self defending software g automatically patching errors
play

Self-defending software: g Automatically patching errors in - PowerPoint PPT Presentation

Oct 25, 2022 •413 likes •873 views

Self-defending software: g Automatically patching errors in deployed software Michael Ernst Michael Ernst University of Washington Joint work with: Joint work with: Saman Amarasinghe, Jonathan Bachrach, Michael Carbin, Sung Kim, Samuel

  1. Self-defending software: g Automatically patching errors in deployed software Michael Ernst Michael Ernst University of Washington Joint work with: Joint work with: Saman Amarasinghe, Jonathan Bachrach, Michael Carbin, Sung Kim, Samuel Larsen, Mi h l C bi S Ki S l L Carlos Pacheco, Jeff Perkins, Martin Rinard, F Frank Sherwood, Stelios Sidiroglou, Greg k Sh d St li Sidi l G Sullivan, Weng-Fai Wong, Yoav Zibin

  2. Problem: Your code has bugs and vulnerabilities d l bili i • Attack detectors exist Attack detectors exist – Code injection, memory errors (buffer overrun) • Reaction: Reaction: – Crash the application • Loss of data Loss of data • Overhead of restart • Attack recurs • Denial of service – Automatically patch the application

  3. ClearView: S Security for legacy software it f l ft Requirements: Requirements: 1. Protect against unknown vulnerabilities 2 2. Preserve functionality P f ti lit 3. Commercial & legacy software

  4. 1. Unknown vulnerabilities 1. Unknown vulnerabilities • Proactively prevent attacks via unknown Proactively prevent attacks via unknown vulnerabilities – Zero-day exploits “Zero day exploits” – No pre-generated signatures – No hard-coded fixes No hard coded fixes – No time for human reaction – Works for bugs as well as attacks W k f b ll tt k

  5. 2. Preserve functionality 2. Preserve functionality • Maintain continuity: application Maintain continuity: application continues to operate despite attacks • For applications that require high availability For applications that require high availability – Important for mission-critical applications – Web servers, air traffic control, communications Web servers, air traffic control, communications • Technique: create a patch (repair the application) ( p pp ) – Patching is a valuable option for your toolbox

  6. 3. Commercial/ legacy software 3. Commercial/ legacy software • No modification to source or executables No modification to source or executables • No cooperation required from developers – Cannot assume built-in survivability features C t b ilt i i bilit f t – No source information (no debug symbols) • x86 Windows binaries

  7. Learn from success and failure Learn from success and failure • Normal executions show what the application Normal executions show what the application is supposed to do • Each attack (or failure) provides information about the underlying vulnerability • Repairs improve over time R i i ti – Eventually, the attack is rendered harmless – Similar to an immune system Similar to an immune system • Detect all attacks (of given types) – Prevent negative consequences – Prevent negative consequences – First few attacks may crash the application

  8. all executions Detect, learn, repair [Lin & Ernst 2003] [Li & E t 2003] Pluggable detector, Attack does not depend on learning detector detector normal attacks executions (or bugs) • Learn normal behavior (constraints) from successful runs Learning • Check constraints during attacks predictive • True on every good run constraints • False during every attack • Patch to re-establish constraints Repair • Evaluate and distribute patches patch Restores normal behavior

  9. A deployment of ClearView A deployment of ClearView Community machines Server (Server may be (Server may be replicated, distributed, etc.) Threat model does not (yet!) include malicious nodes Encrypted, authenticated communication

  10. Learning normal behavior Learning normal behavior Community machines Observe normal behavior Generalize observed behavior Server … copy_len ≤ buff_size … Clients send Server generalizes inference results (merges results) Clients do local inference

  11. Attack detection & suppression Attack detection & suppression Community machines Server Detectors used in our research: – Code injection (Memory Firewall) – Memory corruption (Heap Guard) – Memory corruption (Heap Guard) Many other possibilities exist Detector collects information and terminates application

  12. Learning attack behavior Learning attack behavior Community machines What was the effect of the attack? Server Clients send difference in Server correlates behavior: violated constraints Instrumentation continuously constraints to attack evaluates learned behavior

  13. Repair Repair Community machines Propose a set of patches for each behavior that predicts the attack p Server Predictive: copy len ≤ buff size py_ _ Candidate patches: 1. Set copy_len = buff_size 2. Set copy len = 0 py_ 3. Set buff_size = copy_len 4. Return from procedure Server generates a set of patches

