Using dynamic information flow analysis to detect attacks against applications

Abstract

This paper presents a new approach to using dynamic information flow analysis to detect attacks against application software. The approach can be used to reveal and, under some conditions, to prevent attacks that violate a specified information flow policy or exhibit a known information flow signature. When used in conjunction with automatic cluster analysis, the approach can also reveal novel attacks that exhibit unusual patterns of information flows. A set of prototype tools implementing the approach have been developed for Java byte code programs. Case studies in which this approach was applied to several subject programs are described.