apisan sanitizing api usages through semantic cross
play

APISan: Sanitizing API Usages through Semantic Cross-checking Insu - PowerPoint PPT Presentation

Sep 03, 2023 •33 likes •923 views

APISan: Sanitizing API Usages through Semantic Cross-checking Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, Mayur Naik Georgia Institute of Technology 1 APIs in todays software are plentiful yet complex Example: OpenSSL

  1. APISan: Sanitizing API Usages through Semantic Cross-checking Insu Yun, Changwoo Min, Xujie Si, Yeongjin Jang, Taesoo Kim, Mayur Naik Georgia Institute of Technology 1

  2. APIs in today’s software are plentiful yet complex • Example: OpenSSL - 3841 3841 APIs in [v1.0.2h] - 3718 in [v1.0.1t] -> 3841 in [v1.0.2h] ( +1 +123 APIs) - OpenSSH uses 158 158 APIs of OpenSSL 2

  3. Complex APIs result in programmers’ mistakes • Problems in documentation - Incomplete: e.g., low details in hostname verification - Long: e.g., 43K lines in OpenSSL documentation - Lack: e.g., internal APIs • Lack of automatic tool support - e.g., missing formal specification and precise semantics 3

  4. Problem: API misuse can cause security problems 4

  5. Problem: API misuse can cause security problems à MITM 5

  6. Problem: API misuse can cause security problems à Code execution 6

  7. Problem: API misuse can cause security problems à Privilege Escalation 7

  8. Today’s practices to help programmers • Formal method - Problem: lack of specification • Model checking - Problem: manual, lack of semantic context • Symbolic execution - Problem : failed to scale for large software 8

  9. Promising approach: finding bugs by using existing code • “Bugs as deviant behavior”[OSDI01] - Syntactic template: e.g., check NULL on malloc() • “Juxta”[SOSP15] - Inferring correct semantics from multiple of implementations - File system specific bug finding tool 9

  10. Promising approach: finding bugs by using existing code • “Bugs as deviant behavior”[OSDI01] - Syntactic template: e.g., check NULL on malloc() • “Juxta”[SOSP15] Research goal: can we apply this method to - Inferring correct semantics from multiple of implementations any kind of software without manual efforts ? - File system specific bug finding tool 10

  11. Our idea: comparing API usages in various implementation • Example: finding OpenSSL API misuses … curl nginx nmap hexchat curl curl curl curl nginx nginx curl nmap APISan Majority uses Deviant uses ( Likely correct ) ( Likely bug) 11

  12. Our idea: comparing API usages in various implementation • Example: finding OpenSSL API misuses … curl nginx nmap hexchat curl curl curl curl nginx nginx curl nmap APISan Majority uses Deviant uses ( Likely correct ) ( Likely bug) 12

  13. Our idea: comparing API usages in various implementation • Example: finding OpenSSL API misuses … curl nginx nmap hexchat curl curl curl curl nginx nginx curl nmap APISan Majority uses Deviant uses ( Likely correct ) ( Likely bug) 13

  14. Our idea: comparing API usages in various implementation • Example: finding OpenSSL API misuses … curl nginx nmap hexchat curl curl curl curl nginx nginx curl nmap APISan Majority uses Deviant uses ( Likely correct ) ( Likely bug) 14

  15. Our approach is very promising • Effective in finding API misuses - 76 new bugs • Scale to large, complex software - Linux kernel, OpenSSL, PHP, Python, etc. - Debian packages 15

  16. Technical Challenges • API uses are too different from impl. to impl. • Subtle semantics of the correct API uses • Large, complex code using APIs 16

  17. Example: OpenSSL API uses • SSL_get_verify_result() - Get result of peer certificate verification if (SSL_get_verify_result() == X509_V_OK) { … } 17

  18. Example: OpenSSL API uses • SSL_get_verify_result() - Get result of peer certificate verification - no no peer ce certificate à alw always retu turns X509_V_ V_OK OK if (SSL_get_verify_result() == X509_V_OK) { … } 18

