superfetch everything you need to know about privacy
play

Superfetch : everything you need to know about privacy Mathilde - PowerPoint PPT Presentation

Mar 19, 2024 •135 likes •709 views

Superfetch : everything you need to know about privacy Mathilde Venault & Baptiste David c0c0n India 2020 About t us Laval, France Mathilde VENAULT venault@et.esiea.fr Baptiste DAVID bdavid@et.esiea.fr What is is it it ? Resource

  1. Superfetch : everything you need to know about privacy Mathilde Venault & Baptiste David c0c0n India 2020

  2. About t us Laval, France Mathilde VENAULT venault@et.esiea.fr Baptiste DAVID bdavid@et.esiea.fr

  3. What is is it it ? Resource Monitor view • SysMain = preloaded memory + preloaded processes + scenarios

  4. Conte text : the service ice SysMain ain • The main goal is to increase speed eed of of us user er experie ex erienc nce through: ➢ Optimizing boot of the os. ➢ Anlayzing software use & prelaunching programs the user might need next time. • Misus isuse of of langua nguage ge: « Superfetch » is only a part of SysMain, which is the name of the whole service. It is often called Superfetch because on older Windows versions, the service was called Superfetch. Sysmain properties

  5. Conte text : : Sysmain’s hea eadq dquar arte ters C:\Windows\Prefetch directory • SysMain stores its files on C:\Windows\Prefetch . • This directory includes : ▪ « ReadyBoot » directory related to the Readyboost functionnalities. ▪ Files related to the service (with .db and .pf extension ), traces of Superfetch’s activity. ▪ A file named « Layout.ini » which is the key file to speed up the boot.

  6. Optim imiz izing ing the e boot • The goal : find the quickes est way for the OS to boot. • The list represents the best order to load the given files in memory. • Begins with the kernel! C:\Windows\Prefetch\Layout.ini

  7. Mechan hanism sm : memo mory ry pagin ing

  8. Mechani hanism sm : pages es faults lts

  9. Mechan hanism sm : proces cessi sing page e faults lts (1)

  10. Mechan hanism sm : proces cessi sing page e faults lts (2)

  11. Mechani hanism sm : process cessin ing page e faults lts (3)

  12. Mechan hanism sm : reducin ducing memory ory operations tions • Superfetch aims at reducing the occurrence of page faults, which require times & operations from memory. • To this end Superfetch : ▪ Remembers page accesses. ▪ Logs pages faults. ▪ Maps to physical memory pages referenced whenever the relative program is launched.

  13. Global archi chitectu tecture e

  14. Agen ent t Context xt (AgCx) • Deals session information based on SID & Token User. • Watches for conte text chang nge : ▪ hibernation (long pause). ▪ standby (short pause). ▪ fast user switching (change of user session). • Takes a snapshot of the situation when this is about to change. Includes two types of deconnection: ▪ Classic Disconnect (quitting & logging). ▪ « Lazy Disconnect » (without quitting).

  15. Agen ent t PfnDb Db (AgPd) • Page Frame Number (PFN) is an array representing each physical page state of memory on the system ( Active / Standby / Freed …). • Logs page faults encountered by each program. • Classifies responses : ▪ Is it a « private page » ? (committed page) ▪ Is the page from a background app ?

  16. Files es compress ssion ion RtlCompressBuffer() prototype, msdn.com Page Frame Number (PFN) is an array representing each physical page state of memory on the ▪ system (Active / Standby / Freed … ).

  17. Agen ent t PfnDb Db (AgPd) • Page Frame Number (PFN) is an array representing each physical page state of memory on the system ( Active / Standby / Freed …). • Logs page faults encountered by each program. • Classifies responses : ▪ Is it a « private page » ? (committed page) ▪ Is the page from a background app ?

  18. Agen ent t AppLaunch unch (AgAl) & Robust st perfor forman mance ce (AgRp Rp) AgAl • Post processes data received from FileInfo to take future decisions. • Creates Markov chains to represent probabilities of patterns use. AgRp • Calculates performance of predictions. • Assures relevance of the databases : ▪ Checking how many times/since when the data has been used. ▪ Calculating a « pertinence threshold » depending on other scenario use.

