Presentation of Failure- Oblivious Computing vs. Rx OS Seminar, winter 2005 by Lauge Wullf and Jacob Munk-Stander January 4 th, 2006.

Slides:

Advertisements

Similar presentations

Topics Introduction Types of Errors Exceptions Exception Handling

Advertisements

Introduction to Linked Lists In your previous programming course, you saw how data is organized and processed sequentially using an array. You probably.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Pointer applications. Arrays and pointers Name of an array is a pointer constant to the first element whose value cannot be changed Address and name refer.

Elementary Data Types Prof. Alamdeep Singh. Scalar Data Types Scalar data types represent a single object, i.e. only one value can be derived. In general,

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

Parallel and Distributed Simulation Time Warp: Other Mechanisms.

1 Rx: Treating Bugs as Allergies – A Safe Method to Survive Software Failures Feng Qin Joseph Tucek Jagadeesan Sundaresan Yuanyuan Zhou Presentation by.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Chapter 8 Runtime Support. How program structures are implemented in a computer memory? The evolution of programming language design has led to the creation.

Type-Safe Programming in C George Necula EECS Department University of California, Berkeley.

Memory Arrangement Memory is arrange in a sequence of addressable units (usually bytes) –sizeof( ) return the number of units it takes to store a type.

1 Chapter 4 Language Fundamentals. 2 Identifiers Program parts such as packages, classes, and class members have names, which are formally known as identifiers.

Elementary Data Types Scalar Data Types Numerical Data Types Other

Bristlecone: A Language for Robust Software Systems Brian Demsky Alokika Dash University of California, Irvine.

Copy Propagation and Common Subexpression Elimination in Titanium Johnathon Jamison David Marin CS265 S. Graham.

Structured Data Types and Encapsulation Mechanisms to create new data types: –Structured data Homogeneous: arrays, lists, sets, Non-homogeneous: records.

1 CSE 303 Lecture 11 Heap memory allocation ( malloc, free ) reading: Programming in C Ch. 11, 17 slides created by Marty Stepp

Java Review 2 – Errors, Exceptions, Debugging Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Pointers Applications

Chapter 6Java: an Introduction to Computer Science & Programming - Walter Savitch 1 l Array Basics l Arrays in Classes and Methods l Programming with Arrays.

 2006 Pearson Education, Inc. All rights reserved Classes: A Deeper Look.

C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 13: Pointers, Classes, Virtual Functions, and Abstract Classes.

Pointer Data Type and Pointer Variables

C++ Programming: From Problem Analysis to Program Design, Fourth Edition Chapter 14: Pointers, Classes, Virtual Functions, and Abstract Classes.

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

June 14, 2001Exception Handling in Java1 Richard S. Huntrods June 14, 2001 University of Calgary.

CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.

Java Introduction Lecture 1. Java Powerful, object-oriented language Free SDK and many resources at

Backwards-Compatible Array Bounds Checking for C with Very Low Overhead Dinakar Dhurjati and Vikram Adve ICSE 2006 Itay Polack

Computer Security and Penetration Testing

Variables and Objects, pointers and addresses: Chapter 3, Slide 1 variables and data objects are data containers with names the value of the variable is.

Computer Science Detecting Memory Access Errors via Illegal Write Monitoring Ongoing Research by Emre Can Sezer.

Dynamic Memory Allocation. Domain A subset of the total domain name space. A domain represents a level of the hierarchy in the Domain Name Space, and.

Dynamic memory allocation and Pointers Lecture 4.

C Programming Day 4. 2 Copyright © 2005, Infosys Technologies Ltd ER/CORP/CRS/LA07/003 Version No. 1.0 More on Pointers Constant Pointers Two ways to.

Prachi A. Joshi Assistant Professor in CSE DIEMS,Aurangabad Unit 1 : Basic Concepts Pointers and dynamic memory allocation, Algorithm Specification, Data.

Chapter 12: Pointers, Classes, Virtual Functions, and Abstract Classes.

QA and Testing. QA Activity Processes monitoring Standards compliance monitoring Software testing Infrastructure testing Documentation testing Usability.

