t ype g uided w orst c ase i nput g eneration di wang jan
play

T YPE -G UIDED W ORST -C ASE I NPUT G ENERATION Di Wang , Jan - PowerPoint PPT Presentation

Jan 22, 2024 •281 likes •1.12k views

T YPE -G UIDED W ORST -C ASE I NPUT G ENERATION Di Wang , Jan Hoffmann Carnegie Mellon University R ESOURCE A NALYSIS Programs 2 R ESOURCE A NALYSIS Programs Performance 2 R ESOURCE A NALYSIS Time Memory Power Programs Performance

  1. λ T YPE -G UIDED W ORST -C ASE I NPUT G ENERATION Di Wang , Jan Hoffmann Carnegie Mellon University

  2. R ESOURCE A NALYSIS Programs 2

  3. R ESOURCE A NALYSIS Programs Performance 2

  4. R ESOURCE A NALYSIS Time Memory Power … Programs Performance 2

  5. R ESOURCE A NALYSIS Performance bottlenecks Worst-Case Algorithmic complexity Analysis Time vulnerabilities Memory Power … Timing side channels Programs Performance 2

  6. E XAMPLE OF W ORST -C ASE A NALYSIS PHP 1 CVE - CVE-2011-4885. Available on: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885. 2 PHP 5.3.8 - Hashtables Denial of Service. Available on https://www.exploit-db.com/exploits/18296/. 3 PHP: PHP 5 ChangeLog. Available on http://www.php.net/ChangeLog-5.php#5.3.9. 3

  7. E XAMPLE OF W ORST -C ASE A NALYSIS Potential Denial-of-Service attack 1 PHP 1 CVE - CVE-2011-4885. Available on: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885. 2 PHP 5.3.8 - Hashtables Denial of Service. Available on https://www.exploit-db.com/exploits/18296/. 3 PHP: PHP 5 ChangeLog. Available on http://www.php.net/ChangeLog-5.php#5.3.9. 3

  8. E XAMPLE OF W ORST -C ASE A NALYSIS Potential Denial-of-Service attack 1 PHP Concrete exploits (by hash collisions) 2 1 CVE - CVE-2011-4885. Available on: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885. 2 PHP 5.3.8 - Hashtables Denial of Service. Available on https://www.exploit-db.com/exploits/18296/. 3 PHP: PHP 5 ChangeLog. Available on http://www.php.net/ChangeLog-5.php#5.3.9. 3

  9. E XAMPLE OF W ORST -C ASE A NALYSIS Potential Denial-of-Service attack 1 PHP Bug fixed! 3 Concrete exploits (by hash collisions) 2 1 CVE - CVE-2011-4885. Available on: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885. 2 PHP 5.3.8 - Hashtables Denial of Service. Available on https://www.exploit-db.com/exploits/18296/. 3 PHP: PHP 5 ChangeLog. Available on http://www.php.net/ChangeLog-5.php#5.3.9. 3

  10. E XAMPLE OF W ORST -C ASE A NALYSIS Potential Denial-of-Service attack 1 Worst-case inputs are instrumental to PHP understand and fix performance bugs! Bug fixed! 3 Concrete exploits (by hash collisions) 2 1 CVE - CVE-2011-4885. Available on: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885. 2 PHP 5.3.8 - Hashtables Denial of Service. Available on https://www.exploit-db.com/exploits/18296/. 3 PHP: PHP 5 ChangeLog. Available on http://www.php.net/ChangeLog-5.php#5.3.9. 3

  11. E XISTING A PPROACHES 4

  12. E XISTING A PPROACHES Dynamic Fuzz testing Symbolic execution Dynamic worst-case analysis … Flexible & universal Potentially unsound: The resulting inputs might not expose the worst-case behavior. 4

  13. E XISTING A PPROACHES Dynamic Static Fuzz testing Type systems Symbolic execution Abstract interpretation Dynamic worst-case analysis … … Sound upper bounds Flexible & universal Potentially not tight: No concrete Potentially unsound: The resulting witness — the bound might be inputs might not expose the too conservative. worst-case behavior. 4

  14. C ONTRIBUTIONS A type-guided worst-case input generation algorithm Proof of soundness and relative completeness Heuristics to improve scalability 5

