Reducing I/O variability using dynamic I/O path characterization in petascale storage systems

In petascale systems with a million CPU cores, scalable and consistent I/O performance is becoming increasingly difficult to sustain mainly because of I/O variability. The I/O variability is caused by concurrently running processes/jobs competing for I/O or a RAID rebuild when a disk drive fails. We present a mechanism that stripes across a selected subset of I/O nodes with the lightest workload at runtime to achieve the highest I/O bandwidth available in the system. In this paper, we propose a probing mechanism to enable application-level dynamic file striping to mitigate I/O variability. We implement the proposed mechanism in the high-level I/O library that enables memory-to-file data layout transformation and allows transparent file partitioning using subfiling. Subfiling is a technique that partitions data into a set of files of smaller size and manages file access to them, making data to be treated as a single, normal file to users. We demonstrate that our bandwidth probing mechanism can successfully identify temporally slower I/O nodes without noticeable runtime overhead. Experimental results on NERSC’s systems also show that our approach isolates I/O variability effectively on shared systems and improves overall collective I/O performance with less variation.     

缓冲区溢出攻击代码的分析研究

缓冲区溢出漏洞是当前互联网中存在的最主要的威胁之一。该文先讨论了缓冲区溢出漏洞的产生原理和一般的攻击手段,然后分析了利用缓冲区溢出漏洞的攻击代码,给出了攻击代码的主要特征。最后,讨论了如何利用这些特征,来防范缓冲区溢出攻击的发生。     

Design and implementation of an attestation protocol for measured dynamic behavior

Security of applications running on remote devices has become an essential need of enterprises. For this purpose, several software-based solutions have been proposed. However, it has been observed that software solutions are vulnerable to several kinds of attacks. Moreover, they cannot protect and monitor all parts of the system. To overcome this problem, researchers have proposed to monitor a target system from an isolated hardware and store system’s sensitive information in its tamper-proof memory locations. To realize such a solution, Trusted Computing Group (TCG) has proposed the specifications of a co-processor called Trusted Platform Module which is widely available in commodity hardware. Integrity Measurement Architecture is one of the well-known static techniques that brings TCG’s attestation from kernel to the application level. However, this method cannot measure runtime behavior of applications, which is necessary to detect runtime attacks such as buffer overflow and return-oriented programming. In this paper, we have extended the base work which aims to detect runtime vulnerabilities. Current high-level-based attestation protocol has been extended for dynamic behavior collection and verification, and the dynamic behavior is verified via several machine learning algorithms. Our results justify the use of this approach and show that a high rate detection was achieved for datasets of real-world vulnerabilities in the popular Firefox browser.     

Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies

Web applications are widely adopted and their correct functioning is mission critical for many businesses. At the same time, Web applications tend to be error prone and implementation vulnerabilities are readily and commonly exploited by attackers. The design of countermeasures that detect or prevent such vulnerabilities or protect against their exploitation is an important research challenge for the fields of software engineering and security engineering. In this paper, we focus on one specific type of implementation vulnerability, namely, broken dependencies on session data. This vulnerability can lead to a variety of erroneous behavior at runtime and can easily be triggered by a malicious user by applying attack techniques such as forceful browsing. This paper shows how to guarantee the absence of runtime errors due to broken dependencies on session data in Web applications. The proposed solution combines development-time program annotation, static verification, and runtime checking to provably protect against broken data dependencies. We have developed a prototype implementation of our approach, building on the JML annotation language and the existing static verification tool ESC/Java2, and we successfully applied our approach to a representative J2EE-based e-commerce application. We show that the annotation overhead is very small, that the performance of the fully automatic static verification is acceptable, and that the performance overhead of the runtime checking is limited.     

ROPDetector:一种基于硬件性能计数器的ROP攻击实时检测方法

面向返回编程(Return-Oriented Programming,ROP)是针对软件漏洞利用最广泛的攻击技术之一,能够绕过数据执行保护、地址空间布局随机化等防御机制.本文提出了一种基于硬件的ROP攻击实时检测方法,在不需要任何边缘信息(如源代码、编译器支持)和二进制重写的情况下,利用现代CPU中的硬件性能计数器监控目标程序执行过程,提取ROP攻击发生时底层硬件事件特征来实时检测ROP攻击.然后,在32位Linux实验环境下实现了原型系统ROPDetector,使用真实的ROP攻击与漏洞进行实验,并与同类方法进行了对比实验,最后评估了系统的性能消耗.实验结果表明,该方法能有效地检测真实的ROP攻击,在分别以6次和9次错误预测返回指令为检测周期时,系统性能消耗仅有5.05%和5.25%,磁盘I/O性能消耗仅有0.94%和2%,网络I/O性能消耗仅有0.06%和0.78%.     

一种远程缓冲区溢出漏洞检测模型及系统实现

操作系统和应用软件中的潜在远程缓冲区溢出漏洞是信息系统面临的最严重安全威胁之一.检测软件中游在的远程缓冲区溢出漏洞对于提高信息系统安全性具有重要的意义.本文采用面向二进制代码的动态分析方法,提出了基于错误注入技术的远程缓冲区溢出漏洞检测模型,介绍了系统结构和模块功能,详述了系统中关键技术,给出了系统测试结果.     

动态共享库保护方法研究

引入动态共享库机制能节约内存资源,并容易升级,但却带来安全隐患。针对该问题,研究动态链接机制,提出一种针对动态共享库的程序运行时监控和保护的方法。对共享库文件进行签名和验证,并对库函数调用实行监控。实验结果显示,该方法对于动态共享库的几种常见攻击方法有较好的防御作用。     

基于安全机制的文件共享和传输的优化设计

分析了现有的文件共享和传输的相关技术,针对存在的某些安全隐患进行了相应的优化设计。在文件共享部分,通过采用基于XML的间接文件共享方式,即只公开共享信息,而非直接挂载共享文件,避免了因共享路径产生的安全漏洞;在文件传输部分加入了多重安全机制,保证了文件传输的安全性。分析表明,本设计在不影响文件共享传输效率的情况下,使得局域网内文件共享和传输更加安全可靠。     

类Unix文件系统中TOCTTOU缺陷的静态分析方法

文件系统中的TOCTTOU缺陷是类Unix操作系统面临的一个严重安全问题,现有的静态检测方法具有很高的误报率.原因有2点:一是对导致TOCTTOU缺陷的函数对缺乏精确定义和分析;二是分析过程过度抽象,忽略了很多重要的程序信息.因此,首先对TOCTTOU缺陷进行了分类,并系统分析了C标准库中可以导致TOCTTOU缺陷的函...     

一种基于Java虚拟机的动静结合自适应优化方法

动态语言可以利用程序运行时获取的动态信息,指导程序进行各种优化。但是,现有的Java虚拟机没有将运行过程中收集的信息有效利用,而是在运行结束后直接丢弃,下一次执行程序的时候重新监测、收集、优化需要的信息。基于HotSpot虚拟机提出一种动静结合的自适应优化方法,将运行过程中优化对象迭代搜索到的最佳参数或者信息保存到资源库中;能够从资源库中学习获得适合当前程序的最佳参数或选项,可有效地利用运行过程中积累的数据;资源分析是静态且离线的,不占用应用程序运行的开销;迭代学习的过程中,通过避免冗余实例入库以及从库中剔除噪声实例,保证资源库学习过程的精度与效率。实验表明,该框架对指导Java虚拟机在不同的平台上自适应优化具有一定的实用性。     

Static Analysis Method for Detecting Buffer Overflow Vulnerabilities

In this paper, a new static method for automated detection of vulnerabilities that could result in buffer overflows in programs is suggested. The problem of the software defense against threads related to buffer overflows is very important one. Currently, there does not exist satisfactory approaches to its solution. The existing dynamic methods make it possible to avoid incorrect execution for certain classes of programs. The basic disadvantage of these methods is that the procedure of the error detection after the session of tests is very involved. Moreover, they do not guarantee that the results obtained are correct. Static analysis methods are, as a rule, lexical scanners and do not thoroughly analyze the execution of the program, as well as its memory content (e.g., arrays, variables, and the like). The objective of the suggested method is to improve situation in this field and facilitate the audit of a program code by the programmer.__________Translated from Programmirovanie, Vol. 31, No. 4, 2005.Original Russian Text Copyright © 2005 by Puchkov, Shapchenko.     