  19. Agen ent t Gl Global (AgGl Gl) ) & Agen ent t AppLaunc nch (AgAl) AgGl • Organizes « histories » (individual history, fault history, global history). • Defines phases per days (morning/ week days, weekends..). AgAl • Make predictions depending on the Markov chains established before.

  20. Global archi chitectu tecture e

  21. Types s of super perfet fetch ch tasks • Pf routines tines ▪ « Non stop » job. ▪ Processing traces (building & updating scenarios), predicting and pre launching, daily checks.. • Perio iodic dic save ▪ Each 3 days in average, but depends on the value to save. ▪ Saving databases, updating registry keys… • Idle le tasks ks ▪ Under special circumstances (cpu, disk & memory utilization + power supply). ▪ Updating optimal layout ; launching « defrag.exe – s – b »

  22. What about the prefetch files?

  23. Files es compress ssion ion RtlCompressBuffer() prototype, msdn.com • All the prefetch files, except AgAppLaunch.db, AgRobust.db, dynrespri.db & cadrespri.db are compressed. • The files are compressed within the function RtlCompressBuffer() from NtosKrnl.lib. • The compression format is the XPRES ESS_ S_HUF UFFMA MAN format.

  24. Databas base files es : generalities alities • Traces of agent’s activity : way to build internal database. One agent has 1 or more « .db ». • • They are not always present on the prefetch directory. • Until now, their format was undocumented. C:\Windows\Prefetch directory

  25. Database se files es : name mes • AgAppLauch.db • AgCx_%SIDofUser.db • AgGlobalFaultHistory.db • AgForegroundAppHistory.db • AgGlobalHistory.db AgGlUserActiveDays_%sid (?) • • Dynamicreservedpriority.db C:\Windows\Prefetch directory

  26. Database se files es : compress ssed ed forma mat AgCx.db : original file (compressed)

  27. Database se files es: : decompr mpres esse sed forma mat AgCx.db (decompressed)

  28. Database se files es: : decompr mpres esse sed forma mat AgCx.db (decompressed)

  29. Database se Parame meters ters Type Parameters are defined for a specific • FileType pe. 16 different types of FileType. • 2 main uses: • offset calculation on the file. ▪ database size on core’s . ▪ DatabaseParams in SysMain.sys

  30. Database se Parame meters ters Parameters are defined for a specific • FileType pe. 16 different types of FileType. • 2 main uses: • offset calculation on the file. ▪ database size on core’s . ▪ DatabaseParams in SysMain.sys

  31. Database se files es: : from regis gistr try AgCx.db (decompressed) • Another source of databases ?

  32. Datab abase ase files es : from regi gist stry ry AgCx.db : original file (compressed) AgCx.db : original file (compressed)

  33. Database se files es : from regis gistr try ApLaunch.db : original file (decompressed)

  34. Scen enarios arios files es : constr structio tion

  35. Scen enarios arios files es : gener neralit alities ies • File ending with .pf : trace of an application. A same application could have one or more scenario file, depending on the context of its execution. • Each scenario file name is : « NameoftheApp – Hash .pf ». • Information defined on the registry : SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Prefetcher - MaxPrefetchFiles : by default 256. - MaxPrefetchFileSize : by default 10485 760 bytes.

  36. rios files les : Scena enari : names es • The name result from the full application path hashed with the following algorithm : • Note that this algorithm depends on your Windows version. The following elements might change : ▪ Initalization value of string_hashed. ▪ Adding a modulo operation. ▪ Adding a multiplier coefficient.

  37. Scen enarios arios files es : head eader er forma mat Prefetch signature OS version File Size Exe Name Exe hash Number of paths Offset where registered paths list begins Last execution dates Count of execution Scenario file : VLC.EXE-5A3EF7FA.pf (decompressed)

  38. Scen enarios arios files es : content tent Contains the full paths of file needed to avoid • pagefault. In other words three kinds of files : • Non stopped consulted files, such as dll, ▪ dependencies. Recent files such as personal files. ▪ Caches files, because they are non ▪ stopped consulted. Scenario file : VLC.EXE-5A3EF7FA.pf (decompressed)

  39. Scen enarios arios files es : cont nten ent Contains the full paths of file needed to avoid • pagefault. In other words three kinds of files : • Non stopped consulted files, such as dll, ▪ dependencies. Recent files such as personnal files. ▪ Caches files, because they are non ▪ stopped consulted. Scenario file : VLC.EXE-5A3EF7FA.pf (decompressed)

  40. The e cache he files es Superfetch references cache files es. • Cache is a memory management which • stores temporarily data to reduce access time to these data later, in the cache files. Windows Cache directory

  41. What about t the e conten tent t of the e file e ? Extract of a cache file • Superfetch references caches files. • … and cache files can contains data in clea ear from files es.

