docovery toward generic automatic
play

Docovery : Toward Generic Automatic Document Recovery Tomasz Kuchta - PowerPoint PPT Presentation

Feb 13, 2023 •209 likes •591 views

Docovery : Toward Generic Automatic Document Recovery Tomasz Kuchta omasz Kuchta Miguel Castro Cristian Cadar Manuel Costa ASE14, 18 th September 2014 This work is supported by Microsoft Research through its PhD Scholarship Programme

  1. Docovery : Toward Generic Automatic Document Recovery Tomasz Kuchta omasz Kuchta Miguel Castro Cristian Cadar Manuel Costa ASE’14, 18 th September 2014 This work is supported by Microsoft Research through its PhD Scholarship Programme Microsoft is a registered trademark of Microsoft Corporation

  2. The user is unable to open a document The user is unable to open a document 2

  3. Document is corrupt Document is corrupt Storage failure, network transfer failure, power outage 3

  4. Application has bugs Application has bugs Buffer overflows, divisions by zero Assertion failures, exceptions Incompatibility across versions / applications 4

  5. Such problems are highly user-visible They account for a large number of security vulnerabilities 5

  6. The root cause of the problem Application is unable to handle corrupt or uncommon documents Example: pine – a text mode e-mail client Special “From:” field crashes the program From: "\"\"\"\"\"\"\"\"\"...\"\"\"\"\"\"\""@host.fubar 6

  7. What can we do about that? Try to fix the pr ry to fix the program ogram Automatic patch generation [GenProg, WCCI’08, ICSE’09; SemFix, ICSE’13; etc.] Try to pr ry to protect the pr otect the program ogram Automatic input filter generation [ Vigilante , SOSP’05; Shieldgen, S&P’07; etc.] 7

  8. What can we do about that? Try to fix the document ry to fix the document Use format specification [DS repair, OOPSLA’03] Learn and apply the correct values [ SOAP , ICSE’12] Truncate the document Try to guess the right value Or … Or … 8

  9. Is it possible to fix a broken document, without assuming any input format, in a way that preserves the original contents as much as possible? 9

  11. 11

  12. 12

  13. 13

  14. Ident Identify Potent ify Potential ially ly 1 Corrupt Bytes Corrupt Bytes Byte #4: 'x' Byte #8: 'y' Taint Tracking 14

  15. Ident Identify Potent ify Potential ially ly 1 Corrupt Bytes Corrupt Bytes Change The Bytes T Change The Bytes To o Byte #4: 'x' 2 Execute Anot Execute Another Pat her Path Byte #8: 'y' Byte #4: 'z' Byte #8: 'y' ¡ Taint Tracking ¡ ¡ Symbolic Execution 15

  16. Identify Potent Ident ify Potential ially ly 1 Corrupt Bytes Corrupt Bytes Change The Bytes To Change The Bytes T o Byte #4: 'x' 2 Execute Another Pat Execute Anot her Path Byte #8: 'y' Byte #4: 'z' Byte #8: 'y' ¡ Taint Tracking ¡ ¡ Symbolic Execution 3 Pick The Best Candidate Pick The Best Cand idate ¡ ¡ ¡ Levenshtein distance ¡ ¡ ¡ ¡ and manual inspection ¡ ¡ ¡ ¡ ¡ 16

  17. Docovery process Broken document execution Alternative paths exploration 17

  18. Br Broken document execution oken document execution Alternative paths exploration Taint tracking Track the flow of data from a source (input) to a sink (point of crash) Identifying potentially corrupt bytes Byte-level precision No control flow dependencies Byte #4: 'x' No address tainting Byte #8: 'y' 18

  19. Br Broken document execution oken document execution Alternative paths exploration Collecting alternative paths Mark the potentially corrupt bytes as symbolic Lazily verify feasibility 19

  20. Broken document execution Alter Alternative paths exploration native paths exploration Path selection Last N deepest paths are collected Start from the paths closest to the crash point 20