  15. C ONTRIBUTIONS A type-guided worst-case input generation algorithm Proof of soundness and relative completeness Heuristics to improve scalability λ 5

  16. C ONTRIBUTIONS A type-guided worst-case input generation algorithm Proof of soundness and relative completeness Heuristics to improve scalability λ Resource Aware ML (RaML) 5

  17. C ONTRIBUTIONS A type-guided worst-case input generation algorithm Proof of soundness and relative completeness Heuristics to improve scalability λ Resource Aware ML (RaML) 5

  18. C ONTRIBUTIONS A type-guided worst-case input generation algorithm Proof of soundness and relative completeness Heuristics to improve scalability λ Resource Aware ML (RaML) Symbolic Execution 5

  19. C ONTRIBUTIONS A type-guided worst-case input generation algorithm Proof of soundness and relative completeness Heuristics to improve scalability λ Resource Aware ML (RaML) Guide Symbolic Execution 5

  20. O VERVIEW Motivation Resource Aware ML (RaML) Type-Guided Worst-Case Input Generation Evaluation 6

  21. A MORTIZED R ESOURCE A NALYSIS The potential method 7

  22. A MORTIZED R ESOURCE A NALYSIS The potential method D 4 D 5 … … D 0 D 1 D 2 D 3 D n 7

  23. A MORTIZED R ESOURCE A NALYSIS D i ’s are program states The potential method D 4 D 5 … … D 0 D 1 D 2 D 3 D n 7

  24. A MORTIZED R ESOURCE A NALYSIS D i ’s are program states Arrows are transitions The potential method with actual costs D 4 D 5 … … D 0 D 1 D 2 D 3 D n 7

  25. A MORTIZED R ESOURCE A NALYSIS D i ’s are program states Arrows are transitions The potential method with actual costs D 4 D 5 … … D 0 D 1 D 2 D 3 D n Φ ( D 0 ) Φ ( D 1 ) Φ ( D 2 ) Φ ( D 3 ) Φ ( D n ) 7

  26. A MORTIZED R ESOURCE A NALYSIS D i ’s are program states Arrows are transitions The potential method with actual costs D 4 D 5 … … D 0 D 1 D 2 D 3 D n Φ ( D 0 ) Φ ( D 1 ) Φ ( D 2 ) Φ ( D 3 ) Φ ( D n ) The potential function maps program states to nonnegative numbers 7

  27. A MORTIZED R ESOURCE A NALYSIS D i ’s are program states Arrows are transitions The potential method with actual costs D 4 D 5 … … D 0 D 1 D 2 D 3 D n Φ ( D 0 ) Φ ( D 1 ) Φ ( D 2 ) Φ ( D 3 ) Φ ( D n ) The potential function Φ ( D 2 ) ≥ Cost ( D 2 , D 3 ) + Φ ( D 3 ) maps program states to nonnegative numbers 7

  28. A MORTIZED R ESOURCE A NALYSIS D i ’s are program states Arrows are transitions The potential method with actual costs D 4 D 5 … … D 0 D 1 D 2 D 3 D n Φ ( D 0 ) Φ ( D 1 ) Φ ( D 2 ) Φ ( D 3 ) Φ ( D n ) The potential function Φ ( D 2 ) ≥ Cost ( D 2 , D 3 ) + Φ ( D 3 ) The initial potential is an maps program states to upper bound! nonnegative numbers 7

  29. T YPE -B ASED A NALYSIS The potential at a let rec lpairs l = program point is defined match l with | [] -> [] by a static annotation of | x1 :: xs -> match xs with data structures. | [] -> [] | x2 :: xs ’ -> A list of length n annotated if ( x1 : int ) < ( x2 : int ) then ( x1 , x2 ) :: lpairs xs ’ with a nonnegative number else lpairs xs ’ q has q·n units of potential. 8

  30. T YPE -B ASED A NALYSIS The potential at a let rec lpairs l = program point is defined match l with | [] -> [] by a static annotation of | x1 :: xs -> match xs with data structures. | [] -> [] | x2 :: xs ’ -> A list of length n annotated if ( x1 : int ) < ( x2 : int ) then ( x1 , x2 ) :: lpairs xs ’ with a nonnegative number else lpairs xs ’ q has q·n units of potential. Each of [] , :: , (,) consumes 2 memory cells. 8

