DOCSLIB.ORG

Special Topics on Binary‐Level Program Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Special Topics on Binary‐Level Program Analysis Special topics on binary‐level program analysis Gang Tan CSE 597 Spring 2019 Penn State University 1 Critical Software Systems • Software is ubiquitous – E‐commerce – E‐voting – Airplane control software • “Fly by wire” – … • However, the media is full of reports of the catastrophic impact of software failures – Misbehaving software – Vulnerable software being attacked • Viruses, internet worms, botnets, rootkits, • Web site defacement, DDoS • Hacked accounts 2 What Allowed These Failures and Attacks? • Design flaws – E.g., misuse of crypto • Programming bugs – Missing input validation – In C/C++, missing array bound checking – … 3 Example: Knight Capital's $440 million loss • Knight capital: algorithmic trading • Stock price – Bid price: what buyers are willing to pay – Ask price: what sellers are willing to accept – Ask price >= the bid price • Difference called a spread • Knight capital’s misbehaving trading software – Bought at ask price and sold at bid price • Buy high and sell low – Did this over and over again – Lost $440 million before they realized it – Knight capital on the brink of bankruptcy; bought by a different company 4 Example: NASA Mars Climate Orbiter • In 1999, NASA’s $125‐million Mars Climate Orbiter crashed into Mars • Two pieces of the orbiter software used different units for calculation – One piece calculated results in pound‐seconds, interpreted by a second piece as newton‐seconds – As a result, the orbiter was sent too low and too fast into the Martial atmosphere 5 Example: Microsoft Zune Crash • Last day of 2008 – Thousands of Microsoft Zune music players began freezing about midnight year = ORIGINYEAR; /* = 1980 */ while (days > 365) { if (IsLeapYear(year)) { if (days > 366) { days ‐= 366; year += 1; } } else { days ‐= 365; year += 1; } } – The bug surfaces on the last day of a leap year 6 Why Can’t We Get Rid of All Errors from Software? • Writing programs is not easy – Tons of issues to consider – Reliability and security are hard for programmers to reason about – There is a lack of tools other than testing • Statistics: 30‐85 errors are made per 1000 lines of source code • Testing helps – However, even extensively tested software contains 0.5‐3 errors per KLOC 7 How Big are Software Systems Today? Year Operating System SLOC (Million) 1993 Windows NT 3.1 4‐5 1994 Windows NT 3.5 7‐8 1996 Windows NT 4.0 11‐12 2000 Windows 2000 More than 29 2001 Windows XP 40 2006 Windows Vista ~50 Windows 7 ??? Windows 8 ??? Windows 10 ??? Now multiple this many lines of code with the error rate 8 How Can We Possibly Improve the Situation? • Program analysis – Build a model of the program – Analyze the model to search for errors • Examples – Show code doesn’t have security vulnerabilities such as buffer overflows – Show code doesn’t go into infinite loops • In general, formal methods research – Program analysis – Model checking – Theorem proving • Developing formal machine‐checked proofs on existing code • Or proof by construction 9 Analyzing Source Code • Typically program analysis is performed on source code (or some equivalent intermediate language) • Benefits – Source code is structured – Source code has rich information (e.g., types) to help analysis – Results on source code are understandable to programmers 10 Analyzing Binary Code • However, there are situations when source code is not available – Third‐party code/libraries – Legacy systems where source code is lost • Further, analyzing binary code means no need to trust the compiler – Compiler bugs are not so rare – Even if the source code is secure, the compiled binary code may not 11 Buggy Compilers Source Executable Code Compiler Code • Hundreds of compiler bugs found in recent work – [Yang et al. PLDI 2011], [Wang et al. SOSP 2013] 12 Further, Compiler May not Understand Security Requirements int *password = (int *)malloc(sizeof(int)*length); read_password(password, length); /* read the password */ process(password, length); /* process the password */ memset(password, 0, length); /* wipe out the password */ • The example – Erase the password from memory after it is no longer needed – To mitigate certain security attacks • The compiler, however – May erase “memset(password, 0, length)” during dead‐code elimination • Because password isn’t used after the call to process – Was the case for Microsoft Visual C++ .NET compiler 13 Analyzing Binary Code is More Challenging • Binary code is unstructured – Uses gotos • Binary code may not have meta information – May not have symbols, types, etc. – Program analysis has to use some algorithm to recover (partial) meta information • Results on binary code not easily understandable • Binary code is architecture specific – The same source code can be compiled to x86, ARM, SPARC, MIPS, etc. – Each is different • … 14 COURSE SUMMARY This Course • Theme: covers the state of the art of binary‐level