SlideShare a Scribd company logo

Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

ā€¢
ā€¢
Yu-Hsin Hung
Yu-Hsin Hung

Paper (USENIX Security '15): https://www.usenix.org/node/190954

Software
1 of 28
Download to read offline
TaintPipe: Pipelined Symbolic Taint Analysis Jiang Ming, Dinghao Wu, Gaoyao Xiao, Jun Wang, and Peng Liu The Pennsylvania State University USENIX Security ā€˜15
Outline ā€¢ Introduction ā€¢ Background ā€¢ Design and Implementation ā€¢ Experimental Evaluation ā€¢ Discussions and Limitations
Introduction
Taint analysis ā€¢ Basic idea: keep track of tags derived from user input Taint seeds Taint propagation Taint sinks
Taint analysis ā€¢ Static taint analysis (STA) ā€¢ performed prior to execution ā€¢ no impact on runtime performance ā€¢ under-tainting or over-tainting ā€¢ Dynamic taint analysis (DTA) ā€¢ more accurate ā€¢ high runtime overhead (Pin: > 6X slowdown)
Problems of DTA ā€¢ high runtime overhead (6X~30X) ā€¢ 6~8 extra instructions to propagate a taint tag in shadow memory ā€¢ strict coupling of program execution and data ļ¬‚ow tracking logic ā€¢ frequent ā€œcontext-switchesā€ ā€¢ register spilling ā€¢ data cache pollution
Previous work ā€¢ Hardware-assisted approach ā€¢ customized hardware for logging a program trace and delivering it to other idle cores for inspection ā€¢ hardware ļ¬rst-in ļ¬rst-out buffer for speeding up communication between cores ā€¢ Software-only methods ā€¢ rely on dynamic binary instrumentation (DBI) ā€¢ decouple dynamic taint analysis from program execution ā€¢ ShadowReplica: ā€œprimary & secondaryā€ thread model
TaintPipe ā€¢ parallel data ļ¬‚ow tracking using pipelined symbolic taint analysis ā€¢ segmented symbolic taint analysis ā€¢ symbolic taint state resolution
Background
Inlined Analysis vs. TaintPipe ā€¢ instrumented application thread: lightweight online logging ā€¢ multiple worker threads: symbolic taint analysis
Inlined Analysis vs. TaintPipe ā€¢ (a) code segment ā€¢ (b) symbolic taint states, the input value size and num are labeled as symbol1 and symbol2 ā€¢ (c) resolving symbolic taint states when size is tainted as tag1 and num is a constant value (num = 0xffffffff)
TaintPipe ā€¢ record compact control ļ¬‚ow information to reconstruct straight-line code ā€¢ targets of direct and indirect jumps have been resolved ā€¢ most addresses of memory operations can be inferred from the straight-line code ā€¢ pipelining design (asynchronous) ā€¢ may detect an attack some time after the real attack has happened
Design & Implementation
Architecture ā€¢ built on top of a dynamic binary instrumentation tool ā€¢ work with unmodiļ¬ed program binaries
Implementation ā€¢ online logging and pipelining framework ā€¢ dynamic binary instrumentation framework Pin ā€¢ 3,100 lines of C/C++ code ā€¢ taint analysis engine ā€¢ binary analysis platform BAP ā€¢ based on BAPā€™s symbolic execution module ā€¢ 4,400 lines of OCaml code
Logging ā€¢ Logged data ā€¢ control ļ¬‚ow proļ¬le (in compact format) ā€¢ concrete execution state when taint seeds are ļ¬rst introduced, including registers and memory (e.g., CR0~CR4, EFLAGS and addresses of initial taint seeds)
Lightweight Online Logging ā€¢ control ļ¬‚ow proļ¬le: sequence of basic blocks executed ā€¢ Detailed Execution Proļ¬le (DEP) ā€¢ 2-byte proļ¬le structure to represent 4-byte basic block address on x86-32 machine ā€¢ H-tag, L-tag, and special tag (0x0000) ā€¢ optimization for REP-preļ¬x instructions
Straight-line Code Construction Control ļ¬‚ow proļ¬le Basic block entry address x86 instructions Intermediate language
N-way Buffering Scheme ā€¢ ā€œone producer, multiple consumersā€ model ā€¢ buffering thread pool
Symbolic Taint Analysis ā€¢ BIL, a RISC-like intermediate language ā€¢ symbolic memory index, value set analysis
Taint Operation Generation ā€¢ taint basic block, cached for efļ¬ciency ā€¢ function summary
Experimental Evaluation
Optimal conļ¬guration ā€¢ Determine the optimal values for two factors ā€¢ control ļ¬‚ow proļ¬le buffer size ā€¢ number of worker threads ā€¢ Experiment setup ā€¢ 2x Intel Xeon E5-2690 ā€¢ 128GB RAM ā€¢ 250GB SSD ā€¢ Ubuntu 12.04
Performance (SPEC CPU2006) On average, the instrumented application thread enforces a 2.60X slowdown to native execution, while the overall slowdown of TaintPipe is 4.14X.
Effects of Optimizations ā€¢ O1: function summary ā€¢ O2: O1 + taint basic block cache ā€¢ O3: O2 + intra-block optimization
Security Applications
Discussions and Limitations ā€¢ asynchronous taint check ā€¢ provide synchronous policy enforcement at critical points ā€¢ malicious self-modifying code

