Computer Science and Artificial Intelligence Lab (CSAIL) 2020-12-03T20:39:10Z Comprehensive Java Metadata Tracking for Attack Detection and Repair Comprehensive Java Metadata Tracking for Attack Detection and Repair Perkins, Jeff; Eikenberry, Jordan; Coglio, Alessandro; Rinard, Martin We present ClearTrack, a system that tracks 32 bits of metadata for each primitive value in Java programs to detect and nullify a range of vulnerabilities such as integer overflow and underflow vulnerabilities, SQL injection vulnerabilities, and command injection vulnerabilities. Contributions include new techniques for eliminating false positives associated with benign integer overflows and underflows, new metadata-aware techniques for detecting and nullifying SQL and command injection attacks, and results from an evaluation of ClearTrack performed by a Test and Evaluation team hired by the sponsor of this research (an anonymous agency of the United States government). These results show that 1) ClearTrack operates successfully on Java programs comprising hundreds of thousands of lines of code (including instrumented jar files and Java system libraries, the majority of the applications comprise over 3 million lines of code), 2) because of computations such as cryptography and hash table calculations, these applications perform millions of benign integer overflows and underflows, and 3) ClearTrack successfully detects and nullifies all tested integer overflow and underflow, SQL injection, and command injection vulnerabilities in the benchmark applications. 2019-11-19T00:00:00Z Precise and Comprehensive Provenance Tracking for Android Devices Precise and Comprehensive Provenance Tracking for Android Devices Gordon, Michael; Eikenberry, Jordan; Eden, Anthony; Perkins, Jeff; Rinard, Martin Detailed information about the paths that data take through a system is invaluable for understanding sources and behaviors of complex exfiltration malware. We present a new system, ClearScope, that tracks, at the level of individual bytes, the complete paths that data follow through Android systems. These paths include the original source where data entered the device (such as sensors or network connections), files in which the data was temporarily stored, applications that the data traversed during its time in the device, and sinks through which the data left the device. The ClearScope system design enables this unprecedented level of provenance tracking detail by 1) structuring the provenance representation as references, via provenance tags, to provenance events that record the movement of data between system components and into or out of the device and 2) adopting a split design in which provenance events are streamed to a remote server for storage, with only the minimal information required to generate the tagged stream of events retained on the device. ClearScope also includes compiler optimizations that enable efficient provenance tracking within applications by eliminating unnecessary provenance tracking computations and adopting and efficient aggregate provenance representation for arrays when all array elements have the same provenance. Experience using ClearScope to analyze the notorious Adups FOTA malware highlights the significant benefits that this level of comprehensive detail can bring. Performance experiments with the Caffeine Mark benchmarks show that the overall ClearScope provenance tracking overhead on this benchmark suite is 14%. 2019-11-19T00:00:00Z Faster Dynamic Controllability Checking in Temporal Networks with Integer Bounds Faster Dynamic Controllability Checking in Temporal Networks with Integer Bounds Bhargava, Nikhil; Williams, Brian C. Simple Temporal Networks with Uncertainty (STNUs) provide a useful formalism with which to reason about events and the temporal constraints that apply to them. STNUs are in particular notable because they facilitate reasoning over stochastic, or uncontrollable, actions and their corresponding durations. To evaluate the feasibility of a set of constraints associated with an STNU, one checks the network's \textit{dynamic controllability}, which determines whether an adaptive schedule can be constructed on-the-fly. Our work provides a dynamic controllability checker that is able to quickly refute the controllability of an STNU with integer bounds, such as those found in planning problems. Our work is faster than the existing best runtime for networks with integer bounds and executes in O(min(mn, m\sqrt{n}\log{N}) + km + k^2n + kn\log{n}). Our approach pre-processes the STNU using an existing O(n^3) dynamic controllability checking algorithm and provides tighter bounds on its runtime. This makes our work easily adaptable to other algorithms that rely on checking variants of dynamic controllability. 2019-08-01T00:00:00Z Automatic Exploitation of Fully Randomized Executables Automatic Exploitation of Fully Randomized Executables Gadient, Austin; Ortiz, Baltazar; Barrato, Ricardo; Davis, Eli; Perkins, Jeff; Rinard, Martin We present Marten, a new end to end system for automatically discovering, exploiting, and combining information leakage and buffer overflow vulnerabilities to derandomize and exploit remote, fully randomized processes. Results from two case studies high- light Marten’s ability to generate short, robust ROP chain exploits that bypass address space layout randomization and other modern defenses to download and execute injected code selected by an attacker. We present an automated system, Marten, that automatically generates control flow hijacking exploits against fully randomized executables by combining information leakage and buffer overflow exploits. 2019-06-11T00:00:00Z 狠狠躁天天躁中文字幕_日韩欧美亚洲综合久久_漂亮人妻被中出中文字幕