Quantifying Information Leaks in Software
|
|
- Lambert Kennedy
- 10 months ago
- Views:
Transcription
1 Quantifying Information Leaks in Software Jonathan Heusser, Pasquale Malacaria Queen Mary University of London
2 Introduction High complexity associated with quantifying precise leakage quantities Technique to decide if a program conforms to a quantitative policy Applied to a number of officially reported information leak vulnerabilities in Linux Kernel and authentication routines in SRP and IMSP When is there an unacceptable leakage? and Does the applied software patch solve it? First demonstration of QIF addressing real world industrial programs
3 Tools able to quantify leakage of confidential information Example: if(password==guess) access=1 else access=0 Unavoidable leakage - Attacker observing value of access If leakage is unavoidable, the real question is not whether or not the programs leak, but How much? For example, how much information about password can be obtained by the attacker who can read/write guess If the amount leaked is very small, the program might as well be considered secure
4 A precise QIF analysis for secret > few bits is computationally infeasible Involves computation of entropy of a random variable whose complexity is the same as computing all possible runs of the program Even when abstraction techniques and statistical sampling are used, useful analysis of real code through this method is problematic Hence to address computational feasibility, shift the focus from How much does it leak? to Does it leak more than k? Off-the-shelf symbolic model checkers like CBMC are able to efficiently answer the second question
5 CBMC Makes it easy to parse and analyse large ANSI C based projects It models bit vector semantics of C accurately - detect arithmetic overflows Nondeterministic choice functions to model user input - efficient solving due to the symbolic nature Though bounded, can check whether enough unwinding of the transition system was done - no deeper counterexamples
6 Quantification + nature of leak Counter examples causes of leak For example, we can extract a public user input from the counter example that triggers a violation Prove whether official patch eliminated the information leak Four main technical contributions
7 Model of Programs and Distinctions C function where inputs are formal arguments and outputs are either return values or pointer arguments P is the function taking inputs h, l Consider o=(h%4)+l h 4 bits, l 1 bit, observable o takes values from 0..4 and l is the low input P is modelled as transition system TS=(S,T,I,F)
8 Successor function for s S : Post(s) = {s S (s, s ) T } (1) A state s is in F if Post(s) = A path is a finite sequence of states π = s 0 s 1 s 2...s n where s 0 I and s n F A state is a tuple S = S H S L Input/output pairs of states of a path denoted as (h, l), o where o is produced by final state drawn from some output alphabet O
9 A distinction on the confidential input through observations O exists when at least two paths through P, that leads to different o for different h but constant l An equivalence relation P,l on the values of the high variables is defined as follows: h P,l h iff : if (h, l), o, (h, l), o are input/output pairs in P, then o = o That is, two high values are equivalent if they cannot be distinguished by any observable For the modulo program example, and equivalence class in P,l would be {1, 5, 9, 13}
10 Let I(X) be the set of all possible equivalence relations on a set X Define on I(X) the order: s 1, s 2 (s 1 s 2 s 1 s 2 ) (2), I(X) s 1, s 2 X defines a complete lattice over X (Lattice of Information)
11 Characterization of Non-Leaking Programs PROPOSITION 1: P is non-interfering iff for all l, P,l is the least element in I(S H ) PROPOSITION 2: p p iff for all probability distributions H(R P ) H(R P ) PROPOSITION 3: 1. P is non-interfering iff log 2 ( P ) = 0 2. The channel capacity of P is log 2 ( P ) 3. If for all probability distributions H(R P ) H(R P ) then P P