  14. Repair Repair Community machines Distribute patches to the community Server Ranking: P t h 1 Patch 1: 0 0 Patch 2: 0 Patch 3: 0 …

  15. Repair Repair Community machines Evaluate patches Success = no detector is triggered gg Server Ranking: P t h 3 Patch 3: +5 5 Patch 2: 0 Patch 1: -5 … When attacked, clients send outcome to server Detector is still Server ranks patches running on clients

  16. Repair Repair Community machines Redistribute the best patches Server Ranking: P t h 3 Patch 3: +5 5 Patch 2: 0 Patch 3 Patch 1: -5 … Server redistributes the most effective patches

  17. Outline Outline • Overview Overview • Learning normal behavior • Learning attack behavior L i tt k b h i • Repair: propose and evaluate patches • Evaluation: adversarial Red Team exercise • Conclusion Conclusion

  18. Learning normal behavior Learning normal behavior Community machines Generalize observed behavior Server … copy_len ≤ buff_size … Clients send Server generalizes inference results (merges results) Clients do local inference

  19. Dynamic invariant detection Dynamic invariant detection • Daikon generalizes observed program executions Candidate constraints: Remaining candidates: Observation: copy_len < buff_size copy_len < buff_size copy_len ≤ buff_size copy_len ≤ buff_size copy_len: 22 copy_len = buff_size l b ff i copy_len = buff_size l b ff i buff_size: 42 ff copy_len ≥ buff_size copy_len ≥ buff_size copy_len > buff_size copy_len > buff_size copy len ≠ buff size py_ _ copy len ≠ buff size py_ _ • Many optimizations for accuracy and speed Many optimizations for accuracy and speed – Data structures, code analysis, statistical tests, … • We further enhanced the technique q

  20. Quality of inference results Quality of inference results • Not sound – Overfitting if observed executions are not representative • Not complete – Templates are not exhaustive Templates are not exhaustive • Useful! • Unsoundness is not a hindrance Unsoundness is not a hindrance – Does not affect attack detection – For repair, mitigated by the correlation step – Continued learning improves results Continued learning improves results

  21. Outline Outline • Overview Overview • Learning normal behavior • Learning attack behavior L i tt k b h i • Repair: propose and evaluate patches • Evaluation: adversarial Red Team exercise • Conclusion Conclusion

  22. Detecting attacks (or bugs) Detecting attacks (or bugs) Goal: detect problems close to their source Goal: detect problems close to their source Code injection (Determina Memory Firewall) – Triggers if control jumps to code that was not T i if t l j t d th t t in the original executable M Memory corruption (Heap Guard) ti (H G d) – Triggers if sentinel values are overwritten These have low overhead and no false positives Other detectors are possible

  23. Learning from failures Learning from failures Each attack provides information about the Each attack provides information about the underlying vulnerability – That it exists That it exists – Where it can be exploited – How the exploit operates How the exploit operates – What repairs are successful

  24. Attack detection & suppression Attack detection & suppression Community machines Server Detector collects information and terminates application

  25. Learning attack behavior Learning attack behavior Community machines Where did the attack happen? scanf Server read_input p process_record _ main Detector maintains a shadow call stack Client sends attack info to server Detector collects information and terminates application

  26. Learning attack behavior Learning attack behavior Community machines Extra checking in attacked code Check the learned constraints Server scanf read_input process_record main Server generates Server sends instru- instrumentation for mentation to all clients targeted code locations Clients install instrumentation

  27. Learning attack behavior Learning attack behavior Community machines What was the effect of the attack? Server Predictive: Predictive: copy_len ≤ buff_size Clients send difference in Server correlates behavior: violated constraints Instrumentation continuously constraints to attack evaluates inferred behavior

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE

Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE

Restructuring Scientific Software using Semantic Patching with Coccinelle Michele MARTONE Leibniz Supercomputing Centre Garching bei M unchen, Germany Potsdam, de-RSE Conference June 4, 2019 (@LRZ.de) 1 / 57 Description de-RSE@Potsdam,

854 views • 64 slides
User Space Live Patching Joo Moreira SUSE Labs User Space Live Patching Joo Moreira

