Automated Tracing and Visualization of Software Security Structure and Properties Symposium on Visualization for Cyber Security 2012 (VizSec’12) Seattle,

Slides:



Advertisements
Similar presentations
Self-Propelled Instrumentation Alex Mirgorodskiy Barton Miller Computer Sciences Department University.
Advertisements

GENI Experiment Control Using Gush Jeannie Albrecht and Amin Vahdat Williams College and UC San Diego.
Paradyn Project Paradyn / Dyninst Week College Park, Maryland March 26-28, 2012 Self-propelled Instrumentation Wenbin Fang.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.
Distributed Self-Propelled Instrumentation Alex Mirgorodskiy VMware, Inc. Barton P. Miller University of Wisconsin-Madison.
Sixth Hour Lecture 10:30 – 11:20 am, September 9 Framework for a Software Management Process – Artifacts of the Process (Part II, Chapter 6 of Royce’ book)
System Center Configuration Manager Push Software By, Teresa Behm.
2008/03/25 Unified Modeling Lanauage 1 Introduction to Unified Modeling Language (UML) – Part One Ku-Yaw Chang Assistant Professor.
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Task Scheduling and Distribution System Saeed Mahameed, Hani Ayoub Electrical Engineering Department, Technion – Israel Institute of Technology
Debugging code with limited system resource. Minheng Tan Oct
11.1 Lecture 11 CASE tools IMS Systems Design and Implementation.
Objectives Explain the purpose and various phases of the traditional systems development life cycle (SDLC) Explain when to use an adaptive approach to.
SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.
SE-565 Software System Requirements More UML Diagrams.
1 Business Intelligence: Report Creation and Automation Using Business Objects Dylan Black University of Wisconsin – Platteville
Maintaining and Updating Windows Server 2008
Architectural Design.
Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.
Operating Systems Operating System
The Design Discipline.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.
Appendix 2 Automated Tools for Systems Development © 2006 ITT Educational Services Inc. SE350 System Analysis for Software Engineers: Unit 2 Slide 1.
2Object-Oriented Analysis and Design with the Unified Process Objectives  Explain the purpose and various phases of the traditional systems development.
Design of a Collaborative System Minjun Wang Department of Electrical Engineering and Computer Science Syracuse University, U.S.A
Siemens Power Generation, Instrumentation &Controls
WEB-BASED DEAL LOG DATABASE PROJECT REVIEW Presented to SHEPHERD VENTURES By Sylvia Szubrycht.
Computer & Network Security
Software Engineering for Business Information Systems (sebis) Department of Informatics Technische Universität München, Germany wwwmatthes.in.tum.de Data-Parallel.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Other Topics RPC & Middleware.
1 Chapter 38 RPC and Middleware. 2 Middleware  Tools to help programmers  Makes client-server programming  Easier  Faster  Makes resulting software.
1 1 Vulnerability Assessment of Grid Software Jim Kupsch Associate Researcher, Dept. of Computer Sciences University of Wisconsin-Madison Condor Week 2006.
Lecture 3: Visual Modeling & UML 1. 2 Copyright © 1997 by Rational Software Corporation Computer System Business Process Order Item Ship via “ Modeling.
OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.
Analysis Of Stripped Binary Code Laune Harris University of Wisconsin – Madison
Contents 1.Introduction, architecture 2.Live demonstration 3.Extensibility.
Windows 2000 Course Summary Computing Department, Lancaster University, UK.
1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Paul Butterworth Management Technology Architect
Has Agent Scripting Got You FRUSTRATED?. Agent Scripting Simplified!
Microsoft Management Seminar Series SMS 2003 Change Management.
PRESENTATION 2 Sri Raguraman CIS 895 Kansas State University.
Root Cause Analysis of Failures in Large-Scale Computing Environments Alex Mirgorodskiy, University of Wisconsin Naoya Maruyama, Tokyo.
© 2006, National Research Council Canada © 2006, IBM Corporation Solving performance issues in OTS-based systems Erik Putrycz Software Engineering Group.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Communicating Visually with Visio Gini Courter Annette Marquis.
Copyright 2002 Prentice-Hall, Inc. Chapter 4 Automated Tools for Systems Development 4.1 Modern Systems Analysis and Design.
1 Technical & Business Writing (ENG-715) Muhammad Bilal Bashir UIIT, Rawalpindi.
Dynamic Instrumentation of Loops in Paradyn & Dyninst Eli Collins Computer Sciences Department University of Wisconsin-Madison Madison,
1 Chapter 38 RPC and Middleware. 2 Middleware  Tools to help programmers  Makes client-server programming  Easier  Faster  Makes resulting software.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
.NET Mobile Application Development XML Web Services.
13/July/1999Third USENIX Windows NT Symposium1 Detours: Binary Interception of Win32 Functions Galen Hunt and Doug Brubacher Systems and Networking Group.
Tolerating Intrusions Through Secure System Reconfiguration Dennis Heimbigner and Alexander Wolf University of Colorado at Boulder John Knight University.
EMEA Beat Schwegler Architect Microsoft EMEA HQ Ingo Rammer Principal Consultant thinktecture
Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)
ECpE Student Database Team 21 Adviser: Tien Nguyen ECpE and Tony Moore.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Data Management: Data Processing Types of Data Processing at USGS There are several ways to classify Data Processing activities at USGS, and here are some.
CloudKit 365 Office 365 reporting made easy. Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in Acceleratio.
Maintaining and Updating Windows Server 2008 Lesson 8.
Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.
Manuel Brugnoli, Elisa Heymann UAB
CompSci 725 Presentation by Siu Cho Jun, William.
Business System Development
Software System Engineering
Software System Engineering
Presentation transcript:

