with dynamic information flow analysis
play

with Dynamic Information Flow Analysis Mona Attariyan Jason Flinn - PowerPoint PPT Presentation

May 13, 2023 •44 likes •644 views

Automating Configuration Troubleshooting with Dynamic Information Flow Analysis Mona Attariyan Jason Flinn University of Michigan Configuration Troubleshooting Is Difficult Software systems Users make mistakes difficult to configure Mona

  1. Automating Configuration Troubleshooting with Dynamic Information Flow Analysis Mona Attariyan Jason Flinn University of Michigan

  2. Configuration Troubleshooting Is Difficult Software systems Users make mistakes difficult to configure Mona Attariyan - University of Michigan 2

  3. Configuration Troubleshooting Is Difficult Software systems Users make mistakes difficult to configure Misconfigurations happen Mona Attariyan - University of Michigan 3

  4. Configuration Troubleshooting Is Difficult Mona Attariyan - University of Michigan 4

  5. What To Do With Misconfiguration? Ask colleagues config file …… Search manual, FAQ, …… &$%#! online forums ….. ….. Look at the code if available Mona Attariyan - University of Michigan 5

  6. What To Do With Misconfiguration? A tool that automatically finds the root cause of the misconfiguration in applications? Mona Attariyan - University of Michigan 6

  7. ConfAid Insight Application code has enough information to lead us to the root cause How? Dynamic information flow analysis on application binaries Mona Attariyan - University of Michigan 7

  8. How to Use ConfAid? config file Application …… …… …… error Mona Attariyan - University of Michigan 8

  9. How to Use ConfAid? ConfAid config file Application …… …… …… error Mona Attariyan - University of Michigan 9

  10. How to Use ConfAid? ConfAid config file Application …… …… …… error Mona Attariyan - University of Michigan 10

  11. How to Use ConfAid? ConfAid config file Application …… …… …… likely root causes 1)… 2)… error 3)… …… Mona Attariyan - University of Michigan 11

  12. Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion Mona Attariyan - University of Michigan 12

  13. How Developers Find Root Cause Application Config file file = open(config file) ExecCGI token = read_token(file) if (token equals “ ExecCGI ”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() Mona Attariyan - University of Michigan 13

  14. How Developers Find Root Cause Application Config file file = open(config file) ExecCGI token = read_token(file) if (token equals “ ExecCGI ”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() Mona Attariyan - University of Michigan 14

  15. How ConfAid Finds Root Cause • ConfAid uses taint tracking Config file file = open(config file) ExecCGI token = read_token(file) if (token equals “ ExecCGI ”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() Mona Attariyan - University of Michigan 15

  16. How ConfAid Finds Root Cause • ConfAid uses taint tracking Config file file = open(config file) ExecCGI token = read_token(file) if (token equals “ ExecCGI ”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() Mona Attariyan - University of Michigan 16

  17. How to Avoid Error? if (a) if (b) if (c) 17

  18. How to Avoid Error? if (a) if (b) if (c) 18

  19. How to Avoid Error? if (a) This path ends before the error happens if (b) if (c) 19

  20. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error if (c) 20

  21. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error if (c) This path successfully avoids the error 21

  22. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error likely root if (c) cause This path successfully avoids the error 22

  23. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error likely root if (c) cause This path successfully avoids the error 23

  24. Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion Mona Attariyan - University of Michigan 24

  25. Data Flow Analysis value of x might change, T x = { , } if tokens or change Taint propagates via data flow and control flow x = y + z , T y = { , } T x = { , , } T z = { , } T y  T z Mona Attariyan - University of Michigan 25

  26. Control Flow Analysis T c = { } T a = { } /* c = 0 */ T x = { } /* x is read from file*/ if (c == 0) { , ,( T x = { ) } Ʌ x = a } What could cause Data flow Control flow x to be different ? Mona Attariyan - University of Michigan 26

  27. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if(c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 27

  28. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if(c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 28

  29. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ ckpt if(c) if(!c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 29

  30. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ ckpt if(c) if(!c) if (c) { /*taken path*/ y = a … } else { y = a } y depends on c Mona Attariyan - University of Michigan 30

  31. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ ckpt if(c) if(!c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 31

  32. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if(c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 32

  33. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if(c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 33

  34. Effect of Alternate Path Exploration /* c = 1*/ T c = { } T a = { } /* y is from file*/ T y = { } if (c) { … , ,( T y = { ) } Ʌ } else { y = a Alternate path Alternate path } + Data flow exploration What could cause y to be different? Mona Attariyan - University of Michigan 34

  35. Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion Mona Attariyan - University of Michigan 35

  36. Embracing Imprecise Analysis • Complete and sound analysis leads to: – poor performance – high false positive rate Bounded horizon heuristic • To improve performance Single mistake heuristic • To reduce false positives Weighting heuristic Mona Attariyan - University of Michigan 36