12 Encoding Distinction-Based Policies A program violates a policy if it makes more distinctions than what is allowed by the policy Use assume-guarantee reasoning to encode such a policy in driver function Triggers violation producing a counterexample of the policy int h1,h2,h3; int o1,o2,o3; h1=input(); h2=input(); h3=input(); o1=func(h1); o2=func(h2); assume(o1!=o2); //(A) o3=func(h3); assert(o3 == o1 o3 == o2); //(B)
13 Bounded Model Checking ANSI-C program into propositional formula Tool can check if unwinding bound is sufficient and ensure that no longer counterexample exists C P where C is constraint and P is accumulation of assumptions If E 1 and E 2 are two assume statements and Q is expression of assert statement, then P is P E 1 E 2 = Q
14 Driver Template to syntactically generate a driver for N distinction policy has been given If the driver template is successfully verified upto bound k, then func does not make more than N distinctions on the output within k It implies the validity of the following implication: o 1 o 2 o 1 o 3... o n 1 o n = o n+1 = o 1... o n+1 = o n Three claims on the result of model checking process
15 Checking Quantitative Policies: 4 steps Modelling Low Input typedef long long loff_t; typedef unsigned int size_t; int underflow(int h, loff_t ppos) { int bufsz; size_t nbytes; bufsz=1024; nbytes=20; if(ppos + nbytes > bufsz) //(A) nbytes = bufsz - ppos; //(B) if(ppos + nbytes > bufsz) { return h; //(C) } else{ return 0; } }
16 Environment Library functions or data structures that have no implementation, need to be modelled in a way for the property to be verified CBMC replaces function calls with no implementations with non-deterministic values Example: strcmp and memcmp returning 0 or non-zero int memcmp(char *s1, char *s2, unsigned int n){ int i; for(i=0;i<n;i++){ if(s1[i]!= s2[i]) return -1; } return 0; }
17 Experimental Results
18 Linux Kernel Parts of kernel memory gets mistakenly copied to user space Kernel memory modelled as non-deterministic values Syscalls - arguments and return value (Data structure and single values) AppleTalk struct sockaddr_at { u_char sat_len, sat_family, sat_port; struct at_addr sat_addr; union{ struct netrange r_netrange; char r_zero[8]; }sat_range; }; #define sat_zero sat_range.r_zero
19 int atalk_getname(struct socket *sock, struct sockaddr *uaddr, int *uaddr_len, int peer) { struct sockaddr_at sat; //Official Patch. Comment out to trigger leak //memset(&sat.sat_zero, 0, sizeof(sat.sat_zero));.. //sat structure gets filled memcpy(uaddr, &sat,sizeof(sat)); return 0; }
20 tcf_fill_node: struct tcmsg *tcm;... nlh=nlmsg_new(skb, pid, seq, event, sizeof(*tcm), flags); tcm=nlmsg_data(nlh); tcm->tcm_familu = AF_UNSPEC; tcm->tcm pad1 = 0; tcm->tcm pad1 = 0; // typo, should be tcm pad2 instead.
21 sigaltstack. Structure with padding: typedef struct sigaltstack{ void user *ss_sp; int ss_flags; //4 bytes padding on 64-bit size_t ss_size; } stack_t;
22 Copying whole structures: int do_sigaltstack (const stack_t user *uss, stack_t user *uoss, unsigned long sp){ stack_t oss;... // oss fields get filled if (copy_to_user(uoss, &oss, sizeof(oss))) goto out;... Calculation: pad = ALIGN - (sizeof(oss) % ALIGN); if(pad==align) padding=0; else padding = ((unsigned int) nondet_int())% (1 << (pad*8))
23 cpuset. if (*ppos + nbytes > ctr->bufsz) nbytes = ctr->bufsz - *ppos; if (copy_to_user(buf, ctr->buf + *ppos, nbytes)) return -EFAULT; Way out of actual buffer and thus disclose kernel memory Requires too much manual intervention Modify CBMC to return non-deterministic values for out-of-bound memory accesses
24 Authentication Checks SRP _TYPE( int ) t_getpass (char* buf, unsigned maxlen, const char* prompt) { DWORD mode; GetConsoleMode( handle, &mode ); SetConsoleMode( handle, mode & ~ENABLE_ECHO_INPUT ); if(fputs(prompt, stdout) == EOF fgets(buf, maxlen, stdin) == NULL) { SetConsoleMode(handle,mode); return -1; }...
