https://homeostasis.scs.carleton.ca/wiki/api.php?action=feedcontributions&feedformat=atom&user=Xiaodog1234Soma-notes - User contributions [en]2026-04-05T02:14:03ZUser contributionsMediaWiki 1.42.1https://homeostasis.scs.carleton.ca/wiki/index.php?title=SystemsSec_2016W_Lecture_21&diff=20902SystemsSec 2016W Lecture 212016-03-31T23:08:25Z<p>Xiaodog1234: </p>
<hr />
<div>Exam:<br />
- Similar format to Midterm<br />
- can bring laptop, Open book/laptop<br />
<br />
'''Program Anaylsis'''<br />
<br />
- Problem address<br />
- not clear on what they do<br />
- most technique do not scale to real world program<br />
- reference to covariety<br />
- company product for analyzing program for software flaws particular to security<br />
- one person co author of this paper<br />
<br />
- twist under constrained?<br />
- fundamental problem of program analysis?<br />
false positive<br />
- cant do perfect analysis on program that scale<br />
- need to number of assumption<br />
- hav to assume things pessimisstically<br />
- get report of all that this could b bad<br />
- programmer wont look at this <br />
- how to give programmer context <br />
- using approach that increase false postive<br />
- input output nicely set<br />
- but if jump in the middle of the program who knows what it does<br />
***- no way to know if all precondition has been met<br />
- so how is this at all a good idea?<br />
<br />
- how did they save themselve?<br />
- liquid type inference<br />
- infer constraint onto the data as it goes through the program<br />
- if the program behaves like this here, it must be this state or that state<br />
- one technique they use<br />
- lets jump into middle of program <br />
- not try to analyize the program<br />
- annotation <br />
- SSL: false positive when looking at R2 data<br />
- start in middle of program assume everyfine and see how it goes<br />
- but limited constraint in it to reduce problem size<br />
<br />
- only allow this to run in a hour<br />
- relatively fast<br />
- why do this? because if start at beginning can't reach to alot of parts because of constraint<br />
- solution we just gonna jump there<br />
- analyzing the program, symbolically executing, symbolic execution, <br />
EX: kinda like java eclipse where you set debugging point<br />
<br />
- underconstraint<br />
- pro get to some point that u may never get there<br />
with Patch <br />
- is there differiential crash? so can compare nd see if the patch did something bad <br />
<br />
why want to look at Patch this way?<br />
- why patch nasty <br />
- when u doing a patch <br />
- when something's broken, already deployed, might b code thats sitting around for years<br />
- potentially no one <br />
- can u get it right? Kinda of? ish?<br />
- as person doing patch not same level of understanding to previous owner<br />
- impact of the bug from security attack?<br />
- not likely as there are various security stuff that could cover it<br />
- not worth the spent resource look for this vs updating security<br />
<br />
-if went to program analysis conference <br />
- laugh out of the room<br />
- timeline of paper is funny, paper they used were years ago, major gap in publication<br />
- could have been previously rejected by sub community - program analysis - and dumped to security community <br />
- as a security paper<br />
<br />
<br />
'''WebEval''' <br />
- malicious extension detector, <br />
- one statistic that horrifying<br />
- 10% of whole<br />
- only 95% are accurate<br />
<br />
major security problem<br />
- nothing on the user end that can counter act <br />
- why are we downloading extension?<br />
- added functionality<br />
<br />
<br />
- security restriction of web broswer is too limiting <br />
- by installing extension means I WISH TO BREAK SECURITY POLICY<br />
<br />
- what happen to web if give developer the permission they want<br />
<br />
- bad things get distributed<br />
<br />
- chrome extensions to prevent this<br />
- key things to have : permission model, <br />
- but developer give more permission first and then as they work on it they scale it<br />
<br />
- set up the problem so that people could be sending our data at all time<br />
- so what are we doing to handle this issue?<br />
<br />
- keep list of behaviour of malicious extension<br />
- binary classification - two set good or bad and try to classifier <br />
<br />
- human used when high entropy from the classification <br />
<br />
<br />
automated system can be get around <br />
- change the code, until it gets passed this to get around the restriction <br />
- evade the classification rule that are impelemented<br />
- so only way to find this is to use humans<br />
- classical problem of binary classification</div>Xiaodog1234https://homeostasis.scs.carleton.ca/wiki/index.php?title=SystemsSec_2016W_Lecture_21&diff=20901SystemsSec 2016W Lecture 212016-03-31T23:07:56Z<p>Xiaodog1234: </p>
<hr />
<div>Exam:<br />
- Similar format to Midterm<br />
- can bring laptop, Open book/laptop<br />
<br />
'''Program Anaylsis'''<br />
<br />
- Problem address<br />
- not clear on what they do<br />
- most technique do not scale to real world program<br />
- reference to covariety<br />
- company product for analyzing program for software flaws particular to security<br />
- one person co author of this paper<br />
<br />
- twist under constrained?<br />
- fundamental problem of program analysis?<br />
false positive<br />
- cant do perfect analysis on program that scale<br />
- need to number of assumption<br />
- hav to assume things pessimisstically<br />
- get report of all that this could b bad<br />
- programmer wont look at this <br />
- how to give programmer context <br />
- using approach that increase false postive<br />
- input output nicely set<br />
- but if jump in the middle of the program who knows what it does<br />
***- no way to know if all precondition has been met<br />
- so how is this at all a good idea?<br />
<br />
- how did they save themselve?<br />
- liquid type inference<br />
