摘要 |
Mechanisms have been developed for securing computational systems against certain forms of attack. In particular, it has been discovered that, by maintaining and selectively propagating taint status for storage locations in correspondence with information flows of instructions executed by a computing system, it is possible to provide a security (or other appropriate) response if and when a control transfer (or other restricted use) is attempted based on tainted data. By employing aging in decisions to propagate, it is possible limit overheads associated with such tracking. In some embodiments, a decay oriented metric is applied and further propagation of taints is interrupted once aging reaches a predetermined decay threshold. In some embodiments, more generalized labels may be maintained and selectively propagated based on an aging metric. For example, in some embodiments, labels may be employed to code source designation or classification, aging, popularity/frequency of access or taint. |