program‐analysis techniques • Program analysis: static or dynamic • Static analysis: analyze the code before it is running – Build abstractions (approximations) of programs – These abstractions allow the identification of programming errors • Dynamic analysis: analyze the code as it is running – Monitor the state of the program during runtime • State: instruction, registers, memory, I/O device states, … – Pro: more accurate information is available at runtime – Cons: analyze a particular run of the code; poor code coverage 16 Topics Covered by the Course • x86 assembly basics • Static disassembly • Basics of static analysis using Datalog – Dataflow analysis – Inter‐procedural analysis – Points‐to analysis • Dynamic binary analysis – Taint tracking • Binary‐level code instrumentation – Software‐based fault isolation – Control‐flow integrity • Topics if have time – Binary‐level type inference – Data structure reverse engineering 17 Administrivia • Canvas (http://canvas.psu.edu/) – Homework submission • Q&A Forum in Piazza • A course public website – http://www.cse.psu.edu/~gxt29/teaching/cse597s19/ – Schedule and homework announcements – Slides • No exams! • Research‐oriented final project – Format discussed later • Research paper presentations and reviews – A significant part 18 Paper Presentation and Reviewing • Purpose – Read some literature – Understand how papers are organized – Practice presentation skills – Practice the ability of understanding other peoples’ talks and asking provocative questions • Each student – Present one research paper – Write reviews for four research papers • I will post a list of papers and the time for each paper • However, we may not have enough time for every student to present a paper – Students who haven’t presented a paper by the end of the semester will need to write a paper survey on a topic 19 Format of Paper Presentation • Presenter – Prepare slides for about 25 mins – Teach everyone about the paper – Paper critique: strength and weakness of the techniques in the paper • Q&A: 5‐10 mins • Evaluation – Audience 50%; Instructor 50% 20 Format for Paper Reviewing • Review – A summary of the paper (problem, techniques, and results) – A critique of the paper – Possible future work • 2 pages; single space; single column; font size: 12 • Four reviews in total; one for each month (Jan, Feb, Mar, Apr) – Each review is due before the corresponding paper is presented 21 Academic Integrity • Paper presentation – Make your own slides – There are likely other slides about the paper on the internet • Do not borrow verbatim! Rephrase the slides in your own words or from your own angle • Borrowing some figures would be fine, but add attribution! • Paper reviewing – Should not copy sentences from the paper or other sources in verbatim • Occasional quoting from the paper would be fine, but put such sentences in quotes and add citations – We run automatic plagiarism detection tools (turnitin.psu.edu) • Projects – You cannot borrow code from any other source, including the internet or other students – We run automatic plagiarism detection tools 22.
Load more

Recommended publications
  • UI Design and Interaction Guide for Windows Phone 7
    UI Design and Interaction Guide 7 for Windows Phone 7 July 2010 Version 2.0 UI Design and Interaction Guide for Windows Phone 7 July 2010 Version 2.0 This is pre-release documentation and is subject to change in future releases. This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release. This docu- ment is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this docu- ment. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
    [Show full text]
  • Use Your PC for Music
    WINDOWS® GUIDE Use Your PC for Music IN THIS GUIDE Rip and Burn CDs Page 2 Play Music Page 10 Connect an MP3 Player Page 14 Use a Music Service Page 17 What You’ll Need n Windows Media® Player—available as a free download n Recordable or rewritable audio or data CDs n A CD Burner n A Windows Media-enabled media device, such as a Windows Mobile® device or Zune® n A computer running Windows Vista® Windows Guides is a library of easy-to-use guides that show you how to get more from your Windows experience. Share these guides with your friends and family. © 2008 Microsoft. All rights reserved. WINDOWS GUIDE Use Your PC for Music Rip and Burn CDs Nowadays, most of us don’t just own a handful of albums. Music is a way of life. We want to be able to buy, organize and play songs on a whim, and take them with us wherever we go. Well, Windows Media Player takes the work out of building and maintaining a music library, so your only worry is what to listen to first. RIP A CD Ripping, or encoding, your impressive CD library into a digital one with Windows Media Player is quick and simple. There are two things to consider before ripping a CD: n By default, ripped songs are stored as Windows Media Audio (WMA) files. WMA is the best format to use for playing on Windows Media Player, but if for some reason you’d like to choose a different format: 1.
