Improving Network Applications Security: a New Heuristic to Generate Stress Testing Data Presented by Conrad Pack Del Grosso et al.

Slides:



Advertisements
Similar presentations
P3 / 2004 Register Allocation. Kostis Sagonas 2 Spring 2004 Outline What is register allocation Webs Interference Graphs Graph coloring Spilling Live-Range.
Advertisements

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
DETAILED DESIGN, IMPLEMENTATIONA AND TESTING Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Compiler Optimized Dynamic Taint Analysis James Kasten Alex Crowell.
Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Online Performance Auditing Using Hot Optimizations Without Getting Burned Jeremy Lau (UCSD, IBM) Matthew Arnold (IBM) Michael Hind (IBM) Brad Calder (UCSD)
A Comparison of Online and Dynamic Impact Analysis Algorithms Ben Breech Mike Tegtmeyer Lori Pollock University of Delaware.
Finite State Machine State Assignment for Area and Power Minimization Aiman H. El-Maleh, Sadiq M. Sait and Faisal N. Khan Department of Computer Engineering.
Genetic algorithms for neural networks An introduction.
Testing an individual module
國立陽明大學生資學程 陳虹瑋. Genetic Algorithm Background Fitness function ……. population selection Cross over mutation Fitness values Random cross over.
Subgoal: conduct an in-depth study of critical representation, operator and other choices used for evolutionary program repair at the source code level.
Impact Analysis of Database Schema Changes Andy Maule, Wolfgang Emmerich and David S. Rosenblum London Software Systems Dept. of Computer Science, University.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 19Slide 1 Verification and Validation l Assuring that a software system meets a user's.
Attention Deficit Hyperactivity Disorder (ADHD) Student Classification Using Genetic Algorithm and Artificial Neural Network S. Yenaeng 1, S. Saelee 2.
D Goforth - COSC 4117, fall Note to 4 th year students  students interested in doing masters degree and those who intend to apply for OGS/NSERC.
Class Specification Implementation Graph By: Njume Njinimbam Chi-Chang Sun.
A Genetic Algorithm Approach to Multiple Response Optimization Francisco Ortiz Jr. James R. Simpson Joseph J. Pignatiello, Jr. Alejandro Heredia-Langner.
1 How to Apply Static and Dynamic Analysis in Practice © Software Quality Week ‘97 How to Apply Static and Dynamic Analysis in Practice - Otto Vinter Manager.
Cristian Urs and Ben Riveira. Introduction The article we chose focuses on improving the performance of Genetic Algorithms by: Use of predictive models.
Department of Computer Science A Static Program Analyzer to increase software reuse Ramakrishnan Venkitaraman and Gopal Gupta.
1 Software testing. 2 Testing Objectives Testing is a process of executing a program with the intent of finding an error. A good test case is in that.
Richard Johnson  How can we use the visualization tools we currently have more effectively?  How can the Software Development.
Access Path Selection in a Relational Database Management System Selinger et al.
Placement of Entities in Object-oriented Systems by means of a Single-objective Genetic Algorithm Margaritis Basdavanos Alexander Chatzigeorgiou University.
Meta Optimization Improving Compiler Heuristics with Machine Learning Mark Stephenson, Una-May O’Reilly, Martin Martin, and Saman Amarasinghe MIT Computer.
SCAM Beijing (China)1 The Evolution and Decay of Statically Detected Source Code Vulnerabilities Massimiliano Di Penta Luigi Cerulo Lerina Aversano.
Agenda Introduction Overview of White-box testing Basis path testing
Zorica Stanimirović Faculty of Mathematics, University of Belgrade
Boltzmann Machine (BM) (§6.4) Hopfield model + hidden nodes + simulated annealing BM Architecture –a set of visible nodes: nodes can be accessed from outside.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Design and Implementation.
Applying Genetic Algorithm to the Knapsack Problem Qi Su ECE 539 Spring 2001 Course Project.
Evolving Virtual Creatures & Evolving 3D Morphology and Behavior by Competition Papers by Karl Sims Presented by Sarah Waziruddin.
Evolutionary Art with Multiple Expression Programming By Quentin Freeman.
GAs: why do they sometimes not work? n The coding moves the GA to operate on a different search space --- bad coding might deceive the GA or might slow.
When to Test Less Presented by Lan Guo. Introduction (1) Methods of software testing: functional, coverage, and user-oriented Phases of software testing:
© Negnevitsky, Pearson Education, Lecture 9 Evolutionary Computation: Genetic algorithms Introduction, or can evolution be intelligent? Introduction,
Learning by Simulating Evolution Artificial Intelligence CSMC February 21, 2002.
DYNAMIC FACILITY LAYOUT : GENETIC ALGORITHM BASED MODEL
Automated Patch Generation Adapted from Tevfik Bultan’s Lecture.
Xusheng Xiao North Carolina State University CSC 720 Project Presentation 1.
CASE/Re-factoring and program slicing
1-1 Software Development Objectives: Discuss the goals of software development Identify various aspects of software quality Examine two development life.
“Isolating Failure Causes through Test Case Generation “ Jeremias Rößler Gordon Fraser Andreas Zeller Alessandro Orso Presented by John-Paul Ore.
Genetic Algorithms What is a GA Terms and definitions Basic algorithm.
Software Engineering Research Group, Graduate School of Engineering Science, Osaka University A Slicing Method for Object-Oriented Programs Using Lightweight.
Project 2: Classification Using Genetic Programming Kim, MinHyeok Biointelligence laboratory Artificial.
Routing and Scheduling in Multistage Networks using Genetic Algorithms Advisor: Dr. Yi Pan Chunyan Ji 3/26/01.
Generating Software Documentation in Use Case Maps from Filtered Execution Traces Edna Braun, Daniel Amyot, Timothy Lethbridge University of Ottawa, Canada.
CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.
Software Engineering Saeed Akhtar The University of Lahore.
Program Slicing Techniques CSE 6329 Spring 2013 Parikksit Bhisay
PROGRAMMING TESTING B MODULE 2: SOFTWARE SYSTEMS 22 NOVEMBER 2013.
N- Queens Solution with Genetic Algorithm By Mohammad A. Ismael.
Sporadic model building for efficiency enhancement of the hierarchical BOA Genetic Programming and Evolvable Machines (2008) 9: Martin Pelikan, Kumara.
1 Contents 1. Basic Concepts 2. Algorithm 3. Practical considerations Genetic Algorithm (GA)
A Cooperative Coevolutionary Genetic Algorithm for Learning Bayesian Network Structures Arthur Carvalho
Algorithm Analysis Lakshmish Ramaswamy. What Constitutes Good Software? Code correctness Good design Code reusability OO design can help us in achieving.
Genetic Algorithms. Overview “A genetic algorithm (or GA) is a variant of stochastic beam search in which successor states are generated by combining.
Chapter 10 Chapter 10 Implementing Subprograms. Implementing Subprograms  The subprogram call and return operations are together called subprogram linkage.
1 Comparative Study of two Genetic Algorithms Based Task Allocation Models in Distributed Computing System Oğuzhan TAŞ 2005.
Resource Optimization for Publisher/Subscriber-based Avionics Systems Institute for Software Integrated Systems Vanderbilt University Nashville, Tennessee.
Genetic Algorithm(GA)
Genetic (Evolutionary) Algorithms CEE 6410 David Rosenberg “Natural Selection or the Survival of the Fittest.” -- Charles Darwin.
High Coverage Detection of Input-Related Security Faults
SUDS: An Infrastructure for Creating Bug Detection Tools
Software Testing: A Research Travelogue
The Organizational Impacts on Software Quality and Defect Estimation
Boltzmann Machine (BM) (§6.4)
Presentation transcript:

