A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.

Slides:

Advertisements

Similar presentations

Welcome to Middleware Joseph Amrithraj

Advertisements

Implementation Architecture

A Binary Agent Technology for COTS Software Integrity Richard Schooler Anant Agarwal InCert Software.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.

Enhanced visibility with Actional and Sonic ESB Frank Beusenberg Applied Technology Consultant Mahesh Nair Software Architect Kim Palko Sr. Product Manager.

Chapter 10 Performance and Reliability. Objectives Explain performance, workload, throughput, capacity, response time, and latency Describe a process.

Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Microsoft® Desktop Deployment Assistance Program 4: SMS OS Deployment Feature Pack Thomas Lee Chief Technologist QA plc

Course Instructor: Aisha Azeem

Loupe /loop/ noun a magnifying glass used by jewelers to reveal flaws in gems. a logging and error management tool used by.NET teams to reveal flaws in.

Performance Testing Design By Omri Lapidot Symantec Corporation Mobile: At SIGiST Israel Meeting November 2007.

Passage Three Introduction to Microsoft SQL Server 2000.

Apache Jakarta Tomcat Suh, Junho. Road Map Tomcat Overview Tomcat Overview History History What is Tomcat? What is Tomcat? Servlet Container.

Understanding and Managing WebSphere V5

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

Introduction to the Enterprise Library. Sounds familiar? Writing a component to encapsulate data access Building a component that allows you to log errors.

Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.

Christopher Jeffers August 2012

Framework for Automated Builds Natalia Ratnikova CHEP’03.

Using the WDK for Windows Logo and Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.

Networked Application Architecture Design. Application Building Blocks Application Software Data Infrastructure Software Local Area Network Server Desktop.

Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.

CS525: Special Topics in DBs Large-Scale Data Management Hadoop/MapReduce Computing Paradigm Spring 2013 WPI, Mohamed Eltabakh 1.

Honeypot and Intrusion Detection System

Web Application Firewall (WAF) RSA ® Conference 2013.

A Binary Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Hadoop/MapReduce Computing Paradigm 1 Shirish Agale.

Architecting Web Services Unit – II – PART - III.

Part II - Microsoft ® Project 2000 Enterprise Deployment Templates.

© 2009 IBM Corporation Best Practices in making production - grade applications -A Performance Architect’s View Archanaa Panda, Bharathraj – IBM, HiPODS,

Middleware for FIs Apeego House 4B, Tardeo Rd. Mumbai Tel: Fax:

DARPA Jul A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Instrumentation in Software Dynamic Translators for Self-Managed Systems Bruce R. Childers Naveen Kumar, Jonathan Misurda and Mary.

SONIC-3: Creating Large Scale Installations & Deployments Andrew S. Neumann Principal Engineer, Progress Sonic.

Framework for MDO Studies Amitay Isaacs Center for Aerospace System Design and Engineering IIT Bombay.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

© 2006, National Research Council Canada © 2006, IBM Corporation Solving performance issues in OTS-based systems Erik Putrycz Software Engineering Group.

CS525: Big Data Analytics MapReduce Computing Paradigm & Apache Hadoop Open Source Fall 2013 Elke A. Rundensteiner 1.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

DAT300 SQL Server Notification Services: Application Development Ken Henderson Technical Lead, SQL Server Support Microsoft Corporation

Jorke Odolphi Product Technology Specialist WebCentral Using Microsoft Operations Manager To Monitor And Maintain Your Farm.

Hadoop/MapReduce Computing Paradigm 1 CS525: Special Topics in DBs Large-Scale Data Management Presented By Kelly Technologies

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

By Ruizhe Ma, Avinash Madineni Sidoine Lafleur Kamgang Nov,

Module 1: Introduction to Microsoft SQL Server Reporting Services

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.