  19. Example: OpenSSL API uses • SSL_get_verify_result() - Get result of peer certificate verification - no no peer ce certificate à alw always retu turns X509_V_ V_OK OK if (SSL_get_verify_result() == X509_V_OK && SSL_get_peer_certificate() != NULL ) { … } 19

  20. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 20

  21. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 21

  22. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 22

  23. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 23

  24. Example: a correct implementation using OpenSSL API cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 24

  25. Example: a correct implementation using OpenSSL API Semantically same with correct usage cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (SSL_get_verify_result() == X509_V_OK if (err == X509_V_OK) { … } if && SSL_get_peer_certificate() != NULL ) { … } cu curl 25

  26. Example: a correct implementation using OpenSSL API Correct cert = SSL_get_peer_certificate(handle); if (!cert) {…} if err = SSL_get_verify_result(handle); if (err == X509_V_OK) { … } if cu curl 26

  27. Example: providing various implementations using OpenSSL Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ng ngin inx curl cu err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 27

  28. Example: providing various implementations using OpenSSL Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ng ngin inx curl cu err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 28

  29. Example: providing various implementations using OpenSSL Correct Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ngin ng inx curl cu err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 29

  30. Example: providing various implementations using OpenSSL Correct Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ngin ng inx curl cu err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 30

  31. Example: providing various implementations using OpenSSL Correct Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ng ngin inx cu curl Correct err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} nmap nmap he hexcha hat 31

  32. Example: providing various implementations using OpenSSL Correct Correct cert = SSL_get_peer_certificate(handle); if (SSL_get_verify_result(conn) != X509_V_OK) if (!cert) {…} return NGX_OK; err = SSL_get_verify_result(handle); cert = SSL_get_peer_certificate(conn); if (err == X509_V_OK) { … } if (cert) { … } ng ngin inx curl cu Correct err = SSL_get_verify_result(ssl); cert = SSL_get_peer_certificate(ssl); switch(err) { if (cert == NULL) case X509_V_OK: return 0; cert = SSL_get_peer_certificate(ssl); if (SSL_get_verify_result(ssl) != X509_V_OK) {…} // // if (cer cert) is missed ed nmap nmap he hexcha hat 32

Recommend

Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly

Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly

SemEval 2014 Task-3 Cross-Level Semantic Similarity MultiJEDI ERC 259234 Semantic Similarity Semantic Similarity Mostly focused on similar types of lexical items Semantic Similarity What if we have different types of inputs? CLSS:

971 views • 47 slides
SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request

SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request

SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request forgery Code Injection Attacks Attacker executes arbitrary code on server Programming the program Not sanitizing user

287 views • 11 slides
Cross-Lingual Semantic Mapping of Authority Files Nadine Steinmetz, and Harald Sack November,

Cross-Lingual Semantic Mapping of Authority Files Nadine Steinmetz, and Harald Sack November,

Cross-Lingual Semantic Mapping of Authority Files Nadine Steinmetz, and Harald Sack November, 26th 2013 Conference on Semantic Web in Libraries SWIB 2013, Hamburg, Germany Motivation Semantic Annotation of Textual Information: Having

754 views • 57 slides
Cross-Domain Semantic Parsing via Paraphrasing Yu Su & Xifeng Yan, EMNLP 2017 presented by

Cross-Domain Semantic Parsing via Paraphrasing Yu Su & Xifeng Yan, EMNLP 2017 presented by

Cross-Domain Semantic Parsing via Paraphrasing Yu Su & Xifeng Yan, EMNLP 2017 presented by Sha Li Semantic Parsing Mapping natural language utterances to logical forms that machines can act upon. Example: Database query Intents and

531 views • 21 slides
Cross-lingual Distributional Profiles of Concepts for Measuring Semantic Distance Saif Mohammad,

Cross-lingual Distributional Profiles of Concepts for Measuring Semantic Distance Saif Mohammad,

Cross-lingual Distributional Profiles of Concepts for Measuring Semantic Distance Saif Mohammad, Iryna Gurevych, Graeme Hirst, and Torsten Zesch University of Toronto & Darmstadt University of Technology Semantic distance SALSA DANCE