Improving Network Applications Security: a New Heuristic to Generate Stress Testing Data Presented by Conrad Pack Del Grosso et al

Overview Buffer Overflow problem –Network security –Critical systems Testing to identify/remove vulnerabilities –Combined static and dynamic approach –Static slicing –Genetic algorithms (GAs) in dynamic search New heuristic

Buffer Overflow Incorrect handling of input Data overwritten

Impact of Buffer Overflow Scope –Language variations (C++ vs. Java) –Prevalence of unaudited code Over 50% of vulnerabilities (CERT) Potential harm –Unauthorized access in network/security applications –Serious accidents in critical embedded systems

Overview of Approach

Static Analysis Tools –RatScan (front end to RATS) –Splint Extracted Information –Potentially vulnerable source statements –Call to potentially unsafe functions/libraries –Estimated buffer sizes

Static Slicing Software maintenance technique –“all program code that can in anyway affect the value of a given variable” Inputs and source code relationship –Data dependency –Some inputs not tied to vulnerable statements Tool: CodeSurfer (GrammaTech) Purpose: Search space reduction

Test Case Generation Using GA GA aspects –Chromosome (2 dimensional array) –Crossover/mutation operators (whole/creep) –Fitness function (to follow) –Parameters Number of generations (500) Population size (70) Propagation rules (2 best) Probabilities (p cross = 0.7, p mut = 0.01)

Fitness GA is an optimization problem Three Approaches –Vulnerable coverage fitness –Nesting fitness –Buffer boundary fitness Correlation to crashes alone not enough –Flat landscape –Random search

Vulnerable Coverage Fitness Statement coverage Vulnerable statement coverage Number of vulnerable statement executions Function F(g) = w 1 scov + w 2 log(k) vcov + w 3 crash

Nesting Fitness Unconstrained nodes (graph theory) –Control flow graphs –Do not dominate any node –Do not postdominate any node Often correspond with maximum nesting Function F(g) = w 1 scov + w 2 log(k) vcov + w 3 nesting

Buffer Boundary Fitness Buffer boundaries in fitness calculation –Often difficult to precisely determine –Intended for future implementation Distance from boundary by size estimate –Compile time (can’t always be determined) Function F(g) = w 1 scov + w 2 log(k) vcov + w 3 nesting + w 4 max i {min j (L i,j – SB i )}

Empirical Results Two test programs –White noise generator (scientific application) –FTP client (network application) Random search as a control –Pure random search –GA search with no fitness White noise: fixed initial population FTP: random initial populations

White Noise Generator Results

FTP Client Results

Personal Conclusions Use of Genetic Algorithms in testing is compelling Fitness Heuristic using source code is a valuable concept Useful in large projects Buffer overflow will likely have less importance over time GA assumptions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.