Enhancing Availability and Security Through Failure-Oblivious Computing Martin Rinard, Cristian Cadar, Daniel Dumitran, Daniel Roy, and William Beebee,

Pointers in C Computer Organization I 1 August 2009 © McQuain, Feng & Ribbens Memory and Addresses Memory is just a sequence of byte-sized.

CE Operating Systems Lecture 2 Low level hardware support for operating systems.

Protecting C Programs from Attacks via Invalid Pointer Dereferences Suan Hsi Yong, Susan Horwitz University of Wisconsin – Madison.

Processes and Virtual Memory

School of Computer Science & Information Technology G6DICP - Lecture 6 Errors, bugs and debugging.

CE Operating Systems Lecture 2 Low level hardware support for operating systems.

Thread basics. A computer process Every time a program is executed a process is created It is managed via a data structure that keeps all things memory.

Pointers in C++. Topics Covered  Introduction to Pointers  Pointers and arrays  Character Pointers, Arrays and Strings  Examples.

Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.

+ Arrays & Random number generator. + Introduction In addition to arrays and structures, C supports creation and manipulation of the following data structures:

1D Arrays and Random Numbers Artem A. Lenskiy, PhD May 26, 2014.

Lecture10 Exception Handling Jaeki Song. Introduction Categories of errors –Compilation error The rules of language have not been followed –Runtime error.

Announcements You will receive your scores back for Assignment 2 this week. You will have an opportunity to correct your code and resubmit it for partial.

VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.

Beyond Stack Smashing: Recent Advances In Exploiting Buffer Overruns Jonathan Pincus and Brandon Baker Microsoft Researchers IEEE Security and.

SENG521 (Fall SENG 521 Software Reliability & Testing Preparing for Test (Part 6a) Department of Electrical & Computer Engineering,

TESTING BASED ON ERROR GUESSING Rasa Zavistanavičiūtė, IFME-0/2.

Eighth Lecture Exception Handling in Java

Content Coverity Static Analysis Use cases of Coverity Examples

Object Lifetime and Pointers

Presented by: Daniel Taylor

YAHMD - Yet Another Heap Memory Debugger

Concurrency: Deadlock and Starvation

Chapter 13: Pointers, Classes, Virtual Functions, and Abstract Classes

High Coverage Detection of Input-Related Security Faults

Martin Rinard, Cristian Cadar, Daniel Dumitran, Daniel Roy,

Effective and Efficient memory Protection Using Dynamic Tainting

Exception Handling Imran Rashid CTO at ManiWeber Technologies.

CETS: Compiler-Enforced Temporal Safety for C

Presentation transcript:

Presentation of Failure- Oblivious Computing vs. Rx OS Seminar, winter 2005 by Lauge Wullf and Jacob Munk-Stander January 4 th, 2006

Agenda Introduction Failure-Oblivious Computing Rx: Treating Bugs As Allergies

Introduction Problem –Reliability (deterministic and non-deterministic) Cause –Software defects account for up to 40% of system failures –Memory- and concurrency related bugs cause more than 60% of system vulnerabilities Effect –Expensive

Introduction Solutions –Safe languages, e.g. ML, Java or C# –Rebooting/restarting Whole program restart, micro rebooting, etc. –Check pointing and recovery Check point, roll back on failure, re-execute –Application specific Multi-process model, exception handling, etc. –Non-conventional approaches E.g. failure-oblivious computing

Failure-Oblivious Computing An instance of acceptability-oriented computing: –A flawed system must ensure that it respects basic acceptability properties, e.g.: System must never accelerate the vehicle beyond a specific velocity System should continue to execute even if it has a memory error Makes invalid memory accesses oblivious –Invalid reads return manufactured values –Invalid writes are discarded Thus, no termination of processes or exceptions

Failure-Oblivious Computing, cont. Behavior –Standard Compilation memory corruption, potential crash –Safe Compilation process terminates without potentially contaminating global data –Failure-Oblivious Compilation process continues execution, speculative, unsafe execution path