Recommended

Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Peter Dulačka
Ā 
Network Intrusion Detection Systems #2
Network Intrusion Detection Systems #2Network Intrusion Detection Systems #2
Network Intrusion Detection Systems #2Peter Dulačka
Ā 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring RationaleSam Bowne
Ā 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesSam Bowne
Ā 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
Ā 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
Ā 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceSam Bowne
Ā 
Network scan
Network scanNetwork scan
Network scanpenetration Tester
Ā 

Recommended

Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Network Intrusion Detection Systems #1
Network Intrusion Detection Systems #1Peter Dulačka
Ā 
Network Intrusion Detection Systems #2
Network Intrusion Detection Systems #2Network Intrusion Detection Systems #2
Network Intrusion Detection Systems #2Peter Dulačka
Ā 
1. Network Security Monitoring Rationale
1. Network Security Monitoring Rationale1. Network Security Monitoring Rationale
1. Network Security Monitoring RationaleSam Bowne
Ā 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesSam Bowne
Ā 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
Ā 
CNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationCNIT 123: 6: Enumeration
CNIT 123: 6: EnumerationSam Bowne
Ā 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceSam Bowne
Ā 
Network scan
Network scanNetwork scan
Network scanpenetration Tester
Ā 
Tutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingTutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingAPNIC
Ā 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewSam Bowne
Ā 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
Ā 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Sam Bowne
Ā 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
Ā 
Ch 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsCh 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsSam Bowne
Ā 
CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)Sam Bowne
Ā 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Sam Bowne
Ā 
CNIT 127 Ch 6: The Wild World of Windows
CNIT 127 Ch 6: The Wild World of WindowsCNIT 127 Ch 6: The Wild World of Windows
CNIT 127 Ch 6: The Wild World of WindowsSam Bowne
Ā 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Sam Bowne
Ā 
CNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginCNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginSam Bowne
Ā 
Buffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security AssessmentBuffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security AssessmentAmar Myana
Ā 
CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)Sam Bowne
Ā 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Pipat Methavanitpong
Ā 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsSam Bowne
Ā 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsSam Bowne
Ā 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsRhydham Joshi
Ā 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerJim Gilsinn
Ā 
CNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeCNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeSam Bowne
Ā 
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­k
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­kCo se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­k
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­kSecurity Session
Ā 
Performance analysis and troubleshooting using DTrace
Performance analysis and troubleshooting using DTracePerformance analysis and troubleshooting using DTrace
Performance analysis and troubleshooting using DTraceGraeme Jenkinson
Ā 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
Ā 

More Related Content

What's hot

Tutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingTutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingAPNIC
Ā 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewSam Bowne
Ā 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
Ā 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Sam Bowne
Ā 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
Ā 
Ch 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsCh 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsSam Bowne
Ā 
CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)Sam Bowne
Ā 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Sam Bowne
Ā 
CNIT 127 Ch 6: The Wild World of Windows
CNIT 127 Ch 6: The Wild World of WindowsCNIT 127 Ch 6: The Wild World of Windows
CNIT 127 Ch 6: The Wild World of WindowsSam Bowne
Ā 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Sam Bowne
Ā 
CNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginCNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginSam Bowne
Ā 
Buffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security AssessmentBuffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security AssessmentAmar Myana
Ā 
CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)Sam Bowne
Ā 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Pipat Methavanitpong
Ā 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsSam Bowne
Ā 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsSam Bowne
Ā 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsRhydham Joshi
Ā 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerJim Gilsinn
Ā 
CNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeCNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeSam Bowne
Ā 
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­k
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­kCo se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­k
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­kSecurity Session
Ā 