25 IMPSD int login_plaintext(char* user, char* pass, char* reply struct passwd* pwd = getpwname(user); if (!pwd) return 1; if (strcmp(pwd->pw_passwd, crypt(pass, pwd->pw_passwd))!=0){ *reply = "wrong password" return 1; } return 0;
26 Description CVEBulletin LOC k Proof log 2 (N) Time appletalk >6bit 1.39h tcffillnode >6bit 3.34m sigaltstack >7bit 49.5m cpuset x >6bit 1.32m SRP bit 0.128s login_unix bit 8.364s
27 Conclusion Combined model checking with theoretical work on Quantitative Information Flow Proof for whether official patches fix the problem Leaks are not synonymous with security breach Quantitative is better equipped than qualitative
BITCOIN MINING IN A SAT FRAMEWORK
BITCOIN MINING IN A SAT FRAMEWORK Jonathan Heusser @jonathanheusser DISCLAIMER JUST TO BE CLEAR.. This is research! Not saying ASICs suck I am not a cryptographer, nor SAT solver guy WTF REALISED PHD RESEARCH
Application of Propositional Logic II - How to Test/Verify my C program? Moonzoo Kim
Application of Propositional Logic II - How to Test/Verify my C program? Moonzoo Kim 2 Solving Various Problems using SAT Solver Sudoku Puzzle Encoding 1 Encoding 2 Verify/Testing C Programs Encoding 3
CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan
CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan Remember Symbolic Model Checking Represent sets of states and the transition relation as Boolean logic formulas
Applications of Logic in Software Engineering. CS402, Spring 2016 Shin Yoo
Applications of Logic in Software Engineering CS402, Spring 2016 Shin Yoo Acknowledgements I borrow slides from: Moonzoo Kim Theo C. Ruys (http://spinroot.com/spin/doc/ SpinTutorial.pdf) CBMC & Daniel
Program Security and Vulnerabilities Class 2
Program Security and Vulnerabilities Class 2 CEN-5079: 28.August.2017 1 Secure Programs Programs Operating System Device Drivers Network Software (TCP stack, web servers ) Database Management Systems Integrity
Copyright 2008 CS655 System Modeling and Analysis. Korea Advanced Institute of Science and Technology
The Spin Model Checker : Part I Copyright 2008 CS655 System Korea Advanced Institute of Science and Technology System Spec. In Promela Req. Spec. In LTL Overview of the Spin Architecture Spin Model pan.c
Verifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China
Verifying Temporal Properties via Dynamic Program Execution Zhenhua Duan Xidian University, China Main Points Background & Motivation MSVL and Compiler PPTL Unified Program Verification Tool Demo Conclusion
Handling Loops in Bounded Model Checking of C Programs via k-induction
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Handling Loops in Bounded Model Checking of C Programs via k-induction Mikhail Y. R. Gadelha, Hussama I. Ismail, and
CSE 509: Computer Security
CSE 509: Computer Security Date: 2.16.2009 BUFFER OVERFLOWS: input data Server running a daemon Attacker Code The attacker sends data to the daemon process running at the server side and could thus trigger
UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira
Short Notes of CS201
#includes: Short Notes of CS201 The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with < and > if the file is a system
: A Bounded Model Checking Tool to Verify Qt Applications
23 rd International SPIN symposium on Model Checking of Software : A Bounded Model Checking Tool to Verify Qt Applications Mário A. P. Garcia, Felipe R. Monteiro, Lucas C. Cordeiro, and Eddie B. de Lima
CS201 - Introduction to Programming Glossary By
CS201 - Introduction to Programming Glossary By #include : The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with
Verification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
CS 161 Computer Security
Wagner Spring 2014 CS 161 Computer Security 1/27 Reasoning About Code Often functions make certain assumptions about their arguments, and it is the caller s responsibility to make sure those assumptions
CS504 4 th Quiz solved by MCS GROUP
CS504 4 th Quiz solved by MCS GROUP All are solved 100% correct with pages # remember us in ur prayerssss. Quiz Start Time: 01:26 PM Time Left 90 Question # 1 of 10 ( Start time: 01:26:29 PM ) Total Marks:
CMPS 105 Systems Programming. Prof. Darrell Long E2.371
+ CMPS 105 Systems Programming Prof. Darrell Long E2.371 darrell@ucsc.edu + Chapter 3: File I/O 2 + File I/O 3 n What attributes do files need? n Data storage n Byte stream n Named n Non-volatile n Shared
Introduction to Computer Systems , fall th Lecture, Sep. 28 th
Introduction to Computer Systems 15 213, fall 2009 9 th Lecture, Sep. 28 th Instructors: Majd Sakr and Khaled Harras Last Time: Structures struct rec { int i; int a[3]; int *p; }; Memory Layout i a p 0
CS 33. Intro to Storage Allocation. CS33 Intro to Computer Systems XXVI 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.
