with dynamic information flow analysis
play

with Dynamic Information Flow Analysis Mona Attariyan Jason Flinn - PowerPoint PPT Presentation

May 13, 2023 •44 likes •644 views

Automating Configuration Troubleshooting with Dynamic Information Flow Analysis Mona Attariyan Jason Flinn University of Michigan Configuration Troubleshooting Is Difficult Software systems Users make mistakes difficult to configure Mona

  1. Automating Configuration Troubleshooting with Dynamic Information Flow Analysis Mona Attariyan Jason Flinn University of Michigan

  2. Configuration Troubleshooting Is Difficult Software systems Users make mistakes difficult to configure Mona Attariyan - University of Michigan 2

  3. Configuration Troubleshooting Is Difficult Software systems Users make mistakes difficult to configure Misconfigurations happen Mona Attariyan - University of Michigan 3

  4. Configuration Troubleshooting Is Difficult Mona Attariyan - University of Michigan 4

  5. What To Do With Misconfiguration? Ask colleagues config file …… Search manual, FAQ, …… &$%#! online forums ….. ….. Look at the code if available Mona Attariyan - University of Michigan 5

  6. What To Do With Misconfiguration? A tool that automatically finds the root cause of the misconfiguration in applications? Mona Attariyan - University of Michigan 6

  7. ConfAid Insight Application code has enough information to lead us to the root cause How? Dynamic information flow analysis on application binaries Mona Attariyan - University of Michigan 7

  8. How to Use ConfAid? config file Application …… …… …… error Mona Attariyan - University of Michigan 8

  9. How to Use ConfAid? ConfAid config file Application …… …… …… error Mona Attariyan - University of Michigan 9

  10. How to Use ConfAid? ConfAid config file Application …… …… …… error Mona Attariyan - University of Michigan 10

  11. How to Use ConfAid? ConfAid config file Application …… …… …… likely root causes 1)… 2)… error 3)… …… Mona Attariyan - University of Michigan 11

  12. Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion Mona Attariyan - University of Michigan 12

  13. How Developers Find Root Cause Application Config file file = open(config file) ExecCGI token = read_token(file) if (token equals “ ExecCGI ”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() Mona Attariyan - University of Michigan 13

  14. How Developers Find Root Cause Application Config file file = open(config file) ExecCGI token = read_token(file) if (token equals “ ExecCGI ”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() Mona Attariyan - University of Michigan 14

  15. How ConfAid Finds Root Cause • ConfAid uses taint tracking Config file file = open(config file) ExecCGI token = read_token(file) if (token equals “ ExecCGI ”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() Mona Attariyan - University of Michigan 15

  16. How ConfAid Finds Root Cause • ConfAid uses taint tracking Config file file = open(config file) ExecCGI token = read_token(file) if (token equals “ ExecCGI ”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() Mona Attariyan - University of Michigan 16

  17. How to Avoid Error? if (a) if (b) if (c) 17

  18. How to Avoid Error? if (a) if (b) if (c) 18

  19. How to Avoid Error? if (a) This path ends before the error happens if (b) if (c) 19

  20. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error if (c) 20

  21. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error if (c) This path successfully avoids the error 21

  22. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error likely root if (c) cause This path successfully avoids the error 22

  23. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error likely root if (c) cause This path successfully avoids the error 23

  24. Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion Mona Attariyan - University of Michigan 24

  25. Data Flow Analysis value of x might change, T x = { , } if tokens or change Taint propagates via data flow and control flow x = y + z , T y = { , } T x = { , , } T z = { , } T y  T z Mona Attariyan - University of Michigan 25

  26. Control Flow Analysis T c = { } T a = { } /* c = 0 */ T x = { } /* x is read from file*/ if (c == 0) { , ,( T x = { ) } Ʌ x = a } What could cause Data flow Control flow x to be different ? Mona Attariyan - University of Michigan 26

  27. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if(c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 27

  28. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if(c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 28

  29. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ ckpt if(c) if(!c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 29

  30. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ ckpt if(c) if(!c) if (c) { /*taken path*/ y = a … } else { y = a } y depends on c Mona Attariyan - University of Michigan 30

  31. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ ckpt if(c) if(!c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 31

  32. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if(c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 32

  33. Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if(c) if (c) { /*taken path*/ … } else { y = a } y depends on c Mona Attariyan - University of Michigan 33

  34. Effect of Alternate Path Exploration /* c = 1*/ T c = { } T a = { } /* y is from file*/ T y = { } if (c) { … , ,( T y = { ) } Ʌ } else { y = a Alternate path Alternate path } + Data flow exploration What could cause y to be different? Mona Attariyan - University of Michigan 34

  35. Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion Mona Attariyan - University of Michigan 35

