apisan sanitizing api usages through semantic cross
play

APISan: Sanitizing API Usages through Semantic Cross-checking Insu - PowerPoint PPT Presentation

Sep 03, 2023 •33 likes •923 views

APISan: Sanitizing API Usages through Semantic Cross-checking Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, Mayur Naik Georgia Institute of Technology 1 APIs in todays software are plentiful yet complex Example: OpenSSL

  1. APISan: Sanitizing API Usages through Semantic Cross-checking Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, Mayur Naik Georgia Institute of Technology 1

  2. APIs in today’s software are plentiful yet complex • Example: OpenSSL - 3841 3841 APIs in [v1.0.2h] - 3718 in [v1.0.1t] -> 3841 in [v1.0.2h] ( +1 +123 APIs) - OpenSSH uses 158 158 APIs of OpenSSL 2

  3. Complex APIs result in programmers’ mistakes • Problems in documentation - Incomplete: e.g., low details in hostname verification - Long: e.g., 43K lines in OpenSSL documentation - Lack: e.g., internal APIs • Lack of automatic tool support - e.g., missing formal specification and precise semantics 3

  4. Problem: API misuse can cause security problems 4

  5. Problem: API misuse can cause security problems à MITM 5

  6. Problem: API misuse can cause security problems à Code execution 6

  7. Problem: API misuse can cause security problems à Privilege Escalation 7

  8. Today’s practices to help programmers • Formal method - Problem: lack of specification • Model checking - Problem: manual, lack of semantic context • Symbolic execution - Problem : failed to scale for large software 8

  9. Promising approach: finding bugs by using existing code • “Bugs as deviant behavior”[OSDI01] - Syntactic template: e.g., check NULL on malloc() • “Juxta”[SOSP15] - Inferring correct semantics from multiple of implementations - File system specific bug finding tool 9

  10. Promising approach: finding bugs by using existing code • “Bugs as deviant behavior”[OSDI01] - Syntactic template: e.g., check NULL on malloc() • “Juxta”[SOSP15] Research goal: can we apply this method to - Inferring correct semantics from multiple of implementations any kind of software without manual efforts ? - File system specific bug finding tool 10

  11. Our idea: comparing API usages in various implementation • Example: finding OpenSSL API misuses … curl nginx nmap hexchat curl curl curl curl nginx nginx curl nmap APISan Majority uses Deviant uses ( Likely correct ) ( Likely bug) 11

  12. Our idea: comparing API usages in various implementation • Example: finding OpenSSL API misuses … curl nginx nmap hexchat curl curl curl curl nginx nginx curl nmap APISan Majority uses Deviant uses ( Likely correct ) ( Likely bug) 12

  13. Our idea: comparing API usages in various implementation • Example: finding OpenSSL API misuses … curl nginx nmap hexchat curl curl curl curl nginx nginx curl nmap APISan Majority uses Deviant uses ( Likely correct ) ( Likely bug) 13

  14. Our idea: comparing API usages in various implementation • Example: finding OpenSSL API misuses … curl nginx nmap hexchat curl curl curl curl nginx nginx curl nmap APISan Majority uses Deviant uses ( Likely correct ) ( Likely bug) 14

  15. Our approach is very promising • Effective in finding API misuses - 76 new bugs • Scale to large, complex software - Linux kernel, OpenSSL, PHP, Python, etc. - Debian packages 15

  16. Technical Challenges • API uses are too different from impl. to impl. • Subtle semantics of the correct API uses • Large, complex code using APIs 16

  17. Example: OpenSSL API uses • SSL_get_verify_result() - Get result of peer certificate verification if (SSL_get_verify_result() == X509_V_OK) { … } 17

  18. Example: OpenSSL API uses • SSL_get_verify_result() - Get result of peer certificate verification - no no peer ce certificate à alw always retu turns X509_V_ V_OK OK if (SSL_get_verify_result() == X509_V_OK) { … } 18

  19. Example: OpenSSL API uses • SSL_get_verify_result() - Get result of peer certificate verification - no no peer ce certificate à alw always retu turns X509_V_ V_OK OK if (SSL_get_verify_result() == X509_V_OK && SSL_get_peer_certificate() != NULL ) { … } 19

  20. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 20

  21. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 21

  22. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 22

  23. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 23

  24. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 24

  25. Example: a correct implementation using OpenSSL API Semantically same with correct usage cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (SSL_get_verify_result() == X509_V_OK if (err == X509_V_OK) { … } if && SSL_get_peer_certificate() != NULL ) { … } cu curl 25

  26. Example: a correct implementation using OpenSSL API Correct cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 26

  27. Example: providing various implementations using OpenSSL Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ng ngin inx curl cu err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 27

  28. Example: providing various implementations using OpenSSL Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ng ngin inx curl cu err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 28

  29. Example: providing various implementations using OpenSSL Correct Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ngin ng inx curl cu err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 29

  30. Example: providing various implementations using OpenSSL Correct Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ngin ng inx curl cu err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 30