  21. Broken document execution Alter Alternative paths exploration native paths exploration Negate the K th constraint and drop the remaining Ask constraint solver for a satisfying assignment Path P 3 : C 1 ∧ C 2 ∧ ᒣ C 3 Path P 2 : C 1 ∧ ᒣ C 2 21

  22. Broken document execution Alter Alternative paths exploration native paths exploration Candidate execution Store the candidate Re-run the program natively Successful if not crashing 22

  23. Evaluating candidate documents Levenshtein Levenshtein distance (edit distance) distance (edit distance) Byte-level similarity metric Independent of document format Smaller distance = higher similarity Semi-automatic evaluation of pr Semi-automatic evaluation of program output ogram output Looking for warnings / errors, exit code Similarity to the correct output 23

  25. Implementation Implementation Built on top of KLEE [OSDI’08] Using ZESTI functionality [ICSE’12] Interprets LLVM bitcode of C applications 25

  26. Benchmarks pr – a pagination utility pine – a text-mode e-mail client dwarfdump – a debug information display tool readelf – an ELF file information display tool Max number of Max number of Benchmark Benchmark Document type Document type Document Sizes Document Sizes changed bytes changed bytes Plain text up to 256 pages / 1080 KB 1 pr MBOX mailbox up to 320 e-mails / 2.3 MB 24 pine DWARF executables up to 1.1 MB 1 dwarfdump ELF object files up to 1.5 MB 8 readelf 26

  27. Bugs Known, real-world bugs injected manually pr, pine, readelf – buffer overflow dwarfdump – division by zero Benchmark Benchmark ‘Buggy’ sequence ‘Buggy’ sequence pr Lorem ipsum... 0x08 0x08...0x09 EOF pine ...From: " \"\"\"\"\"\"\"\...\"\"\"\" "@host.fubar... dwarfdump ...GCC: (Ubuntu/Linaro 4.6.3... 0x00 0x00... readelf ... 0xFD 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF ... 27

  28. Regardless of Taint tracking results document size ¡ Number of potentially Number of potentially Benchmark Benchmark Document Document corrupt bytes corrupt bytes ¡ 1 – 256 pages / 4.4 – 1080 KB 1 pr ¡ 5 – 320 e-mails / 13 KB – 2.3MB 25 pine 62 KB – 1.1 MB 2 dwarfdump 54 KB – 1.5 MB 16 readelf pr: Lorem ipsum...08 08...09 EOF pine: "\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"..."@host dwarfdump: ...GCC: (Ubuntu/Linaro 4.6.3...00 00... readelf: ...40 01 00 00 00 00 00 00...FD FF FF FF FF FF FF FF... 28

  29. Candidates for pr Candidates for Document Document ‘Buggy’ sequence ‘Buggy’ sequence Original Lorem ipsum...0x08 0x08... 0x09 EOF Candidate A Lorem ipsum...0x08 0x08... 0x00 EOF Candidate B Lorem ipsum...0x08 0x08... 0x0C EOF Candidate C Lorem ipsum...0x08 0x08... 0x0A EOF All the candidates print out correctly 29

  30. Candidates for pine Candidates for Document Document ‘Buggy’ sequence ‘Buggy’ sequence Original From: " \"\"\"\"................\" "@host.fubar Candidate A From: "\"\ ... \ 0x0E... \ 0x0E \"...\""@host.fubar Candidate B From: "\"\...\ \ \ 0x0E.. \ 0x0E \"..\""@host.fubar Candidate C From: "\"\. .. \ 0x00 \" ........... \""@host.fubar 30

  31. Candidates for dwarfdump Candidates for Document Document ‘Buggy’ sequence ‘Buggy’ sequence Original ...GCC: (Ubuntu/Linaro 4.6.3... 0x00 0x00 ... Candidate A ...GCC: (Ubuntu/Linaro 4.6.3... 0x01 0x00... Candidate B ...GCC: (Ubuntu/Linaro 4.6.3...0x00 0x01 ... Candidate A: debug dump, success return code Candidate B: error 31

