Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.

Published byLoren Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler."— Presentation transcript:

1 A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler

2 DARPA Mar 2002 2 Agenda n Objectives & Approach n Prototype n Recent Work n User Experience n Next Steps

3 DARPA Mar 2002 3 Objectives n “First-fault” diagnosis of application mis- behavior (defects, attacks). n “Always on”: obviate need to replicate failures. n Fine-grain execution monitoring. n Focus on: n Deployed applications - not just for development, QA phases. n Inside the application - not just externally- visible behavior.

4 DARPA Mar 2002 4 Approach n Approach: n Run-time execution monitoring. n Binary instrumentation to inject probes into release-built executables. n Targets & Assumptions: n Similarity between explicit attacks and accidental faults. n Assume system-level mechanisms in-place - not guarding against replacement of entire executable, compromise of OS, etc.

5 DARPA Mar 2002 5 Prototype Tasks n Core technology for customizable agent insertion into Windows NT/2000/XP and SPARC/Solaris. n Anomaly detection and reporting. n Rapid recovery and problem pinpointing.

6 DARPA Mar 2002 6 Major Components Snapshot Files Trace Reconstruction Trace Reconstruction Block sequence User logging Post-Mortem info Map Files Instrumentation Engine Instrumentation Engine Executables Instrumented Executables Instrumented Executables Block->Address Map Debug Info Debug Info Address Line Map Source Module Name Trace (XML) Trace (XML) Source Line/Module Thread Annotations Platform- dependent interface Service Runtime

7 DARPA Mar 2002 7 User Interface

8 DARPA Mar 2002 8 Configuration

9 DARPA Mar 2002 9 Recent Work n Solaris instrumentation & runtime. n User deployments. n Performance measurement.

10 DARPA Mar 2002 10 Solaris Implementation n New binary platform: SPARC ISA (delay slots, register windows), COFF format, ELF/STAB debug format, Solaris signal interface, TSD, etc. n Compilers: Forte (SunPro) C/C++ & gcc C. n Some new issues: n 64 bit support. n How to hook runtime (interposition via LD_PRELOAD). n How to get relocation info (no /fixed:no). n Balance between using Solaris-specific features, and staying generic-Unix-portable.

11 DARPA Mar 2002 11 User Experience n Complex, multi-component application architecture. E.g., pharmaceutical trials ASP: Deployed on 100s of servers! IIS Data- base Custom Service DLL Handled exception: HTTP HTML MTS

12 DARPA Mar 2002 12 Performance n Typical scenario: business application n Custom business application logic is instrumented. n Runs on stock framework (application server, OS, database, etc.) n Relevant metrics are end-to-end transaction throughput, latency. n Results: n Range from imperceptible up to ~10% n Matches “5%” threshold most enterprises quote to go into production deployment.

13 DARPA Mar 2002 13 Next Steps n Distributed application architectures: n Multiple machines. n Multiple technologies. n Larger-scale deployment issues: n Analysis/correlation across many application traces. n Clusters and server farms.

14 DARPA Mar 2002 14 Combined Trace

Download ppt "A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler."

Similar presentations

Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Implementation Architecture

Implementation Architecture
A Binary Agent Technology for COTS Software Integrity Richard Schooler Anant Agarwal InCert Software.

A Binary Agent Technology for COTS Software Integrity Richard Schooler Anant Agarwal InCert Software.
DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.

DARPA OASIS PI Meeting – Santa Fe – July 24-27, 2001Slide 1 Aegis Research Corporation Not for Public Release Survivability Validation Framework for Intrusion.
Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.

Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.
Enhanced visibility with Actional and Sonic ESB Frank Beusenberg Applied Technology Consultant Mahesh Nair Software Architect Kim Palko Sr. Product Manager.

Enhanced visibility with Actional and Sonic ESB Frank Beusenberg Applied Technology Consultant Mahesh Nair Software Architect Kim Palko Sr. Product Manager.
Chapter 10 Performance and Reliability. Objectives Explain performance, workload, throughput, capacity, response time, and latency Describe a process.

Chapter 10 Performance and Reliability. Objectives Explain performance, workload, throughput, capacity, response time, and latency Describe a process.
Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.

Approaches to EJB Replication. Overview J2EE architecture –EJB, components, services Replication –Clustering, container, application Conclusions –Advantages.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
Microsoft® Desktop Deployment Assistance Program 4: SMS OS Deployment Feature Pack Thomas Lee Chief Technologist QA plc

Microsoft® Desktop Deployment Assistance Program 4: SMS OS Deployment Feature Pack Thomas Lee Chief Technologist QA plc
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem
Loupe /loop/ noun a magnifying glass used by jewelers to reveal flaws in gems. a logging and error management tool used by.NET teams to reveal flaws in.

Loupe /loop/ noun a magnifying glass used by jewelers to reveal flaws in gems. a logging and error management tool used by.NET teams to reveal flaws in.
Performance Testing Design By Omri Lapidot Symantec Corporation Mobile: 0544-497179 At SIGiST Israel Meeting November 2007.

Performance Testing Design By Omri Lapidot Symantec Corporation Mobile: At SIGiST Israel Meeting November 2007.
Passage Three Introduction to Microsoft SQL Server 2000.

Passage Three Introduction to Microsoft SQL Server 2000.
Apache Jakarta Tomcat 20041058 Suh, Junho. Road Map Tomcat Overview Tomcat Overview History History What is Tomcat? What is Tomcat? Servlet Container.

Apache Jakarta Tomcat Suh, Junho. Road Map Tomcat Overview Tomcat Overview History History What is Tomcat? What is Tomcat? Servlet Container.
Understanding and Managing WebSphere V5

Understanding and Managing WebSphere V5
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.
M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,
Introduction to the Enterprise Library. Sounds familiar? Writing a component to encapsulate data access Building a component that allows you to log errors.

Introduction to the Enterprise Library. Sounds familiar? Writing a component to encapsulate data access Building a component that allows you to log errors.

Similar presentations

Ads by Google