  31. T YPE -B ASED A NALYSIS Cost = 2 ⋅ | ℓ | + 2 The potential at a let rec lpairs l = program point is defined match l with | [] -> [] by a static annotation of | x1 :: xs -> match xs with data structures. | [] -> [] | x2 :: xs ’ -> A list of length n annotated if ( x1 : int ) < ( x2 : int ) then ( x1 , x2 ) :: lpairs xs ’ with a nonnegative number else lpairs xs ’ q has q·n units of potential. Each of [] , :: , (,) consumes 2 memory cells. 8

  32. T YPE -B ASED A NALYSIS L 2 ( 𝗃𝗈𝗎 ) 2/0 L 0 ( 𝗃𝗈𝗎 × 𝗃𝗈𝗎 ) The potential at a let rec lpairs l = program point is defined match l with | [] -> [] by a static annotation of | x1 :: xs -> match xs with data structures. | [] -> [] | x2 :: xs ’ -> A list of length n annotated if ( x1 : int ) < ( x2 : int ) then ( x1 , x2 ) :: lpairs xs ’ with a nonnegative number else lpairs xs ’ q has q·n units of potential. Each of [] , :: , (,) consumes 2 memory cells. 8

  33. T YPE -B ASED A NALYSIS L 2 ( 𝗃𝗈𝗎 ) 2/0 L 0 ( 𝗃𝗈𝗎 × 𝗃𝗈𝗎 ) The potential at a let rec lpairs l = Φ 0 = 2 ⋅ | ℓ | + 2 program point is defined match l with | [] -> [] by a static annotation of | x1 :: xs -> match xs with data structures. | [] -> [] | x2 :: xs ’ -> A list of length n annotated if ( x1 : int ) < ( x2 : int ) then ( x1 , x2 ) :: lpairs xs ’ with a nonnegative number else lpairs xs ’ q has q·n units of potential. Each of [] , :: , (,) consumes 2 memory cells. 8

  34. T YPE -B ASED A NALYSIS L 2 ( 𝗃𝗈𝗎 ) 2/0 L 0 ( 𝗃𝗈𝗎 × 𝗃𝗈𝗎 ) The potential at a let rec lpairs l = Φ 0 = 2 ⋅ | ℓ | + 2 program point is defined match l with | [] -> [] Cost = 2 by a static annotation of | x1 :: xs -> match xs with data structures. | [] -> [] | x2 :: xs ’ -> A list of length n annotated if ( x1 : int ) < ( x2 : int ) then ( x1 , x2 ) :: lpairs xs ’ with a nonnegative number else lpairs xs ’ q has q·n units of potential. Each of [] , :: , (,) consumes 2 memory cells. 8

  35. T YPE -B ASED A NALYSIS L 2 ( 𝗃𝗈𝗎 ) 2/0 L 0 ( 𝗃𝗈𝗎 × 𝗃𝗈𝗎 ) The potential at a let rec lpairs l = program point is defined match l with | [] -> [] by a static annotation of | x1 :: xs -> Φ 1 = 2 ⋅ | xs | + 4 match xs with data structures. | [] -> [] | x2 :: xs ’ -> A list of length n annotated if ( x1 : int ) < ( x2 : int ) then ( x1 , x2 ) :: lpairs xs ’ with a nonnegative number else lpairs xs ’ q has q·n units of potential. Each of [] , :: , (,) consumes 2 memory cells. 8

Recommend

Willkommen beim Projekt NPUT Welcome to the NPUT project Good practices for

Willkommen beim Projekt NPUT Welcome to the NPUT project Good practices for

Projektpartnerschaft NPUT Dritter Aufenthalt transnationaler Expertinnen und Experten in Reutlingen, Schwbisch Gmnd und Tbingen Studientag am Mittwoch, 23. Mai 2012 in Reutlingen Project partnership NPUT Third mission of

371 views • 23 slides
G UIDED M ATH AND M ATH W ORKSHOP A Common Core Approach to Mathematics Instruction C OMMON C ORE