    [Show full text]
  • Taking the Metro with Windows Phone
    1 Taking the Metro with Windows Phone WHAT ’ S IN THIS CHAPTER ➤ How Windows Phone has changed Microsoft ’ s approach to the mobile industry ➤ What the Metro Design Language is and how it came about ➤ An overview of the Start and Lock Screens and how they help users access information on the phone ➤ Why the use of Hubs creates a more connected user experience ➤ What it means to be a Windows Phone developer Microsoft has been building mobile devices for well over 10 years, starting with a variety of Windows CE- based devices, such as the Handheld PC and the Palm- size PC, fi rst released in 1996. Beginning around 2000, these disparate operating systems began converging into what became Windows Mobile, based on the principle of delivering a PC to your pocket. New features were predominately driven by enterprise needs such as device management and security. This eventuallyCOPYRIGHTED worked to the detriment ofMATERIAL the platform as it didn’ t appeal to the average consumer. Devices were more robust than sexy, and the user interface mirrored that of the desktop, even having a Start menu, rather than providing an experience. Throughout this chapter, and in other parts of this book, there will be references to both Windows Mobile and Windows Phone . This is intentional, and they are not the same thing. Windows Mobile refers to the previous mobile operating system from Microsoft that at the time of writing is Windows Mobile 6.5.3. Windows Phone refers to Microsoft ’ s latest offering in the mobile space and starts with Windows Phone 7.
    [Show full text]
  • Why Software Firms Build Hardware – and What Microsoft Is Doing About It
    Why Software Firms Build Hardware – And What Microsoft Is Doing About It by Ryan M. Shaffer B.S. Electrical Engineering Grove City College, 2008 M.S. Computer Science Boston University, 2011 SUBMITTED TO THE SYSTEM DESIGN AND MANAGEMENT PROGRAM IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN ENGINEERING AND MANAGEMENT AT THE MASSACHUSETTS INSTITUTE OF TECHNOLOGY FEBRUARY 2015 © Ryan M. Shaffer. All rights reserved. The author hereby grants to MIT permission to reproduce and to distribute publicly paper and electronic copies of this thesis document in whole or in part in any medium now known or hereafter created. Signature of Author: _____________________________________________________ System Design and Management Program January 9, 2015 Certified by: ____________________________________________________________ Michael Cusumano Sloan Management Review Professor in Management Thesis Supervisor Accepted by: ___________________________________________________________ Patrick Hale Director, System Design and Management Fellows Program Why Software Firms Build Hardware – And What Microsoft Is Doing About It by Ryan M. Shaffer Submitted to the System Design and Management Program on January 9, 2015 in Partial Fulfillment of the Requirements for the Degree of Master of Science in Engineering and Management ABSTRACT Many software companies build first-party hardware products due to the trend toward smaller, more highly-integrated devices, along with the fast pace of innovation in the technology industry. Building hardware products does not always lead to success and actually creates a financial risk for the company by significantly reducing profit margins as compared to the traditional profit margins to which large software companies are accustomed. Three specific strategies are observed which firms have used successfully in this area.