  32. Candidates for readelf Candidates for Document Document ‘Buggy’ sequence ‘Buggy’ sequence Original … 40 01 00 00 00 00 00 00 … FD FF FF FF FF FF FF FF … Candidate A … 40 01 00 00 00 00 00 00 … F0 01 00 00 00 00 00 80 … Candidate B … FE FF FF FF FF FF FF FF … FD FF FF FF FF FF FF FF … Candidate C … 00 00 00 00 00 00 00 00 … FD FF FF FF FF FF FF FF … Candidate A: most of output, but with a warning Candidate B: almost no output and an error Candidate C: almost no output (no debug data) 32

  33. Performance varies across applications Sometimes, the recovery is cheap dwarfdump ¡– ¡total ¡recovery ¡;me ¡ readelf ¡– ¡total ¡recovery ¡;me ¡ 40 ¡ 50 ¡ 35 ¡ 40 ¡ 30 ¡ Time ¡[s] ¡ 25 ¡ Time ¡[s] ¡ 30 ¡ 20 ¡ 20 ¡ 15 ¡ 10 ¡ 10 ¡ 5 ¡ 0 ¡ 0 ¡ 62 ¡ 129 ¡ 268 ¡ 612 ¡ 1089 ¡ 54 ¡ 102 ¡ 202 ¡ 454 ¡ 878 ¡ 1615 ¡ Size ¡[KB] ¡ Size ¡[KB] ¡ 33

  34. Performance varies across applications Sometimes, the recovery is expensive pr ¡– ¡total ¡recovery ¡;me ¡ pine ¡– ¡total ¡recovery ¡;me ¡ 2000 ¡ 2000 ¡ 1500 ¡ 1500 ¡ Time ¡[s] ¡ Time ¡[s] ¡ 1000 ¡ 1000 ¡ 500 ¡ 500 ¡ 0 ¡ 0 ¡ 4.4 ¡ 8.6 ¡ 17 ¡ 34 ¡ 68 ¡ 136 ¡ 271 ¡ 541 ¡1080 ¡ 5 ¡ 10 ¡ 20 ¡ 40 ¡ 80 ¡ 160 ¡ 320 ¡ Size ¡[KB] ¡ # ¡of ¡e-­‑mails ¡ 34

  35. Performance depends on the executed path dwarfdump ¡– ¡total ¡recovery ¡;me ¡(-­‑r) ¡ dwarfdump ¡– ¡total ¡recovery ¡;me ¡ 40 ¡ 4000 ¡ 35 ¡ 3500 ¡ 30 ¡ 3000 ¡ Time ¡[s] ¡ 25 ¡ Time ¡[s] ¡ 2500 ¡ 20 ¡ 2000 ¡ 15 ¡ 1500 ¡ 10 ¡ 1000 ¡ 5 ¡ 500 ¡ 0 ¡ 0 ¡ 62 ¡ 129 ¡ 268 ¡ 612 ¡ 1089 ¡ 62 ¡ 129 ¡ 268 ¡ 612 ¡ 1089 ¡ Size ¡[KB] ¡ Size ¡[KB] ¡ 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

Topics background and goals of generic programming basics of generic classes = parameterized types generic methods for general algorithms inheritance rules for generic types Generic programming in Java bounded type parameters

261 views • 5 slides
Automatic Presentations and Classes of Semigroups Graham Oliver University of Leicester Joint

Automatic Presentations and Classes of Semigroups Graham Oliver University of Leicester Joint

Automatic Presentations and Classes of Semigroups Graham Oliver University of Leicester Joint work with Prof. Rick Thomas 1 Automatic Presentations Finite presentations of infinite structures Generic approach to deciding FO theory

357 views • 11 slides
Generic Methods 36 What are Generic Methods? Generic methods = methods that introduce type

Generic Methods 36 What are Generic Methods? Generic methods = methods that introduce type

Generic Methods 36 What are Generic Methods? Generic methods = methods that introduce type parameters Similar to declaring a generic type but type parameter's scope is limited to method where it is declared The following are

584 views • 6 slides
Topics to be covered Motivation: match application domains Generic match operator

Topics to be covered Motivation: match application domains Generic match operator

