Abstract
There are a few major principal tools that have long supported the often frustrating and time-consuming part of software development and maintenance that is debugging. These tools are the symbolic debugger, the profiler, the tracer and the crash dump analyzer. With the advancement of dynamic protection mechanisms directed towards hindering or thwarting exploitation of software vulnerabilities (a subset of possible software bugs), combined with a shift from developers being in charge of the development of one distinct piece of software to, instead, piecing a large assortment of third party components and libraries into a common service or platform, many of the mechanisms that the aforementioned tools rely on have been either eliminated, circumvented or otherwise rendered inefficient. In this article, we present an industrial case illustrating this shift, highlighting specific issues and challenges facing the effective use of aforementioned tools, then look at how recent developments in tracing frameworks can be further improved to remedy the situation. Lastly, we introduce such a tool alongside initial experimentation and validation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Android application licensing, implementing an obfuscator, http://developer.android.com/guide/publishing/licensing.html
Architecture of systemtap: a linux trace/probe tool, http://sourceware.org/systemtap/archpaper.pdf
Comparison of network monitoring systems, http://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems
Developer tools: Apple developer overview, http://developer.apple.com/technologies/tools/
Embedded elf debugging, http://www.phrack.com/issues.html?issue=63&id=9
Araki, K., Furukawa, Z., Cheng, J.: A general framework for debugging. IEEE Softw. 8, 14–20 (1991)
Bungale, P., Luk, C.: Pinos: a programmable framework for whole-system dynamic instrumentation. In: Proceedings of the 3rd International Conference on Virtual Execution Environments, pp. 137–147 (2007)
Cantrill, B.M., Shapiro, M.W., Leventhal, A.H.: Dynamic instrumentation of production systems. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2004, pp. 2–2. USENIX Association, Berkeley (2004)
”Crossbower”: Single process parasite, http://www.phrack.com/issues.html?issue=68&id=9
Fournier, P.M., Desnoyers, M., Dagenais, M.R.: Combined tracing of the kernel and applications with LTTng. In: Proceedings of the 2009 Linux Symposium (July 2009)
Gagnon, M.N., Taylor, S., Ghosh, A.K.: Software Protection through Anti-Debugging. IEEE Security & Privacy Magazine 5(3), 82–84 (2007)
Marty, R.: Applied Security Visualization. Addison Wesley Professional (2008)
Mateas, M., Montfort, N.: A box, darkly: Obfuscated code, weird languages, and code aesthetics. In: Proceedings of the 2005 Digital Arts and Culture Conference, pp. 144–153 (2005)
Mellstrand, P., Stahl, B.: Systemic Software Debugging. Sony Mobile Communications (2012), http://www.systemicsoftwaredebugging.com
Olszewski, M., Mierle, K., Czajkowski, A., Brown, A.D.: Jit instrumentation: a novel approach to dynamically instrument operating systems. SIGOPS Oper. Syst. Rev. 41, 3–16 (2007)
Raadt, T.D.: Exploit mitigation techniques (2005), http://www.openbsd.org/papers/ven05-deraadt/index.html
Toupin, D.: Using tracing to diagnose or monitor systems. IEEE Softw. 28, 87–91 (2011)
Xu, H., Chapin, S.J.: Address-space layout randomization using code islands. J. Comput. Secur. 17, 331–362 (2009)
Zellweger, P.T.: An interactive high-level debugger for control-flow optimized programs. SIGPLAN Not. 18, 159–172 (1983)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ståhl, B., Mellstrand, P. (2012). Retooling and Securing Systemic Debugging. In: Jøsang, A., Carlsson, B. (eds) Secure IT Systems. NordSec 2012. Lecture Notes in Computer Science, vol 7617. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34210-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-34210-3_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34209-7
Online ISBN: 978-3-642-34210-3
eBook Packages: Computer ScienceComputer Science (R0)