G UIDED M ATH AND M ATH W ORKSHOP A Common Core Approach to Mathematics Instruction C OMMON C ORE

G UIDED M ATH AND M ATH W ORKSHOP A Common Core Approach to Mathematics Instruction C OMMON C ORE M ATH K-5: T HE S HIFT Greater focus on fewer topics In grades K 2: Concepts, skills, and problem solving related to addition and

286 views • 24 slides
nput &quot; Input Presented by: Jim McKeeth Embarcadero Technologies

nput &quot; Input Presented by: Jim McKeeth Embarcadero Technologies

K4 K4 Keynote 4/16/2015 9:45 AM &quot; Thought hought: : The he Fut Futur ure e of of Mobile obile and and Embedded mbedded Applicat pplication ion nput &quot; Input Presented by: Jim McKeeth

726 views • 29 slides
T HE O PPORTUNITY OF N EXT G ENERATION S CHOOLS B ILL F ERGUSON MD S

T HE O PPORTUNITY OF N EXT G ENERATION S CHOOLS B ILL F ERGUSON MD S

T HE O PPORTUNITY OF N EXT G ENERATION S CHOOLS B ILL F ERGUSON MD S TATE S ENATOR S EPTEMBER 25, 2015 1 Problem 2 Problem 1 A lack of innovative Maryland Public schools

266 views • 26 slides
QUESTIONS)*)h,p://j.mp/EMCYM) ) DEVOTION)&amp;)PRAYER ) ) ARCHIE)POULOS ) Gener eneration t

QUESTIONS)*)h,p://j.mp/EMCYM) ) DEVOTION)&amp;)PRAYER ) ) ARCHIE)POULOS ) Gener eneration t

QUESTIONS)*)h,p://j.mp/EMCYM) ) DEVOTION)&amp;)PRAYER ) ) ARCHIE)POULOS ) Gener eneration t ation to G o Gener eneration ation 1.)Ordered)God,)Ordered)world) 2.)Godly)ordering)of)relaNonships) Pss)45:17,)48:13,)71:18,)79:13,)89:1)

1.67k views • 112 slides
G LOBAL I NTEGRATION AND C ARBON F LOW IN EU AND R EST OF THE W ORLD : A 2- REGIONAL I NPUT -O

G LOBAL I NTEGRATION AND C ARBON F LOW IN EU AND R EST OF THE W ORLD : A 2- REGIONAL I NPUT -O

G LOBAL I NTEGRATION AND C ARBON F LOW IN EU AND R EST OF THE W ORLD : A 2- REGIONAL I NPUT -O UTPUT F RAMEWORK Amarendra Sahoo, Arjan de Koning, Reinout Heijungs Institute of Environmental Sciences (CML) Leiden University We appraise carbon

636 views • 26 slides
W orst Case Ecien t Data Structures Gerth Stlting Bro dal BRICS Departmen t of

W orst Case Ecien t Data Structures Gerth Stlting Bro dal BRICS Departmen t of

W orst Case Ecien t Data Structures Gerth Stlting Bro dal BRICS Departmen t of Computer Science Univ ersit y of Aarh us and MaxPlanc kInstitut f ur Informatik Saarbr uc k en Ov erview

578 views • 21 slides
T HE N EXT G ENERATION OF C IVIL S OCIETY E NGAGEMENT : B OLDLY G OING W HERE N O NGO H AS G ONE B

T HE N EXT G ENERATION OF C IVIL S OCIETY E NGAGEMENT : B OLDLY G OING W HERE N O NGO H AS G ONE B

T HE N EXT G ENERATION OF C IVIL S OCIETY E NGAGEMENT : B OLDLY G OING W HERE N O NGO H AS G ONE B EFORE P RESENTATION T RANSCRIPT O CTOBER 28, 2015 This document was produced for review by the United States Agency for International Development. It

446 views • 17 slides
Fault Tolerance of the I nput/ Output Ports in Massively Def ective Multicore Processor Chips

Fault Tolerance of the I nput/ Output Ports in Massively Def ective Multicore Processor Chips

The 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Second Workshop on D Dependable and Secure Nanocomputing Friday June 27, 2008 Anchorage, AK, USA Fault Tolerance of the I nput/ Output Ports in Massively