A survey of approaches to automatic schema matching E. Rahm, and P. A. Bernstein. The VLDB Journal , 10(3): 334-350, 2001. Presented by Joel So (j2so@cs.uwaterloo.ca) Topics to be covered Motivation: match application domains Generic

397 views • 8 slides
Generic classes Declaration Use Annotations 54 Generic classes Declaration add

Generic classes Declaration Use Annotations 54 Generic classes Declaration add

Generic classes Declaration Use Annotations 54 Generic classes Declaration add generic types between angle brackets: public class MyStack < E,F >{ E item; } 55 Generic Classes Use MyStack<Integer> ms= new

273 views • 23 slides
Generic functional programming Basic idea: define generic functions by induction on the

Generic functional programming Basic idea: define generic functions by induction on the

A Hitchhikers Guide to the Universes (Universes for Generic Programs and Proofs) Marcin Benke Peter Dybjer Patrik Jansson Chalmers Technical University Main goals: extend generic programming to functional languages with dependent types

250 views • 10 slides
Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter Morris pwm@cs.nott.ac.uk University of Nottingham Generic Programming in a Dependently Typed Language p. 1/12 This talk We introduce a

599 views • 45 slides
ADAGE Automatic Deployment of Applications in a Grid Environment Key concepts Supports several

ADAGE Automatic Deployment of Applications in a Grid Environment Key concepts Supports several

ADAGE Automatic Deployment of Applications in a Grid Environment Key concepts Supports several programming models Generic description of an application High-level description of resources Creates a deployment plan Placement constraints

288 views • 12 slides
Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1

Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1

Block cipher modes Generic Encryption Mode Our Approach Our Hoare Logic Result Conclusion Towards Automatic Proofs for Symmetric Encryption Modes e 2 Pascal Lafourcade 1 Yassine Lakhnech 1 Martin Gagn Reihaneh Safavi-Naini 2 1 Universit

663 views • 35 slides
GENERICS A generic type is a generic class or interface that is parameterized over types. 1 / 6

GENERICS A generic type is a generic class or interface that is parameterized over types. 1 / 6

GENERICS A generic type is a generic class or interface that is parameterized over types. 1 / 6 Weve already seen examples of generic classes ArrayList<T>; HashMap<K, V>; Where T is being used to represent the type of each

304 views • 6 slides
What are Generics? e.g. Generics, Generic Programming, Generic Types, Generic Methods 6

What are Generics? e.g. Generics, Generic Programming, Generic Types, Generic Methods 6

What are Generics? e.g. Generics, Generic Programming, Generic Types, Generic Methods 6 Defining the idea Behind Java Generics Data Types are now used as Type Parameters 7 Defining the idea Behind Java Generics Generic Types: generic

601 views • 23 slides
Planning and Optimization C14. Merge-and-Shrink Abstractions: Generic Algorithm Malte Helmert and

Planning and Optimization C14. Merge-and-Shrink Abstractions: Generic Algorithm Malte Helmert and

Planning and Optimization C14. Merge-and-Shrink Abstractions: Generic Algorithm Malte Helmert and Gabriele R oger Universit at Basel November 14, 2016 Generic Algorithm Summary Generic Algorithm Generic Algorithm Summary Generic

272 views • 24 slides
Patients Must Have Immediate Access to Affordable Generic Medicines at Day One After Patent

Patients Must Have Immediate Access to Affordable Generic Medicines at Day One After Patent

Patients Must Have Immediate Access to Affordable Generic Medicines at Day One After Patent Expiry Generic Medicines: Key to Healthcare Sustainability and Patient Care EGA represents over 700 companies in 34 European countries Generic

728 views • 25 slides
Deriving Generic Functions by Example Neil Mitchell www.cs.york.ac.uk/~ndm/derive Generic

Deriving Generic Functions by Example Neil Mitchell www.cs.york.ac.uk/~ndm/derive Generic

Deriving Generic Functions by Example Neil Mitchell www.cs.york.ac.uk/~ndm/derive Generic Functions Operates on many data types Think of equality Comparing two integers, booleans, lists, trees Usually, must give each version

450 views • 28 slides
A Generic Programming A Generic Programming Toolkit Toolkit for PADS/ML for PADS/ML Mary

A Generic Programming A Generic Programming Toolkit Toolkit for PADS/ML for PADS/ML Mary

A Generic Programming A Generic Programming Toolkit Toolkit for PADS/ML for PADS/ML Mary Fernndez, Kathleen Fisher, Yitzhak Mandelbaum AT&T Labs Research J. Nathan Foster, Michael Greenberg University of Pennsylvania PADL 2008 Data,

763 views • 51 slides
Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement

Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement

Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement Security Project Automatic Enrollment Works Legal since 1999. All legal questions resolved 2006. Most larger 401(k)s incorporate automatic

137 views • 13 slides
APA 3 readout problems Philip Rodrigues University of Oxford November 8, 2019 1 First

APA 3 readout problems Philip Rodrigues University of Oxford November 8, 2019 1 First

APA 3 readout problems Philip Rodrigues University of Oxford November 8, 2019 1 First realization of problem Run 10116, plots from David Adams: Two clear problems: FEMB302 timing offset. Seen before with RCE readout FEMB307 data

311 views • 10 slides
Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of

Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of

Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of MPC Adaptive corruptions: Adaptive corruptions: adversary can decide who to corrupt adaptively during the adversary can decide who to corrupt

974 views • 83 slides
Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische Universit at M unchen 2015-9-23 1 Chapter 1 Introduction 2 1 Background 2 This Course 3 1 Background 2 This Course 4 Why Semantics?

538 views • 27 slides
In proof based classes My Background 4x Intro to proofs course 2x Abstract algebra Intro

In proof based classes My Background 4x Intro to proofs course 2x Abstract algebra Intro

In proof based classes My Background 4x Intro to proofs course 2x Abstract algebra Intro to proofs: The Challenge The same question is relevant on day 1 and the last day of class. Example: Show that the sum of two odd integers is

424 views • 9 slides
Math 3230 Abstract Algebra I Sec 3.2: Cosets Slides created by M. Macauley, Clemson (Modified by

Math 3230 Abstract Algebra I Sec 3.2: Cosets Slides created by M. Macauley, Clemson (Modified by

Math 3230 Abstract Algebra I Sec 3.2: Cosets Slides created by M. Macauley, Clemson (Modified by E. Gunawan, UConn) http://egunawan.github.io/algebra Abstract Algebra I Sec 3.2 Cosets Abstract Algebra I 1 / 13 Idea of cosets Copies of the

243 views • 13 slides
Homogeneous spaces as coset spaces of groups from special classes K. Kozlov Lomonosov Moscow

Homogeneous spaces as coset spaces of groups from special classes K. Kozlov Lomonosov Moscow

Example I Partial answer on Questions 1, 2 Example II Decompositions of actions Homogeneous spaces as coset spaces of groups from special classes K. Kozlov Lomonosov Moscow State University PRAGUE TOPOLOGICAL SYMPOSIUM July 2016 K. Kozlov

843 views • 83 slides
From Higher Spins to Strings Rajesh Gopakumar Harish-Chandra Research Institute Strings 2014,

From Higher Spins to Strings Rajesh Gopakumar Harish-Chandra Research Institute Strings 2014,

From Higher Spins to Strings Rajesh Gopakumar Harish-Chandra Research Institute Strings 2014, Princeton, June 24th, 2014 Based on: M. R. Gaberdiel and R. G. (arXiv:1406.tmrw and also 1305.4181) Why are We Studying Higher Spin Theories? Free

541 views • 23 slides
Answer to a 1962 question of Zappa on cosets of Sylow subgroups Marston Conder University of

Answer to a 1962 question of Zappa on cosets of Sylow subgroups Marston Conder University of

Answer to a 1962 question of Zappa on cosets of Sylow subgroups Marston Conder University of Auckland Groups St Andrews, Birmingham, August 2017 Questions about cosets of Sylow subgroups In 1962, Guido Zappa asked the following questions: (1)

332 views • 19 slides

More recommend