  37. Bounded Horizon Heuristic • Bounded horizon prevents path explosion • Alternate path runs a fixed # of instructions if (b) likely root max reached, if (c) causes abort exploration 37

  38. Single Mistake Heuristic • Configuration file contains a single mistake • Reduces amount of taint and # of explored paths /* x=1, c=0*/ T x = { } T x = { , , ( Ʌ )} T c = { } if (c == 0) { x = a T a = { } } Mona Attariyan - University of Michigan 38

  39. Single Mistake Heuristic • Configuration file contains a single mistake • Reduces amount of taint and # of explored paths /* x=1, c=0*/ T x = { } T x = { , , ( Ʌ )} T c = { } if (c == 0) { x = a T a = { } } Mona Attariyan - University of Michigan 39

  40. Weighting Heuristic • Insufficient to treat all taint propagations equally – Data flow introduces stronger dependency than ctrl flow – Branches closer to error stronger than farther branches • Assign weights to taints to represent strength level – Data flow taint gets a higher weight than ctrl flow taint – Branches closer to error get higher weight than farther Mona Attariyan - University of Michigan 40

  41. Example of Weighting Heuristic if (x) { … if (y) { … likely root if (z) { causes ERROR() } } } Mona Attariyan - University of Michigan 41

  42. Heuristics: Pros and Cons Bounded Single mistake Weighting horizon Simplify control  flow analysis Improve   performance Reduce FP   Increase FP Increase FN FP = False Positive, FN = False Negative 42

  43. ConfAid and Multi-process Apps • ConfAid propagates taints between processes – Intercepts IPC system calls – Sends taint along with the data • ConfAid currently supports communication via: – Unix sockets, pipes, TCP and UDP sockets – Regular files Mona Attariyan - University of Michigan 43

  44. Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analys is • Evaluation • Conclusion Mona Attariyan - University of Michigan 44

  45. Evaluation • ConfAid debugs misconfiguration in: – OpenSSH 5.1 (2 processes) – Apache HTTP server 2.2.14 (1 process) – Postfix mail transfer agent 2.7 (up to 6 processes) • Manually inject errors to configuration files • Evaluation metrics: – The ranking of the correct root cause – The time to execute the application with ConfAid Mona Attariyan - University of Michigan 45

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Example How many registers do we need a := 0 1 for the program on the right? L1: b := a + 1 2

408 views • 12 slides
1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

Introduction to Data-flow analysis Data-flow Analysis Last Time Idea Undergraduate compilers review Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Assem.Instr data

903 views • 4 slides
Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael

Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael

Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael Dalton, Christos Kozyrakis Computer Systems Laboratory Stanford University Motivation Dynamic analysis help better understand SW behavior

350 views • 24 slides
Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow Analysis Data-flow Analysis Static VS Dynamic Analysis Software Testing Control Con ol Flow ow Gr Graph entry S1 Procedure AVG S1 count =

1.08k views • 104 slides
HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan

HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan

HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan Caselden, Alex Bazhanyuk, Mathias Payer , Stephen McCamant, Dawn Song, UC Berkeley Recovering Information Knowledge of information (data) flow and

694 views • 32 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Object Flow Analysis Taking an Object-centric View on Dynamic Analysis Adrian Lienhard 1 ,

Object Flow Analysis Taking an Object-centric View on Dynamic Analysis Adrian Lienhard 1 ,

Object Flow Analysis Taking an Object-centric View on Dynamic Analysis Adrian Lienhard 1 , Stphane Ducasse 2 and T udor Grba 1 1 Software Composition Group, University of Bern, Switzerland 2 LISTIC, University of Savoie, France A missing

376 views • 21 slides
A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer Logical Systems Lab Computer Science Department Carnegie Mellon University LICS18 1 / 21 Outline: Hybrid { Dynamics, Logic, Power } Hybrid

353 views • 34 slides
Hedera - An Analysis of Dynamic Flow Scheduling for Data Center Networks Based on the paper

Hedera - An Analysis of Dynamic Flow Scheduling for Data Center Networks Based on the paper

Hedera - An Analysis of Dynamic Flow Scheduling for Data Center Networks Based on the paper Hedera: Dynamic Flow Scheduling for Data Centers Presented by Richard Kramer Oregon State University 1 What is Hedera? What is Hedera?

380 views • 25 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful Reading: Sections 1.1-1.5, 2.1 Data-flow analysis (DFA) A framework for statically proving facts about program data. Focuses on simple, finite

1.04k views • 54 slides
Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 Alejandro Russo 2 John C.

Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 Alejandro Russo 2 John C.