    [Show full text]
  • Microsoft—Kinect for Windows
    Microsoft—Xbox Live, Games for Windows Live, Zune, and Windows Phone Marketplace Consumer Demand for Arbitration before the American Arbitration Association AMERICAN ARBITRATION ASSOCIATION SUPPLEMENTARY PROCEDURES FOR CONSUMER-RELATED DISPUTES Instructions for filing an arbitration claim: 1. Please fill out this form and keep a copy for your records. 2. Mail two (2) copies of this form and your check or money order to the nearest American Arbitration Association Case Management Center. Please consult Section C-8 of the AAA Supplementary Procedures for Consumer-Related Disputes for the required fee. You can find the AAA rules, the nearest Case Management Center, and the fee at www.adr.org or by calling the AAA at (800) 778-7879. Please make your check or money order payable to the American Arbitration Association. 3. Mail a copy of this form and a copy of your check or money order to Microsoft Corporation, LCA Arbitration, One Microsoft Way, Redmond, WA 98052-6399. Upon receipt, Microsoft will reimburse you for your filing fee if your claim is for $75,000 or less. 4. Please include the attached copies of the Terms of Use for Xbox Live, Games for Windows Live, Zune, and Windows Phone Marketplace with each copy of this form you mail. Your Information: Name: Address: City/State/Zip: Phone: Fax: E-mail address: Gamertag Zune tag (if Zune at issue) Windows Live ID Disputes involving $10,000 or less are usually resolved by the submission of documents. If a hearing is held, it will usually be telephonic. In disputes involving more than $10,000, a telephonic or in-person hearing will be held.
    [Show full text]
  • Microsoft—Kinect for Windows
    Microsoft Software, Devices, and Services with Arbitration Agreements Consumer Demand for Arbitration before the American Arbitration Association Instructions for filing an arbitration claim with American Arbitration Association: 1. Please fill out this form and keep a copy for your records. 2. Mail a copy of this form and your check or money order for $200 to American Arbitration Association, Case Filing Services, 1101 Laurel Oak Road, Suite 100, Voorhees, NJ 08043. Make your check or money order payable to American Arbitration Association. Please consult the AAA Consumer Arbitration Rules for more information. You can find them at www.adr.org or by calling the AAA at (800) 778-7879. 3. Please copy (or download and print) and mail to AAA (with this form and your check) your agreement with an arbitration clause (for example, Microsoft Services Agreement, Xbox Live Terms of Use, Xbox One Limited Warranty, Microsoft Software License Agreement Windows 8, Nokia Limited Warranty, etc.). If you don’t have your agreement, you can find most at www.microsoft.com/about/legal/en/us/arbitration/default.aspx 4. Mail a copy of this form, a copy of your Microsoft agreement, and a copy of your check or money order to Microsoft Corporation, LCA Arbitration, One Microsoft Way, Redmond, WA 98052-6399. Upon receipt, Microsoft will reimburse you for your $200 filing fee if your claim is for $75,000 or less. Your Information: Name: Address: City/State/Zip: Phone: Fax: E-mail address: Gamertag (for Xbox) Zune tag (for Zune) Microsoft account (was Windows Live ID) Disputes involving $25,000 or less are usually resolved by the submission of documents.
    [Show full text]
  • Oo BELLSOUTH
    ACCEPTED Oo BELLSOUTH FOR BellSouth Telecommunications, Inc. Patrick W. Turner PROCESSING Legal Department General Counsehgth Capone 1600 Wilhams Street o Suite 5200 803 401 2900 Columbia, SC 29201 Fax 803 254 17~3 t Vl patrickturnertpbeilsouth.corn April 12, 20 t'A SION - 2021 May The Honorable Bruce Duke Executive Director 20 Public Service Commission of SC 2:00 Post Office Drawer 11649 Columbia, South Carolina 29211 PM - Re: Petition for Arbitration of US LEC of South Carolina Inc. Of an Amendment to SCPSC an Interconnection Agreement with BellSouth Telecommunications, Inc. Pursuant to Section 252(b) of the Communications Act of 1934, as Amended - 2004-78-C Petition of US LEC of South Carolina Inc. to Resolve Dispute with BellSouth Telecommunications, Inc. on Change of Law Provisions to the Interconnection Agreement Docket 2004-78-C - Page Dear Mr. Duke: Enclosed for filing are the original and fifteen 1 copies of BellSouth of Inc.'s Inc.'s Telecommunications, Response to US LEC of South Carolina Petition for 118 Arbitration in the above-referenced matter. By copy of this letter, I am serving this response on all parties of record as reflected by the attached Certificate of Service. Sincerely, 7jtttrml, Patrick W. Turner PWT/nml Enclosures cc: Parties of Record PC Docs ¹ 534736 ACCEPTED BEFORE FOR THE PUBLIC SERVICE COMMISSION OF D +QC J~ SOUTH CAROLINA PROCESSING In Re: ) ) Petition for Arbitration ofUS LEC of South Carolina Inc. ) o Of an Amendment to an Interconnection Agreement with ) O G Inc. Docket No 2004:78-Cm BellSouth Telecommunications, Pursuant to ) - 2021 Section 252(b) ofthe Communications Act of 1934, ) ', I! as Amended ) co ) May Petition of US LEC of South Carolina Inc.