CS 33 Intro to Storage Allocation CS33 Intro to Computer Systems XXVI 1 Copyright 2017 Thomas W. Doeppner. All rights reserved. A Queue head typedef struct list_element { int value; struct list_element
Integers. Today. Next time. ! Numeric Encodings! Programming Implications! Basic operations. ! Floats
Integers Today! Numeric Encodings! Programming Implications! Basic operations! Programming Implications Next time! Floats Fabián E. Bustamante, 2007 Integers in C! C supports several integral data types
Topics in Software Security Vulnerability
Topics in Software Security Vulnerability Software vulnerability What are software vulnerabilities? Types of vulnerabilities E.g., Buffer Overflows How to find these vulnerabilities and prevent them? Classes
Structures and Unions in C
Structures and Unions in C Leo Ferres Department of Computer Science Universidad de Concepción leo@inf.udec.cl July 5, 2010 1 Introduction 2 Structures [W1] Structures in C are defined as data containers
Information Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE. The University of Tokyo
Information Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE The University of Tokyo furuse@yl.is.s.u-tokyo.ac.jp e-society MEXT project toward secure and reliable software
Crit-bit Trees. Adam Langley (Version )
CRITBIT CWEB OUTPUT 1 Crit-bit Trees Adam Langley (agl@imperialviolet.org) (Version 20080926) 1. Introduction This code is taken from Dan Bernstein s qhasm and implements a binary crit-bit (alsa known
Version:1.1. Overview of speculation-based cache timing side-channels
Author: Richard Grisenthwaite Date: January 2018 Version 1.1 Introduction This whitepaper looks at the susceptibility of Arm implementations following recent research findings from security researchers
CSC209H Lecture 7. Dan Zingaro. February 25, 2015
CSC209H Lecture 7 Dan Zingaro February 25, 2015 Inter-process Communication (IPC) Remember that after a fork, the two processes are independent We re going to use pipes to let the processes communicate
Motivation was to facilitate development of systems software, especially OS development.
A History Lesson C Basics 1 Development of language by Dennis Ritchie at Bell Labs culminated in the C language in 1972. Motivation was to facilitate development of systems software, especially OS development.
Outline. OS Interface to Devices. System Input/Output. CSCI 4061 Introduction to Operating Systems. System I/O and Files. Instructor: Abhishek Chandra
Outline CSCI 6 Introduction to Operating Systems System I/O and Files File I/O operations File Descriptors and redirection Pipes and FIFOs Instructor: Abhishek Chandra 2 System Input/Output Hardware devices:
MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING Herbert Rocha, Raimundo Barreto,
Communication. Serial port programming
Applied mechatronics Communication. Serial port programming Sven Gestegård Robertz sven.robertz@cs.lth.se Department of Computer Science, Lund University 2017 Outline 1 Introduction 2 Terminal I/O programming
Secure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
Automatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
Operating Systems. Lecture 06. System Calls (Exec, Open, Read, Write) Inter-process Communication in Unix/Linux (PIPE), Use of PIPE on command line
Operating Systems Lecture 06 System Calls (Exec, Open, Read, Write) Inter-process Communication in Unix/Linux (PIPE), Use of PIPE on command line March 04, 2013 exec() Typically the exec system call is
OS COMPONENTS OVERVIEW OF UNIX FILE I/O. CS124 Operating Systems Fall , Lecture 2
OS COMPONENTS OVERVIEW OF UNIX FILE I/O CS124 Operating Systems Fall 2017-2018, Lecture 2 2 Operating System Components (1) Common components of operating systems: Users: Want to solve problems by using
C Input/Output. Before we discuss I/O in C, let's review how C++ I/O works. int i; double x;
C Input/Output Before we discuss I/O in C, let's review how C++ I/O works. int i; double x; cin >> i; cin >> x; cout
Execution path timing analysis of UNIX daemons
Execution path timing analysis of UNIX daemons Sebastian Krahmer krahmer@suse.de April 15, 2002 Abstract Much effort has been taken over the years to give attackers as less information as possible when
Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish
Gerwin Klein Kevin Elphinstone Gernot Heiser June Andronick David Cock Philip Derrin Dhammika Elkaduwe Kai Engelhardt Rafal Kolanski Michael Norrish Thomas Sewell Harvey Tuch Simon Winwood 1 microkernel
Secure C Coding...yeah right. Andrew Zonenberg Alex Radocea
Secure C Coding...yeah right Andrew Zonenberg Alex Radocea Agenda Some Quick Review Data Representation Pointer Arithmetic Memory Management Basic C Vulnerabilities Memory Corruption Ignoring Return values
Systems Programming. 08. Standard I/O Library. Alexander Holupirek
Systems Programming 08. Standard I/O Library Alexander Holupirek Database and Information Systems Group Department of Computer & Information Science University of Konstanz Summer Term 2008 Last lecture:
Advcan QNX Driver User Manual V1.02
Advcan QNX Driver User Manual V1.02 Contents 1. Introduction...1 1.1. System Requirement...1 1.2. Driver configuration...1 2. AdvCan Data Structures...2 2.1. Canmsg_t Struct Reference...2 2.2. CanStatusPar
An External Integrity Checker for Increasing Security of Open Source Operating Systems
An External Integrity Checker for Increasing Security of Open Source Operating Systems Hiromasa Shimada, Tsung-Han Lin, Ning Li Distributed and Ubiquitous Computing Lab., Waseda University, Japan Background!
Oral. Total. Dated Sign (2) (5) (3) (2)
R N Oral Total Dated Sign (2) (5) (3) (2) Assignment Group- A_07 Problem Definition Write a program using TCP socket for wired network for following Say Hello to Each other ( For all students) File transfer
Secure software guidelines for ARMv8-M. for ARMv8-M. Version 0.1. Version 2.0. Copyright 2017 ARM Limited or its affiliates. All rights reserved.
Connect Secure software User Guide guidelines for ARMv8-M Version 0.1 Version 2.0 Page 1 of 19 Revision Information The following revisions have been made to this User Guide. Date Issue Confidentiality
Contents of Lecture 3
Contents of Lecture 3 Repetition of matrices double a[3][4]; double* b; double** c; Terminology Linkage Types Conversions Jonas Skeppstedt (js@cs.lth.se) Lecture 3 2014 1 / 33 A global matrix: double a[3][4]
Symbolic and Concolic Execution of Programs
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James
GPUnet: Networking Abstractions for GPU Programs. Author: Andrzej Jackowski
Author: Andrzej Jackowski 1 Author: Andrzej Jackowski 2 GPU programming problem 3 GPU distributed application flow 1. recv req Network 4. send repl 2. exec on GPU CPU & Memory 3. get results GPU & Memory
10. I/O System Library
10. I/O System Library Header File #include // Found in C:\Nburn\include General File Descriptor Functions close --- Close open file descriptors read --- Read data from a file descriptor ReadWithTimeout
Computer Science 162, Fall 2014 David Culler University of California, Berkeley Midterm 2 November 14, 2014
Computer Science 162, Fall 2014 David Culler University of California, Berkeley Midterm 2 November 14, 2014 Name SID Login TA Name Section Time This is a closed book exam with one 2-sided page of notes
CS 378 (Spring 2003)
Department of Computer Sciences THE UNIVERSITY OF TEXAS AT AUSTIN CS 378 (Spring 2003) Linux Kernel Programming Yongguang Zhang (ygz@cs.utexas.edu) Copyright 2003, Yongguang Zhang This Lecture Device Driver
Goal. Overflow Checking in Firefox. Sixgill. Sixgill (cont) Verifier Design Questions. Sixgill: Properties 4/8/2010
Goal Overflow Checking in Firefox Brian Hackett Can we clean a code base of buffer overflows? Keep it clean? Must prove buffer accesses are in bounds Verification: prove a code base has a property Sixgill
Processes often need to communicate. CSCB09: Software Tools and Systems Programming. Solution: Pipes. Recall: I/O mechanisms in C
2017-03-06 Processes often need to communicate CSCB09: Software Tools and Systems Programming E.g. consider a shell pipeline: ps wc l ps needs to send its output to wc E.g. the different worker processes
CS240: Programming in C
CS240: Programming in C Lecture 13 si 14: Unix interface for working with files. Cristina Nita-Rotaru Lecture 13/Fall 2013 1 Working with Files (I/O) File system: specifies how the information is organized
A Mathematical Proof. Zero Knowledge Protocols. Interactive Proof System. Other Kinds of Proofs. When referring to a proof in logic we usually mean:
A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. Zero Knowledge Protocols 3. Each statement is derived via the derivation rules.
