differential slicing identifying causal execution
play

Differential Slicing: Identifying Causal Execution Differences for - PowerPoint PPT Presentation

Jan 24, 2023 •907 likes •1.16k views

2011 IEEE Symposium on Security and Privacy Differential Slicing: Identifying Causal Execution Differences for Security Applications Noah M. Johnson 1 , Juan Caballero 2 , Kevin Zhijie Chen 1 , Stephen McCamant 1 , Pongsin Poosankam 1, 3 , Daniel

  1. 2011 IEEE Symposium on Security and Privacy Differential Slicing: Identifying Causal Execution Differences for Security Applications Noah M. Johnson 1 , Juan Caballero 2 , Kevin Zhijie Chen 1 , Stephen McCamant 1 , Pongsin Poosankam 1, 3 , Daniel Reynaud 1 , and Dawn Song 1 1 University of California, Berkeley 2 IMDEA Software Institute 3 Carnegie Mellon University 左昌國 Seminar @ ADLab, NCU-CSIE

  2. 2 Outline • Introduction • Problem Definition and Overview • Trace Alignment • Slice-Align • Evaluation • Related Work • Conclusion

  3. 3 Introduction • Why does the program crash? • At what situation does the malware do malicious behaviors? • How do you solve above problems if you don’t have the source code? • Static analysis • Dynamic analysis • … • Too much time spent

  4. 4 Introduction • This paper, • proposes “Differential Slicing” • Given 2 execution traces of a program with a target difference • Automatically finds the input and environment differences that caused the target difference • Generates a causal difference graph • Simply expressed what happened

  5. 5 Problem Definition and Overview • The goal is to “understand” the target difference • To identify the input differences that caused the target difference. • To understand the sequence of events that let from the input differences to the target difference.  To build the causal difference graph

  6. 6 Problem Definition and Overview Input Passing trace differences? (byte level) $ vuln_cmp bar bazaar Strings are not equal $ vuln_cmp “” foo <<crashed at line 11>> Target difference Failing trace Then the passing trace and the failing trace can be used for Trace Alignment.

  7. 7 Aligned Problem Definition and Overview region • Disaligned region

  8. 8 Divergence point Flow difference Value difference Flow differences = disaligned statements

  9. 9 Problem Definition and Overview • Causal difference graph • The causal difference graph contains the sequences of execution differences leading from the input differences to the target differences.

  10. 10 Problem Definition and Overview • 6k lines of Objective Caml code • Trace alignment and post-dominator module : 4k lines • Slice-Align module : 2k lines

  11. 11 Trace Alignment • Dominate • A node d dominates node n iff every path from entry node to n passes through d. (node d is a dominator of node n ) • Node id immediately dominates n if id dominates n , and no other node p such that id dominates p and p dominates n . ( id is the only immediate dominator of n ) A • Post Dominate B C • Same as dominate, from node n to the exit node • Immediate post dominator D E F G

  12. 12 Trace Alignment • Execution Indexing • Execution Indexing captures the structure of the program at any given point in the execution, identifying the execution point, and uses that structure to establish a correspondence between execution points across multiple executions of the program. • Xin et al. use an indexing stack to deal with branch or method call. A Current node B C A C D D E F F G G F stack G

  13. 13 Trace Alignment A B C D E F G Current node A A B C D F F G G G G stack

  14. 14 Slice-Align • worklist • A pool of instructions to be operated

  15. 15 worklist Slice-Align Input difference

  16. 16 Slice-Align • Edge pruning and address normalization • Pruning edges in the graph when an operand of an aligned instruction has the same value in both execution traces. • Heap pointer pruning • The pointer is pruned if 1. The allocation site for the live buffers that contain the pointed-to addresses are aligned 2. The offset of those pointed-to addresses, with respect to the start address of the live buffer they belong to, is the same • Stack pointer pruning • (in the thread stack range) normalized by subtracting the stack base address • Data section pointer pruning • (in the same module) normalized by subtracting the module base address

