Clotho : Saving Programs from Malformed Strings and Incorrect
Download as PPTX, PDF1 like1,070 views
The document details a thesis on 'Clotho', an automated tool designed to address runtime exceptions caused by malformed strings in software applications. It outlines the problem of handling incorrect string inputs in critical systems, proposes a novel hybrid technique for patch generation, and describes the tool's implementation and evaluation results. Clotho is intended to enhance software safety by enabling effective real-time patching without requiring source code access.
Clotho : Saving Programs from Malformed Strings and Incorrect
- 1. CLOTHO : Saving Programs from Malformed Strings and Incorrect String-handling Aritra Dhar M.Tech CSE (MT12004) Information Security Thesis Committee Dr. Rahul Purandare (Advisor) Dr. Mohan Dhawan (External Reviewer) Dr. Sambuddho Chakravarty (Internal Reviewer)
- 2. Outline Problem definition & Motivation Related Works Contribution Example Repairing Strategy : CLOTHO design Implementation Evaluation Conclusion 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 2
- 3. Problem Definition Runtime Exceptions go unnoticed at the time of development. Restart/shutdown can be very expensive or unacceptable. Example : Air-traffic control Autopilot UAV drones, life-support system smart power grid telephone network software controlled gas pipeline and many more. 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 3
- 4. Problem Definition Vulnerability in the code may be targeted by the attacker. Crash is bad for business. 3rd party library: no control over the sources. Classify candidates for patching : financial transactions should not be repaired/patched. Major problem – availability 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 4
- 5. Why String? 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 5 Heavily used Incorrect string handling and Malformed String Large number of major, critical and blocker priority bugs.
- 6. Challenges No access of source code. Logic is unknown. Patching based on the program behavior and information available in the byte code. 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 6
- 7. Most Frequently used Java String APIs String APIs Java SE String library (java.lang.{String, StringBuffer, StringBuilder}) Apache Commons (org.apache.commons.lang.{StringUtils,StringEscapeUtils}) (http://commons.apache.org/) Google Guava (com.google.common.base.Strings) (https://code.google.com/p/guava-libraries/) 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 7
- 8. Outline Problem definition & Motivation Related Works Contribution Example Repairing Strategy : CLOTHO design Implementation Evaluation Conclusion 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 8
- 9. Related Works Cabin et al.(’11), Perkins et al.(’09) Dynamic approaches : memory, data, and incorrect programming constructs such as infinite loops Demsky et al. (’03, ’05, ’06) Data structure repairing by isolating damaged data or memory portion Eom et al.(’12) Delay execution till program self-stabilizes Pezze et al.(’11) Find alternative execution paths Long et al. (’14) Suppressing signals and attach lightweight monitors for divide by zero and null dereferencing errors Cerny et al.(’14), Wei et al. (’10) develop patch and check correctness by computationally intensive techniques such as model-checking 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 9
- 10. Outline Problem definition Related Works Contribution Example Repairing Strategy : CLOTHO design Implementation Evaluation Conclusion 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 10
- 11. Contribution Novel hybrid technique for patch generation which ensures patch quality to be as per developers’ fix. Fully automated end-to-end tool : CLOTHO; soon to be open sourced. Repairing solutions over 64+ String based API calls. Promising results for popular 30 java 3rd party library bug. 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 11
- 12. Outline Problem Definition & Motivation Related Works Contribution Example Repairing Strategy : CLOTHO design Implementation Evaluation Conclusion 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 12
- 13. Example Apache FileUtils bug 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 13 No boundary check
- 14. Example : Automated Patch 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 14
- 15. Example : Developers’ Patch 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 15
- 16. Outline Problem definition & Motivation Related Works Contribution Example Repairing Strategy : CLOTHO design Implementation Evaluation Conclusion 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 16
- 17. Design Goals High patch fidelity Precise Preserve intended program behavior Non-invasive instrumentation No side effect Patch triggers only when crash is imminent Low system overhead None when no exception Minimal incase patch triggers 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 17
- 18. CLOTHO : Overall Design 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 18 • Taint Analysis • Call graph analysis Java byte code
- 19. Design : Taint Analysis Module 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 19
- 20. Call Graph Analysis 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 20 foo() bar() g() h() Look in the call sight of all the ancestors. Level order traversal.
- 21. Design : Patching Module 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 21
- 22. Constraint analysis 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 22 //user input //may fail //may fail
- 23. 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 23 Constraint Collection 𝑆𝑡 ∗ 𝑂𝑃 𝑆𝑡. 𝑠𝑡𝑎𝑟𝑡𝑠𝑊𝑖𝑡ℎ 𝑠 ⇒ ( 𝑆𝑡) 𝑠𝑡𝑎𝑟𝑡𝑠𝑊𝑖𝑡ℎ (𝑠 ) 𝑆𝑡. 𝑙𝑒𝑛𝑔𝑡ℎ < 5 ⇒ ((𝑆𝑡) 𝑙𝑒𝑛𝑔𝑡ℎ < (5))
- 24. Static Constraint Evaluation 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 24 Min Length Max Length Prefix set Contains set abcd
- 25. Dynamic Constraint Collection & Evaluation Also need to collect the static constraints and re evaluate. Evaluate only if necessary 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 25
- 26. What if nothing works? Parameter tweaking Evaluate safe indices from string properties Recall the 1st example 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 26
- 27. What if nothing works? Fallback to parameter tweaking Look for the string properties 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 27
- 28. Outline Problem definition & Motivation Related Works Contribution Example Repairing Strategy : CLOTHO design Implementation Evaluation Conclusion 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 28
- 29. Implementation End-to-end repairing tool chain written in java ~15KLOC. Soot (version 2.5.0) for byte code analysis and instrumentation. Soot infoFlow (May 2014 snapshot) for static taint analysis. Java Decompiler (version 0.7.0.7) for visual inspection of the instrumentation. Optimizations Minimize constraint analysis Minimize patch instrumentation 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 29
- 30. Outline Problem definition & Motivation Related Works Contribution Example Repairing Strategy : CLOTHO design Implementation Evaluation Conclusion 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 30
- 31. Evaluation metrics Program Quality Index (PQI) Taint analysis precession Flow Consistency Index (FCI) 𝐹𝐶𝐼 = 𝑛 (𝐹𝐶𝐼 ≥ 0) Cascaded exceptions 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 31
- 32. CLOTHO Evaluation 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 32
- 33. CLOTHO Performance 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 33
- 34. CLOTHO Performance 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 34
- 35. CLOTHO Overheads Execution overhead None in case of no exception Average overhead of ~2.32 𝜇𝑠 per call for 50𝐾 runs. Maximum overhead of ~3.96 𝜇𝑠 per call for Apache Hive Call graph Apache wicket ~70𝐾 Analysis time ~52.4 𝑠 and 210 𝑀𝐵 memory Constraint analysis At most ~5𝑠 for collection and evaluation Instrumentation At most 4𝑠 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 35
- 36. Outline Problem definition & Motivation Related Works Contribution Example Repairing Strategy : CLOTHO design Implementation Evaluation Conclusion 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 36
- 37. Conclusion & Future work In most of the cases CLOTHO generates efficient patches. Adding more support for other Java APIs. Adding more intelligence to patching mechanism for more effective patch. 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 37
- 38. Thank you 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 38
- 39. Constraint Collection 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 39
- 40. Constraint Evaluation 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 40
- 41. Fallback : Parameter Tweaking 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 41
- 42. Patching Strategy 4/1/2015 CLOTHO : Saving Programs from Malformed Strings and Incorrect 42