Skip to main content
SpringerLink
Log in

Retooling and Securing Systemic Debugging

  • Conference paper
Secure IT Systems (NordSec 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7617))

Included in the following conference series:

  • 950 Accesses

Abstract

There are a few major principal tools that have long supported the often frustrating and time-consuming part of software development and maintenance that is debugging. These tools are the symbolic debugger, the profiler, the tracer and the crash dump analyzer. With the advancement of dynamic protection mechanisms directed towards hindering or thwarting exploitation of software vulnerabilities (a subset of possible software bugs), combined with a shift from developers being in charge of the development of one distinct piece of software to, instead, piecing a large assortment of third party components and libraries into a common service or platform, many of the mechanisms that the aforementioned tools rely on have been either eliminated, circumvented or otherwise rendered inefficient. In this article, we present an industrial case illustrating this shift, highlighting specific issues and challenges facing the effective use of aforementioned tools, then look at how recent developments in tracing frameworks can be further improved to remedy the situation. Lastly, we introduce such a tool alongside initial experimentation and validation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Android application licensing, implementing an obfuscator, http://developer.android.com/guide/publishing/licensing.html

  2. Architecture of systemtap: a linux trace/probe tool, http://sourceware.org/systemtap/archpaper.pdf

  3. Comparison of network monitoring systems, http://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems

  4. Developer tools: Apple developer overview, http://developer.apple.com/technologies/tools/

  5. Embedded elf debugging, http://www.phrack.com/issues.html?issue=63&id=9

  6. Araki, K., Furukawa, Z., Cheng, J.: A general framework for debugging. IEEE Softw. 8, 14–20 (1991)

    Article  Google Scholar 

  7. Bungale, P., Luk, C.: Pinos: a programmable framework for whole-system dynamic instrumentation. In: Proceedings of the 3rd International Conference on Virtual Execution Environments, pp. 137–147 (2007)

    Google Scholar 

  8. Cantrill, B.M., Shapiro, M.W., Leventhal, A.H.: Dynamic instrumentation of production systems. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2004, pp. 2–2. USENIX Association, Berkeley (2004)

    Google Scholar 

  9. ”Crossbower”: Single process parasite, http://www.phrack.com/issues.html?issue=68&id=9

  10. Fournier, P.M., Desnoyers, M., Dagenais, M.R.: Combined tracing of the kernel and applications with LTTng. In: Proceedings of the 2009 Linux Symposium (July 2009)

    Google Scholar 

  11. Gagnon, M.N., Taylor, S., Ghosh, A.K.: Software Protection through Anti-Debugging. IEEE Security & Privacy Magazine 5(3), 82–84 (2007)

    Article  Google Scholar 

  12. Marty, R.: Applied Security Visualization. Addison Wesley Professional (2008)

    Google Scholar 

  13. Mateas, M., Montfort, N.: A box, darkly: Obfuscated code, weird languages, and code aesthetics. In: Proceedings of the 2005 Digital Arts and Culture Conference, pp. 144–153 (2005)

    Google Scholar 

  14. Mellstrand, P., Stahl, B.: Systemic Software Debugging. Sony Mobile Communications (2012), http://www.systemicsoftwaredebugging.com

  15. Olszewski, M., Mierle, K., Czajkowski, A., Brown, A.D.: Jit instrumentation: a novel approach to dynamically instrument operating systems. SIGOPS Oper. Syst. Rev. 41, 3–16 (2007)

    Article  Google Scholar 

  16. Raadt, T.D.: Exploit mitigation techniques (2005), http://www.openbsd.org/papers/ven05-deraadt/index.html

  17. Toupin, D.: Using tracing to diagnose or monitor systems. IEEE Softw. 28, 87–91 (2011)

    Article  Google Scholar 

  18. Xu, H., Chapin, S.J.: Address-space layout randomization using code islands. J. Comput. Secur. 17, 331–362 (2009)

    Google Scholar 

  19. Zellweger, P.T.: An interactive high-level debugger for control-flow optimized programs. SIGPLAN Not. 18, 159–172 (1983)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Blekinge Institute of Technology, Sweden

    Björn Ståhl & Per Mellstrand

Authors
  1. Björn Ståhl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Per Mellstrand
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Oslo, Gaustadalléen 23b, 0373, Oslo, Norway

    Audun Jøsang

  2. Blekinge Institute of Technology, Valhallavägen 1, 37179, Karlskrona, Sweden

    Bengt Carlsson

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ståhl, B., Mellstrand, P. (2012). Retooling and Securing Systemic Debugging. In: Jøsang, A., Carlsson, B. (eds) Secure IT Systems. NordSec 2012. Lecture Notes in Computer Science, vol 7617. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34210-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34210-3_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34209-7

  • Online ISBN: 978-3-642-34210-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation