rewriting and repair
play

Rewriting and Repair Mathias Payer*, Boris Bluntschli, Thomas R. - PowerPoint PPT Presentation

Dec 30, 2023 •194 likes •409 views

DynSec: On-the-fly Code Rewriting and Repair Mathias Payer*, Boris Bluntschli, Thomas R. Gross Department of Computer Science ETH Zurich * now at UC Berkeley Security dilemma Integrity and availability threatened by vulnerabilities Two

  1. DynSec: On-the-fly Code Rewriting and Repair Mathias Payer*, Boris Bluntschli, Thomas R. Gross Department of Computer Science ETH Zurich * now at UC Berkeley

  2. Security dilemma Integrity and availability threatened by vulnerabilities Two remedies: update or sandboxing • Security updates fix known vulnerabilities but require service restart • Sandboxes protect from unknown exploits but stop the service when an attack is detected

  3. DynSec in 2 Minutes Key insight: both sandboxes and dynamic update mechanisms rely on some form of virtualization Binary Translation (BT) provides virtualization • Sandbox protects integrity • Dynamic update mechanism protects availability

  4. DynSec in 2 Minutes Application DynSec Patches Binary Translation Loader Kernel Patch extraction and distribution

  5. Outline Application DynSec Patches Binary Translation Loader Kernel Patch extraction and distribution

  6. Code Translation Binary Translator ● Translates individual basic blocks ● Weave patches into translated code ● Protect from security exploits Original Code Translated Code 1' 1 2 2' 3 3' 4 Kernel

  7. Outline Application DynSec Patches Binary Translation Loader Kernel Patch extraction and distribution

  8. Patching Architecture DynSec thread waits for incoming patches Patch application happens in 3 steps: • Signal all application threads to stop • Flush all code caches • Restart application threads Patch is applied indirectly when code is retranslated • BT checks for every instruction if a patch is available

  9. Outline Application DynSec Patches Binary Translation Loader Kernel Patch extraction and distribution

  10. Patch Format The focus of DynSec is on security patches • Most security patches are only few lines of code • Type changes and code refactoring out of scope Patches are sets of changed instructions Each patch may specify additional shared library for more heavyweight changes

  11. Patch Extraction Build patched application with current toolchain Extract instruction differences between patched and unpatched version of the binary (per function) • Changed instructions are added to patch • Check differences in static read-only data • Manually ensure integrity of patch (no type changes, no data changes)

  12. Patch Distribution Most Linux distributions provide dynamic update service, piggy pack on this distribution service • Automatically generate a dynamic patch when new package is generated • Systems download packages and install dynamic patches to running services • System administrators update binaries during next maintenance window

  13. Outline Application DynSec Patches Binary Translation Loader Kernel Patch extraction and distribution

  14. Implementation DynSec builds on TRuE/libdetox [IEEE S&P’12, ACM VEE’11] • Patching thread injected in BT layer • Implemented in <2000 LoC • 48 LoC changed in TRuE to add DynSec hooks • Supports unmodified, unaware, multi-threaded x86 applications on Linux

  15. Evaluation DynSec evaluated using SPEC CPU2006 • CPU: Intel Core2 Quad Q6600 @ 2.64GHz, 8GB RAM • Ubuntu 11.04, Linux 2.6.38 • Used GCC 4.5.1 with – O2 Three configurations • Native • Sandboxing (use TRuE w/ shadow stack and checks) • DynSec (with one large patch)

  16. 0.5 1.5 2.5 0 1 2 SPEC CPU2006: Performance 400.perlbench 401.bzip2 403.gcc 429.mcf 445.gobmk 456.hmmer 458.sjeng 462.libquantum 464.h264ref 471.omnetpp Sandbox 473.astar 410.bwaves 416.gamess 433.milc DynSec 434.zeusmp 435.gromacs 436.cactusADM 437.leslie3d 444.namd 450.soplex 453.povray 454.calculix 459.GemsFDTD 465.tonto 470.lbm 482.sphinx3 Mean

  17. 0.5 1.5 2.5 0 1 2 SPEC CPU2006: Performance 400.perlbench 401.bzip2 Low performance overhead 403.gcc 429.mcf 445.gobmk 456.hmmer 458.sjeng 462.libquantum 464.h264ref 471.omnetpp Sandbox (~11%) 473.astar 410.bwaves 416.gamess 433.milc DynSec 434.zeusmp 435.gromacs 436.cactusADM 437.leslie3d 444.namd 450.soplex 453.povray 454.calculix 459.GemsFDTD 465.tonto 470.lbm 482.sphinx3 Mean

  18. CoreHTTP Security Study CoreHTTP is a simple web server with CGI support We evaluate three security vulnerabilities • CVE-2007-4060: missing input sanitation in sscanf (results in buffer overflow) • CVE-2009-3586: off-by-one error in input sanitation (results in 1 byte buffer overflow) • ExploitDB-10610: arbitrary command execution ( popen is called with unescaped input string) DynSec patches each vulnerability and protects CoreHTTP from exploitation

  19. Outline Application DynSec Patches Binary Translation Loader Kernel Patch extraction and distribution

  20. Conclusion DynSec offers on-the-fly code rewriting and repair for unmodified applications Use virtualization (through Binary Translation) to combine power of two worlds: • Sandbox protects integrity (control-flow protection) • Dynamic update framework provides availability

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language

Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language

Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language capture local tree information by rewriting the grammar so that the rules capture the Processing regularities we want. By splitting and merging the

417 views • 5 slides
On Data-Structure Rewriting Rachid Echahed LIG Lab, Grenoble France June, 2010 Rewriting

On Data-Structure Rewriting Rachid Echahed LIG Lab, Grenoble France June, 2010 Rewriting

On Data-Structure Rewriting Rachid Echahed LIG Lab, Grenoble France June, 2010 Rewriting (reminder) A rewrite relation R is a binary relation R A A ( u , v ) R is read u rewrites into v and written u v Rewriting

1.02k views • 75 slides
Tissue Repair Kristine Krafts, M.D. Tissue Repair Lecture Objectives Define tissue repair,

Tissue Repair Kristine Krafts, M.D. Tissue Repair Lecture Objectives Define tissue repair,

Tissue Repair Kristine Krafts, M.D. Tissue Repair Lecture Objectives Define tissue repair, regeneration, and scarring. Explain the difference between labile, stable, and permanent tissues, and give examples of each. Explain the

620 views • 38 slides
TRI-REPAIR: 30-Day Outcomes of Transcatheter TV Repair in Patients With Severe Secondary

TRI-REPAIR: 30-Day Outcomes of Transcatheter TV Repair in Patients With Severe Secondary

TRI-REPAIR: 30-Day Outcomes of Transcatheter TV Repair in Patients With Severe Secondary Tricuspid Regurgitation Georg Nickenig, MD Heart Center University of Bonn Germany Disclosure Statement of Financial Interest Within the past 12

534 views • 21 slides
2018 Repair irs and Repair ir Opti tions movin ing forw rward WPF has been experiencing

2018 Repair irs and Repair ir Opti tions movin ing forw rward WPF has been experiencing

Western Fin inancial Pla lace Cit City of f Cr Cranbrook Co Council il Prese sentatio ion February 25 th , 2019 Presentation by: Building Consulting Services Kevin Wilkins 2018 Repair irs and Repair ir Opti tions movin ing forw

551 views • 25 slides
Rewriting Part 4. Termination of Term Rewriting Systems Temur Kutsia RISC, JKU Linz Termination

Rewriting Part 4. Termination of Term Rewriting Systems Temur Kutsia RISC, JKU Linz Termination

Rewriting Part 4. Termination of Term Rewriting Systems Temur Kutsia RISC, JKU Linz Termination Definition 4.1 A term rewriting system R is terminating iff R is terminating, i.e., there is no infinite reduction chain t 0 R t 1 R t

1.22k views • 94 slides
The Rewriting Logic Semantics Project and its Maude Implementation Jos e Meseguer University

The Rewriting Logic Semantics Project and its Maude Implementation Jos e Meseguer University

The Rewriting Logic Semantics Project and its Maude Implementation Jos e Meseguer University of Illinois at Urbana-Champaign Summer School on Language Frameworks, Sinaia, July 2012 Meseguer Rewriting Logic Semantics The Rewriting Logic

401 views • 29 slides
Problems with open approach History of popliteal aneurysm repair 1888, Rudolph Matas first

Problems with open approach History of popliteal aneurysm repair 1888, Rudolph Matas first

4/3/2014 History of popliteal aneurysm repair Outcomes for Endovascular Treatment of Popliteal Aneurysms 2nd century AD, Antyllus, the Father of Aneurysm are Similar to Open Repair Surgery performed the first recorded aneurysm repair

185 views • 5 slides
Term rewriting Equational logic Term rewriting systems Termination Confluence

Term rewriting Equational logic Term rewriting systems Termination Confluence

Term rewriting Equational logic Term rewriting systems Termination Confluence Rapid prototyping Summary and Exercises Equational logic Reflexivity t = t t 1 = t 2 Symmetry t 2 = t 1 t 1 = t 2 t 2 = t 3 Transitivity t 1 =

769 views • 52 slides
YARR! Yet Another Rewriting Reasoner Jrg Schnfisch ORE Workshop 2013 Ulm, Germany,

YARR! Yet Another Rewriting Reasoner Jrg Schnfisch ORE Workshop 2013 Ulm, Germany,

YARR! Yet Another Rewriting Reasoner Jrg Schnfisch ORE Workshop 2013 Ulm, Germany, 22.07.2013 Agenda Introduction Query Rewriting Architecture &amp; Implementation Performance Current development Introduction | Query Rewriting |

310 views • 17 slides
Carbon Fiber Composites for Concrete Repair UNIQUE FRP TECHNOLOGY USED TO REPAIR AND

Carbon Fiber Composites for Concrete Repair UNIQUE FRP TECHNOLOGY USED TO REPAIR AND

Carbon Fiber Composites for Concrete Repair UNIQUE FRP TECHNOLOGY USED TO REPAIR AND STRENGTHEN MUNICIPAL AQUEDUCT SYSTEM Jay Thomas, Vice President Structural Preservation Systems, Inc., Springfield, Virginia One of the first-ever

487 views • 3 slides
Transforming Cycle Rewriting into String Rewriting David Sabel 1 and Hans Zantema 2 , 3 1 Goethe

Transforming Cycle Rewriting into String Rewriting David Sabel 1 and Hans Zantema 2 , 3 1 Goethe

Transforming Cycle Rewriting into String Rewriting David Sabel 1 and Hans Zantema 2 , 3 1 Goethe University Frankfurt, Germany 2 TU Eindhoven, The Netherlands 3 Radboud University Nijmegen, The Netherlands RTA 2015, Warsaw, Poland 1 Cycle

722 views • 46 slides
Do Automated Program Repair Techniques Repair Hard and Important Bugs? Manish Motwani Sandhya

Do Automated Program Repair Techniques Repair Hard and Important Bugs? Manish Motwani Sandhya

Do Automated Program Repair Techniques Repair Hard and Important Bugs? Manish Motwani Sandhya Sankarnarayanan Ren e Just Yuriy Brun University of Massachusetts Amherst Automatic Program Repair: An Active Research Area patched program

525 views • 37 slides
Term rewriting in partial algebras Norbert Dojer 20.06.2014 Term rewriting motivating

Term rewriting in partial algebras Norbert Dojer 20.06.2014 Term rewriting motivating

Term rewriting in partial algebras Norbert Dojer 20.06.2014 Term rewriting motivating example How to check whether two polynomial expressions are equal? ? ( x + 1) 2 x ( x + 2)( x 1) + 3 = = x 2 + 2 x

308 views • 16 slides
Design of Repair Operators for Automated Program Repair Shin Hwei Tan National University of

Design of Repair Operators for Automated Program Repair Shin Hwei Tan National University of

Design of Repair Operators for Automated Program Repair Shin Hwei Tan National University of Singapore What is automated program repair? BUG! Given a failing Test T , buggy program P 1.Fault localization Where to fix? 2. Patch Generation

517 views • 22 slides
Aortic Arch repair Tim Chuter, MD Professor of Surgery In-Residence, UCSF UCSF UCSF Arch

Aortic Arch repair Tim Chuter, MD Professor of Surgery In-Residence, UCSF UCSF UCSF Arch

Arch Repair Aortic Arch repair Tim Chuter, MD Professor of Surgery In-Residence, UCSF UCSF UCSF Arch Repair Arch Repair CHIMPS Options Chimneys, Periscopes, Snorkels Hypothermic circulatory arrest Debranching Snorkel

331 views • 7 slides
Student Code of Conduct Revision AGC - Presentation 1 Lina Blair Amy Kudrna Student Code

Student Code of Conduct Revision AGC - Presentation 1 Lina Blair Amy Kudrna Student Code

Student Code of Conduct Revision AGC - Presentation 1 Lina Blair Amy Kudrna Student Code Review Team Members Amy Kudrna - Chemistry (Co-Chair) Lina Blair - Student Life and Conduct (Co-Chair) Carmen Andert - Mathematics Chris

433 views • 18 slides
School Employer Advisory Committee February 5, 2020 1 Legislative Update Andrea Peters

School Employer Advisory Committee February 5, 2020 1 Legislative Update Andrea Peters

School Employer Advisory Committee February 5, 2020 1 Legislative Update Andrea Peters Legislative Affairs Division 2 Payroll Reporting for Certificated Members Kevin Lau Employer Account Management Division 3 School Employer Advisory

1.14k views • 75 slides
with Reed v. Gilbert Daniel Kenny Ogden Murphy Wallace Time Flies. Reed v. Town of

with Reed v. Gilbert Daniel Kenny Ogden Murphy Wallace Time Flies. Reed v. Town of

Updating Your Sign Code to Comply with Reed v. Gilbert Daniel Kenny Ogden Murphy Wallace Time Flies. Reed v. Town of Gilbert was decided June 18, 2015 Thats a one year and eight months ago We talked about the Reed case at

557 views • 20 slides
KNOW THE CODE OF STUDENT ACADEMIC INTEGRITY Presented By: Amy Kelso, Office of Legal Affairs

KNOW THE CODE OF STUDENT ACADEMIC INTEGRITY Presented By: Amy Kelso, Office of Legal Affairs

KNOW THE CODE OF STUDENT ACADEMIC INTEGRITY Presented By: Amy Kelso, Office of Legal Affairs Bruce Long, Chair of the Academic Integrity Board Laura Bizzell, Student Conduct &amp; Academic Integrity Kaela Lindquist, Student Conduct &amp;

552 views • 22 slides
Land Development Code Revision Austin, Texas Clarion Associates, Canales-Sondegroth &amp;

Land Development Code Revision Austin, Texas Clarion Associates, Canales-Sondegroth &amp;

Statement of Qualifications for the Land Development Code Revision Austin, Texas Clarion Associates, Canales-Sondegroth &amp; Associates Group Solutions RJW Carter Design Associates Karen McGraw Architect LLC Chan &amp; Partners Engineering

974 views • 30 slides
ZONING PROJECT RE:CODE JULY 17, 2019 REACHING OUR COMMUNITY VISION WITH GOOD PLANNING TOOLS

ZONING PROJECT RE:CODE JULY 17, 2019 REACHING OUR COMMUNITY VISION WITH GOOD PLANNING TOOLS

COMMUNITY PLANNING ZONING PROJECT RE:CODE JULY 17, 2019 REACHING OUR COMMUNITY VISION WITH GOOD PLANNING TOOLS Project Re: Code Steering Committee City-County Planning Staff 2016 Growth Policy Updates Billings and Lockwood adopted new

420 views • 19 slides
Code of Student Conduct Revision Graduate Student Senate Student Government Association Student

Code of Student Conduct Revision Graduate Student Senate Student Government Association Student

Code of Student Conduct Revision Graduate Student Senate Student Government Association Student Affairs and Campus Life Advisory Board Agenda Introduction/Purpose Highlights from the draft revision Discussion/Feedback Introductions

540 views • 11 slides
Team Georgia Marketplace Financials 9.2 Upgrade Department of Administrative Services For

Team Georgia Marketplace Financials 9.2 Upgrade Department of Administrative Services For

Team Georgia Marketplace Financials 9.2 Upgrade Department of Administrative Services For Internal Use Only - 2008 Financials 9.2 Upgrade Supplier Contracts http://doas.ga.gov/state-purchasing/purchasing- 2 tools/nigp-codes Department of

440 views • 30 slides

More recommend