Automated Tracing and Visualization of Software Security Structure and Properties Symposium on Visualization for Cyber Security 2012 (VizSec’12) Seattle, WA, USA Oct. 15, 2012 Wenbin Fang, Barton P. Miller, and James A. Kupsch Computer Sciences Department University of Wisconsin-Madison

Motivation Visualization: an intrinsic part of in-depth security assessment First Principles Vulnerability Assessment (FPVA) Microsoft Threat Modeling Diagrams as road map for later analysis Key components and interaction The privilege level of each component Access to high-value resources 2

Example Diagrams From FPVA 3

4

5

6

Diagram Creation Problems Manual (time consuming) data collection Collected from many sources Potentially inaccurate Manual diagram construction Deferred until confident in data collection Limits diagrams produced Approach: Automate diagram construction 7

Data Collection Automatically collect trace data during runtime Visualization Construct diagrams/animation from trace data Web-based interface 8 SecSTAR: Security System Tracing, Analysis and Reporting Data Collection Instrumented Binary Code Trace Data Visualization Diagram Display Interface

Data Collection Overview Goal: automate system data collection Unmodified binaries Follows control flows to other processes Easy to extend to trace new security events SecSTAR: Uses self-propelled instrumentation Simple code snippets determine what to trace 9

Self-propelled Instrumentation Instrument unmodified binary code No special preparation Inject code snippet into a target process Instrumentation follows control flow Within a process Across thread boundaries Across process and even host boundaries 10

Self-propelled Instrumentation 11 Application Process Injector: Process to inject shared library Agent: Shared library Injector process a.out libc.so libpthread.so Agent.so Payload Functions Instrumentation Engine

12 void payload(SpPoint* pt){ if IsExit(pt) { trace(“exit” …) } else if IsConnect(pt) { trace(“connect” …) } else if... // detect other events } void main () { pthread_create(foo …) … } void foo () { connect(…) exit(0) } Host A Host B Process P Process Q Agent.so network Process R Injector Call How it works

Detect system events Process creation and destruction Privilege level changes Communication Resource access Query runtime info related to the current call Arguments / Return value Query Control Flow Graph (or CFG) structures Functions / Basic blocks / Edges Enables sophisticated code analysis 13 Payload Function

Visualization Overview Goal: Same-style same-quality diagrams as those constructed by skilled analysts Animate temporal data Interactive interface 14 Data Collection Instrumented Binary Code Trace Data Visualization Diagram Display Interface

Notation 15

Diagram, Animation and SecSTAR Interface Demo 16

Case Study Using SecSTAR to produce FPVA-style diagrams for Condor Condor: high-throughput job scheduling system Used worldwide ~700,000 lines of code pages of documentation Multiple processes, multiple hosts 17

Original FPVA vs SecSTAR Original FPVA diagram construction Manual data collection from Many processes and hosts Documentation and code Correlated and distilled artifacts Manual diagram creation Months SecSTAR Automated data collection Automated diagram construction Hours, mostly to learn how to install and operate Condor 18

Diagram comparison 19 SecSTAR Original FPVA

Future Work Capture and visualize more events Capture and visualize resources Improve the web-based interface Integrating with Microsoft Threat Modeling 20

Summary SecSTAR Automated data collection Automated diagram/animation construction Case study Diagram construction for Condor Original FPVA vs SecSTAR 21

Questions? 22

Backup 1: Intra-process Propagation 23 a.out main 8430: 8431: 8433: 8444: 8449: 844b: 844e: 844f: push %ebp mov %esp,%ebp... call printf mov %ebp,%esp xor %eax,%eax pop %ebp ret foo call jmp Patch1 payload(foo) foo 0x8405 Agent.so call jmp payload(printf) printf 0x8449 Patch2 patch jmp push %ebp mov %esp,%ebp... call foo mov %ebp,%esp pop %ebp ret 83f0: 83f1: 83f3: 8400: 8405: 8413: 8414: Inject ActivatePropagate jmp Patch1 jmp Patch2

Backup 2: Inter-process Propagation 24 Main procedure for inter-process propagation 1.Detect the initiation of communication at the local site. connect, write, send … 2.Identify the remote process 3.Inject the agent into the remote process 4.Start following the flow of control in the remote site void main () { connect(…) recv(…) } void main () { accept(…) send(…) } Agent.so inject call payload() Process A Process B

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.