Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)

Slides:



Advertisements
Similar presentations
Making the System Operational
Advertisements

Test Automation Success: Choosing the Right People & Process
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.
Winter Retreat Connecting the Dots: Using Runtime Paths for Macro Analysis Mike Chen, Emre Kıcıman, Anthony Accardi, Armando Fox, Eric Brewer
Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.
© DSRG 2001www.cs.agh.edu.pl Cross Grid Workshop - Kraków Krzysztof Zieliński, Sławomir Zieliński University of Mining and Metallurgy {kz,
Types and Techniques of Software Testing
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.
Microsoft ® Official Course Monitoring and Troubleshooting Custom SharePoint Solutions SharePoint Practice Microsoft SharePoint 2013.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
Success status, page 1 Collaborative learning for security and repair in application communities MIT & Determina AC PI meeting July 10, 2007 Milestones.
Introduction to the Enterprise Library. Sounds familiar? Writing a component to encapsulate data access Building a component that allows you to log errors.
Introduction to HP LoadRunner Getting Familiar with LoadRunner >>>>>>>>>>>>>>>>>>>>>>
The Design Discipline.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
Overview of the Database Development Process
Chapter 15 Database Administration and Security
What is Software Engineering? the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software”
ITEC224 Database Programming
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Self-defending software: Automatically patching security vulnerabilities Michael Ernst University of Washington.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Computer Security and Penetration Testing
Web Engineering Web engineering is the process used to create high quality WebApps. Web engineering is not a perfect clone of software engineering. But.
Identify steps for understanding and solving the
Learning, Monitoring, and Repair in Application Communities Martin Rinard Computer Science and Artificial Intelligence Laboratory Massachusetts Institute.
Event Management & ITIL V3
A performance evaluation approach openModeller: A Framework for species distribution Modelling.
Information System Development Courses Figure: ISD Course Structure.
Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.
Oracle Data Integrator Procedures, Advanced Workflows.
Determina DARPA PI meeting Page 2Confidential © Determina, Inc. Agenda LiveShield –Product and Technology –Current Status Applications to Application.
Self-defending software: Automatically patching errors in deployed software Michael Ernst University of Washington Joint work with: Saman Amarasinghe,
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.
System Implementation. © 2011 Pearson Education, Inc. Publishing as Prentice Hall 2 Chapter 13 FIGURE 13-1 Systems development life cycle with the implementation.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Creating SmartArt 1.Create a slide and select Insert > SmartArt. 2.Choose a SmartArt design and type your text. (Choose any format to start. You can change.
Application Communities Phase II Technical Progress, Instrumentation, System Design, Plans March 10, 2009.
Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Welcome.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Paper by: James Newsome and Dawn Song.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
Self-defending software: Collaborative learning for security and repair Michael Ernst MIT Computer Science & AI Lab.
Global ADC Job Monitoring Laura Sargsyan (YerPhI).
Dynamic Tuning of Parallel Programs with DynInst Anna Morajko, Tomàs Margalef, Emilio Luque Universitat Autònoma de Barcelona Paradyn/Condor Week, March.
MIT/Determina Application Communities, page 1 Approved for Public Release, Distribution Unlimited - Case 9649 Collaborative learning for security and repair.
Michael Ernst, page 1 Application Communities: Next steps MIT & Determina October 2006.
Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Conclusion.
Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF CC Monitoring I.Fedorko on behalf of CF/ASI 18/02/2011 Overview.
LOAD RUNNER. Product Training Load Runner 3 Examples of LoadRunner Performance Monitors Internet/Intranet Database server App servers Web servers Clients.
CERN - IT Department CH-1211 Genève 23 Switzerland t Service Level & Responsibilities Dirk Düllmann LCG 3D Database Workshop September,
Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
SQL Database Management
Application Communities
TrueSight Operations Management 11.0 Architecture
Overview – SOE PatchTT November 2015.
Overview – SOE PatchTT December 2013.
Provisioning of RAC Database on configured Stack
CompSci 725 Presentation by Siu Cho Jun, William.
Klopotek is transitioning to a Global Organization
Outline System architecture Experiments
Outline System architecture Current work Experiments Next Steps
Presentation transcript:

Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)

2 11/20/2008Greg Sullivan AC2 Project Plan Overview – Tasks for Phase II Instrumentation for learning. Collect profiles of normal behavior Learning automation Scripting, collecting Grammar for context-sensitive call profile properties Monitors for call profile invariant violations Lightweight. Return context of violation Repairs for call profile invariant violations AC Runtime System Server: Invariant DB, tracks, installs patches (instrumentation, monitors, repairs), analyzes repair effectiveness. Workstation: accepts incoming patches, local invariant collection, logs invariant violations. Exploit (re)creation Can be very costly Red Team interaction Agreement on metrics, experiment protocol, attacks in bounds.