User Space Live Patching Joo Moreira SUSE Labs User Space Live Patching Joo Moreira

User Space Live Patching Joo Moreira SUSE Labs User Space Live Patching Joo Moreira (formerly at) SUSE Labs joao.moreira@lsc.ic.unicamp.br Software has bugs, and bugs have to be fixed + security issues + execution degradation + undefined

941 views • 46 slides
Android patching From a Mobile Device Management perspective Cedric Van Bockhaven

Android patching From a Mobile Device Management perspective Cedric Van Bockhaven

Introduction Background information SNE Research Project 2 Kernel patching Evaluation Android patching from the MDM Proof of concept Android patching From a Mobile Device Management perspective Cedric Van Bockhaven cbockhaven@os3.nl

466 views • 20 slides
ICA ICA ICA Self-Defending Networks Digital antibodies neutralize threats

ICA ICA ICA Self-Defending Networks Digital antibodies neutralize threats

ICA ICA ICA Self-Defending Networks Digital antibodies neutralize threats Automatically responds to threats faster than any security team can Takes measured, targeted actions Does not disrupt day-to-day business or

169 views • 5 slides
Basic Errors Compiling in Unix Syntax errors Common Errors, and Debugging Run-Time errors

Basic Errors Compiling in Unix Syntax errors Common Errors, and Debugging Run-Time errors

Basic Errors Compiling in Unix Syntax errors Common Errors, and Debugging Run-Time errors CS-121 Logic errors Syntax Errors Syntax Errors An error in which a C++ grammar rule has been violated. Are flagged at compile time Missing ;

338 views • 5 slides
AKVIS PHOTO PROCESSING SOFTWARE AKVIS PHOTO PROCESSING SOFTWARE AKVIS AirBrush automatically

AKVIS PHOTO PROCESSING SOFTWARE AKVIS PHOTO PROCESSING SOFTWARE AKVIS AirBrush automatically

AKVIS PHOTO PROCESSING SOFTWARE AKVIS PHOTO PROCESSING SOFTWARE AKVIS AirBrush automatically transforms a photograph into a work of art which looks like made with a special airbrush tool that sprays paints or inks AKVIS ArtSuite is an

132 views • 9 slides
Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Presenting a live 90 minute webinar with interactive Q&amp;A Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults, and Bankruptcy TUES DAY, DECEMBER 21, 2010 1pm Eastern |

1.33k views • 131 slides
Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai

Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors Sai Zhang Michael D. Ernst Google Research University of Washington Goal : helping developers improve software error diagnostic messages Input data

806 views • 38 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

540 views • 42 slides
Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware

Malware What is malware? Malware: malicious software worm ransomware adware virus trojan horse etc. and how do we fight it? AV software Firewalls Filtering Patching Writing more secure software

568 views • 22 slides
MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL GLOBAL EQUITIES OBAL EQUITIES TO US PRIV US PRIVATE CLIENT E CLIENTS Jonathan F Jonathan Foster ster President &amp; CEO Angeles Wealth

643 views • 19 slides
Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Presenting a live 90-minute webinar with interactive Q&amp;A Wrongful Death Claims and Survival Actions: Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex Valuation and Settlement Issues WEDNESDAY,

481 views • 26 slides
CDE: A tool for automatically creating reproducible experimental software packages Philip Guo 6

CDE: A tool for automatically creating reproducible experimental software packages Philip Guo 6

CDE: A tool for automatically creating reproducible experimental software packages Philip Guo 6 th -year Ph.D. student Department of Computer Science Stanford University pg@cs.stanford.edu http://www.stanford.edu/~pgbovine/cde.html Barriers

452 views • 23 slides
Automatically quantifying information leaks in software CREST January 2012 Pasquale Malacaria

Automatically quantifying information leaks in software CREST January 2012 Pasquale Malacaria

Automatically quantifying information leaks in software CREST January 2012 Pasquale Malacaria Queen Mary University of London 1 The problem An attacker has some a priori knowledge of the secret which is improved by observing the system

234 views • 21 slides
Bayes factors: A re-volution in psychology Geoff Patching Department of Psychology

Bayes factors: A re-volution in psychology Geoff Patching Department of Psychology

Bayes factors: A re-volution in psychology Geoff Patching Department of Psychology E-mail: geoffrey.patching@psy.lu.se The Bayes Factor The Bayes factor ( BF ) is the likelihood ratio of the evidences given the hypotheses ! # | % !