  31. Example: providing various implementations using OpenSSL Correct Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ng ngin inx cu curl Correct err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 31

  32. Example: providing various implementations using OpenSSL Correct Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ng ngin inx curl cu Correct err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} // // if (cer cert) is missed ed nmap nmap he hexcha hat 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly

Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly

SemEval 2014 Task-3 Cross-Level Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly focused on similar types of lexical items Semantic Similarity What if we have different types of inputs? CLSS:

971 views • 47 slides
SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request

SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request

SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request forgery Code Injection Attacks Attacker executes arbitrary code on server Programming the program Not sanitizing user

287 views • 11 slides
Cross-Lingual Semantic Mapping of Authority Files Nadine Steinmetz, and Harald Sack November,

Cross-Lingual Semantic Mapping of Authority Files Nadine Steinmetz, and Harald Sack November,

Cross-Lingual Semantic Mapping of Authority Files Nadine Steinmetz, and Harald Sack November, 26th 2013 Conference on Semantic Web in Libraries SWIB 2013, Hamburg, Germany Motivation Semantic Annotation of Textual Information: Having

754 views • 57 slides
Cross-Domain Semantic Parsing via Paraphrasing Yu Su & Xifeng Yan, EMNLP 2017 presented by

Cross-Domain Semantic Parsing via Paraphrasing Yu Su & Xifeng Yan, EMNLP 2017 presented by

Cross-Domain Semantic Parsing via Paraphrasing Yu Su & Xifeng Yan, EMNLP 2017 presented by Sha Li Semantic Parsing Mapping natural language utterances to logical forms that machines can act upon. Example: Database query Intents and

531 views • 21 slides
Cross-lingual Distributional Profiles of Concepts for Measuring Semantic Distance Saif Mohammad,

Cross-lingual Distributional Profiles of Concepts for Measuring Semantic Distance Saif Mohammad,

Cross-lingual Distributional Profiles of Concepts for Measuring Semantic Distance Saif Mohammad, Iryna Gurevych, Graeme Hirst, and Torsten Zesch University of Toronto & Darmstadt University of Technology Semantic distance SALSA DANCE

609 views • 47 slides
Cross-species comparison of GO annotations : advantages and limitations of semantic similarity

Cross-species comparison of GO annotations : advantages and limitations of semantic similarity

Cross-species comparison of GO annotations : advantages and limitations of semantic similarity measures O. Dameron, C. Bettembourg, L. Joret U936 Conceptual modeling of biomedical knowledge Universit de Rennes 1, France

467 views • 44 slides
Learning Cross-lingual Distributed Logical Representations for Semantic Parsing Yanyan Zou and

Learning Cross-lingual Distributed Logical Representations for Semantic Parsing Yanyan Zou and

Learning Cross-lingual Distributed Logical Representations for Semantic Parsing Yanyan Zou and Wei Lu StatNLP Group Singapore University of Technology and Design July 18, 2018 Outline Background & Motivation Method Experiments

679 views • 39 slides
A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 ,

A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 ,

A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 , Marius Kaminskas 2 , Ivn Cantador 1 , Francesco Ricci 2 1 Escuela Politcnica Superior, Universidad Autnoma de Madrid, Spain

877 views • 39 slides
Exploring API Embedding for API Usages and Applications Yi Chang Trong Duc Nguyen, Anh Tuan

Exploring API Embedding for API Usages and Applications Yi Chang Trong Duc Nguyen, Anh Tuan

Exploring API Embedding for API Usages and Applications Yi Chang Trong Duc Nguyen, Anh Tuan Nguyen, Hung Dang Phan, and Tien N. Nguyen. 2017. Exploring API embedding for API usages and applications. In Proceedings of the 39th International

188 views • 8 slides
Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web

Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web

Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web companies starting & growing Siderean, SandPiper, SiberLogic, Ontology Works, Intellidimension, Intellisophic, TopQuadrant, Data Grid, Mondeca,

481 views • 23 slides
Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya

Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya

Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya Kashyap, Byoungyoung Lee, Chengyu Song, Taesoo Kim Georgia Institute of Technology School of Computer Science Two promising approaches to make

1.25k views • 85 slides
Semantic relatedness and cross-lingual passage retrieval Eneko Agirre 1 , Olatz Ansa 1 , Xabier

Semantic relatedness and cross-lingual passage retrieval Eneko Agirre 1 , Olatz Ansa 1 , Xabier

ResPubliQA - QA@CLEF 2009 Semantic relatedness and cross-lingual passage retrieval Eneko Agirre 1 , Olatz Ansa 1 , Xabier Arregi 1 , Maddalen Lopez de Lacalle 2 , Arantxa Otegi 1 , Xabier Saralegi 2 , Hugo Zaragoza 3 1 IXA NLP Group, University of

413 views • 20 slides
SemEval 2019 Task 1: Cross-lingual Semantic Parsing with UCCA Daniel Hershcovich, Leshem

SemEval 2019 Task 1: Cross-lingual Semantic Parsing with UCCA Daniel Hershcovich, Leshem