  17. 17 Evaluation

  18. 18 Evaluation • Evaluating the Causal Difference Graph

  19. 19 Evaluation • Graph size • #IDiff = number of input differences

  20. 20 evaluation • Performance • Less than 1 hour to generate a graph

  21. 21 Evaluation • User Study(informal) • Subject A: an analyst at a commercial security research company • Subject B: a research scientist

  22. 22 Evaluation • Identifying input differences in malware analysis • W32/Conficker.A • Keyboard layout: Ukrainian(failing trace), US-English(passing trace) • Target difference: CreateThread API call • Result: • Input difference: user32.dll::GetKeyboardLayoutList function return value • W32/Netsky.C • Makes the computer speaker beep continuously if the system time between 6am and 9pm on Feb. 26, 2004 • Target Difference: Beep function call • Resault: • Input difference: kernel32.dll::GetLocalTime system call

  23. 23 Conclusion • Producing causal difference graph • Input difference information • Execution difference from input difference to target difference • Reducing the graph size • Reducing the input difference candidates

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Identifying Causal Efgects in Experiments with Social Interactions and Non-compliance Francis J.

Identifying Causal Efgects in Experiments with Social Interactions and Non-compliance Francis J.

Identifying Causal Efgects in Experiments with Social Interactions and Non-compliance Francis J. DiTraglia 1 Camilo Garca-Jimeno 2 Rossa OKeefge-ODonovan 1 Alejandro Sanchez 3 1 University of Oxford 2 Federal Reserve Bank of Chicago 3

209 views • 19 slides
Program Slicing 2 1 Program Slicing 1. Slicing overview 2. Types of slices, levels of slices

Program Slicing 2 1 Program Slicing 1. Slicing overview 2. Types of slices, levels of slices

Class 6 Review; questions Assign (see Schedule for links) Slicing overview (contd) Problem Set 3: due 9/8/09 1 Program Slicing 2 1 Program Slicing 1. Slicing overview 2. Types of slices, levels of slices 3. Methods

327 views • 28 slides
Automatic Testing of Symbolic Execution Engines via Program Generation and Differential Testing

Automatic Testing of Symbolic Execution Engines via Program Generation and Differential Testing

Automatic Testing of Symbolic Execution Engines via Program Generation and Differential Testing Timotej Kapus, Cristian Cadar Department of Computing Imperial College London if (x &gt; 2294967295) { assert(false); } printf(&quot;x:

1.08k views • 45 slides
Identifying Features of Android Apps from Execution Traces Qi Xin, Farnaz Behrang, Mattia

Identifying Features of Android Apps from Execution Traces Qi Xin, Farnaz Behrang, Mattia

Identifying Features of Android Apps from Execution Traces Qi Xin, Farnaz Behrang, Mattia Fazzini, and Alessandro Orso Understanding a Program &amp; its Features Debugging Refactoring Debloating Testing Documentation Functionality

637 views • 40 slides
Differential Attainment Differential Attainment Working Group Intended learning outcomes Define

Differential Attainment Differential Attainment Working Group Intended learning outcomes Define

Differential Attainment Differential Attainment Working Group Intended learning outcomes Define Define Differential Attainment Identify Identify some of the causal factors Implement Implement a strategy in your own organisation Describes

397 views • 38 slides
Foundations of Causal Discovery Frederick Eberhardt KDD Causality Workshop 2016 Causal Discovery

Foundations of Causal Discovery Frederick Eberhardt KDD Causality Workshop 2016 Causal Discovery

Foundations of Causal Discovery Frederick Eberhardt KDD Causality Workshop 2016 Causal Discovery data sample x y z w samples 2 Causal Discovery assumptions, e.g. causal Markov causal faithfulness functional form etc.