  36. Embracing Imprecise Analysis • Complete and sound analysis leads to: – poor performance – high false positive rate Bounded horizon heuristic • To improve performance Single mistake heuristic • To reduce false positives Weighting heuristic Mona Attariyan - University of Michigan 36

  37. Bounded Horizon Heuristic • Bounded horizon prevents path explosion • Alternate path runs a fixed # of instructions if (b) likely root max reached, if (c) causes abort exploration 37

  38. Single Mistake Heuristic • Configuration file contains a single mistake • Reduces amount of taint and # of explored paths /* x=1, c=0*/ T x = { } T x = { , , ( Ʌ )} T c = { } if (c == 0) { x = a T a = { } } Mona Attariyan - University of Michigan 38

  39. Single Mistake Heuristic • Configuration file contains a single mistake • Reduces amount of taint and # of explored paths /* x=1, c=0*/ T x = { } T x = { , , ( Ʌ )} T c = { } if (c == 0) { x = a T a = { } } Mona Attariyan - University of Michigan 39

  40. Weighting Heuristic • Insufficient to treat all taint propagations equally – Data flow introduces stronger dependency than ctrl flow – Branches closer to error stronger than farther branches • Assign weights to taints to represent strength level – Data flow taint gets a higher weight than ctrl flow taint – Branches closer to error get higher weight than farther Mona Attariyan - University of Michigan 40

  41. Example of Weighting Heuristic if (x) { … if (y) { … likely root if (z) { causes ERROR() } } } Mona Attariyan - University of Michigan 41

  42. Heuristics: Pros and Cons Bounded Single mistake Weighting horizon Simplify control  flow analysis Improve   performance Reduce FP   Increase FP Increase FN FP = False Positive, FN = False Negative 42

  43. ConfAid and Multi-process Apps • ConfAid propagates taints between processes – Intercepts IPC system calls – Sends taint along with the data • ConfAid currently supports communication via: – Unix sockets, pipes, TCP and UDP sockets – Regular files Mona Attariyan - University of Michigan 43

  44. Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analys is • Evaluation • Conclusion Mona Attariyan - University of Michigan 44

  45. Evaluation • ConfAid debugs misconfiguration in: – OpenSSH 5.1 (2 processes) – Apache HTTP server 2.2.14 (1 process) – Postfix mail transfer agent 2.7 (up to 6 processes) • Manually inject errors to configuration files • Evaluation metrics: – The ranking of the correct root cause – The time to execute the application with ConfAid Mona Attariyan - University of Michigan 45

Recommend

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a

Data-flow Analysis Idea Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Example How many registers do we need a := 0 1 for the program on the right? L1: b := a + 1 2

408 views • 12 slides
1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

Introduction to Data-flow analysis Data-flow Analysis Last Time Idea Undergraduate compilers review Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Assem.Instr data

903 views • 4 slides
Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael

Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael

Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan , Michael Dalton, Christos Kozyrakis Computer Systems Laboratory Stanford University Motivation Dynamic analysis help better understand SW behavior

350 views • 24 slides
Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow

Fundamentals of (Static ic and Dynamic ic) ) Software Verif ific icatio ion Control-flow Analysis Data-flow Analysis Static VS Dynamic Analysis Software Testing Control Con ol Flow ow Gr Graph entry S1 Procedure AVG S1 count =

1.08k views • 104 slides
HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan

HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan

HI-CFG: Construction by Dynamic Binary Analysis, and Application to Attack Polymorphism Dan Caselden, Alex Bazhanyuk, Mathias Payer , Stephen McCamant, Dawn Song, UC Berkeley Recovering Information Knowledge of information (data) flow and

694 views • 32 slides
Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

379 views • 24 slides
Object Flow Analysis Taking an Object-centric View on Dynamic Analysis Adrian Lienhard 1 ,

Object Flow Analysis Taking an Object-centric View on Dynamic Analysis Adrian Lienhard 1 ,

Object Flow Analysis Taking an Object-centric View on Dynamic Analysis Adrian Lienhard 1 , Stphane Ducasse 2 and T udor Grba 1 1 Software Composition Group, University of Bern, Switzerland 2 LISTIC, University of Savoie, France A missing

376 views • 21 slides
A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer Logical Systems Lab Computer Science Department Carnegie Mellon University LICS18 1 / 21 Outline: Hybrid { Dynamics, Logic, Power } Hybrid

353 views • 34 slides
Hedera - An Analysis of Dynamic Flow Scheduling for Data Center Networks Based on the paper

Hedera - An Analysis of Dynamic Flow Scheduling for Data Center Networks Based on the paper

Hedera - An Analysis of Dynamic Flow Scheduling for Data Center Networks Based on the paper Hedera: Dynamic Flow Scheduling for Data Centers Presented by Richard Kramer Oregon State University 1 What is Hedera? What is Hedera?

