Upload
elani
View
24
Download
0
Embed Size (px)
DESCRIPTION
Anant Agarwal Richard Schooler. A Binary Agent Technology for COTS Software Integrity. Agenda. Objectives & Approach Prototype Recent Work User Experience Next Steps. Objectives. “First-fault” diagnosis of application mis-behavior (defects, attacks). - PowerPoint PPT Presentation
Citation preview
A Binary Agent Technology for
COTS Software Integrity
Anant Agarwal
Richard Schooler
DARPAMar 2002
2
Agenda Objectives & Approach Prototype Recent Work User Experience Next Steps
DARPAMar 2002
3
Objectives “First-fault” diagnosis of application mis-
behavior (defects, attacks). “Always on”: obviate need to replicate failures. Fine-grain execution monitoring.
Focus on: Deployed applications - not just for development,
QA phases. Inside the application - not just externally-visible
behavior.
DARPAMar 2002
4
Approach Approach:
Run-time execution monitoring. Binary instrumentation to inject probes into release-
built executables. Targets & Assumptions:
Similarity between explicit attacks and accidental faults. Assume system-level mechanisms in-place - not
guarding against replacement of entire executable, compromise of OS, etc.
DARPAMar 2002
5
Prototype Tasks
Core technology for customizable agent insertion into Windows NT/2000/XP and SPARC/Solaris.
Anomaly detection and reporting. Rapid recovery and problem pinpointing.
DARPAMar 2002
6
Major Components
Snapshot Files
Snapshot Files
Trace Reconstruction
Trace Reconstruction
•Block sequence
•User logging
•Post-Mortem info
Map FilesMap Files
InstrumentationEngine
InstrumentationEngine
ExecutablesExecutables Instrumented
Executables
InstrumentedExecutables
•Block->Address Map
Debug Info
Debug Info
•Address<->Line Map
•Source Module Name
Trace(XML)
Trace(XML)
•Source Line/Module
•Thread
•Annotations
Platform-dependent
inte
rface
inte
rface
Service
Runtime
DARPAMar 2002
7
User Interface
DARPAMar 2002
8
Configuration
DARPAMar 2002
9
Recent Work Solaris instrumentation & runtime. User deployments. Performance measurement.
DARPAMar 2002
10
Solaris Implementation New binary platform: SPARC ISA (delay slots, register
windows), COFF format, ELF/STAB debug format, Solaris signal interface, TSD, etc.
Compilers: Forte (SunPro) C/C++ & gcc C. Some new issues:
64 bit support. How to hook runtime (interposition via LD_PRELOAD). How to get relocation info (no /fixed:no).
Balance between using Solaris-specific features, and staying generic-Unix-portable.
DARPAMar 2002
11
User Experience Complex, multi-component application
architecture. E.g., pharmaceutical trials ASP:
Deployed on 100s of servers!
IIS
Data-
base
Custom Service
DLL DLL DLL DLL
Handledexception:
HTTP
HTML
MTS
DARPAMar 2002
12
Performance Typical scenario: business application
Custom business application logic is instrumented. Runs on stock framework (application server, OS,
database, etc.) Relevant metrics are end-to-end transaction throughput,
latency. Results:
Range from imperceptible up to ~10% Matches “5%” threshold most enterprises quote to go
into production deployment.
DARPAMar 2002
13
Next Steps Distributed application architectures:
Multiple machines. Multiple technologies.
Larger-scale deployment issues: Analysis/correlation across many application
traces. Clusters and server farms.
DARPAMar 2002
14
Combined Trace