CS-211 Fall 2017 Test 2 Version A November 29, Name:
CS-211 Fall 2017 Test 2 Version A November 29, 2017 True/False Questions... Name: 1. (10 points) For the following, Check T if the statement is true, the F if the statement is false. (a) T F : The control
Decision Procedures. An Algorithmic Point of View. Bit-Vectors. D. Kroening O. Strichman. Version 1.0, ETH/Technion
Decision Procedures An Algorithmic Point of View Bit-Vectors D. Kroening O. Strichman ETH/Technion Version 1.0, 2007 Part VI Bit-Vectors Outline 1 Introduction to Bit-Vector Logic 2 Syntax 3 Semantics
COMP 181. Agenda. Midterm topics. Today: type checking. Purpose of types. Type errors. Type checking
Agenda COMP 181 Type checking October 21, 2009 Next week OOPSLA: Object-oriented Programming Systems Languages and Applications One of the top PL conferences Monday (Oct 26 th ) In-class midterm Review
COSC Operating Systems Design, Fall Lecture Note: Unnamed Pipe and Shared Memory. Unnamed Pipes
COSC4740-01 Operating Systems Design, Fall 2001 Lecture Note: Unnamed Pipe and Shared Memory Unnamed Pipes Pipes are a form of Inter-Process Communication (IPC) implemented on Unix and Linux variants.
Static Analysis in Practice
in Practice 17-654/17-754: Analysis of Software Artifacts Jonathan Aldrich 1 Quick Poll Who is familiar and comfortable with design patterns? e.g. what is a Factory and why use it? 2 1 Outline: in Practice
Propositional Logic Formal Syntax and Semantics. Computability and Logic
Propositional Logic Formal Syntax and Semantics Computability and Logic Syntax and Semantics Syntax: The study of how expressions are structured (think: grammar) Semantics: The study of the relationship
Mid-term Exam. Fall Semester 2017 KAIST EE209 Programming Structures for Electrical Engineering. Name: Student ID:
Fall Semester 2017 KAIST EE209 Programming Structures for Electrical Engineering Mid-term Exam Name: This exam is closed book and notes. Read the questions carefully and focus your answers on what has
Princeton University COS 333: Advanced Programming Techniques A Subset of C90
Princeton University COS 333: Advanced Programming Techniques A Subset of C90 Program Structure /* Print "hello, world" to stdout. Return 0. */ { printf("hello, world\n"); -----------------------------------------------------------------------------------
Project 3: Base64 Content-Transfer-Encoding
CMSC 313, Computer Organization & Assembly Language Programming Section 0101 Fall 2001 Project 3: Base64 Content-Transfer-Encoding Due: Tuesday November 13, 2001 Objective The objectives of this programming
Last week. Data on the stack is allocated automatically when we do a function call, and removed when we return
Last week Data can be allocated on the stack or on the heap (aka dynamic memory) Data on the stack is allocated automatically when we do a function call, and removed when we return f() {... int table[len];...
DR. CHECKER. A Soundy Analysis for Linux Kernel Drivers. University of California, Santa Barbara. USENIX Security seclab
DR. CHECKER A Soundy Analysis for Linux Kernel Drivers Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, and Giovanni Vigna University of California, Santa Barbara USENIX
A Case Study for CTL Model Update
A Case Study for CTL Model Update Yulin Ding and Yan Zhang School of Computing & Information Technology University of Western Sydney Kingswood, N.S.W. 1797, Australia email: {yding,yan}@cit.uws.edu.au
Hacking Blind. Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, Dan Boneh. Stanford University
Hacking Blind Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, Dan Boneh Stanford University Hacking 101 Exploit GET /0xDEAD HTTP/1.0 shell $ cat /etc/passwd root:x:0:0:::/bin/sh sorbo:x:6:9:pac:/bin/sh
Inference of Memory Bounds
Research Review 2017 Will Klieber, software security researcher Joint work with Will Snavely public release and unlimited distribution. 1 Copyright 2017 Carnegie Mellon University. All Rights Reserved.