What's hot (20)

Tutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness TroubleshootingTutorial: Network State Awareness Troubleshooting
Tutorial: Network State Awareness Troubleshooting
Ā 
Ch 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts ReviewCh 2: TCP/IP Concepts Review
Ch 2: TCP/IP Concepts Review
Ā 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Ā 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Ā 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
Ā 
Ch 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsCh 7: Programming for Security Professionals
Ch 7: Programming for Security Professionals
Ā 
CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)
Ā 
Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging Practical Malware Analysis: Ch 8: Debugging
Practical Malware Analysis: Ch 8: Debugging
Ā 
CNIT 127 Ch 6: The Wild World of Windows
CNIT 127 Ch 6: The Wild World of WindowsCNIT 127 Ch 6: The Wild World of Windows
CNIT 127 Ch 6: The Wild World of Windows
Ā 
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Practical Malware Analysis: Ch 2 Malware Analysis in Virtual Machines & 3: Ba...
Ā 
CNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you BeginCNIT 127 Ch Ch 1: Before you Begin
CNIT 127 Ch Ch 1: Before you Begin
Ā 
Buffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security AssessmentBuffer Overflow Countermeasures, DEP, Security Assessment
Buffer Overflow Countermeasures, DEP, Security Assessment
Ā 
CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)
Ā 
Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?Intel processor trace - What are Recorded?
Intel processor trace - What are Recorded?
Ā 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection Mechanisms
Ā 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection Mechanisms
Ā 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commands
Ā 
Wireshark Network Protocol Analyzer
Wireshark Network Protocol AnalyzerWireshark Network Protocol Analyzer
Wireshark Network Protocol Analyzer
Ā 
CNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeCNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: Shellcode
Ā 
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­k
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­kCo se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­k
Co se skrĆ½vĆ” v datovĆ©m provozu? - Pavel MinaÅ™Ć­k
Ā 

Similar to Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

Performance analysis and troubleshooting using DTrace
Performance analysis and troubleshooting using DTracePerformance analysis and troubleshooting using DTrace
Performance analysis and troubleshooting using DTraceGraeme Jenkinson
Ā 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Joel W. King
Ā 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
Ā 
HPC Application Proļ¬ling & Analysis
HPC Application Proļ¬ling & AnalysisHPC Application Proļ¬ling & Analysis
HPC Application Proļ¬ling & AnalysisRishi Pathak
Ā 
The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]Mahmoud Hatem
Ā 
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)ė„¼ ģ“ģš©...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)ė„¼ ģ“ģš©...[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)ė„¼ ģ“ģš©...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)ė„¼ ģ“ģš©...GangSeok Lee
Ā 
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017OpenEBS
Ā 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
Ā 
HPC Application Profiling and Analysis
HPC Application Profiling and AnalysisHPC Application Profiling and Analysis
HPC Application Profiling and AnalysisRishi Pathak
Ā 
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...Altinity Ltd
Ā 
Network Situational Awareness with d00gle
Network Situational Awareness with d00gleNetwork Situational Awareness with d00gle
Network Situational Awareness with d00gleDug Song
Ā 
Data Stream Processing with Apache Flink
Data Stream Processing with Apache FlinkData Stream Processing with Apache Flink
Data Stream Processing with Apache FlinkFabian Hueske
Ā 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
Ā 
Apache Big Data 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data 2016: Next Gen Big Data Analytics with Apache ApexApache Big Data 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data 2016: Next Gen Big Data Analytics with Apache ApexApache Apex
Ā 
Slide Reverse Engineering an APT Malware targeting Vietnamese
Slide Reverse Engineering an APT Malware targeting VietnameseSlide Reverse Engineering an APT Malware targeting Vietnamese
Slide Reverse Engineering an APT Malware targeting VietnameseMinh-Triet Pham Tran
Ā 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
Ā 
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsLibrato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsHeroku
Ā 
Rina p4 rina workshop
Rina p4 rina workshopRina p4 rina workshop
Rina p4 rina workshopEduard Grasa
Ā 
Reverse Engineering Malware - A Practical Guide
Reverse Engineering Malware - A Practical GuideReverse Engineering Malware - A Practical Guide
Reverse Engineering Malware - A Practical Guideintertelinvestigations
Ā 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
Ā 

Similar to Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis (20)

Performance analysis and troubleshooting using DTrace
Performance analysis and troubleshooting using DTracePerformance analysis and troubleshooting using DTrace
Performance analysis and troubleshooting using DTrace
Ā 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
Ā 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Ā 
HPC Application Proļ¬ling & Analysis
HPC Application Proļ¬ling & AnalysisHPC Application Proļ¬ling & Analysis
HPC Application Proļ¬ling & Analysis
Ā 
The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]The power of linux advanced tracer [POUG18]
The power of linux advanced tracer [POUG18]
Ā 
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)ė„¼ ģ“ģš©...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)ė„¼ ģ“ģš©...[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)ė„¼ ģ“ģš©...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)ė„¼ ģ“ģš©...
Ā 
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Dynamic Instrumentation- OpenEBS Golang Meetup July 2017
Ā 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Ā 
HPC Application Profiling and Analysis
HPC Application Profiling and AnalysisHPC Application Profiling and Analysis
HPC Application Profiling and Analysis
Ā 
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
ClickHouse Paris Meetup. Pragma Analytics Software Suite w/ClickHouse, by Mat...
Ā 
Network Situational Awareness with d00gle
Network Situational Awareness with d00gleNetwork Situational Awareness with d00gle
Network Situational Awareness with d00gle
Ā 
Data Stream Processing with Apache Flink
Data Stream Processing with Apache FlinkData Stream Processing with Apache Flink
Data Stream Processing with Apache Flink
Ā 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
Ā 
Apache Big Data 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data 2016: Next Gen Big Data Analytics with Apache ApexApache Big Data 2016: Next Gen Big Data Analytics with Apache Apex
Apache Big Data 2016: Next Gen Big Data Analytics with Apache Apex
Ā 
Slide Reverse Engineering an APT Malware targeting Vietnamese
Slide Reverse Engineering an APT Malware targeting VietnameseSlide Reverse Engineering an APT Malware targeting Vietnamese
Slide Reverse Engineering an APT Malware targeting Vietnamese
Ā 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
Ā 
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor AppsLibrato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Librato's Joseph Ruscio at Heroku's 2013: Instrumenting 12-Factor Apps
Ā 
Rina p4 rina workshop
Rina p4 rina workshopRina p4 rina workshop
Rina p4 rina workshop
Ā 
Reverse Engineering Malware - A Practical Guide
Reverse Engineering Malware - A Practical GuideReverse Engineering Malware - A Practical Guide
Reverse Engineering Malware - A Practical Guide
Ā 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
Ā 

More from Yu-Hsin Hung

IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M SecurityYu-Hsin Hung
Ā 
Android Binder IPC for Linux
Android Binder IPC for LinuxAndroid Binder IPC for Linux
Android Binder IPC for LinuxYu-Hsin Hung
Ā 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewYu-Hsin Hung
Ā 
Project meeting: SVMP - Secure Virtual Mobile Platform
Project meeting: SVMP - Secure Virtual Mobile PlatformProject meeting: SVMP - Secure Virtual Mobile Platform
Project meeting: SVMP - Secure Virtual Mobile PlatformYu-Hsin Hung
Ā 
Group meeting: UniSan - Proactive Kernel Memory Initialization to Eliminate D...
Group meeting: UniSan - Proactive Kernel Memory Initialization to Eliminate D...Group meeting: UniSan - Proactive Kernel Memory Initialization to Eliminate D...
Group meeting: UniSan - Proactive Kernel Memory Initialization to Eliminate D...Yu-Hsin Hung
Ā 
Group meeting: Polaris - Faster Page Loads Using Fine-grained Dependency Trac...
Group meeting: Polaris - Faster Page Loads Using Fine-grained Dependency Trac...Group meeting: Polaris - Faster Page Loads Using Fine-grained Dependency Trac...
Group meeting: Polaris - Faster Page Loads Using Fine-grained Dependency Trac...Yu-Hsin Hung
Ā 
Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...Yu-Hsin Hung
Ā 
DockerVC Hackathon Presentation
DockerVC Hackathon PresentationDockerVC Hackathon Presentation
DockerVC Hackathon PresentationYu-Hsin Hung
Ā 

