The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San.

Slides:



Advertisements
Similar presentations
Triage: Diagnosing Production Run Failures at the Users Site Joseph Tucek, Shan Lu, Chengdu Huang, Spiros Xanthos, and Yuanyuan Zhou Department of Computer.
Advertisements

Finding bugs: Analysis Techniques & Tools Comparison of Program Analysis Techniques CS161 Computer Security Cho, Chia Yuan.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
Testing and Quality Assurance
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Bouncer securing software by blocking bad input Miguel Castro Manuel Costa, Lidong Zhou, Lintao Zhang, and Marcus Peinado Microsoft Research.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.
SE 450 Software Processes & Product Metrics Reliability: An Introduction.
Unit 251 Implementation and Integration Implementation Unit Testing Integration Integration Approaches.
1 Advanced Material The following slides contain advanced material and are optional.
1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
SAGE: Self-Tuning Approximation for Graphics Engines
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
Software Quality Assurance Lecture #8 By: Faraz Ahmed.
CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
March 17, 2005 Roadmap of Upcoming Research, Features and Releases Bart Miller & Jeff Hollingsworth.
CS533 Concepts of Operating Systems Jonathan Walpole.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.
Advanced Computer Architecture Lab University of Michigan USENIX Security ’03 Slide 1 High Coverage Detection of Input-Related Security Faults Eric Larson.
Targeted Path Profiling : Lower Overhead Path Profiling for Staged Dynamic Optimization Systems Rahul Joshi, UIUC Michael Bond*, UT Austin Craig Zilles,
On-Demand Dynamic Software Analysis Joseph L. Greathouse Ph.D. Candidate Advanced Computer Architecture Laboratory University of Michigan December 12,
Accelerating Dynamic Software Analyses Joseph L. Greathouse Ph.D. Candidate Advanced Computer Architecture Laboratory University of Michigan December 1,
Highly Scalable Distributed Dataflow Analysis Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan Chelsea LeBlancTodd.
Design - programming Cmpe 450 Fall Dynamic Analysis Software quality Design carefully from the start Simple and clean Fewer errors Finding errors.
CSCI1600: Embedded and Real Time Software Lecture 33: Worst Case Execution Time Steven Reiss, Fall 2015.
Testudo: Heavyweight Security Analysis via Statistical Sampling Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan Ilya.
Hardware Support for On-Demand Software Analysis Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan December 8, 2011.
Sampling Dynamic Dataflow Analyses Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan University of British Columbia.
Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.
On-Demand Dynamic Software Analysis Joseph L. Greathouse Ph.D. Candidate Advanced Computer Architecture Laboratory University of Michigan November 29,
CUTE: A Concolic Unit Testing Engine for C Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)
MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.
October 20-23rd, 2015 FEEBO: A Framework for Empirical Evaluation of Malware Detection Resilience Against Behavior Obfuscation Sebastian Banescu Tobias.
Debugging and Testing Hussein Suleman March 2007 UCT Department of Computer Science Computer Science 1015F.
Qin Zhao1, Joon Edward Sim2, WengFai Wong1,2 1SingaporeMIT Alliance 2Department of Computer Science National University of Singapore
Software Testing. Software Quality Assurance Overarching term Time consuming (40% to 90% of dev effort) Includes –Verification: Building the product right,
Software Dependability
Software Testing Strategies for building test group
On-Demand Dynamic Software Analysis
Testing and Debugging PPT By :Dr. R. Mall.
Verification and Testing
Effective Data-Race Detection for the Kernel
Understanding the OSI Reference Model
Testing & Testing Tools
runtime verification Brief Overview Grigore Rosu
High Coverage Detection of Input-Related Security Faults
Fault Injection: A Method for Validating Fault-tolerant System
SUDS: An Infrastructure for Creating Bug Detection Tools
AdaCore Technologies for Cyber Security
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
Mid Term II Review.
On-Demand Dynamic Software Analysis
Test Process “V” Diagram
CUTE: A Concolic Unit Testing Engine for C
Outline System architecture Experiments
Software Testing Strategies
Sampling Dynamic Dataflow Analyses
Presentation transcript:

The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San Jose, California June 5, 2011

Dynamic Security Analysis Finds flaws in programs as they run  Makes programs more robust Insert checks around instructions 2 y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0);

z = y * 75 y = x * 1024 w = x + 42 Check w Dynamic Information Flow Tracking 3 validate(x) x = read_input() z = y * 75 y = x * 1024 x = read_input() Input Check z Data Untrusted 1.Inputs are untrusted 2.Propagate untrusted status while executing 3.Check trustedness for safety Only works on current dynamic control path

Problem: Dynamic Analyses are Slow 4 2x 150x 400x 200x 100x Assertion CheckingRace Detection DIFT Atomicity Checking Symbolic Execution

Dynamic Analysis Sampling 5 Lower overheads by skipping some analyses Complete Analysis No Analysis No Analysis

Sampling Allows Distribution 6 Developer Beta TestersEnd Users Many users testing at little overhead see more errors than one user at high overhead.

y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0); Sampling Assertion Checking Perform a random subset of checks 1/1000 checks: ~3x slowdown  30% overhead 7 y = x->data; *w += y; z = 75/y; check(y!=0); y = x->data; *w += y; z = 75/y; check(x!=NULL); y = x->data; *w += y; z = 75/y; check(w!=NULL);y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0); Static CodeDynamic #2Dynamic #3Dynamic #1

Must sample dataflows instead of instructions % of faults: 10% overhead Sampling DIFT 8

Advanced Sampling Techniques Cold region Hypothesis  Sample “cold” code at higher rate New atomicity violation detection  Trace atomic regions and correlate crashes 9

Future Research Directions Sampling for more dynamic analyses New types of analyses because of sampling Studies on users slowdown acceptance 10

BACKUP SLIDES 11

Needed Engineering Efforts Push-button sampling mechanisms for Valgrind, DynamoRIO, Pin, etc. Libraries to integrate bug reporting into analysis tools Back-end infrastructure for handling distributed, sampled bug reports 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.