561 views • 8 slides
CS534: Machine Learning CS534: Machine Learning Thomas G. Dietterich Thomas G. Dietterich 221C

CS534: Machine Learning CS534: Machine Learning Thomas G. Dietterich Thomas G. Dietterich 221C

CS534: Machine Learning CS534: Machine Learning Thomas G. Dietterich Thomas G. Dietterich 221C Dearborn Hall 221C Dearborn Hall tgd@cs.orst.edu tgd@cs.orst.edu http://www.cs.orst.edu/~tgd/classes/534 http://www.cs.orst.edu/~tgd/classes/534

950 views • 79 slides
NEW NEW G GENERA ENERATION OF OF COL OLOUR URING TE G TECHNOL OLOGY UNCOMPROMISING STAND

NEW NEW G GENERA ENERATION OF OF COL OLOUR URING TE G TECHNOL OLOGY UNCOMPROMISING STAND

NEW NEW G GENERA ENERATION OF OF COL OLOUR URING TE G TECHNOL OLOGY UNCOMPROMISING STAND NDAR ARDS FOR OR UN UNCOM OMPROMISING A ARTIST GLAZETTE COLOR represents the new generation of coloring technology. Ultra-advanced dye

639 views • 24 slides
Aaron T Wolf, PhD Program in Water Conflict Management Oregon State University, USA

Aaron T Wolf, PhD Program in Water Conflict Management Oregon State University, USA

Aaron T Wolf, PhD Program in Water Conflict Management Oregon State University, USA International Symposium on Water Diplomacy Stockholm, Sweden 16-17 November 2016 EMAIL: WOLFA@GEO.ORST.EDU WWW.TRANSBOUNDARYWATERS.ORST.EDU Aaron T Wolf, PhD

839 views • 48 slides
Building a Tim e Series of Environm ental Accounts for a W ord I nput-Output Database Aurlien

Building a Tim e Series of Environm ental Accounts for a W ord I nput-Output Database Aurlien

Building a Tim e Series of Environm ental Accounts for a W ord I nput-Output Database Aurlien Genty, Iaki Arto, Frederik Neuwahl Final W I OD conference, Groningen, April 2 4 -2 6 , 2 0 1 2 Joint Research Centre The European Com m ission's

619 views • 25 slides
Public Meeting for Solicitation of I nput I-40/I-40B (Gary Boulevard) Interchange at Exit 65

Public Meeting for Solicitation of I nput I-40/I-40B (Gary Boulevard) Interchange at Exit 65

Public Meeting for Solicitation of I nput I-40/I-40B (Gary Boulevard) Interchange at Exit 65 Modification Study May 24, 2016 6:00pm 8:00pm Frisco Center, Clinton, OK Before we get started Please turn off or mute any electronic

562 views • 42 slides
H1 2015 RESULTS ANALYSTS CALL Aspr pria Uh Uhlenh enhor orst st Hambu burg (DE) TABLE

H1 2015 RESULTS ANALYSTS CALL Aspr pria Uh Uhlenh enhor orst st Hambu burg (DE) TABLE

H1 2015 RESULTS ANALYSTS CALL Aspr pria Uh Uhlenh enhor orst st Hambu burg (DE) TABLE OF CONTENTS - Company Strategy - Portfolio - Healthcare Segment - Office Segment - Financial Resources - H1 2015 Earnings - Outlook and Guidance -

369 views • 36 slides
CSE 513 I ntroduction to Operating Systems Class 8 - I nput/ Output File Systems Jonathan

CSE 513 I ntroduction to Operating Systems Class 8 - I nput/ Output File Systems Jonathan

CSE 513 I ntroduction to Operating Systems Class 8 - I nput/ Output File Systems Jonathan Walpole Dept. of Comp. Sci. and Eng. Oregon Health and Science University I / O devices Device (mechanical hardware) Device controller

