A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Slides:

Advertisements

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Advertisements

Presented by Nikita Shah 5th IT ( )

A Binary Agent Technology for COTS Software Integrity Richard Schooler Anant Agarwal InCert Software.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.

Transient Fault Tolerance via Dynamic Process-Level Redundancy Alex Shye, Vijay Janapa Reddi, Tipp Moseley and Daniel A. Connors University of Colorado.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

Lock Inference for Systems Software John Regehr Alastair Reid University of Utah March 17, 2003.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (

Ritu Varma Roshanak Roshandel Manu Prasanna

Chapter 13 Embedded Systems

Bending Binary Programs to your Will Rajeev Barua.

1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

Bottom-Up Integration Testing After unit testing of individual components the components are combined together into a system. Bottom-Up Integration: each.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?

Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.

Success status, page 1 Collaborative learning for security and repair in application communities MIT & Determina AC PI meeting July 10, 2007 Milestones.

A Portable Virtual Machine for Program Debugging and Directing Camil Demetrescu University of Rome “La Sapienza” Irene Finocchi University of Rome “Tor.

Fault and Intrusion Tolerant (FIT) Event Broker & BFT-SMaRt A. Casimiro, D. Kreutz, A. Bessani, J. Sousa, I. Antunes, P. Veríssimo University of Lisboa,

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Bob Gilber, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara RAID 2011,9 報告者：張逸文 1.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

A Binary Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Runtime Refinement Checking of Concurrent Data Structures (the VYRD project) Serdar Tasiran Koç University, Istanbul, Turkey Shaz Qadeer Microsoft Research,

Learning, Monitoring, and Repair in Application Communities Martin Rinard Computer Science and Artificial Intelligence Laboratory Massachusetts Institute.

PMaC Performance Modeling and Characterization Performance Modeling and Analysis with PEBIL Michael Laurenzano, Ananta Tiwari, Laura Carrington Performance.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

Architectural Design Yonsei University 2 nd Semester, 2014 Sanghyun Park.

DARPA Jul A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Secure Systems Research Group - FAU 1 Active Replication Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Issues Autonomic operation (fault tolerance) Minimize interference to applications Hardware support for new operating systems Resource management (global.

1 IA&S IA&S Roadmap and ITS Direction Dr. Jay Lala ITS Program Manager 23 February, 2000.

RELIABILITY ENGINEERING 28 March 2013 William W. McMillan.

Compilers: Overview/1 1 Compiler Structures Objective – –what are the main features (structures) in a compiler? , Semester 1,

Virtual Application Profiler (VAPP) Problem – Increasing hardware complexity – Programmers need to understand interactions between architecture and their.

Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :

Efficient software-based fault isolation Robert Wahbe, Steven Lucco, Thomas Anderson & Susan Graham Presented by: Stelian Coros.

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.

Evaluating the Fault Tolerance Capabilities of Embedded Systems via BDM M. Rebaudengo, M. Sonza Reorda Politecnico di Torino Dipartimento di Automatica.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.

MIT/Determina Application Communities, page 1 Approved for Public Release, Distribution Unlimited - Case 9649 Collaborative learning for security and repair.

Pinpoint: Problem Determination in Large, Dynamic Internet Services Mike Chen, Emre Kıcıman, Eugene Fratkin {emrek,

Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.

Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University.

Introduction to HPC Debugging with Allinea DDT Nick Forrington

Self Recovery in Server Programs The University of California, Riverside Vijay Nagarajan Dennis JeffreyRajiv Gupta International Symposium on Memory Management.

Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.

Speculative execution Landon Cox April 13, Making disk accesses tolerable Basic idea Remove disk accesses from critical path Transform disk latencies.

Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

MadeCR: Correlation-based Malware Detection for Cognitive Radio

Self Healing and Dynamic Construction Framework:

Intrusion Tolerant Systems Workshop: Anomaly Detection Group

Secure Software Development: Theory and Practice

RDE: Replay DEbugging for Diagnosing Production Site Failures

Fault Injection: A Method for Validating Fault-tolerant System

Analysis models and design models

Concurrency: Mutual Exclusion and Process Synchronization

Speculative execution and storage

Software Security.

