automatic-patching-sosp2009-slides

automatic-patching-sosp2009-slides - Selfdefendingsoftware:

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Self-defending software: Automatically patching errors  in deployed software Michael Ernst University of Washington Joint work with: Saman Amarasinghe, Jonathan Bachrach, Michael Carbin, Sung Kim, Samuel Larsen, Carlos Pacheco, Jeff Perkins, Martin Rinard, Frank Sherwood, Stelios Sidiroglou, Greg Sullivan, Weng-Fai Wong, Yoav Zibin
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Problem:  Your code has bugs  and vulnerabilities Attack detectors exist Code injection, memory errors (buffer overrun) Reaction: Crash the application Loss of data Overhead of restart Attack recurs Denial of service Automatically patch the application
Background image of page 2
ClearView: Security for legacy software Requirements: 1. Protect against unknown vulnerabilities 2. Preserve functionality 3. Commercial & legacy software
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
1.  Unknown vulnerabilities Proactively prevent attacks via unknown vulnerabilities “Zero-day exploits” No pre-generated signatures No hard-coded fixes No time for human reaction Works for bugs as well as attacks
Background image of page 4
2.  Preserve functionality Maintain continuity: application continues to operate despite attacks For applications that require high availability Important for mission-critical applications Web servers, air traffic control, communications Technique: create a patch ( repair the application) Patching is a valuable option for your toolbox
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
3.  Commercial/legacy software No modification to source or executables No cooperation required from developers Cannot assume built-in survivability features No source information (no debug symbols) x86 Windows binaries
Background image of page 6
Learn from success and failure Normal executions show what the application is supposed to do Each attack (or failure) provides information about the underlying vulnerability Repairs improve over time Eventually, the attack is rendered harmless Similar to an immune system Detect all attacks (of given types) Prevent negative consequences First few attacks may crash the application
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Attack detector Repair Learning all executions patch Pluggable detector, does not depend on learning attacks (or bugs) normal executions predictive constraints Learn normal behavior (constraints) from successful runs Check constraints during attacks Patch to re-establish constraints Evaluate and distribute patches True on every good run False during every attack Detect, learn, repair Restores normal behavior O u r f o c s
Background image of page 8
A deployment of ClearView (Server may be replicated, distributed, etc.) Encrypted, authenticated  communication Server Community machines Threat model does not (yet!) include malicious nodes
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Learning normal behavior copy_len ≤ buff_size Clients send  inference results Server Community machines Server generalizes (merges results) Clients do local inference Observe normal behavior Generalize observed behavior c o p y _ l e n < b u f s i z cop y_ le n ≤ bu ff_ size =
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 44

automatic-patching-sosp2009-slides - Selfdefendingsoftware:

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online