    [Show full text]
  • Microsoft Tools Help Keep Families Safer Online
    When it comes to children’s More Helpful Info safety online, there’s no The chart on this page may help you decide which substitute for parental settings are right for your family: microsoft.com/ supervision and guidance safetysettings. Look for thorough information on how to protect To help parents, Microsoft has built family safety your family, your privacy, and your computer at tools into a wide range of our products and services. microsoft.com/protect. Use them to keep track of what kids are seeing, The Xbox Live Code of Conduct provides guidelines hearing, and doing online. The tools also let you for safe and respectful online gaming: modify restrictions based on reports of actual activity xbox.com/en-US/legal/codeofconduct.htm. so you can have informed discussions with kids about In all editions of the Windows® 7 operating system, how they use the Internet. you can create separate accounts for each family member. Using the centralized Parental Controls Also, we’ve made it easy to report inappropriate panel, you can also: use or content from within most Microsoft services and products. Look for a Report Abuse link or Specify the exact days and times children can use send e-mail to [email protected]. Microsoft the computer. takes these reports very seriously, will investigate Prevent children from playing games you don’t Smarter Online = Safer Online accordingly, and take appropriate action. want them to play based on title, content, or age In addition to the tools described in this brochure, rating. You can also block access to programs–for Microsoft provides safety guidance and education example, those that store sensitive financial data.
    [Show full text]
  • Xbox Settings
    Xbox Settings The Xbox 360 console lets you customise and manage your family's access to games, films and television content. The Xbox 360 parental controls can be used to control the console itself and access to Xbox LIVE. Parental controls allow you control things such as: Which games can be played. Which films and TV shows can be watched. How long each family member can use the console on a daily or weekly basis. Whether or not someone can access Xbox LIVE. You can also change the online safety and privacy settings for your account or a managed dependent account. Block or allow access to Internet Explorer for Xbox. Determine who can see your profile. For parents, determine if approval is required to accept or send friend requests. The Zune Family Settings feature lets parents and caregivers customise settings to provide age- appropriate content and options. These family settings let you control: How your child makes purchases. Access to explicit content. How do I turn on parental controls on my Xbox 360 console? Parental controls are divided into two groups: console controls and online safety and privacy settings. Click the following link - http://support.xbox.com/en-IE/xbox-live/online-privacy-and-safety/online- safety Console controls are located in the Family Settings or Family Centre area on your console (depending on your Xbox LIVE membership type). Turn on console controls 1. On your console, go to Settings, then select Family. 2. Tip Not seeing Settings? You might be using an older version of the console software. See Update your Xbox 360 console software for information on how to update your console software.