Concurrent Servers Dec 2, 2009"
Concurrent Servers Dec 2, 2009" Administrivia" 2! Iterative Servers" client 1! server! client 2! call connect ret connect call read ret read close call accept" ret accept" write close call accept" ret
Windows architecture. user. mode. Env. subsystems. Executive. Device drivers Kernel. kernel. mode HAL. Hardware. Process B. Process C.
Structure Unix architecture users Functions of the System tools (shell, editors, compilers, ) standard library System call Standard library (printf, fork, ) OS kernel: processes, memory management, file
NPTEL Course Jan K. Gopinath Indian Institute of Science
Storage Systems NPTEL Course Jan 2012 (Lecture 18) K. Gopinath Indian Institute of Science Spinlocks & Semaphores Shared data betw different parts of code in kernel most common: access to data structures
Hyo-bong Son Computer Systems Laboratory Sungkyunkwan University
Sockets Hyo-bong Son (proshb@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Client-Server Model Most network application is based on the client-server model: A server
lpengfei Ding & Chenfu Bao lsecurity Researcher & Baidu X-Lab lfocused on Mobile, IoT and Linux kernel security
lpengfei Ding & Chenfu Bao lsecurity Researcher & Developer @ Baidu X-Lab lfocused on Mobile, IoT and Linux kernel security l Introduction l Past Compat Vulnerabilities l Newly Identified Compat Vulnerabilities
Tokens, Expressions and Control Structures
3 Tokens, Expressions and Control Structures Tokens Keywords Identifiers Data types User-defined types Derived types Symbolic constants Declaration of variables Initialization Reference variables Type
CONVENTIONAL EXECUTABLE SEMANTICS. Grigore Rosu CS422 Programming Language Semantics
CONVENTIONAL EXECUTABLE SEMANTICS Grigore Rosu CS422 Programming Language Semantics Conventional Semantic Approaches A language designer should understand the existing design approaches, techniques and
System Administration and Network Security
System Administration and Network Security Master SSCI, M2P subject Duration: up to 3 hours. All answers should be justified. Clear and concise answers will be rewarded. 1 Network Administration To keep
Topic 6: A Quick Intro To C
Topic 6: A Quick Intro To C Assumption: All of you know Java. Much of C syntax is the same. Also: Many of you have used C or C++. Goal for this topic: you can write & run a simple C program basic functions
Introduction to Computer Systems. Final Exam. May 3, Notes and calculators are permitted, but not computers. Caching. Signals.
15-213 Introduction to Computer Systems Final Exam May 3, 2006 Name: Andrew User ID: Recitation Section: This is an open-book exam. Notes and calculators are permitted, but not computers. Write your answers
Buffer Overflows. Buffer Overflow. Many of the following slides are based on those from
s Many of the following slides are based on those from 1 Complete Powerpoint Lecture Notes for Computer Systems: A Programmer's Perspective (CS:APP) Randal E. Bryant and David R. O'Hallaron http://csapp.cs.cmu.edu/public/lectures.html
I/O Management! Goals of this Lecture!
I/O Management! 1 Goals of this Lecture! Help you to learn about:" The Unix stream concept" Standard C I/O functions" Unix system-level functions for I/O" How the standard C I/O functions use the Unix
Buffer. This time. Security. overflows. Software. By investigating. We will begin. our 1st section: History. Memory layouts
This time We will begin our 1st section: Software Security By investigating Buffer overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Software security
Mid-term Exam. Fall Semester 2017 KAIST EE209 Programming Structures for Electrical Engineering. Name: Student ID:
Fall Semester 2017 KAIST EE209 Programming Structures for Electrical Engineering Mid-term Exam Name: This exam is closed book and notes. Read the questions carefully and focus your answers on what has
Betriebssysteme und Sicherheit Sicherheit. Buffer Overflows
Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation
ECE 264 Exam 2. 6:30-7:30PM, March 9, You must sign here. Otherwise you will receive a 1-point penalty.
ECE 264 Exam 2 6:30-7:30PM, March 9, 2011 I certify that I will not receive nor provide aid to any other student for this exam. Signature: You must sign here. Otherwise you will receive a 1-point penalty.