3 11/20/2008Greg Sullivan AC2 Project Plan Instrumentation for Learning Instrumentation for Learning Context-Sensitive Traces Parameterized: Which functions to trace calls to. Which regions of app to trace calls from. How much context to include for each call. Stack depth Stack and other memory data. Implement “shadow stack” Account for inconsistent calling conventions. Challenge: limiting / tuning amount of data sent to learning component. Challenge: limiting # of “compound program points”. Have types for system functions, but not application functions. Identify tracing technology. Distributed tracing – distribute tracing burden across community. Traced data determined by property grammar from learning component.

4 11/20/2008Greg Sullivan AC2 Project Plan Learning Automation Learning Harness Script / Automate learning phase Inject tracers, collect data, invoke learning components. Grammar for context-sensitive call profile properties Add support for compound program points Add properties to the grammar

5 11/20/2008Greg Sullivan AC2 Project Plan Monitors for call profile invariant violations Application-Specific Attack/Vulnerability Detection Construct lightweight detectors based on property violations. When triggered, will send complete context. Repairs for call profile invariant violations Generate repairs Distribute repairs Evaluate repair effectiveness.

6 11/20/2008Greg Sullivan AC2 Project Plan Phase II Infrastructure – AC Server In phase 2, replacing Determina “liveshield” functionality. Can re-use some logic of “protection manager” from phase 1. Some lessons learned from repair generation and effectiveness analysis AC Workstation registration and management What/where are AC members, what software running, what patches applied? Patch construction (Trace, Monitor, Repair) Patch distribution and installation Includes AC Workstation component Robust, secure transfer of large amounts of data Server ↔ Workstation

7 11/20/2008Greg Sullivan AC2 Project Plan Phase II Infrastructure – AC Workstation On startup, register with AC Server Listen for Application start up Patches to apply? Incoming patches Communicate info from patches to server Trace data, during learning phase Attack data: invariant violated + context. Repair data: repair patch executed.

8 11/20/2008Greg Sullivan AC2 Project Plan Phase II Tasks – Exploit Re-creation Can be very time consuming For lots of reasons: Some submitted exploits are not published. Stack/memory corruption is sufficient to be a security vulnerability, even if no POC. Many exploits are probabilistic.

9 11/20/2008Greg Sullivan AC2 Project Plan Phase II Tasks – Red Team Interaction Negotiate details of Red Team Exercise with Red Team and DARPA. Characterize vulnerabilities in scope. Agree on metrics. Phase II Tasks – Misc. Tools Patch creation templates. Parameterized patch creation, code generation, compilation.

10 11/20/2008Greg Sullivan AC2 Project Plan AIT and MIT Tasking and Coordination AIT Work with MIT in discussions with Red Team Lead development of infrastructure AC Server AC Workstation Learning Harness Patch generation, distribution, and installation tools. Work with MIT to parallelize and “incrementalize” Daikon. Work with MIT to choose instrumentation / patching tech. MIT Lead definition of grammar for context-sensitive call invariants. Lead creation of candidate repair patches (using patch tools from AIT). Work with AIT on exploit re-creation

11 11/20/2008Greg Sullivan AC2 Project Plan END

12 11/20/2008Greg Sullivan AC2 Project Plan Backup Slides

13 11/20/2008Greg Sullivan AC2 Project Plan Notes Considering alternatives to DynamoRIO. PIN, Dyninst, Adaptive tracing. In/De-creasing amount of tracing, incl. stack depth, parameter info, etc.

14 11/20/2008Greg Sullivan AC2 Project Plan Application + Tracing DynamoRIO Daikon Invariant Learning Invariant Database Binary Invariant Learning Vulnerability Detection Application + Detection DynamoRIO Detector Construction Invariant-based detectors traces invariants Monitor Construction alarms invariants Application + Monitors DynamoRIO Invariant-based monitors Invariant-Attack Correlation, Repair Construction Application + Repairs DynamoRIO Invariant-Attack Correlation Alarms, Invariant violations Candidate repairs invariants Repair Analysis, Validation Repair Analysis Alarms, Invariant violations Repaired Application + Detection DynamoRIO Validated Repair Repair Construction correlates

15 11/20/2008Greg Sullivan AC2 Project Plan Application Communities Phase II Goal: Turn software monoculture into a strength instead of a weakness Use set of executing applications to detect & repair bugs & attacks Phase II technical approach Learn models of “normal” execution Detect model violations Diagnosis: correlate model violations with possible sources (attacks, bugs) “Repair” incorrect behavior Code injection to trace, monitor, & repair applications in network Testing in native windows binaries Applied to SW security & reliability 12 Months Code Injection Tracing for learning Model-based monitors: Error detectors Invariant violation Model-based repairs Models Detection Diagnosis Repair Model Learning Monitoring Data Nominal behavior Model violation Attack/bug invariant correlation Repair efficacy Software Monoculture Normal Behavior Attack-Invariant Correlation Repair Efficacy

16 11/20/2008Greg Sullivan AC2 Project Plan AC Server Components Invariant Database Daikon Repair Strategies Invariant Patterns Protection Manager Repair Generator Invariant Monitor Generator Trace Generator … Application Community Patched Application AC Server

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.