    [Show full text]
  • Microsoft Marketing Protégé 2011 Case Study Brief
    Microsoft Marketing Protégé 2011 Case Study Brief To learn more go to microsoft.com.au/protege *Terms and Conditions apply. See microsoft.com.au/protege for details. In a Nutshell Your task is to show us, via a written submission, if you were the Chief Marketing Officer of Microsoft, how you would market Windows Phone 7 to make it the number one phone choice for the Australian tertiary student audience (university and TAFE students). If you feel a written submission isn’t enough to contain Submissions to senior marketing executives to compete for all of your bright ideas, you are free to support it the grand prize (the Submission and the presentation made with additional materials (please take note of the final at this stage will together form the Grand Final Entry). submission file restrictions). We will not accept videos or If your team’s Grand Final Entry is judged to be the best, any other multimedia instead of a written submission, but Contributors to the team will become the Microsoft these can be included as additional materials. The written Marketing Protégé(s) 2011 and have the opportunity to submission and any additional materials are referred to in experience life as a Microsoft Executive for one week. Now this document as the “Submission”. that’s some advantage to have on your CV! Contributors to Your team will lodge a Submission through the competition the winning team will also each win a hardware prize pack website ( judging criteria can be found at the end of featuring a laptop, Windows Phone 7 handset and Xbox the brief).
    [Show full text]
  • Windows Phone 7 Fundamentals Entscheidungshilfe, Einführung Und Stolperfallen
    Sascha Wolter | wolter.biz Windows Phone 7 Fundamentals Entscheidungshilfe, Einführung und Stolperfallen .NET Usergroup Rhein/Ruhr, Januar 2010 Microsoft .NET Application Platform Deliver applications across the UX Continuum Consistent Tools & Application Model Develop Deploy Design Browser User Experience Continuum Client New Start Philosophy Customer Design Experience Platform Different, For Good Reasons Showcase • http://www.microsoft.com/windowsphone/de- de/apps/default.aspx • http://www.zune.net/de- DE/products/software/download/default.htm About me Sascha is a professional developer and interaction designer of rich applications with focus on the Adobe Flash Platform (incl. AIR, Flash and Flex) and Microsoft .Net Continuum (incl. Silverlight and Windows Phone 7). He also works as a consultant, trainer, software- architect and author on a freelance basis and contributes articles to a number of magazines. His books and DVDs on Flash are best selling publications in Germany. He has been giving lectures at conferences like “Flash on the Beach” and “Flashforward” for several few years now. Sascha is also the founder of the leading German Adobe User Group flashforum.de with more than 100,000 members. Web: http://www.wolter.biz/ Facebook: http://www.facebook.com/saschawolter LinkedIn: http://www.linkedin.com/pub/sascha-wolter/5/a38/493 twitter: http://twitter.com/saschawolter XING: http://xing.com/profile/sascha_wolter3 Mail: [email protected] Sascha Wolter | wolter.biz Arbeitet mit bestehenden Systemen Declarative Programming Through XAML
    [Show full text]
  • Minimalism in Mobile User Interface Design 1Vandith PSR, 2Dr
    ISSN : 0976-8491 (Online) | ISSN : 2229-4333 (Print) IJCST VOL . 5, SPL - 1, JAN - MAR C H 2014 Minimalism in Mobile User Interface Design 1Vandith PSR, 2Dr. Praghunadha Reddy 1Assistant Professor, Accord Business School, Tirupati, AP, India 2Professor (Management), S.V.University, Tirupati, AP, India Abstract B. The Art of Taking Away Minimalism is a design philosophy being adapted in the field French writer Antoine de Saint-Exuper once said, “Perfection on User Interface design of digital products. This paper aims is achieved, not when there is nothing more to add, but when at understanding how a minimalistic design affects usability there is nothing left to take away.”Designers are often praised and performance of an Interface. For demonstration, we have for the ability to create. Starting from a blank screen or canvas, considered the Metro UI design language and its effect on the sales we sculpt beautiful works of art — often from scratch.Because of of windows phone users in India. This has been done by using the these trained skills, the art of taking objects away from a design sales report of Microsoft as well as users survey through random can be a hard one for some to master.Designers love to invoke sampling methods. This paper outlines the basic principles which visual stimulation anywhere they can, which usually spells out bad ensured a success to such a design philosophy, which is making news for minimal designs.Sometimes the best practice can be to it easier to use Mobile interfaces. design out a full site — and once the design feels complete, start removing all of those objects that don’t fulfill a functional need for Keywords the site.
    [Show full text]