Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San.

Published byEdmund Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San."— Presentation transcript:

1 The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San Jose, California June 5, 2011

2 Dynamic Security Analysis Finds flaws in programs as they run  Makes programs more robust Insert checks around instructions 2 y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0);

3 z = y * 75 y = x * 1024 w = x + 42 Check w Dynamic Information Flow Tracking 3 validate(x) x = read_input() z = y * 75 y = x * 1024 x = read_input() Input Check z Data Untrusted 1.Inputs are untrusted 2.Propagate untrusted status while executing 3.Check trustedness for safety Only works on current dynamic control path

4 Problem: Dynamic Analyses are Slow 4 2x 150x 400x 200x 100x Assertion CheckingRace Detection DIFT Atomicity Checking Symbolic Execution

5 Dynamic Analysis Sampling 5 Lower overheads by skipping some analyses Complete Analysis No Analysis No Analysis

6 Sampling Allows Distribution 6 Developer Beta TestersEnd Users Many users testing at little overhead see more errors than one user at high overhead.

7 y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0); Sampling Assertion Checking Perform a random subset of checks 1/1000 checks: ~3x slowdown  30% overhead 7 y = x->data; *w += y; z = 75/y; check(y!=0); y = x->data; *w += y; z = 75/y; check(x!=NULL); y = x->data; *w += y; z = 75/y; check(w!=NULL);y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0); Static CodeDynamic #2Dynamic #3Dynamic #1

8 Must sample dataflows instead of instructions 0.1-10% of faults: 10% overhead Sampling DIFT 8

9 Advanced Sampling Techniques Cold region Hypothesis  Sample “cold” code at higher rate New atomicity violation detection  Trace atomic regions and correlate crashes 9

10 Future Research Directions Sampling for more dynamic analyses New types of analyses because of sampling Studies on users slowdown acceptance 10

11 BACKUP SLIDES 11

12 Needed Engineering Efforts Push-button sampling mechanisms for Valgrind, DynamoRIO, Pin, etc. Libraries to integrate bug reporting into analysis tools Back-end infrastructure for handling distributed, sampled bug reports 12

Download ppt "The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San."

Similar presentations

Triage: Diagnosing Production Run Failures at the Users Site Joseph Tucek, Shan Lu, Chengdu Huang, Spiros Xanthos, and Yuanyuan Zhou Department of Computer.

Triage: Diagnosing Production Run Failures at the Users Site Joseph Tucek, Shan Lu, Chengdu Huang, Spiros Xanthos, and Yuanyuan Zhou Department of Computer.
Finding bugs: Analysis Techniques & Tools Comparison of Program Analysis Techniques CS161 Computer Security Cho, Chia Yuan.

Finding bugs: Analysis Techniques & Tools Comparison of Program Analysis Techniques CS161 Computer Security Cho, Chia Yuan.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
Testing and Quality Assurance

Testing and Quality Assurance
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.

Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.

Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.
SE 450 Software Processes & Product Metrics Reliability: An Introduction.

SE 450 Software Processes & Product Metrics Reliability: An Introduction.
Unit 251 Implementation and Integration Implementation Unit Testing Integration Integration Approaches.

Unit 251 Implementation and Integration Implementation Unit Testing Integration Integration Approaches.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.

1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.

Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.

CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
SAGE: Self-Tuning Approximation for Graphics Engines

SAGE: Self-Tuning Approximation for Graphics Engines
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
Software Quality Assurance Lecture #8 By: Faraz Ahmed.

Software Quality Assurance Lecture #8 By: Faraz Ahmed.

Similar presentations

Ads by Google