601 views • 13 slides
Automatically Documenting Program Changes Ray Buse Wes Weimer De ltaDoc 13 May 2011 diffs

Automatically Documenting Program Changes Ray Buse Wes Weimer De ltaDoc 13 May 2011 diffs

Automatically Documenting Program Changes Ray Buse Wes Weimer De ltaDoc 13 May 2011 diffs Commit Messages 13 th CREST Open Workshop Automated Software Engineering '10 So Much Change Automatically Documenting Program Changes 2 Understanding

589 views • 40 slides
H OW TO R EPAIR V ULNERABILITIES ? Correcting vulnerable logic, e.g. race condition

H OW TO R EPAIR V ULNERABILITIES ? Correcting vulnerable logic, e.g. race condition

A UTOMATIC P ROGRAM R EPAIR Zhen Huang 1 Penn State University Spring 2019 CMPSC 447, Software Security P RE PATCH W INDOW Attackers can leverage the window of time before a vulnerability is addressed. Attackers can exploit the

931 views • 60 slides
How to Waste Time and Money Testing the Performance of a Software Product David Daly | Lead

How to Waste Time and Money Testing the Performance of a Software Product David Daly | Lead

How to Waste Time and Money Testing the Performance of a Software Product David Daly | Lead Engineer -- Performance | @daviddaly44 | https://daviddaly.me/ - 22 % 2 3 Understand the performance of our software and when it changes. 4 How

668 views • 33 slides
The Real Deal of Android Device Security: The Third Party Collin Mulliner and Jon Oberheide

The Real Deal of Android Device Security: The Third Party Collin Mulliner and Jon Oberheide

The Real Deal of Android Device Security: The Third Party Collin Mulliner and Jon Oberheide CanSecWest 2014 Introductions Collin Mulliner Jon Oberheide Mulliner and Oberheide, CSW 2014 #Cats4Fun Mulliner and Oberheide, CSW 2014

949 views • 90 slides
Community &amp; Tools Update 2017 Thomas Monjalon DPDK Maintainer Mellanox Qian Xu

Community &amp; Tools Update 2017 Thomas Monjalon DPDK Maintainer Mellanox Qian Xu

Community &amp; Tools Update 2017 Thomas Monjalon DPDK Maintainer Mellanox Qian Xu DPDK CI &amp; Bugzilla Manager Intel DPDK Summit Userspace Dublin 2017 Agenda Community Growth Community Interactions Community

609 views • 29 slides
Releasing and Testing Free Opensource Graphics Drivers: the case of Mesa3D Emil Velikov

Releasing and Testing Free Opensource Graphics Drivers: the case of Mesa3D Emil Velikov

Releasing and Testing Free Opensource Graphics Drivers: the case of Mesa3D Emil Velikov (emil.velikov@collabora.com) Juan A. Surez (jasuarez@igalia.com) with Pierre-Loup Griffais (pgriffais@valvesoftware.com) XDC 2018 The speakers - Emil

606 views • 35 slides
Patch Review Daniel Vetter, v1.3 Goals Technical Review Process Q&amp;A 2 Goal: Reviewed-by

Patch Review Daniel Vetter, v1.3 Goals Technical Review Process Q&amp;A 2 Goal: Reviewed-by

Patch Review Daniel Vetter, v1.3 Goals Technical Review Process Q&amp;A 2 Goal: Reviewed-by tag Formal statement: Reviewers statement of oversight See Documentation/SubmittingPatches Shouldnt be dropped onto patches

171 views • 13 slides
Review of Patch Reviewing Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018

Review of Patch Reviewing Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018

Review of Patch Reviewing Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018 October 24, 2018 Introduction About Patches Commitfests Reviewing a Patch Committing Patches Committers Stephen Frost Chief Technology Officer @

637 views • 25 slides
HTTP-PATCH for read-write linked data rurik.greenall@computas.com / @brinxmat Apart from

HTTP-PATCH for read-write linked data rurik.greenall@computas.com / @brinxmat Apart from

HTTP-PATCH for read-write linked data rurik.greenall@computas.com / @brinxmat Apart from being a person who likes using all available fonts on one slide I work as a consultant for Computas, where I specialise in semantic web and library

876 views • 51 slides

More recommend