iProbe: A Lightweight User- Space Instrumentation Tool

Slides:

Advertisements

Similar presentations

Using MapuSoft Instead of OS Vendor’s Simulators.

Advertisements

INTROPERF: TRANSPARENT CONTEXT- SENSITIVE MULTI-LAYER PERFORMANCE INFERENCE USING SYSTEM STACK TRACES Chung Hwan Kim*, Junghwan Rhee, Hui Zhang, Nipun.

Autonomic Systems Justin Moles, Winter 2006 Enabling autonomic behavior in systems software with hot swapping Paper by: J. Appavoo, et al. Presentation.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

1/1/ / faculty of Electrical Engineering eindhoven university of technology Introduction Part 3: Input/output and co-processors dr.ir. A.C. Verschueren.

CLUE: SYSTEM TRACE ANALYTICS FOR CLOUD SERVICE PERFORMANCE DIAGNOSIS Hui Zhang 1, Junghwan Rhee 1, Nipun Arora 1, Sahan Gamage 2, Guofei Jiang 1, Kenji.

Chapter 6 Limited Direct Execution

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

Dynamic Tainting for Deployed Java Programs Du Li Advisor: Witawas Srisa-an University of Nebraska-Lincoln 1.

Code Coverage Testing Using Hardware Performance Monitoring Support Alex Shye, Matthew Iyer, Vijay Janapa Reddi and Daniel A. Connors University of Colorado.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

University of Maryland Compiler-Assisted Binary Parsing Tugrul Ince PD Week – 27 March 2012.

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.

LOOM: Bypassing Races in Live Applications with Execution Filters Jingyue Wu, Heming Cui, Junfeng Yang Columbia University 1.

Presenter: Zong Ze-Huang Fast and Accurate Resource Conflict Simulation for Performance Analysis of Multi- Core Systems Stattelmann, S. ; Bringmann, O.

Beyond Kernel-level Integrity Measurement: Enabling Remote Attestation for the Android Platform Mohammad Nauman, Sohail Khan, Xinwen Zhang, Jean- Pierre.

©NEC Laboratories America 1 Huadong Liu (U. of Tennessee) Hui Zhang, Rauf Izmailov, Guofei Jiang, Xiaoqiao Meng (NEC Labs America) Presented by: Hui Zhang.

Native Client: A Sandbox for Portable, Untrusted x86 Native Code

Vasileios P. Kemerlis, Georgios Portokalidis, Angelos D. Keromytis Network Security Lab, Department of Computer Science, Columbia University, USA 21 st.

Environment Selection Application  Firefox 1.0 or 2.0  Apache Operating System  Linux  Windows XP Instrumentation Package  JIT (DynamoRio,

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

Instrumentation of Xen VMs for efficient VM scheduling and capacity planning in hybrid clouds. Kurt Vermeersch Coordinator: Sam Verboven.

Operating System Support for Easy Development of Distributed File Systems Kenichi Kourai* Shigeru Chiba** Takashi Masuda* *University of Tokyo **University.

JIT Instrumentation – A Novel Approach To Dynamically Instrument Operating Systems Marek Olszewski Keir Mierle Adam Czajkowski Angela Demke Brown University.

Efficient Software Based Fault Isolation Author: Robert Wahobe,Steven Lucco,Thomas E Anderson, Susan L Graham Presenter: Maitree kanungo Date:02/17/2010.

University of Maryland Instrumentation with Relocatable Program Code Tugrul Ince Department of Computer Science University of Maryland, College Park, MD.

Efficient software-based fault isolation Robert Wahbe, Steven Lucco, Thomas Anderson & Susan Graham Presented by: Stelian Coros.

National Energy Research Scientific Computing Center (NERSC) CHOS - CHROOT OS Shane Canon NERSC Center Division, LBNL SC 2004 November 2004.

1 JIFL: JIT Instrumentation Framework for Linux Marek Olszewski Adam Czajkowski Keir Mierle University of Toronto.

OSes: 2. Structs 1 Operating Systems v Objective –to give a (selective) overview of computer system architectures Certificate Program in Software Development.

The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San.

13/July/1999Third USENIX Windows NT Symposium1 Detours: Binary Interception of Win32 Functions Galen Hunt and Doug Brubacher Systems and Networking Group.

QEMU, a Fast and Portable Dynamic Translator Fabrice Bellard (affiliation?) CMSC 691 talk by Charles Nicholas.

Qin Zhao1, Joon Edward Sim2, WengFai Wong1,2 1SingaporeMIT Alliance 2Department of Computer Science National University of Singapore

PINTOS: An Execution Phase Based Optimization and Simulation Tool) PINTOS: An Execution Phase Based Optimization and Simulation Tool) Wei Hsu, Jinpyo Kim,

Introduction to threads

Optimistic Hybrid Analysis

Virtualization.

