1 / 14

A Binary Agent Technology for COTS Software Integrity

Anant Agarwal Richard Schooler. A Binary Agent Technology for COTS Software Integrity. Agenda. Objectives & Approach Prototype Recent Work User Experience Next Steps. Objectives. “First-fault” diagnosis of application mis-behavior (defects, attacks).

elani
Download Presentation

A Binary Agent Technology for COTS Software Integrity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anant Agarwal Richard Schooler A Binary Agent Technology for COTS Software Integrity

  2. Agenda • Objectives & Approach • Prototype • Recent Work • User Experience • Next Steps 2

  3. Objectives • “First-fault” diagnosis of application mis-behavior (defects, attacks). • “Always on”: obviate need to replicate failures. • Fine-grain execution monitoring. • Focus on: • Deployed applications - not just for development, QA phases. • Inside the application - not just externally-visible behavior. 3

  4. Approach • Approach: • Run-time execution monitoring. • Binary instrumentation to inject probes into release-built executables. • Targets & Assumptions: • Similarity between explicit attacks and accidental faults. • Assume system-level mechanisms in-place - not guarding against replacement of entire executable, compromise of OS, etc. 4

  5. Prototype Tasks • Core technology for customizable agent insertion into Windows NT/2000/XP and SPARC/Solaris. • Anomaly detection and reporting. • Rapid recovery and problem pinpointing. 5

  6. Snapshot Files Instrumented Executables Executables Map Files Major Components Platform-dependent Instrumentation Engine Runtime Service • Block sequence • User logging • Post-Mortem info • Block->Address Map Trace Reconstruction Debug Info • Source Line/Module • Thread • Annotations • Address<->Line Map • Source Module Name Trace (XML) interface 6

  7. User Interface 7

  8. Configuration 8

  9. Recent Work • Solaris instrumentation & runtime. • User deployments. • Performance measurement. 9

  10. Solaris Implementation • New binary platform: SPARC ISA (delay slots, register windows), COFF format, ELF/STAB debug format, Solaris signal interface, TSD, etc. • Compilers: Forte (SunPro) C/C++ & gcc C. • Some new issues: • 64 bit support. • How to hook runtime (interposition via LD_PRELOAD). • How to get relocation info (no /fixed:no). • Balance between using Solaris-specific features, and staying generic-Unix-portable. 10

  11. Complex, multi-component application architecture. E.g., pharmaceutical trials ASP:Deployed on 100s of servers! User Experience MTS IIS HTTP HTML Handledexception: DLL DLL DLL DLL Data-base Custom Service 11

  12. Typical scenario: business application Custom business application logic is instrumented. Runs on stock framework (application server, OS, database, etc.) Relevant metrics are end-to-end transaction throughput, latency. Results: Range from imperceptible up to ~10% Matches “5%” threshold most enterprises quote to go into production deployment. Performance 12

  13. Distributed application architectures: Multiple machines. Multiple technologies. Larger-scale deployment issues: Analysis/correlation across many application traces. Clusters and server farms. Next Steps 13

  14. Combined Trace 14

More Related