destination virtual machine after network transmission or dynamic migration,persistently monitor taint flow and detect privacy leakage originated from malicious behaviors such as eavesdropping keyboard,stealing sensitive memory contents,tampering with clipboard contents,as well as encrypting files for ransom in real time. |
PDF Full Text Request