609 views • 47 slides
Cross-species comparison of GO annotations : advantages and limitations of semantic similarity

Cross-species comparison of GO annotations : advantages and limitations of semantic similarity

Cross-species comparison of GO annotations : advantages and limitations of semantic similarity measures O. Dameron, C. Bettembourg, L. Joret U936 Conceptual modeling of biomedical knowledge Universit de Rennes 1, France

467 views • 44 slides
Learning Cross-lingual Distributed Logical Representations for Semantic Parsing Yanyan Zou and

Learning Cross-lingual Distributed Logical Representations for Semantic Parsing Yanyan Zou and

Learning Cross-lingual Distributed Logical Representations for Semantic Parsing Yanyan Zou and Wei Lu StatNLP Group Singapore University of Technology and Design July 18, 2018 Outline Background & Motivation Method Experiments

679 views • 39 slides
A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 ,

A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 ,

A Generic Semantic-based Framework for Cross-domain Recommendation Ignacio Fernndez-Tobas 1 , Marius Kaminskas 2 , Ivn Cantador 1 , Francesco Ricci 2 1 Escuela Politcnica Superior, Universidad Autnoma de Madrid, Spain

877 views • 39 slides
Exploring API Embedding for API Usages and Applications Yi Chang Trong Duc Nguyen, Anh Tuan

Exploring API Embedding for API Usages and Applications Yi Chang Trong Duc Nguyen, Anh Tuan

Exploring API Embedding for API Usages and Applications Yi Chang Trong Duc Nguyen, Anh Tuan Nguyen, Hung Dang Phan, and Tien N. Nguyen. 2017. Exploring API embedding for API usages and applications. In Proceedings of the 39th International

188 views • 8 slides
Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web

Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web

Semantic Web 2008 Se a t c eb 008 Semantic Web ca. 2008 S ti W b 2008 Semantic Web companies starting & growing Siderean, SandPiper, SiberLogic, Ontology Works, Intellidimension, Intellisophic, TopQuadrant, Data Grid, Mondeca,

481 views • 23 slides
Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya

Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya

Cross-checking Semantic Correctness: The Case of Finding File System Bugs Changwoo Min , Sanidhya Kashyap, Byoungyoung Lee, Chengyu Song, Taesoo Kim Georgia Institute of Technology School of Computer Science Two promising approaches to make

1.25k views • 85 slides
Semantic relatedness and cross-lingual passage retrieval Eneko Agirre 1 , Olatz Ansa 1 , Xabier

Semantic relatedness and cross-lingual passage retrieval Eneko Agirre 1 , Olatz Ansa 1 , Xabier

ResPubliQA - QA@CLEF 2009 Semantic relatedness and cross-lingual passage retrieval Eneko Agirre 1 , Olatz Ansa 1 , Xabier Arregi 1 , Maddalen Lopez de Lacalle 2 , Arantxa Otegi 1 , Xabier Saralegi 2 , Hugo Zaragoza 3 1 IXA NLP Group, University of

413 views • 20 slides
SemEval 2019 Task 1: Cross-lingual Semantic Parsing with UCCA Daniel Hershcovich, Leshem

SemEval 2019 Task 1: Cross-lingual Semantic Parsing with UCCA Daniel Hershcovich, Leshem

1 SemEval 2019 Task 1: Cross-lingual Semantic Parsing with UCCA Daniel Hershcovich, Leshem Choshen, Elior Sulem, Zohar Aizenbud, Ari Rappoport and Omri Abend June 6, 2019 2 L H L H D F P A P A

430 views • 26 slides
What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by

What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by

What the #%*&! is the Semantic Web? The Semantic Web is a collaborative movement led by international standards body the World Wide Web Consortium (W3C).[1] ... By encouraging the inclusion of semantic content in web pages, the

578 views • 44 slides
Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne

Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne

Brief Blanching: An Effective Sanitizing Treatment for Minimally Processed Cucumber Products Fred Breidt and Suzanne Johanningsmeier USDA-ARS Food Science Research Unit Part II. Quality assessment for blanched refrigerated pickles with various