Co-designed Virtual Machines for Reliable Computer Systems

Design Yaodong Bi.

Outline System architecture Current work Experiments Next Steps

Dynamic Binary Translators and Instrumenters

Presentation transcript:

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software

The Mission Critical Environment Output Input Operating System SAP COTS Binary The development environment The deployment environment COTS Binary

Objective COTS Binary Input Output Operating System SAP To improve the integrity of the deployment environment with COTS software in the presence of attacks, bugs

Assumptions and Scope COTS Binary Input Output Operating System SAP Outer security defenses will be breached by attackers Use a practical, systems level approach – execution- time monitoring On COTS program or data corruption, rapidly d- detect problems a- trigger an alarm p- try to protect r- recover

Our Approach: Execution-Time Monitoring of COTS through Binary Instrumentation The development environment The deployment environment COTS New Missing source Legacy COTS Binary COTS New Missing source Legacy d- Policy specs for detection d- Heartbeat insertion d- Argument range checks d- Rare code execution/sigs. a- Alarm messages to console p- Defaults for fault tolerance p- Access constraints, redund. r- Logging COTS New Missing source Legacy

Drawbacks of Binary Insertion l Specific to a single platform, needs new technology development for different platform l Challenging to relate low-level observable events back to high-level user actions n hard to detect some types of intrusions that only affect data corruption n hard to protect or correct problems at higher semantic levels

Three Major Components in the Prototype, Three Major Tasks l Core technology for customizable agent insertion into PC/NT l Anomaly detection and reporting l Rapid recovery and problem pinpointing

Selected Risks/Challenges and Mitigation l Core technology for agent insertion into binary n Dealing with real environments – e.g., multithreading and synchronization, in particular, time syncing and monitoring events in a distributed environment n How to minimize runtime overhead – borrow compiler optimization techniques (e.g., steal registers, in ine code, sampling, multilevel checks) n How to deal with unknown relocations, e.g., for dusty decks – incremental control and dataflow analysis; an integrated static and dynamic method l Anomaly detection – can we catch problems without user help? n Runtime comparison against execution path signatures? n State machines for control flow checks (e.g., Abraham) l Rapid recovery and problem pinpointing technology n Third party problems n Can we get data values? Use dataflow analysis and offline simulation to obtain intermediate data values

Measures of Success l Core technology for agent insertion into binary: n Can we handle all binaries, DLLs, even dusty decks? n Target: Performance degradation to be under 1 percent l Anomaly detection n What fraction of injected problems can we detect l Rapid recovery technology n Can we cut recovery time significantly? We will measure recovery time with and without n As a bonus, can we catch problems before system goes down? l Build a prototype system, work with real users, and measure

Realistic Environments Have Multiple Threads and Modules DLL1 DLL2 T1 T2 T3

Multiple Threads – Per-DLL Buffer DLL1 Buffer DLL1 T1 T2 T3 DLL2 DLL2 Buffer TS Lock overhead Contention in SMPs TS Thread IDs

Multiple Threads – Per Thread Buffer Timestamps Sequence counter Ids DLL1 DLL2 T1 T2 T3 s4 s1 s2 s3 s s5

Multiple Machines? DLL T1, Mx T2, My T3, Mz s1 s2 s3 s4 s How to synchronize efficiently times at a fine grain? How to maintain efficiently a cross-machine counter?

Current Progress l Work on NT binary insertion prototype ongoing l Demo of early capability showing n instrumentation n simple recovery log n detecting application has crashed n taking control and n writing out log n user-requested snap-trace for hung or “molasses” mode n information viewer for multithreaded traces n some optimization l Handling multithreading, DLLs imminent – prototyped n needed significant changes to runtime system – leverage shared memory n ongoing thinking on distributed programs l Ongoing thinking on detection capability

Summary l A systems approach to COTS Integrity l Approach based on execution-time monitoring using binary insertion l We have an early prototype version of NT binary insertion implemented l We have also successfully instrumented multithreaded programs