Dynamic Information Flow Tracking
Recent growing E-Commerce and digitalization of application to public institutions is rapidly increasing manipulations of private information in personal computers, while the private information there may cause heavy damage if it is leaked.
It had been common to put confidential data away from untrusted program or users to prevent the leakage, which cannot cover today’s attacks on the system vulnerability. To cope with these attacks, Dynamic Information Flow Tracking (DIFT) can be a solution. DIFT can find malicious code taken in to SQL queries or detect confidential data encrypted through some malicious applications before it is sent out.
We proposed SWIFT, a string-wise tracking method. We verified that SWIFT in PHP engine cause neither positive nor negative false when executing server programs with known vulnerabilities.
In 2016, we tested PHP-SWIFT on WordPress vulnerabilities which was found after we have proposed SWIFT, and improved SWIFT engine could detect almost all of those unknown attacks (Zero-Day Attack).