1.66k views • 144 slides
Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and

Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and

Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and Slicing Henrik Nilsson School of Computer Science The University of Nottingham, UK Slicing Functional Programs: A Suspicion p.1/6 Slicing

410 views • 13 slides
I I Can ant Belie elieve e It Its No Not C Causal ! ! Scalable Causal Consistency

I I Can ant Belie elieve e It Its No Not C Causal ! ! Scalable Causal Consistency

I I Can ant Belie elieve e It Its No Not C Causal ! ! Scalable Causal Consistency cy wit with No o Slo lowdown wn Cas ascad ades Syed Akbar Mehdi 1 , Cody Littley 1 , Natacha Crooks 1 , Lorenzo Alvisi 1,4 , Nathan Bronson 2 ,

677 views • 55 slides
Using program slicing data to predict code faults David Bowes University of Hertfordshire

Using program slicing data to predict code faults David Bowes University of Hertfordshire

Outline Using program slicing data to predict code faults Calculating the Slicing metrics for a module Relating slicing metrics to fault data Conclusion Using program slicing data to predict code faults David Bowes University of

579 views • 15 slides
Dynamic Slicing Techniques for Petri Nets M. Llorens, J. Oliver, J. Silva, S. Tamarit, G. Vidal

Dynamic Slicing Techniques for Petri Nets M. Llorens, J. Oliver, J. Silva, S. Tamarit, G. Vidal

Motivation Dynamic Slicing in PN from an initial marking Dynamic Slicing in PN from a firing sequence Conclusions and Future Work Dynamic Slicing Techniques for Petri Nets M. Llorens, J. Oliver, J. Silva, S. Tamarit, G. Vidal Dep. of

378 views • 35 slides
Causal Programming Causal Programming Joshua Brul Joshua Brul

Causal Programming Causal Programming Joshua Brul Joshua Brul

5/2/2019 talk slides Causal Programming Causal Programming Joshua Brul Joshua Brul file:///home/josh/causal-programming-guest-lecture/slides.html?print-pdf#/ 1/67 5/2/2019 talk slides Smoking/cancer structural causal model

716 views • 67 slides
Lect ure # 22 ADVANCED DATABASE SYSTEMS Vectorized Execution (Part II) @ Andy_Pavlo // 15-

Lect ure # 22 ADVANCED DATABASE SYSTEMS Vectorized Execution (Part II) @ Andy_Pavlo // 15-

Lect ure # 22 ADVANCED DATABASE SYSTEMS Vectorized Execution (Part II) @ Andy_Pavlo // 15- 721 // Spring 2018 2 Bit-Slicing Bit-Weaving Relaxed Operator Fusion (Prashanth) CMU 15-721 (Spring 2018) 3 BITM AP EN CO DIN G Original Data

604 views • 48 slides
S LICING : Forward Slicing: Used to extract the implementation of the desired feature.

S LICING : Forward Slicing: Used to extract the implementation of the desired feature.

G ENETIC P ROGRAMMING FOR S OFTWARE T RANSPLANTS I MAN H EMATI M OGHADAM I MPLEMENTED A PPROACH : O VERVIEW 1 /20 S LICING : Forward Slicing: Used to extract the implementation of the desired feature. Backward Slicing: Used to extract

553 views • 22 slides
Strategies for Spectrum Slicing Based on Restarted Lanczos Methods Carmen Campos and Jose E.

Strategies for Spectrum Slicing Based on Restarted Lanczos Methods Carmen Campos and Jose E.

Spectrum Slicing SLEPc Evaluation Strategies for Spectrum Slicing Based on Restarted Lanczos Methods Carmen Campos and Jose E. Roman Universitat Polit` ecnica de Val` encia, Spain SC2011 Spectrum Slicing SLEPc Evaluation Goal Context:

638 views • 22 slides
Program Slicing Gias Uddin Special Topic Lecture prepared from the Survey of Frank Tip on Program

Program Slicing Gias Uddin Special Topic Lecture prepared from the Survey of Frank Tip on Program

Program Slicing Gias Uddin Special Topic Lecture prepared from the Survey of Frank Tip on Program Slicing : Frank Tip. A Survey of Program Slicing Techniques. Technical Report, CWI (Centre for Mathematics and Computer Science) Amsterdam, The

517 views • 15 slides
On estimation of functional causal models: Post - nonlinear causal model as an

