Beagle: Tracking System Failures for Reproducing Security Faults

Tsai, Chang-Hsien; Liu, Shih-Hung; Huang, Shuen-Wen; Huang, Shih-Kun; Liang, Deron

doi:10.1007/0-387-24006-3_11

Chang-Hsien Tsai⁴,
Shih-Hung Liu⁴,
Shuen-Wen Huang⁵,
Shih-Kun Huang^4,5 &
…
Deron Liang⁶

646 Accesses

Abstract

Software vulnerabilities can be attributed to inherent bugs in the system. Several types of bugs introduce faults for not conforming to system specifications and failures, including crash, hang, and panic. In our work, we exploit security faults due to crash-type failures. It is difficult to reconstruct system failures after a program has crashed. Much research work has been focused on detecting program errors and identifying their root causes either by static analysis or observing their running behavior through dynamic program instrument. Our goal is to design a tool that helps isolate bugs. This tool is called BEAGLE (Bug-tracking by Execution Auditing from Generated Logs and Errors). BEAGLE periodically makes stack checkpoints of program in execution. If the software crashes, we can approximate to the latest checkpoint and infer the precise corrupt site. After identifying the site of control state corruption, tainted input analysis will determine system exploitability if untouched passed through the corrupt site. Several case studies of corrupt site detections and tainted input analysis prove the applicability of our tool.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Chen, Hao and Wagner, David (2002). MOPS: an infrastructure for examining security properties of software. In Atlury, Vijay, editor, Proceedings of the 9th ACM Conference on Computer and Communication Security (CCS-02), pages 235–244, New York. ACM Press.
Google Scholar
Ghosh, Anup K. and Schmid, Matthew (1999). An approach to testing cots software for robustness to operating system exceptions and errors. In Proceedings of the 10th International Symposium on Software Reliability Engineering.
Google Scholar
Guyer, Samuel Z. and Lin., Calvin (2003). Client-driven pointer analysis. In Proceedings of the 10th International Static Analysis Symposium, pages 214–236.
Google Scholar
Hangal, Sudheendra and Lam, Monica S. (2002). Tracking down software bugs using automatic anomaly detection. In Proceedings of the 24th International Conference on Software Engineering (ICSE-02), pages 291–301, New York. ACM Press.
Google Scholar
Hunt, Galen and Brubacher, Doug (1999). Detours: Binary interception of Win32 functions. In Proceedings of the 3rd USENIX Windows NT Symposium (WIN-NT-99), pages 135–144, Berkeley, CA. USENIX Association.
Google Scholar
Liblit, Ben and Aiken, Alex (2002). Building a better backtrace: Techniques for postmortem program analysis. Technical Report CSD-02-1203, University of California, Berkeley.
Google Scholar
Pietrek, Matt (1995). Windows 95 System Programming Secrets. IDG Books.
Google Scholar
Prasad, Manish and cker Chiueh, Tzi (2003). A binary rewriting defense against stack based overflow attacks. In Proceedings of the USENIX Annual Technical Conference, pages 211–224.
Google Scholar
Shapiro, Marc and Horwitz, Susan (1997). Fast and accurate flow-insensitive points-to analysis. In Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 1–14. ACM Press.
Google Scholar
Steensgaard, Bjarne (1996). Points-to analysis in almost linear time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 32–41. ACM Press.
Google Scholar
Whittaker, James A. and Jorgensen, Alan (1999). Why software fails. SIGSOFT Software Engineering Notes, 24(4):81–83.
Article Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science and Information Engineering, National Chiao Tung University, Taiwan
Chang-Hsien Tsai, Shih-Hung Liu & Shih-Kun Huang
Institute of Ilnformation Science Academia Sinica, Taiwan
Shuen-Wen Huang & Shih-Kun Huang
Institute of Information Science Academia Sinica, Department of Computer Science, National Taiwan Ocean University, Taiwan
Deron Liang

Authors

Chang-Hsien Tsai
View author publications
You can also search for this author in PubMed Google Scholar
Shih-Hung Liu
View author publications
You can also search for this author in PubMed Google Scholar
Shuen-Wen Huang
View author publications
You can also search for this author in PubMed Google Scholar
Shih-Kun Huang
View author publications
You can also search for this author in PubMed Google Scholar
Deron Liang
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Academia Sinica, Taiwan
D. T. Lee
National Chiao Tung University, Taiwan
S. P. Shieh
UC Berkeley, USA
J. D. Tygar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Tsai, CH., Liu, SH., Huang, SW., Huang, SK., Liang, D. (2005). Beagle: Tracking System Failures for Reproducing Security Faults. In: Lee, D.T., Shieh, S.P., Tygar, J.D. (eds) Computer Security in the 21st Century. Springer, Boston, MA. https://doi.org/10.1007/0-387-24006-3_11

Download citation

DOI: https://doi.org/10.1007/0-387-24006-3_11
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24005-3
Online ISBN: 978-0-387-24006-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics