Beagle: Tracking system failures for reproducing security faults

Chang Hsien Tsai, Shih Hung Liu, Shuen Wen Huang, Shih-Kun Huang, Deron Liang

研究成果: Chapter同行評審

摘要

Software vulnerabilities can be attributed to inherent bugs in the system. Several types of bugs introduce faults for not conforming to system specifications and failures, including crash, hang, and panic. In our work, we exploit security faults due to crash-type failures. It is difficult to reconstruct system failures after a program has crashed. Much research work has been focused on detecting program errors and identifying their root causes either by static analysis or observing their running behavior through dynamic program instrument. Our goal is to design a tool that helps isolate bugs. This tool is called BEAGLE (Bug-tracking by Execution Auditing from Generated Logs and Errors). BEAGLE periodically makes stack checkpoints of program in execution. If the software crashes, we can approximate to the latest checkpoint and infer the precise corrupt site. After identifying the site of control state corruption, tainted input analysis will determine system exploitability if untouched passed through the corrupt site. Several case studies of corrupt site detections and tainted input analysis prove the applicability of our tool.

原文English
主出版物標題Computer Security in the 21st Century
發行者Springer US
頁面169-180
頁數12
ISBN(列印)9780387240053
DOIs
出版狀態Published - 1 十二月 2005

指紋 深入研究「Beagle: Tracking system failures for reproducing security faults」主題。共同形成了獨特的指紋。

引用此