Lightweight runtime checking of C programs with RTC

The C Programming Language is known for being an efficient language that can be compiled on almost any architecture and operating system. However the absence of dynamic safety checks and a relatively weak type system allows programmer oversights that are hard to spot. In this paper, we present RTC, a runtime monitoring tool that instruments unsafe code and monitors the program execution. RTC is built on top of the ROSE compiler infrastructure. RTC finds memory bugs and arithmetic overflows and underflows, and run-time type violations. Most of the instrumentations are directly added to the source file and only require a minimal runtime system. As a result, the instrumented code remains portable. In tests against known error detection benchmarks, RTC found 98% of all memory related bugs and had zero false positives. In performance tests conducted with well known algorithms, such as binary search and MD5, we determined that our tool has an average run-time overhead rate of 9.7× and memory overhead rate of 3.5×.     

堆溢出的攻击演变与防范

以栈溢出为主的缓冲区溢出研究取得了较为丰硕的成果,与其相比,堆溢出攻击要困难许多,研究力度也少了许多。然而我们绝不能低估基于堆的溢出攻击,事实上,堆溢出已经成为攻击软件的主要方式之一。论文从基本的堆溢出开始,详细研究了堆溢出的主要攻击手段及其演变,介绍了各种常见的防御措施,并且对这些研究成果进行了分析总结。最后陈述了我们对此问题的观点。     

一种基于代码静态分析的缓冲区溢出检测算法

缓冲区溢出目前已成为最常见的软件安全漏洞之一,从源代码形式来看,常见的缓冲区溢出漏洞主要有两种类型:数据拷贝和格式化字符串造成的缓冲区溢出.分析了常见缓冲区溢出漏洞发生的原因,给出了格式化字符串存储长度的计算方法,介绍了一种基于源代码静态分析的缓冲区溢出检测算法,该算法首先对源代码进行建模,构造其抽象语法树、符号表、控制流图、函数调用图,在此基础上运用区间运算技术来分析和计算程序变量及表达式的取值范围,并在函数间分析中引入函数摘要来代替实际的函数调用.最后使用该方法对开源软件项目进行检测,结果表明该方法能够有效地、精确地检测缓冲区溢出.     

基于代码插装的缓冲区溢出漏洞定位技术

为准确快速地找到缓冲区溢出漏洞点,提出一种通过代码插装对二进制文件中的缓冲区溢出漏洞自动定位的方法。使用PIN提供的函数编写程序分析工具,在程序执行过程中记录所需的信息。当检测到内存访问错误异常时,判别破坏内存的情况,获取内存破坏点,查找到非法写内存的指令定位漏洞。实例分析表明,该方法不需要源程序且效率较高,能成功地定位常见的缓冲区溢出漏洞。     

一种缓冲区溢出攻击的实时检测方法

根据攻击者通常通过修改函数返回地址或函数入口地址来改变程序流程的特点以及ELF文件的结构特点,在调用函数和函数调用返回时对某些特定信息进行处理,以检测出攻击行为。依靠动态程序监控平台pin提供的API函数来编写程序运行时监控工具,提出缓冲区溢出攻击实时检测的方法。实例分析表明该方法具有无需对现有的软、硬件系统进行修改的特点。     

基于内存映射文件的复杂对象快速读取方法

当前内存数据库(NoSQL)、嵌入式数据库技术在高并发高性能系统中得到了广泛的应用,但对于复杂对象数据的读取效率仍然低下,研究发现主要性能瓶颈有两个:一是内核态与用户态间的内存拷贝,拷贝消耗时间与复杂对象的数据量成线性增长;二是从数据库数据到运行时数据对象的格式转化操作,不但需要开辟新的内存空间存储运行时数据对象,而且还需要解析原始数据并拷贝至新对象之中。为此,提出了一种基于内存映射(memory mapping)文件的复杂对象共享读取方法。借助内存映射文件与自定义内存分配器,实现了结构复杂的C++标准模板库容器对象跨进程无拷贝、无格式转化的共享,有效降低了数据读取延时。通过性能的分析比较表明,与NoSQL内存数据库、嵌入式数据库比,读取性能效率提升10倍以上。再加上底层技术成熟稳定,复用了标准模板库,具有开发成本低、可维护性强、实用性高等优点,因此,适用于高并发高性能的高可用后台服务系统。