Changelog. Corrections made in this version not in first posting: 1 April 2017: slide 13: a few more %c s would be needed to skip format string part
1 Changelog 1 Corrections made in this version not in first posting: 1 April 2017: slide 13: a few more %c s would be needed to skip format string part OVER questions? 2 last time 3 memory management problems
Summary: Direct Code Generation
Summary: Direct Code Generation 1 Direct Code Generation Code generation involves the generation of the target representation (object code) from the annotated parse tree (or Abstract Syntactic Tree, AST)
Network Programming November 3, 2008
15-213 Network Programming November 3, 2008 Topics Programmer s view of the Internet (review) Sockets interface Writing clients and servers class20.ppt A Client-Server Transaction Most network applications
A Verification Approach for GALS Integration of Synchronous Components
GALS 2005 Preliminary Version A Verification Approach for GALS Integration of Synchronous Components F. Doucet, M. Menarini, I. H. Krüger and R. Gupta 1 Computer Science and Engineering University of California,
Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher
Reverse Engineering II: Basics Gergely Erdélyi Senior Antivirus Researcher Agenda Very basics Intel x86 crash course Basics of C Binary Numbers Binary Numbers 1 Binary Numbers 1 0 1 1 Binary Numbers 1
Finding User/Kernel Pointer Bugs with Type Inference p.1
Finding User/Kernel Pointer Bugs with Type Inference Rob Johnson David Wagner rtjohnso,daw}@cs.berkeley.edu. UC Berkeley Finding User/Kernel Pointer Bugs with Type Inference p.1 User/Kernel Pointer Bugs
Administrivia. Introduction to Computer Systems. Pointers, cont. Pointer example, again POINTERS. Project 2 posted, due October 6
CMSC 313 Introduction to Computer Systems Lecture 8 Pointers, cont. Alan Sussman als@cs.umd.edu Administrivia Project 2 posted, due October 6 public tests s posted Quiz on Wed. in discussion up to pointers
Systems Programming and Computer Architecture ( )
Systems Group Department of Computer Science ETH Zürich Systems Programming and Computer Architecture (252-0061-00) Timothy Roscoe Herbstsemester 2016 1 3: Integers in C Computer Architecture and Systems
Operating Systems CS 217. Provides each process with a virtual machine. Promises each program the illusion of having whole machine to itself
Operating Systems CS 217 Operating System (OS) Provides each process with a virtual machine Promises each program the illusion of having whole machine to itself Process Process Process Process OS Kernel
Program Block Editor and Compiler (PBEC)
Program Block Editor and Compiler (PBEC) For Hercules User Manual Version 1.7.5 2007 Dearborn Group Inc. 27007 Hills Tech Court Farmington Hills, MI 48331 Phone (248) 488-2080 Fax (248) 488-2082 http://www.dgtech.com
Software Model Checking. From Programs to Kripke Structures
Software Model Checking (in (in C or or Java) Java) Model Model Extraction 1: int x = 2; int y = 2; 2: while (y
Applications of Formal Verification
Applications of Formal Verification Model Checking: Introduction to PROMELA Prof. Dr. Bernhard Beckert Dr. Vladimir Klebanov SS 2010 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State
Verification and Validation
Verification and Validation Assuring that a software system meets a user's needs Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 19 Slide 1 Objectives To introduce software verification
This lists all known errors in The C Programming Language, Second Edition, by Brian Kernighan and Dennis Ritchie (Prentice-Hall, 1988).
Errata for The C Programming Language, Second Edition This lists all known errors in The C Programming Language, Second Edition, by Brian Kernighan and Dennis Ritchie (Prentice-Hall, 1988). The pagination
Signal Example 1. Signal Example 2
Signal Example 1 #include #include void ctrl_c_handler(int tmp) { printf("you typed CTL-C, but I don't want to die!\n"); int main(int argc, char* argv[]) { long i; signal(sigint, ctrl_c_handler);
// Initially NULL, points to the dynamically allocated array of bytes. uint8_t *data;
Creating a Data Type in C Bytes For this assignment, you will use the struct mechanism in C to implement a data type that represents an array of bytes. This data structure could be used kind of like a