Failure-Oblivious Computing, cont. Example, Pine 4.44 –Index uses From field of messages –Quotes certain characters –Bug when quoting certain values Maximum length is miscalculated, thus a too small buffer is allocated for quoted value –Standard and Safe: Pine crashes on start –FOC: Pine operates “normally”

Failure-Oblivious Computing, cont. Example, bug-server (fictional)bug-server –FOC uses malloc/free to monitor memory access –Memory deallocation takes up much time, bug-server2.0 uses memory pools: pool *new_pool() creates a new pool for memory allocation void *pool_alloc(pool *p, size_t size) allocates size bytes from the pool p void free_pool(pool *p) frees all memory allocated to pool p –Pools internally use malloc to create new or extend pools, free to free pools –A security exploit is released, affects only 2.0, why?

Failure-Oblivious Computing, cont. Extension to gcc Implemented using checking code and continuation code Checking code evaluates whether a memory access is valid or not Continuation code executes when an invalid memory access occurs –Discards erroneous writes –Manufactures a sequence of results for erroneous reads, [0, 1, 2, 0, 1, 3, 0, 1, 4, …]

Failure-Oblivious Computing, cont. Checking code –based on Jones and Kelley’s scheme –enhanced by Ruwase and Lam Jones and Kelley’s scheme –A table maps locations to data units –A data unit is e.g. a struct, array, variable –The table tracks intended data units and is used to distinguish in-bounds from out- of-bounds pointers

Failure-Oblivious Computing, cont. Base Case – always in-bounds –Base pointer is the address of an array, struct or variable. –Intended data unit is the corresponding data unit of base pointer Pointer Arithmetic –Starting pointer + offset –In-bound if and only if starting pointer and derived pointer point to the same data unit –Intended data unit is the same for both –Does not work with “reverse” pointer arithmetic? Pointer Variables –In-bound if-and-only if it was assigned to in-bound pointer –Intended data unit is the same as the pointer to which it was assigned

Failure-Oblivious Computing, cont. Valid out-of-bounds pointer –Points to the next byte after intended data unit –Obtained by padding each data item with an extra byte Illegal out-of-bounds-pointer have value ILLEGAL (-2) Used to support valid out-of-bounds pointers in terminating loops when using pointer arithmetic

Failure-Oblivious Computing, cont. Dereferencing pointer, checks table: –in-bounds pointer returns referent value –out-of-bounds pointer causes program to halt with error Does not support pointer arithmetic used to obtain a pointer to a location past the end of intended data unit, which is then used to calculate an in- bound

Failure-Oblivious Computing, cont. Ruwase and Lam’s enhancement –Out-of-bounds pointers are set to point to out-of-bounds (OOB) object –OOB object: Start address of intended data unit Offset from this address –Can track out-of-bounds pointers to their intended data unit

Failure-Oblivious Computing, cont. Pros –Global state is not corrupted –Local data accessed in loops Individual iteration failures can be handled –Servers without state No propagation of errors beyond a single request –Interactive programs Programs do not crash Can show meaningful results Tolerable slow-down

Failure-Oblivious Computing, cont. Cons: –“safe compiler for C” What if this introduces bugs? Only C? Programs must be recompiled –Always in use, not only when needed –Manufactured reads can lead to wrong execution path, i.e. not for correctness-critical applications Only tested in the case of Midnight Commander

Failure-Oblivious Computing, cont. Cons, cont. –“The key question is how (or even if) the incorrect or unexpected result may propagate through the remaining computation to affect the overall results of the program” How to determine this is not answered Vaguely mentions that FOC is less appropriate for such cases Global change, thus might only be suited for isolated functionality, i.e. local

Failure-Oblivious Computing, cont. Cons, cont. –Patch-management Rather have a fixed system than one which seems to run fine, but might not –“Lucky” cases: Pine – different method used elsewhere Sendmail – length-check catches error Midnight Commander – dangling link minimizes error Mutt – server returns “does not exist”

Failure-Oblivious Computing, cont. Performance –Programs that would crash earlier continue execution –Slowdown from 1.03 to 8.1 times the original performance