1.42k views • 95 slides
C APTIVE P OWER G ENERATION , G RID C ONNECTIVITY , AND H OUSEHOLD W ELFARE IN B ANGLADESH Sakib

C APTIVE P OWER G ENERATION , G RID C ONNECTIVITY , AND H OUSEHOLD W ELFARE IN B ANGLADESH Sakib

C APTIVE P OWER G ENERATION , G RID C ONNECTIVITY , AND H OUSEHOLD W ELFARE IN B ANGLADESH Sakib Amin Tooraj Jamasb Manuel Llorca Laura Marsiliani Thomas Renstrm Prepared for 5 th Summer Conference on Economic Research Economic Research

423 views • 17 slides
I nput for discussion: The public sector perspective on the cocoa supply chain Oxfam

I nput for discussion: The public sector perspective on the cocoa supply chain Oxfam

I nput for discussion: The public sector perspective on the cocoa supply chain Oxfam International Port of Spain, March 2009 Oxfam I nternational Make trade fair Mapping the cocoa chain Where lies the power? Where is the

535 views • 26 slides
Latest atest Gener eneration tion of f Onlin line e Gam ames? es? Andy Fawkes Di

Latest atest Gener eneration tion of f Onlin line e Gam ames? es? Andy Fawkes Di

ITEC Stockholm 14 May 2019 Lear earning ning fr from om th the e Latest atest Gener eneration tion of f Onlin line e Gam ames? es? Andy Fawkes Di Disruption sruption If you want something new, you have to stop doing

577 views • 38 slides
Water Part II The Aquifer Courtesy: UNESCO Hydrological Cycle groundwater.orst.edu/

Water Part II The Aquifer Courtesy: UNESCO Hydrological Cycle groundwater.orst.edu/

Water Part II The Aquifer Courtesy: UNESCO Hydrological Cycle groundwater.orst.edu/ under/aquifer.html Aquifer Essentials Geology of the United States Aquifers of the Unites States Geology Aquifers

1.41k views • 98 slides
I NSPIRING A N EW G ENERATION Young Professionals at the World Parks Congress Elaine Hsiao, IUCN

I NSPIRING A N EW G ENERATION Young Professionals at the World Parks Congress Elaine Hsiao, IUCN

I NSPIRING A N EW G ENERATION Young Professionals at the World Parks Congress Elaine Hsiao, IUCN WCPA Young Professionals SG Crista Valentino, The Murie Center N EW G ENERATIONS A new generation of youth and young people A new

278 views • 14 slides
I NPUT -O UTPUT L IFE C YCLE A NALYSIS OF THE E CO M UG By: Marley McVey W HAT IS A LIFE CYCLE

I NPUT -O UTPUT L IFE C YCLE A NALYSIS OF THE E CO M UG By: Marley McVey W HAT IS A LIFE CYCLE

I NPUT -O UTPUT L IFE C YCLE A NALYSIS OF THE E CO M UG By: Marley McVey W HAT IS A LIFE CYCLE ANALYSIS ? Life cycle analysis (LCA) is the systematic approach of looking at a products complete life cycle, from raw materials to final

704 views • 6 slides
C ONTEXT -K EYED P AYLOAD E NCODING : F IGHTING THE N EXT G ENERATION OF IDS Dimitrios A. Glynos

C ONTEXT -K EYED P AYLOAD E NCODING : F IGHTING THE N EXT G ENERATION OF IDS Dimitrios A. Glynos

C ONTEXT -K EYED P AYLOAD E NCODING : F IGHTING THE N EXT G ENERATION OF IDS Dimitrios A. Glynos dimitris at census-labs.com Census, Inc. Athens IT Security Conference (AthCon 2010) C ONTEXT -K EYED P AYLOAD E NCODING : F IGHTING THE N EXT G

315 views • 30 slides
Tsinghua @ TRECVID2007.search Zhikun Wang, Dong Wang, Huiyi Wang, Tongchun Xiao, Duanpeng Wang,

Tsinghua @ TRECVID2007.search Zhikun Wang, Dong Wang, Huiyi Wang, Tongchun Xiao, Duanpeng Wang,

Tsinghua @ TRECVID2007.search Zhikun Wang, Dong Wang, Huiyi Wang, Tongchun Xiao, Duanpeng Wang, Yingyu Liang, Yang Pang Jianmin Li, Fuzong Lin, Bo Zhang Outline System Overview Concept-Based Search Experiments &amp; Results

605 views • 31 slides

More recommend