Flexible Dynamic Information Flow Control in Haskell Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 Alejandro Russo 2 John C. Mitchell 1 David Mazires 1 1 2 Haskell11 www.scs.stanford.edu/ deian/lio Flexible

820 views • 55 slides
May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms

May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms

May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms May 12, 2017 ECS 235B Spring Quarter 2017 Slide #1 Array Elements Information flowing out: ... := a [ i ] Value of i , a [ i ] both affect

1.12k views • 40 slides
Dynamic material flow analysis of copper and its alloys in Japan Ichiro Daigo, Susumu Hashimoto,

Dynamic material flow analysis of copper and its alloys in Japan Ichiro Daigo, Susumu Hashimoto,

LCM 2007 , Zurich, August 27-29 2007 Dynamic material flow analysis of copper and its alloys in Japan Ichiro Daigo, Susumu Hashimoto, Yasunari Matsuno, Yoshihiro Adachi Graduate School of Engineering, University of Tokyo Dept. of Materials

714 views • 19 slides
Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic

Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic

Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic Dispatch Problem Which function is called by p(x)? int myFunc ( int (*p)(int), ) { return p(x); } P is a function pointer. What

364 views • 20 slides
PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca

PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca

ACM/IEEE CODES+ISSS 2018, Turin, Italy PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca Piccolboni, Giuseppe Di Guglielmo and Luca P. Carloni Columbia University, NY, USA Systems-on-Chip (SoCs) Are

851 views • 50 slides
Configuration Database Lana Abadie, LHCb week, May 25 Part I The configuration database

Configuration Database Lana Abadie, LHCb week, May 25 Part I The configuration database

Configuration Database Lana Abadie, LHCb week, May 25 Part I The configuration database DB Design Methodology (ex: the TFC system) TFC dataflow TFC system : use cases Entity relation model & Table design The

381 views • 18 slides
In the forward engineering, a feature model is used to create valid product configurations. In

In the forward engineering, a feature model is used to create valid product configurations. In

REVaMP 2 Configuration Mining Deriving Feature Constraints from Product Line Configurations Robert Bosch GmbH This presentation was created for the REVAMP2 publicly funded EU project. The slides present the Configuration Mining tool, developed

502 views • 11 slides
COMMUNITY MEETING: UPCOMING CONSTRUCTION ACTIVITIES IN DOWNTOWN BERKELEY THURSDAY, JANUARY 24,

COMMUNITY MEETING: UPCOMING CONSTRUCTION ACTIVITIES IN DOWNTOWN BERKELEY THURSDAY, JANUARY 24,

COMMUNITY MEETING: UPCOMING CONSTRUCTION ACTIVITIES IN DOWNTOWN BERKELEY THURSDAY, JANUARY 24, 2019 BY KEN JUNG, ASSOCIATE CIVIL ENGINEER, CITY OF BERKELEY PUBLIC WORKS DEPARTMENT OVERALL COORDINATION CONCEPT City is actively coordinating

331 views • 11 slides
Roadway Improvements to County Route 537 Corridor between Sentinel Road and US Route 9 Interchange

Roadway Improvements to County Route 537 Corridor between Sentinel Road and US Route 9 Interchange

Roadway Improvements to County Route 537 Corridor between Sentinel Road and US Route 9 Interchange Local Preliminary Engineering Phase Public Information Center No. 1 September 19, 2017 Project Location Map Total Length of Project = 9570 LF

597 views • 30 slides
Market Simulation, and PRR For Market Settlements User Group Status Report Date: 3/6/2019 By:

Market Simulation, and PRR For Market Settlements User Group Status Report Date: 3/6/2019 By:

Settlements Configuration Release, Market Simulation, and PRR For Market Settlements User Group Status Report Date: 3/6/2019 By: Market Settlements Design and Configuration (MSDC) External Use External Use Market Settlement User Group 3/6

56 views • 3 slides
Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today

Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today

Internal Audit Division Update Finance and Audit Committee | 10/24/19 Why we are here Today we are here to provide information on Internal Audit activities. Internal Audit Activity Update Internal Audits Completed Internal

257 views • 12 slides
APPENDIX J: Diverging Diamond Interchange Presentation November 16, 2016 123 Diverging Diamond

APPENDIX J: Diverging Diamond Interchange Presentation November 16, 2016 123 Diverging Diamond

APPENDIX J: Diverging Diamond Interchange Presentation November 16, 2016 123 Diverging Diamond Interchange September 2016 November 16, 2016 124 November 16, 2016 Diverging Diamond Interchange (DDI) Drivers going in both directions on

115 views • 8 slides
OPENCBS Adaptative open source software for microfinance opencbs.com Contents 1. General

OPENCBS Adaptative open source software for microfinance opencbs.com Contents 1. General

OPENCBS Adaptative open source software for microfinance opencbs.com Contents 1. General presentation 2. Software 3. Services opencbs.com General presentation OpenCBS approach opencbs.com Vision and mission Vision Mission

506 views • 24 slides

More recommend