To B or not to B: Blessing OS Commands with Software DNA Shotgun Sequencing

Originally published on

014 Tenth European Dependable Computing Conference, Newcastle, United Kingdom, May 13-16, 2014


Anh Nguyen-Tuong, Jason Hiser, Michele Co, Nathan Kennedy, David Melski, William Ella, David Hyde, Jack W. Davidson and John C. Knight


We introduce Software DNA Shotgun Sequencing (S3), a novel, biologically-inspired approach to combat OS Injection Attacks, the #2 most dangerous software error as identified by MITRE. To thwart such attacks, researchers have advocated various forms of taint-tracking techniques. Despite promising results, e.g., few missed attacks and few false alarms, taint-tracking has not seen widespread adoption. Impediments to adoption include high overhead and difficulty of deployment. S3 is based on a novel technique: positive taint inference which dynamically reassembles string fragments from a binary to infer blessed, i.e. trusted, parts of an OS command. S3 incurs negligible performance overhead and is easy to deploy as it operates directly on binary programs.

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US