On estimation of functional causal models: Post - nonlinear causal model as an

On estimation of functional causal models: Post - nonlinear causal model as an example Kun Zhang, Zhikun W ang, Bernhard Schlkopf Dept. Empirical Inference Max Planck Institute for Intelligent Systems Tbingen, Germany 1

320 views • 20 slides
Statistical Machine Translation Overview p EM algorithm Lecture 3 Improved word alignment

Statistical Machine Translation Overview p EM algorithm Lecture 3 Improved word alignment

Statistical modeling Statistical Machine Translation Lecture 3: Word Alignment and Phrase Models p Statistical Machine Translation Overview p EM algorithm Lecture 3 Improved word alignment Word Alignment and Phrase Models

456 views • 8 slides
Statistical NLP Spring 2011 Lecture 8: Word Alignment Dan Klein UC Berkeley Phrase-Based

Statistical NLP Spring 2011 Lecture 8: Word Alignment Dan Klein UC Berkeley Phrase-Based

Statistical NLP Spring 2011 Lecture 8: Word Alignment Dan Klein UC Berkeley Phrase-Based Systems cat ||| chat ||| 0.9 the cat ||| le chat ||| 0.8 dog ||| chien ||| 0.8 house ||| maison ||| 0.6 my house ||| ma maison ||| 0.9 language

519 views • 15 slides
Alignment-Guided Chunking Yanjun Ma , Nicolas Stroppa, Andy Way { yma,nstroppa,away }

Alignment-Guided Chunking Yanjun Ma , Nicolas Stroppa, Andy Way { yma,nstroppa,away }

Motivation Alignment-Guided Chunking Experimental Results Conclusion &amp; Future work Alignment-Guided Chunking Yanjun Ma , Nicolas Stroppa, Andy Way { yma,nstroppa,away } @computing.dcu.ie National Center for Language Technology Dublin City

625 views • 27 slides
6.1 Shape Matching Hao Li http://cs621.hao-li.com 1 Acknowledgement Images and Slides are

6.1 Shape Matching Hao Li http://cs621.hao-li.com 1 Acknowledgement Images and Slides are

Spring 2017 CSCI 621: Digital Geometry Processing 6.1 Shape Matching Hao Li http://cs621.hao-li.com 1 Acknowledgement Images and Slides are courtesy of Prof. Michael Kazhdan, Johns Hopkins University ICCV Course 2005:

856 views • 66 slides
Slides from: Elena Tsiporkova What is Special about Time Series Data? Gene expression time series

Slides from: Elena Tsiporkova What is Special about Time Series Data? Gene expression time series

Dynamic Time Warping Algorithm Slides from: Elena Tsiporkova What is Special about Time Series Data? Gene expression time series are expected to vary not only in terms of expression amplitudes, but also in terms of time progression since

305 views • 13 slides
Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on Aligned Artificial Intelligence Many thanks to Catherine Olsson for feedback on drafts The Alignment Problem (This is now fixed. Dont try it!)

626 views • 30 slides
Algorithms in Bioinformatics: A Practical Introduction Multiple Sequence Alignment Multiple

Algorithms in Bioinformatics: A Practical Introduction Multiple Sequence Alignment Multiple

Algorithms in Bioinformatics: A Practical Introduction Multiple Sequence Alignment Multiple Sequence Alignment Given k sequences S = { S 1 , S 2 , , S k } . A multiple alignment of S is a set of k equal- length sequences { S 1 ,

652 views • 47 slides
RTCP Extension For Time Alignment draft-taylor-avt-time-align-00.txt Tom Taylor et al IETF 66

RTCP Extension For Time Alignment draft-taylor-avt-time-align-00.txt Tom Taylor et al IETF 66

RTCP Extension For Time Alignment draft-taylor-avt-time-align-00.txt Tom Taylor et al IETF 66 Draft Contents Statement of problem and requirements Definition of a time alignment feedback message Time alignment procedures Sender

611 views • 6 slides

More recommend