EJB Enterprise Java Beans JAVA Enterprise Edition

Pinpoint: Problem Determination in Large, Dynamic Internet Services Mike Chen, Emre Kıcıman, Eugene Fratkin {emrek,

Introduction to ASP.NET development. Background ASP released in 1996 ASP supported for a minimum 10 years from Windows 8 release ASP.Net 1.0 released.

Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

E2G Web Services E2G Scripts and Methods E2G Domain Logic E2G Domain Logic Client Custom Scripts and Methods Client Custom Scripts and Methods E2G Rules.

Towards a High Performance Extensible Grid Architecture Klaus Krauter Muthucumaru Maheswaran {krauter,

Distributed Systems Architectures. Topics covered l Client-server architectures l Distributed object architectures l Inter-organisational computing.

Chapter Goals Describe the application development process and the role of methodologies, models, and tools Compare and contrast programming language generations.

Chapter 4: Multithreaded Programming

Architecting Web Services

Consulting Services JobScheduler Architecture Decision Template

Chapter 4: Multithreaded Programming

Architecting Web Services

Processes The most important processes used in Web-based systems and their internal organization.

Analysis models and design models

Module 10: Implementing Managed Code in the Database

Co-designed Virtual Machines for Reliable Computer Systems

Presentation transcript:

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler

DARPA Mar Agenda n Objectives & Approach n Prototype n Recent Work n User Experience n Next Steps

DARPA Mar Objectives n “First-fault” diagnosis of application mis- behavior (defects, attacks). n “Always on”: obviate need to replicate failures. n Fine-grain execution monitoring. n Focus on: n Deployed applications - not just for development, QA phases. n Inside the application - not just externally- visible behavior.

DARPA Mar Approach n Approach: n Run-time execution monitoring. n Binary instrumentation to inject probes into release-built executables. n Targets & Assumptions: n Similarity between explicit attacks and accidental faults. n Assume system-level mechanisms in-place - not guarding against replacement of entire executable, compromise of OS, etc.

DARPA Mar Prototype Tasks n Core technology for customizable agent insertion into Windows NT/2000/XP and SPARC/Solaris. n Anomaly detection and reporting. n Rapid recovery and problem pinpointing.

DARPA Mar Major Components Snapshot Files Trace Reconstruction Trace Reconstruction Block sequence User logging Post-Mortem info Map Files Instrumentation Engine Instrumentation Engine Executables Instrumented Executables Instrumented Executables Block->Address Map Debug Info Debug Info Address Line Map Source Module Name Trace (XML) Trace (XML) Source Line/Module Thread Annotations Platform- dependent interface Service Runtime

DARPA Mar User Interface

DARPA Mar Configuration

DARPA Mar Recent Work n Solaris instrumentation & runtime. n User deployments. n Performance measurement.

DARPA Mar Solaris Implementation n New binary platform: SPARC ISA (delay slots, register windows), COFF format, ELF/STAB debug format, Solaris signal interface, TSD, etc. n Compilers: Forte (SunPro) C/C++ & gcc C. n Some new issues: n 64 bit support. n How to hook runtime (interposition via LD_PRELOAD). n How to get relocation info (no /fixed:no). n Balance between using Solaris-specific features, and staying generic-Unix-portable.

DARPA Mar User Experience n Complex, multi-component application architecture. E.g., pharmaceutical trials ASP: Deployed on 100s of servers! IIS Data- base Custom Service DLL Handled exception: HTTP HTML MTS

DARPA Mar Performance n Typical scenario: business application n Custom business application logic is instrumented. n Runs on stock framework (application server, OS, database, etc.) n Relevant metrics are end-to-end transaction throughput, latency. n Results: n Range from imperceptible up to ~10% n Matches “5%” threshold most enterprises quote to go into production deployment.

DARPA Mar Next Steps n Distributed application architectures: n Multiple machines. n Multiple technologies. n Larger-scale deployment issues: n Analysis/correlation across many application traces. n Clusters and server farms.

DARPA Mar Combined Trace