More from Yu-Hsin Hung (8)

IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M Security
Ā 
Android Binder IPC for Linux
Android Binder IPC for LinuxAndroid Binder IPC for Linux
Android Binder IPC for Linux
Ā 
Project meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture OverviewProject meeting: Android Graphics Architecture Overview
Project meeting: Android Graphics Architecture Overview
Ā 
Project meeting: SVMP - Secure Virtual Mobile Platform
Project meeting: SVMP - Secure Virtual Mobile PlatformProject meeting: SVMP - Secure Virtual Mobile Platform
Project meeting: SVMP - Secure Virtual Mobile Platform
Ā 
Group meeting: UniSan - Proactive Kernel Memory Initialization to Eliminate D...
Group meeting: UniSan - Proactive Kernel Memory Initialization to Eliminate D...Group meeting: UniSan - Proactive Kernel Memory Initialization to Eliminate D...
Group meeting: UniSan - Proactive Kernel Memory Initialization to Eliminate D...
Ā 
Group meeting: Polaris - Faster Page Loads Using Fine-grained Dependency Trac...
Group meeting: Polaris - Faster Page Loads Using Fine-grained Dependency Trac...Group meeting: Polaris - Faster Page Loads Using Fine-grained Dependency Trac...
Group meeting: Polaris - Faster Page Loads Using Fine-grained Dependency Trac...
Ā 
Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...
Ā 
DockerVC Hackathon Presentation
DockerVC Hackathon PresentationDockerVC Hackathon Presentation
DockerVC Hackathon Presentation
Ā 

Recently uploaded

tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
Ā 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...chiefasafspells
Ā 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
Ā 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
Ā 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
Ā 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
Ā 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
Ā 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
Ā 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
Ā 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
Ā 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
Ā 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
Ā 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
Ā 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
Ā 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
Ā 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
Ā 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
Ā 
WSO2CON 2024 - Building the API First Enterprise ā€“ Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise ā€“ Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise ā€“ Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise ā€“ Running an API Program, fr...WSO2
Ā 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
Ā 

Recently uploaded (20)

Abortion Pills In Pretoria ](+27832195400*)[ šŸ„ Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ šŸ„ Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ šŸ„ Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ šŸ„ Women's Abortion Clinic In Pre...
Ā 
tonesoftg
tonesoftgtonesoftg
tonesoftg
Ā 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Ā 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
Ā 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Ā 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Ā 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
Ā 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
Ā 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
Ā 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
Ā 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Ā 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
Ā 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
Ā 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Ā 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
Ā 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
Ā 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Ā 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Ā 
WSO2CON 2024 - Building the API First Enterprise ā€“ Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise ā€“ Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise ā€“ Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise ā€“ Running an API Program, fr...
Ā 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
Ā 

Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

  • 1. TaintPipe: Pipelined Symbolic Taint Analysis Jiang Ming, Dinghao Wu, Gaoyao Xiao, Jun Wang, and Peng Liu The Pennsylvania State University USENIX Security ā€˜15
  • 2. Outline ā€¢ Introduction ā€¢ Background ā€¢ Design and Implementation ā€¢ Experimental Evaluation ā€¢ Discussions and Limitations
  • 4. Taint analysis ā€¢ Basic idea: keep track of tags derived from user input Taint seeds Taint propagation Taint sinks
  • 5. Taint analysis ā€¢ Static taint analysis (STA) ā€¢ performed prior to execution ā€¢ no impact on runtime performance ā€¢ under-tainting or over-tainting ā€¢ Dynamic taint analysis (DTA) ā€¢ more accurate ā€¢ high runtime overhead (Pin: > 6X slowdown)
  • 6. Problems of DTA ā€¢ high runtime overhead (6X~30X) ā€¢ 6~8 extra instructions to propagate a taint tag in shadow memory ā€¢ strict coupling of program execution and data ļ¬‚ow tracking logic ā€¢ frequent ā€œcontext-switchesā€ ā€¢ register spilling ā€¢ data cache pollution
  • 7. Previous work ā€¢ Hardware-assisted approach ā€¢ customized hardware for logging a program trace and delivering it to other idle cores for inspection ā€¢ hardware ļ¬rst-in ļ¬rst-out buffer for speeding up communication between cores ā€¢ Software-only methods ā€¢ rely on dynamic binary instrumentation (DBI) ā€¢ decouple dynamic taint analysis from program execution ā€¢ ShadowReplica: ā€œprimary & secondaryā€ thread model
  • 8. TaintPipe ā€¢ parallel data ļ¬‚ow tracking using pipelined symbolic taint analysis ā€¢ segmented symbolic taint analysis ā€¢ symbolic taint state resolution
  • 10. Inlined Analysis vs. TaintPipe ā€¢ instrumented application thread: lightweight online logging ā€¢ multiple worker threads: symbolic taint analysis
  • 11. Inlined Analysis vs. TaintPipe ā€¢ (a) code segment ā€¢ (b) symbolic taint states, the input value size and num are labeled as symbol1 and symbol2 ā€¢ (c) resolving symbolic taint states when size is tainted as tag1 and num is a constant value (num = 0xffffffff)
  • 12. TaintPipe ā€¢ record compact control ļ¬‚ow information to reconstruct straight-line code ā€¢ targets of direct and indirect jumps have been resolved ā€¢ most addresses of memory operations can be inferred from the straight-line code ā€¢ pipelining design (asynchronous) ā€¢ may detect an attack some time after the real attack has happened
  • 14. Architecture ā€¢ built on top of a dynamic binary instrumentation tool ā€¢ work with unmodiļ¬ed program binaries
  • 15. Implementation ā€¢ online logging and pipelining framework ā€¢ dynamic binary instrumentation framework Pin ā€¢ 3,100 lines of C/C++ code ā€¢ taint analysis engine ā€¢ binary analysis platform BAP ā€¢ based on BAPā€™s symbolic execution module ā€¢ 4,400 lines of OCaml code
  • 16. Logging ā€¢ Logged data ā€¢ control ļ¬‚ow proļ¬le (in compact format) ā€¢ concrete execution state when taint seeds are ļ¬rst introduced, including registers and memory (e.g., CR0~CR4, EFLAGS and addresses of initial taint seeds)
  • 17. Lightweight Online Logging ā€¢ control ļ¬‚ow proļ¬le: sequence of basic blocks executed ā€¢ Detailed Execution Proļ¬le (DEP) ā€¢ 2-byte proļ¬le structure to represent 4-byte basic block address on x86-32 machine ā€¢ H-tag, L-tag, and special tag (0x0000) ā€¢ optimization for REP-preļ¬x instructions
  • 18.
  • 19. Straight-line Code Construction Control ļ¬‚ow proļ¬le Basic block entry address x86 instructions Intermediate language
  • 20. N-way Buffering Scheme ā€¢ ā€œone producer, multiple consumersā€ model ā€¢ buffering thread pool
  • 21. Symbolic Taint Analysis ā€¢ BIL, a RISC-like intermediate language ā€¢ symbolic memory index, value set analysis
  • 22. Taint Operation Generation ā€¢ taint basic block, cached for efļ¬ciency ā€¢ function summary
  • 24. Optimal conļ¬guration ā€¢ Determine the optimal values for two factors ā€¢ control ļ¬‚ow proļ¬le buffer size ā€¢ number of worker threads ā€¢ Experiment setup ā€¢ 2x Intel Xeon E5-2690 ā€¢ 128GB RAM ā€¢ 250GB SSD ā€¢ Ubuntu 12.04
  • 25. Performance (SPEC CPU2006) On average, the instrumented application thread enforces a 2.60X slowdown to native execution, while the overall slowdown of TaintPipe is 4.14X.
  • 26. Effects of Optimizations ā€¢ O1: function summary ā€¢ O2: O1 + taint basic block cache ā€¢ O3: O2 + intra-block optimization
  • 28. Discussions and Limitations ā€¢ asynchronous taint check ā€¢ provide synchronous policy enforcement at critical points ā€¢ malicious self-modifying code