Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Published byAdam Clarke Modified over 8 years ago

Similar presentations

Presentation on theme: "A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software."— Presentation transcript:

1 A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software

2 The Mission Critical Environment Output Input Operating System SAP COTS Binary The development environment The deployment environment COTS Binary

3 Objective COTS Binary Input Output Operating System SAP To improve the integrity of the deployment environment with COTS software in the presence of attacks, bugs

4 Assumptions and Scope COTS Binary Input Output Operating System SAP Outer security defenses will be breached by attackers Use a practical, systems level approach – execution- time monitoring On COTS program or data corruption, rapidly d- detect problems a- trigger an alarm p- try to protect r- recover

5 Our Approach: Execution-Time Monitoring of COTS through Binary Instrumentation The development environment The deployment environment COTS New Missing source Legacy COTS Binary COTS New Missing source Legacy d- Policy specs for detection d- Heartbeat insertion d- Argument range checks d- Rare code execution/sigs. a- Alarm messages to console p- Defaults for fault tolerance p- Access constraints, redund. r- Logging COTS New Missing source Legacy

6 Drawbacks of Binary Insertion l Specific to a single platform, needs new technology development for different platform l Challenging to relate low-level observable events back to high-level user actions n hard to detect some types of intrusions that only affect data corruption n hard to protect or correct problems at higher semantic levels

7 Three Major Components in the Prototype, Three Major Tasks l Core technology for customizable agent insertion into PC/NT l Anomaly detection and reporting l Rapid recovery and problem pinpointing

8 Selected Risks/Challenges and Mitigation l Core technology for agent insertion into binary n Dealing with real environments – e.g., multithreading and synchronization, in particular, time syncing and monitoring events in a distributed environment n How to minimize runtime overhead – borrow compiler optimization techniques (e.g., steal registers, in ine code, sampling, multilevel checks) n How to deal with unknown relocations, e.g., for dusty decks – incremental control and dataflow analysis; an integrated static and dynamic method l Anomaly detection – can we catch problems without user help? n Runtime comparison against execution path signatures? n State machines for control flow checks (e.g., Abraham) l Rapid recovery and problem pinpointing technology n Third party problems n Can we get data values? Use dataflow analysis and offline simulation to obtain intermediate data values

9 Measures of Success l Core technology for agent insertion into binary: n Can we handle all binaries, DLLs, even dusty decks? n Target: Performance degradation to be under 1 percent l Anomaly detection n What fraction of injected problems can we detect l Rapid recovery technology n Can we cut recovery time significantly? We will measure recovery time with and without n As a bonus, can we catch problems before system goes down? l Build a prototype system, work with real users, and measure

10 Realistic Environments Have Multiple Threads and Modules DLL1 DLL2 T1 T2 T3

11 Multiple Threads – Per-DLL Buffer DLL1 Buffer DLL1 T1 T2 T3 DLL2 DLL2 Buffer TS Lock overhead Contention in SMPs TS Thread IDs

12 Multiple Threads – Per Thread Buffer Timestamps Sequence counter Ids DLL1 DLL2 T1 T2 T3 s4 s1 s2 s3 s s5

13 Multiple Machines? DLL T1, Mx T2, My T3, Mz s1 s2 s3 s4 s How to synchronize efficiently times at a fine grain? How to maintain efficiently a cross-machine counter?

14 Current Progress l Work on NT binary insertion prototype ongoing l Demo of early capability showing n instrumentation n simple recovery log n detecting application has crashed n taking control and n writing out log n user-requested snap-trace for hung or “molasses” mode n information viewer for multithreaded traces n some optimization l Handling multithreading, DLLs imminent – prototyped n needed significant changes to runtime system – leverage shared memory n ongoing thinking on distributed programs l Ongoing thinking on detection capability

15 Summary l A systems approach to COTS Integrity l Approach based on execution-time monitoring using binary insertion l We have an early prototype version of NT binary insertion implemented l We have also successfully instrumented multithreaded programs

Download ppt "A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software."

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
A Binary Agent Technology for COTS Software Integrity Richard Schooler Anant Agarwal InCert Software.

A Binary Agent Technology for COTS Software Integrity Richard Schooler Anant Agarwal InCert Software.
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.

DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.

Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.

The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.
Transient Fault Tolerance via Dynamic Process-Level Redundancy Alex Shye, Vijay Janapa Reddi, Tipp Moseley and Daniel A. Connors University of Colorado.

Transient Fault Tolerance via Dynamic Process-Level Redundancy Alex Shye, Vijay Janapa Reddi, Tipp Moseley and Daniel A. Connors University of Colorado.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
Lock Inference for Systems Software John Regehr Alastair Reid University of Utah March 17, 2003.

Lock Inference for Systems Software John Regehr Alastair Reid University of Utah March 17, 2003.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (http://www.cs.umn.edu/Ajanta/publications.html)http://www.cs.umn.edu/Ajanta/publications.html.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
Ritu Varma Roshanak Roshandel Manu Prasanna

Ritu Varma Roshanak Roshandel Manu Prasanna
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Bending Binary Programs to your Will Rajeev Barua.

Bending Binary Programs to your Will Rajeev Barua.
1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.

1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.
SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.
Bottom-Up Integration Testing After unit testing of individual components the components are combined together into a system. Bottom-Up Integration: each.

Bottom-Up Integration Testing After unit testing of individual components the components are combined together into a system. Bottom-Up Integration: each.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?

Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?

Similar presentations

Ads by Google