380 views • 25 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful

Flow Analysis Data-flow analysis, Control-flow analysis, Abstract interpretation, AAM Helpful Reading: Sections 1.1-1.5, 2.1 Data-flow analysis (DFA) A framework for statically proving facts about program data. Focuses on simple, finite

1.04k views • 54 slides
Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 Alejandro Russo 2 John C.

Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 Alejandro Russo 2 John C.

Flexible Dynamic Information Flow Control in Haskell Flexible Dynamic Information Flow Control in Haskell Deian Stefan 1 Alejandro Russo 2 John C. Mitchell 1 David Mazires 1 1 2 Haskell11 www.scs.stanford.edu/ deian/lio Flexible

820 views • 55 slides
May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms

May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms

May 12: Information Flow Static (compile-time) mechanisms Dynamic (run-time) mechanisms May 12, 2017 ECS 235B Spring Quarter 2017 Slide #1 Array Elements Information flowing out: ... := a [ i ] Value of i , a [ i ] both affect

1.12k views • 40 slides
Dynamic material flow analysis of copper and its alloys in Japan Ichiro Daigo, Susumu Hashimoto,

Dynamic material flow analysis of copper and its alloys in Japan Ichiro Daigo, Susumu Hashimoto,

LCM 2007 , Zurich, August 27-29 2007 Dynamic material flow analysis of copper and its alloys in Japan Ichiro Daigo, Susumu Hashimoto, Yasunari Matsuno, Yoshihiro Adachi Graduate School of Engineering, University of Tokyo Dept. of Materials

714 views • 19 slides
Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic

Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic

Inter-procedural Control Flow Analysis Using Constraint-based Approach cs6463 1 The Dynamic Dispatch Problem Which function is called by p(x)? int myFunc ( int (*p)(int), ) { return p(x); } P is a function pointer. What

364 views • 20 slides
PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca

PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca

ACM/IEEE CODES+ISSS 2018, Turin, Italy PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled Accelerators Luca Piccolboni, Giuseppe Di Guglielmo and Luca P. Carloni Columbia University, NY, USA Systems-on-Chip (SoCs) Are

851 views • 50 slides
Information Flow and Program Analysis Program Analysis Markus Mller-Olm Westflische

Information Flow and Program Analysis Program Analysis Markus Mller-Olm Westflische

Information Flow and Program Analysis Program Analysis Markus Mller-Olm Westflische Wilhelms-Universitt Mnster, Germany IFIP WG 2.2 Meeting Singapore, September 13-16, 2016 Project Context Work in progress from a joint project with

762 views • 19 slides
Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic

Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic

Secure Program Execution via Secure Program Execution via Dynamic Information Flow Dynamic Information Flow Tracking Tracking G. Edward Suh Suh, , Jae Jae W. Lee, David W. Lee, David G. Edward Zhang, Srinivas Srinivas Devadas Devadas

547 views • 26 slides
Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by

Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by

Data-flow analysis Introduction to data-flow analysis Michel Schinz based on material by Erik Stenman and Michael Schwartzbach Data-flow analysis Example: liveness Data-flow analysis is a global analysis framework that can be used to

635 views • 11 slides
IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo Stanford University, Chalmers University Motivating Example: Web Security Website uses

487 views • 28 slides
Motivation Intra-procedural analysis depends upon accurate control-flow information. In the

Motivation Intra-procedural analysis depends upon accurate control-flow information. In the

Motivation Intra-procedural analysis depends upon accurate control-flow information. In the presence of certain language features (e.g. indirect calls) it is nontrivial to predict accurately how control may flow at execution time the nave

594 views • 42 slides
1 Ways to improve data-flow analysis efficiency Example (liveness) 1st 2nd 3rd

1 Ways to improve data-flow analysis efficiency Example (liveness) 1st 2nd 3rd

Speeding Up Data-Flow Analysis Solving the Data-flow Equations Last time Algorithm Various optimizations that use data-flow analysis for each node n in CFG initialize solutions in[n] = ; out[n] = Today repeat Speeding up

418 views • 4 slides
Control-flow analysis ? ? ? ? ? Discovering information about how control (e.g. the program

Control-flow analysis ? ? ? ? ? Discovering information about how control (e.g. the program

Control-flow analysis ? ? ? ? ? Discovering information about how control (e.g. the program counter) may move through a program. Intra-procedural analysis An intra-procedural analysis collects information about the code inside a single

1.3k views • 53 slides
Time and Probability based Introduction Information Flow Analysis The Model of PTA

Time and Probability based Introduction Information Flow Analysis The Model of PTA

Time and Probability based Information Flow Analysis A. Troina Time and Probability based Introduction Information Flow Analysis The Model of PTA Non-interference Non-deterministic Systems Timed Systems Angelo Troina Probabilistic

709 views • 23 slides

More recommend