Improving Multi-Core Performance Using Mixed-Cell Cache Architecture

Remix: On-demand Live Randomization

Kernel Code Coverage Nilofer Motiwala Computer Sciences Department

Kernel Design & Implementation

Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir. A.C. Verschueren Eindhoven University of Technology Section of Digital.

Muen Policy & Toolchain

HybNET: Network Manager for a Hybrid Network Infrastructure

An Analytics Approach to Traffic Analysis in Network Virtualization

Current Generation Hypervisor Type 1 Type 2.

Gift Nyikayaramba 30 September 2014

Debugging Memory Issues

Interrupts and signals

Performance Optimizations in Dyninst

Mechanism: Limited Direct Execution

Chapter 5 Conclusion CIS 61.

Lecture 1 Runtime environments.

Hardware Support for Embedded Operating System Security

Operating System Concepts

OS Virtualization.

Chapter 4: Threads.

Efficient x86 Instrumentation:

Speculative execution and storage

Xen and the Art of Virtualization

Rust for Flight Software

Dynamic Binary Translators and Instrumenters

Presentation transcript:

iProbe: A Lightweight User- Space Instrumentation Tool Nipun Arora, Hui Zhang, Junghwan Rhee, Kenji Yoshihira, Guofei Jiang Autonomic Management Group Princeton, NJ

Motivation

} Background } The current state-of-art monitoring mechanisms use Trampoline (DTrace, DynInst) Just-in-Time Compilation (PIN, Valgrind) Source-code /Compiler-Driven } Blackbox but slow } Developer -driven but fast Ensuring stability & robustness when rewriting the binary Context Switch to Kernel or Instrumentation Functions Fixing and simulating overwritten Instructions

} } Background Trampoline (DTrace, DynInst) Just-in-Time Compilation (PIN, Valgrind) Source-code based techniques (Log4j, Log4c) Compiler driven techniques(gprof) Blackbox but slow } Developer/Compiler driven but fast H/W Interrupt Trap Mechanism Trampoline mechanism Overhead because of extra-jumps, and simulating overwritten instructions High overhead because of h/w trap mechanism Monitored Application Monitored Application High overhead because of context switch to kernel space *High Overhead because of complex Safety checks Kernel Space Logs User Space Logs D-Trace/SystemTap DynInst

The Core Idea: Hybrid Instrumentation Traditional Instrumentation uses either purely compiler based techniques or purely binary based techniques Hybrid Instrumentation uses both compiler and binary instrumentation to gain a significant performance advantage Development Phase Production Phase Source Code Files iProbe GCC Compiler Flags + iProbe packaged software Run-time Monitoring iProbe packaged software

State-Diagram ColdPatch Phase HotPatch Phase Compile source code files with GNU compiler flag “-finstrument-functions" Use cold-patch script to replace all instrumentation calls with NOP instructions Create a meta-data file with location of each NOP placeholder iProbe presents the user the set of functions they can select to instrument at run-time using the probe-list The HotPatcher then replaces the NOP instructions with a call to the instrumentation function Extremely low overhead since there is no overwriting of instructions <Basic Block Begin> <func_foo>: push %EBP call <foo_begin> pop inc …. … call <foo_end> <Basic Block End> <Basic Block Begin> <func_foo>: push %EBP NOP <90> pop inc …. … <Basic Block End> <Basic Block Begin> <func_foo>: push %EBP call<begin_instr> pop inc …. call<end_instr> <Basic Block End> <Basic Block Begin> <func_foo>: push %EBP pop inc …. … <Basic Block End> NOP replaced in run-time with calls to instrumentation functions Native binary Compiled with instrumentation flag Replaced by NOP OpCode

Evaluation : ColdPatch An iProbe enabled cold-patched application has NOP instructions added as placeholders to the binary Evaluation on SPEC CPU 2006 benchmarks - negligible on most applications (<1%)

Evaluation: HotPatch Evaluation of application performance in comparison to existing tools was found to have an order of magnitude better performance and scaled significantly better 10-2 10-1 10 102 103 104 10-3 102 103 104 105 106 107 108 10

Conclusion iProbe can provide for extremely light-weight instrumentation in the user-space, with a stable and robust design, which avoids most complications that other tools deal with. No developer effort needed (new instrumentation etc.), uses pre-existing compiler flags We have an advanced version which supports binary rewriting or user-driven macros to generate place-holders, and can be used instead of compiler flags for customized instrumentation points. iProbe-enabled applications can provide secure instrumentation especially when used with code-obfuscation techniques iProbe can be used as a monitoring framework to develop further more intelligent instrumentation and monitoring applications

Please visit us !!! nipun@nec-labs.com Nipun Arora NEC Laboratories America Princeton, NJ http://www.nipunarora.net/iprobe-demo.html nipun@nec-labs.com