  42. Time to practice!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Project Heapbleed Thoughts on heap exploitation abstraction (WIP) ZeroNights 2014 PATROKLOS

Project Heapbleed Thoughts on heap exploitation abstraction (WIP) ZeroNights 2014 PATROKLOS

Project Heapbleed Thoughts on heap exploitation abstraction (WIP) ZeroNights 2014 PATROKLOS ARGYROUDIS CENSUS S.A. argp@census-labs.com www.census-labs.com Who am I Researcher at CENSUS S.A. Vulnerability research, reverse

572 views • 44 slides
Reconfigurable and Adaptive Systems (RAS) Lars Bauer, Jrg Henkel - 1 - Institut fr

Reconfigurable and Adaptive Systems (RAS) Lars Bauer, Jrg Henkel - 1 - Institut fr

Institut fr Technische Informatik Chair for Embedded Systems - Prof. Dr. J. Henkel Vorlesung im SS 2014 Reconfigurable and Adaptive Systems (RAS) Lars Bauer, Jrg Henkel - 1 - Institut fr Technische Informatik Chair for Embedded Systems

882 views • 28 slides
Performance Visualizations Brendan Gregg Software Engineer USENIX/LISA10 November, 2010

Performance Visualizations Brendan Gregg Software Engineer USENIX/LISA10 November, 2010

Performance Visualizations Brendan Gregg Software Engineer USENIX/LISA10 November, 2010 brendan.gregg@joyent.com GDay, Im Brendan ... also known as shouting guy 2 3 I do performance

1.78k views • 135 slides
Deep Image Description Rui-Wei Zhao rw.du.zhao@gmail.com 1 Outline Generating descriptions

Deep Image Description Rui-Wei Zhao rw.du.zhao@gmail.com 1 Outline Generating descriptions

Deep Image Description Rui-Wei Zhao rw.du.zhao@gmail.com 1 Outline Generating descriptions for the whole images {Vinyals2014, Karpathy2014} Generating descriptions for the regional images {Karpathy2014} 2 Generating

1.2k views • 73 slides
tc and IP fragments Once defragmented, how to output them? Marcelo Ricardo Leitner

tc and IP fragments Once defragmented, how to output them? Marcelo Ricardo Leitner

tc and IP fragments Once defragmented, how to output them? Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> The issue act_ct can do IP defrag But once that big packet is returned by it, tc (mirred) cant output it

201 views • 5 slides
Memory Management Techniques for Large-Scale Persistent-Main-Memory Systems [VLDB 2017] Ismail

Memory Management Techniques for Large-Scale Persistent-Main-Memory Systems [VLDB 2017] Ismail

Memory Management Techniques for Large-Scale Persistent-Main-Memory Systems [VLDB 2017] Ismail Oukid, Daniel Booss, Adrien Lespinasse, Wolfgang Lehner, Thomas Willhalm, Grgoire Gomes Non-Volatile Memories Workshop March 12, 2018 PUBLIC

714 views • 21 slides
Slab allocators in the Linux Kernel: SLAB, SLOB, SLUB Christoph Lameter, LCA 2015 Auckland/New

Slab allocators in the Linux Kernel: SLAB, SLOB, SLUB Christoph Lameter, LCA 2015 Auckland/New

Slab allocators in the Linux Kernel: SLAB, SLOB, SLUB Christoph Lameter, LCA 2015 Auckland/New Zealand (Revision Jan 15, 2015) The Role of the Slab allocator in Linux PAGE_SIZE (4k) basic allocation unit via page allocator. Allows

1.26k views • 39 slides
Module 7: Creating and Maintaining Indexes Overview Creating Indexes Creating Index

Module 7: Creating and Maintaining Indexes Overview Creating Indexes Creating Index

Module 7: Creating and Maintaining Indexes Overview Creating Indexes Creating Index Options Maintaining Indexes Introduction to Statistics Querying the sysindexes Table Setting Up Indexes Using the Index Tuning Wizard

554 views • 27 slides

More recommend