1 SemEval 2019 Task 1: Cross-lingual Semantic Parsing with UCCA Daniel Hershcovich, Leshem Choshen, Elior Sulem, Zohar Aizenbud, Ari Rappoport and Omri Abend June 6, 2019 2 L H L H D F P A P A

430 views • 26 slides
What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by

What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by

What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by international standards body the World Wide Web Consortium (W3C).[1] ... By encouraging the inclusion of semantic content in web pages, the

578 views • 44 slides
Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne

Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne

Brief Blanching: An Effective Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne Johanningsmeier USDA-ARS Food Science Research Unit Part II. Quality assessment for blanched refrigerated pickles with various

615 views • 24 slides
A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis

A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis

Think Census A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis Approach to Privacy in Preservation of individuals privacy Public Databases What do we mean? Drineas, Dwork, Goldberg,

277 views • 3 slides
Minor Investors USCIS regulations do not put a minimum or maximum age on green card recipients

Minor Investors USCIS regulations do not put a minimum or maximum age on green card recipients

2016 New York EB-5 & Investment Immigration Convention Ch China Issues Impacts of China na Quota Backlog Charles C. Foster / Foster Global Immigration Solutions David Hirson / David Hirson & Partners, LLP Cletus Weber / Peng &

420 views • 13 slides
Smith Normal Form and Combinatorics Richard P . Stanley Smith Normal Form and Combinatorics

Smith Normal Form and Combinatorics Richard P . Stanley Smith Normal Form and Combinatorics

Smith Normal Form and Combinatorics Richard P . Stanley Smith Normal Form and Combinatorics p. 1 Smith normal form A : n n matrix over commutative ring R (with 1) Suppose there exist P , Q GL( n, R ) such that PAQ := B = diag( d 1 ,

1.46k views • 123 slides
Minor preserving deletable edges in graphs Sandra Kingan, Brooklyn College, CUNY September 11,

Minor preserving deletable edges in graphs Sandra Kingan, Brooklyn College, CUNY September 11,

Minor preserving deletable edges in graphs Sandra Kingan, Brooklyn College, CUNY September 11, 2020 Sandra Kingan, Brooklyn College, CUNY Minor preserving deletable edges in graphs September 11, 2020 1 / 23 Since today is 9/11 Id like to

262 views • 23 slides
Asymptotic growth of minor-closed classes of graphs Olivier Bernardi - Centre de Recerca

Asymptotic growth of minor-closed classes of graphs Olivier Bernardi - Centre de Recerca

Asymptotic growth of minor-closed classes of graphs Olivier Bernardi - Centre de Recerca Matemtica Joint work with Marc Noy and Dominic Welsh Humboldt-Universitt zu Berlin, June 2007 Berlin, June 2007 Olivier Bernardi p.1/22 Growth of

541 views • 39 slides
Student AWEbassadors Lindsay Wrege- 321 Coffee Lindsay Wrege, Class of 2021, is studying Business

Student AWEbassadors Lindsay Wrege- 321 Coffee Lindsay Wrege, Class of 2021, is studying Business

Student AWEbassadors Lindsay Wrege- 321 Coffee Lindsay Wrege, Class of 2021, is studying Business Administration and Entrepreneurship. She is also the Founder and CEO of 321 Coffee, a growing nonprofit coffee shop staffed by adults with

462 views • 20 slides
JUST THE MATHS SLIDES NUMBER 7.3 DETERMINANTS 3 (Further evaluation of 3 x 3

JUST THE MATHS SLIDES NUMBER 7.3 DETERMINANTS 3 (Further evaluation of 3 x 3

JUST THE MATHS SLIDES NUMBER 7.3 DETERMINANTS 3 (Further evaluation of 3 x 3 determinants) by A.J.Hobson 7.3.1 Expansion by any row or column 7.3.2 Row and column operations on determinants UNIT 7.3 - DETERMINANTS 3 FURTHER

150 views • 13 slides
A Kuratowski theorem for general surfaces Graph minors VIII, Robertson and Seymour, JCTB 90

A Kuratowski theorem for general surfaces Graph minors VIII, Robertson and Seymour, JCTB 90

A Kuratowski theorem for general surfaces Graph minors VIII, Robertson and Seymour, JCTB 90 Nicolas Nisse MASCOTTE, INRIA Sophia Antipolis, I3S(CNRS/UNS). JCALM, oct. 09, Sophia Antipolis Talk mainly based on Graphs on Surfaces

1.35k views • 61 slides
Release Pattern Discovery via Partitioning: Methodology and Case Study Abram Hindle, Michael W.

Release Pattern Discovery via Partitioning: Methodology and Case Study Abram Hindle, Michael W.

Release Pattern Discovery via Partitioning: Methodology and Case Study Release Pattern Discovery via Partitioning: Methodology and Case Study Abram Hindle, Michael W. Godfrey, Richard C. Holt Software Architecture Group David R. Cheriton

505 views • 33 slides

More recommend