615 views • 24 slides
A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis

A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis

Think Census A Cryptography-Flavored Method for sanitizing a database Meaningful statistical analysis Approach to Privacy in Preservation of individuals privacy Public Databases What do we mean? Drineas, Dwork, Goldberg,

277 views • 3 slides
U A new addition to our product line here at back to a great place to live. sanitizers, foggers,

U A new addition to our product line here at back to a great place to live. sanitizers, foggers,

Corporate Sanitizing Solutions U A new addition to our product line here at back to a great place to live. sanitizers, foggers, onsite sanitizing & steam-cleaning crew services, perspex desk We are offering a wide range of products from

283 views • 16 slides
WINONE BIOZONE Nano Engineered Self Sanitizing Anti-Microbial Coating Present Situation and

WINONE BIOZONE Nano Engineered Self Sanitizing Anti-Microbial Coating Present Situation and

WINONE BIOZONE Nano Engineered Self Sanitizing Anti-Microbial Coating Present Situation and Technological Solution In the recent coronavirus outbreak, the world is aware of the acute and increasing need for the advance preventive measures and

591 views • 11 slides
Cross-Language Explicit Semantic Analysis Nedim Lipka Maik Anderka Benno Stein Bauhaus

Cross-Language Explicit Semantic Analysis Nedim Lipka Maik Anderka Benno Stein Bauhaus

Cross-Language Explicit Semantic Analysis Nedim Lipka Maik Anderka Benno Stein Bauhaus University Weimar www.webis.de 1 Lipka@CLEF [ ] 01.10.09 Outline Retrieval Models The CL-ESA Retrieval Model CL-ESA at TEL@CLEF 2009

697 views • 20 slides
Motivation Bootstrapping Semantic Lexicons A semantic lexicon contains semantic category Ex:

Motivation Bootstrapping Semantic Lexicons A semantic lexicon contains semantic category Ex:

Motivation Bootstrapping Semantic Lexicons A semantic lexicon contains semantic category Ex: dog, cat, lion, unannotated texts lizard, snake assignments for words. For example: blogger HUMAN sedan VEHICLE AK-47 WEAPON N best words

344 views • 8 slides
SoK: Sanitizing for Security Dokyung Song , Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn

SoK: Sanitizing for Security Dokyung Song , Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn

SoK: Sanitizing for Security Dokyung Song , Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz Finding Bugs in C/C++ Manual Analysis Static Analysis Dynamic Analysis AddressSanitizer MemorySanitizer Code

658 views • 39 slides
RDF, RDFS and OWL: Graph Data Models for the Semantic Web Semantic Web: The Idea Semantic

RDF, RDFS and OWL: Graph Data Models for the Semantic Web Semantic Web: The Idea Semantic

RDF, RDFS and OWL: Graph Data Models for the Semantic Web Semantic Web: The Idea Semantic Web does not mean computers are going to understand the meaning of everything on the web does mean that we can create some standards ways of

344 views • 33 slides
Vehicle Sanitizing Checklist Protecting the workplace from Covid-19 and other contagious illness

Vehicle Sanitizing Checklist Protecting the workplace from Covid-19 and other contagious illness

Vehicle Sanitizing Checklist Protecting the workplace from Covid-19 and other contagious illness outbreaks Indiana LTAP Bryan Hubbard, Purdue Polytechnic Sarah Hubbard, Purdue Polytechnic R eflects guidelines as of August 12, 2020 Vehicle Sa

529 views • 17 slides
ASHEVILLE CARES STAY SAFE PLEDGE RESIDENTS NOT READY FOR TOURISTS Source: SMARInsights Domestic

ASHEVILLE CARES STAY SAFE PLEDGE RESIDENTS NOT READY FOR TOURISTS Source: SMARInsights Domestic

ASHEVILLE CARES STAY SAFE PLEDGE RESIDENTS NOT READY FOR TOURISTS Source: SMARInsights Domestic Leisure Traveler Sentiment COVID SANITIZING MOST IMPORTANT 85% of consumers say that knowing the cleaning and sanitizing protocols for a city and

478 views • 30 slides

More recommend