Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler.

Published byAnnabelle Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler."— Presentation transcript:

1 A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler

2 DARPA Aug 2002 2 Agenda n Objectives & Approach n Status n Distributed Traces n Next Steps

3 DARPA Aug 2002 3 Objectives n “First-fault” diagnosis of application mis-behavior (defects, attacks); forensic tracing. n “Always on”: obviate need to replicate failures/attacks. n Fine-grain execution monitoring. n Focus on: n Deployed applications - not just for development, QA phases. n Inside the application - not just externally- visible behavior.

4 DARPA Aug 2002 4 Status n Achievements: n Windows, Solaris C/C++ binary instrumentation technology: fine-grain (instruction-level) high- performance (<5% overhead) execution tracing. n “First-fault” diagnosis of application mis-behavior: “always on” monitoring. n Transitioned as commercial product. n Follow-on/seedling project: n Forensic tracing of distributed applications: multi- process, multi-machine. n Exploring self-healing technologies.

5 DARPA Aug 2002 5 Cross-Thread Interleaving n Previous work: individual processes. n Per-thread history buffers, interleaved through (virtual) timestamps at potential interaction points (thread creation, synch., etc.). Thread 1Thread 2

6 DARPA Aug 2002 6 Distributed Traces n Extend to multiple related processes: n Real timestamps. n Cross-process interaction points: RPC, other IPC (asynchronous messaging, etc.). n Causality: logical identity. Call A A: entry : call C : return B: entry : : return C: entry : : return Call B

7 DARPA Aug 2002 7 Requirements n Functional requirements: n When:get control for “interesting” events, ideally synchronously, in right thread context. n What: know what kind of event happened, with identity, other correlative data. n Partial:shouldn’t have to have whole system instrumented. n Performance: fast enough for production.

8 DARPA Aug 2002 8 Current Implementation n Current status: CoRegisterChannelHook : register IChannelHook interface to receive notifications for client/server send/recv. (Undocumented, but “well-known” :-) n Also can send protocol extension data: causality ids, etc. n Meets goals: When, What, Partial, Performance n Demo…

9 DARPA Aug 2002 9 Issues n “Partial” problem is hard, so how do we fill in missing events/data? n Infer it (state machine, …) n Other instrumentation technologies: n MTS/COM+ instrumentation events: but looks more oriented to external monitors. Lower-level hooking, i.e. within OLE32.DLL. CoRegisterMessageFilter : only calls, not returns? n “Universal Delegator”: wrap all objects.

10 DARPA Aug 2002 10 Next Steps - Dist. Traces n Better causality tracking, visualization n Cross-machine tracing: clock skew! n Can we derive sufficient constrains from causality? E.g send/receive ordering. n Explore “partial” problem: n Different instrumentation technologies and inference techniques.

11 DARPA Aug 2002 11 Self-Healing n Paradigm: o bserve, learn, adapt/heal. n Examples: n “Nanny” process: shoot down and restart. n Garbage collection. n Replace components n... Detection Notification Root- Cause Analysis Self-Healing

Download ppt "A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler."

Similar presentations

REST Introduction 吴海生 博克软件(杭州)有限公司.

REST Introduction 吴海生 博克软件(杭州)有限公司.
© 2007 Eaton Corporation. All rights reserved. LabVIEW State Machine Architectures Presented By Scott Sirrine Eaton Corporation.

© 2007 Eaton Corporation. All rights reserved. LabVIEW State Machine Architectures Presented By Scott Sirrine Eaton Corporation.
Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,

Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,
More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.

More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 4 Instructor: Haifeng YU.

CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 4 Instructor: Haifeng YU.
Remote Procedure Call (RPC)

Remote Procedure Call (RPC)
Trace Analysis Chunxu Tang. The Mystery Machine: End-to-end performance analysis of large-scale Internet services.

Trace Analysis Chunxu Tang. The Mystery Machine: End-to-end performance analysis of large-scale Internet services.
Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.

Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-

Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.

Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.
CMPT 431 Dr. Alexandra Fedorova Lecture VIII: Time And Global Clocks.

CMPT 431 Dr. Alexandra Fedorova Lecture VIII: Time And Global Clocks.
Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.

Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.
CS 582 / CMPE 481 Distributed Systems

CS 582 / CMPE 481 Distributed Systems
Demystifying Architectural Styles Nikunj Mehta 3/11/02Demystifying Architectural Styles2 Agenda Architectural Styles The Alfa Project Architectural framework.

Demystifying Architectural Styles Nikunj Mehta 3/11/02Demystifying Architectural Styles2 Agenda Architectural Styles The Alfa Project Architectural framework.
2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.

2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.
Unified Modeling (Part I) Overview of UML & Modeling

Unified Modeling (Part I) Overview of UML & Modeling
Active Messages: a Mechanism for Integrated Communication and Computation von Eicken et. al. Brian Kazian CS258 Spring 2008.

Active Messages: a Mechanism for Integrated Communication and Computation von Eicken et. al. Brian Kazian CS258 Spring 2008.
CprE 458/558: Real-Time Systems

CprE 458/558: Real-Time Systems
Winter Retreat - 2003 Connecting the Dots: Using Runtime Paths for Macro Analysis Mike Chen, Emre Kıcıman, Anthony Accardi, Armando Fox, Eric Brewer

Winter Retreat Connecting the Dots: Using Runtime Paths for Macro Analysis Mike Chen, Emre Kıcıman, Anthony Accardi, Armando Fox, Eric Brewer
.NET Mobile Application Development Remote Procedure Call.

.NET Mobile Application Development Remote Procedure Call.

Similar presentations

Ads by Google