Presentation is loading. Please wait.

Presentation is loading. Please wait.

DARPA Jul 2001 1 A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.

Published byMorgan Fields Modified over 8 years ago

Similar presentations

Presentation on theme: "DARPA Jul 2001 1 A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software."— Presentation transcript:

1 DARPA Jul 2001 1 A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software

2 DARPA Jul 2001 2 Agenda n Objectives & Approach n Prototype n Progress: n Robustness n Fine-Grain Application Monitoring n Solaris Investigation n Integration Opportunities

3 DARPA Jul 2001 3 Objectives & Approach n Focus on: n Deployed applications - not just for development, QA phases. n Inside the application - not just externally- visible behavior. n Approach: n Run-time execution monitoring. n Binary instrumentation to inject probes into release-built executables.

4 DARPA Jul 2001 4 Targets & Assumptions n Similarity between explicit attacks and accidental faults. n Assume system-level mechanisms in- place - not guarding against replacement of entire executable, compromise of OS, etc.

5 DARPA Jul 2001 5 Major Tasks: n Three Major Components in the Prototype: n Core technology for customizable agent insertion into Windows NT. (And now Solaris.) n Anomaly detection and reporting. n Rapid recovery and problem pinpointing.

6 DARPA Jul 2001 6 AGENT test al,0x3 jnz 0x1143 AGENT add ebx,ecx jc 0x1101 AGENT shr edx,0x1 add ebx,edx AGENT test al,0x3 jnz 0x1143 AGENT inc eax add ecx,edi add edx,esi cmp eax,0xa 1 2 3 4 5...1245 while ((c = ++ci)) { INSTRUCTION_ITERATOR ii = c->Instructions(); while ((inst = ++ii)) inst->Lift(null_state); while ((inst = ++ii)) inst->Lift(null_state); while ((c = ++ci)) { INSTRUCTION_ITERATOR ii = c->Instructions(); while ((inst = ++ii)) inst->Lift(null_state); while ((inst = ++ii)) inst->Lift(null_state); Binary Instrumentation n At each code block, record progress of program execution. n Snap program/system state based on policy/action.

7 DARPA Jul 2001 7 Major Components Snapshot Files Trace Reconstruction Trace Reconstruction Block sequence User logging Post-Mortem info Map Files Instrumentation Engine Instrumentation Engine Executables Instrumented Executables Instrumented Executables Block->Address Map Debug Info Debug Info Address Line Map Source Module Name Trace (XML) Trace (XML) Source Line/Module Thread Annotations Platform- dependent interface Service Runtime

8 DARPA Jul 2001 8 User Interface

9 DARPA Jul 2001 9 Robustness n Our runtime failures should not bring down the user’s application! n We should be robust in the face of both our own bugs, and external problems, like running out of memory or disk space.

10 DARPA Jul 2001 10 Robustness, cont. n Some techniques: n Limit usage of and interference with user-level facilities, like malloc, higher-level file IO, even stack allocation. n Exception handling. (But watch out for nested exceptions from exception-handling context…) n Desperation buffers. n Lock ordering to avoid deadlocking with user code.

11 DARPA Jul 2001 11 Runtime Architecture Instrumented Application Instrumented Application Service Snap requests * Register with service Read initial options Event notification * InCert runtime buffers Trace Memory Dump Environmental Info (XML) Snapshot file User Extensio n DLL SNMP e-mail SMTP trap HTTP FTP etc. Attack!

12 DARPA Jul 2001 12 Service Functionality n File Management - compression n Notification & transportation n Heartbeat: is instrumented application still alive? (Auto-notify, and even auto-kill!) n Investigating: n Monitor distributed applications n Monitor un-instrumented components.

13 DARPA Jul 2001 13 Fine-Grain Application Monitor

14 DARPA Jul 2001 14 Solaris Investigation n New binary platform: SPARC ISA (delay slots, register windows), COFF format, ELF/STAB debug format, Solaris signal interface, TSD, etc. n Compilers: Forte (SunPro) & gcc. n Some new issues: n 64 bit support. n How to hook runtime (LD_PRELOAD). n How to get relocation info (no /fixed:no). n Interposition (vs. Detours). n Balance between using Solaris-specific features, and staying generic-Unix-portable.

15 DARPA Jul 2001 15 Integration Opportunities n Implementation mechanism for higher-level policies: n Currently hard-wired to trace & snap. n Would like user to be able to specify other policies, triggers and actions: pattern-action language, security automata, etc. n Integration with full-system monitoring: n OS-level (e.g kernel, system call hooking) n Middleware, Scripting languages n Network, Database

Download ppt "DARPA Jul 2001 1 A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software."

Similar presentations

A Binary Agent Technology for COTS Software Integrity Richard Schooler Anant Agarwal InCert Software.

A Binary Agent Technology for COTS Software Integrity Richard Schooler Anant Agarwal InCert Software.
More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.

More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.
ActiveXperts Network Monitor Monitors servers, workstations and devices for availability Alerts and corrects.

ActiveXperts Network Monitor Monitors servers, workstations and devices for availability Alerts and corrects.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
Last update: August 9, 2002 CodeTest Embedded Software Verification Tools By Advanced Microsystems Corporation.

Last update: August 9, 2002 CodeTest Embedded Software Verification Tools By Advanced Microsystems Corporation.
Threads. Objectives To introduce the notion of a thread — a fundamental unit of CPU utilization that forms the basis of multithreaded computer systems.

Threads. Objectives To introduce the notion of a thread — a fundamental unit of CPU utilization that forms the basis of multithreaded computer systems.
Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.

Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.
Threads.

Threads.
Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-

Threads, SMP, and Microkernels Chapter 4. Process Resource ownership - process is allocated a virtual address space to hold the process image Scheduling/execution-
Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science

Using DSVM to Implement a Distributed File System Ramon Lawrence Dept. of Computer Science
Computer Systems/Operating Systems - Class 8

Computer Systems/Operating Systems - Class 8
Modified from Silberschatz, Galvin and Gagne ©2009 Lecture 7 Chapter 4: Threads (cont)

Modified from Silberschatz, Galvin and Gagne ©2009 Lecture 7 Chapter 4: Threads (cont)
Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.

Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.
Threads 1 CS502 Spring 2006 Threads CS-502 Spring 2006.

Threads 1 CS502 Spring 2006 Threads CS-502 Spring 2006.
Process Management. External View of the OS Hardware fork() CreateProcess() CreateThread() close() CloseHandle() sleep() semctl() signal() SetWaitableTimer()

Process Management. External View of the OS Hardware fork() CreateProcess() CreateThread() close() CloseHandle() sleep() semctl() signal() SetWaitableTimer()
Ritu Varma Roshanak Roshandel Manu Prasanna

Ritu Varma Roshanak Roshandel Manu Prasanna
Chapter 6 Implementing Processes, Threads, and Resources.

Chapter 6 Implementing Processes, Threads, and Resources.
1 I/O Management in Representative Operating Systems.

1 I/O Management in Representative Operating Systems.
Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.

Silberschatz, Galvin and Gagne ©2009Operating System Concepts – 8 th Edition Chapter 4: Threads.

Similar presentations

Ads by Google