- infer constraint onto the data as it goes through the program<br />
- if the program behaves like this here, it must be this state or that state<br />
- one technique they use<br />
- lets jump into middle of program <br />
- not try to analyize the program<br />
- annotation <br />
- SSL: false positive when looking at R2 data<br />
- start in middle of program assume everyfine and see how it goes<br />
- but limited constraint in it to reduce problem size<br />
<br />
- only allow this to run in a hour<br />
- relatively fast<br />
- why do this? because if start at beginning can't reach to alot of parts because of constraint<br />
- solution we just gonna jump there<br />
- analyzing the program, symbolically executing, symbolic execution, <br />
EX: kinda like java eclipse where you set debugging point<br />
<br />
- underconstraint<br />
- pro get to some point that u may never get there<br />
with Patch <br />
- is there differiential crash? so can compare nd see if the patch did something bad <br />
<br />
why want to look at Patch this way?<br />
- why patch nasty <br />
- when u doing a patch <br />
- when something's broken, already deployed, might b code thats sitting around for years<br />
- potentially no one <br />
- can u get it right? Kinda of? ish?<br />
- as person doing patch not same level of understanding to previous owner<br />
- impact of the bug from security attack?<br />
- not likely as there are various security stuff that could cover it<br />
- not worth the spent resource look for this vs updating security<br />
<br />
-if went to program analysis conference <br />
- laugh out of the room<br />
- timeline of paper is funny, paper they used were years ago, major gap in publication<br />
- could have been previously rejected by sub community - program analysis - and dumped to security community <br />
- as a security paper<br />
<br />
<br />
'''WebEval'''<br />
<br />
- malicious extension detector, <br />
- one statistic that horrifying<br />
- 10% of whole<br />
- only 95% are accurate<br />
<br />
major security problem<br />
- nothing on the user end that can counter act <br />
- why are we downloading extension?<br />
- added functionality<br />
<br />
<br />
- security restriction of web broswer is too limiting <br />
- by installing extension means I WISH TO BREAK SECURITY POLICY<br />
<br />
- what happen to web if give developer the permission they want<br />
<br />
- bad things get distributed<br />
<br />
- chrome extensions to prevent this<br />
- key things to have : permission model, <br />
- but developer give more permission first and then as they work on it they scale it<br />
<br />
- set up the problem so that people could be sending our data at all time<br />
- so what are we doing to handle this issue?<br />
<br />
- keep list of behaviour of malicious extension<br />
- binary classification - two set good or bad and try to classifier <br />
<br />
- human used when high entropy from the classification <br />
<br />
<br />
automated system can be get around <br />
- change the code, until it gets passed this to get around the restriction <br />
- evade the classification rule that are impelemented<br />
- so only way to find this is to use humans<br />
- classical problem of binary classification</div>Xiaodog1234https://homeostasis.scs.carleton.ca/wiki/index.php?title=SystemsSec_2016W_Lecture_21&diff=20900SystemsSec 2016W Lecture 212016-03-31T23:07:33Z<p>Xiaodog1234: March 29 notes dump</p>
<hr />
<div>Exam:<br />
- Similar format to Midterm<br />
- can bring laptop, Open book/laptop<br />
<br />
'''Program Anaylsis'''<br />
<br />
Problem address<br />
- not clear on what they do<br />
- most technique do not scale to real world program<br />
- reference to covariety<br />
- company product for analyzing program for software flaws particular to security<br />
- one person co author of this paper<br />
<br />
- twist under constrained?<br />
- fundamental problem of program analysis?<br />
false positive<br />
- cant do perfect analysis on program that scale<br />
- need to number of assumption<br />
- hav to assume things pessimisstically<br />
- get report of all that this could b bad<br />
- programmer wont look at this <br />
- how to give programmer context <br />
- using approach that increase false postive<br />
- input output nicely set<br />
- but if jump in the middle of the program who knows what it does<br />
***- no way to know if all precondition has been met<br />
- so how is this at all a good idea?<br />
<br />
- how did they save themselve?<br />
- liquid type inference<br />
- infer constraint onto the data as it goes through the program<br />
- if the program behaves like this here, it must be this state or that state<br />
- one technique they use<br />
- lets jump into middle of program <br />
- not try to analyize the program<br />
- annotation <br />
- SSL: false positive when looking at R2 data<br />
- start in middle of program assume everyfine and see how it goes<br />
- but limited constraint in it to reduce problem size<br />
<br />
- only allow this to run in a hour<br />
- relatively fast<br />
- why do this? because if start at beginning can't reach to alot of parts because of constraint<br />
- solution we just gonna jump there<br />
- analyzing the program, symbolically executing, symbolic execution, <br />
EX: kinda like java eclipse where you set debugging point<br />
<br />
- underconstraint<br />
- pro get to some point that u may never get there<br />
with Patch <br />
- is there differiential crash? so can compare nd see if the patch did something bad <br />
<br />
why want to look at Patch this way?<br />
- why patch nasty <br />
- when u doing a patch <br />
- when something's broken, already deployed, might b code thats sitting around for years<br />
- potentially no one <br />
- can u get it right? Kinda of? ish?<br />
- as person doing patch not same level of understanding to previous owner<br />
- impact of the bug from security attack?<br />
- not likely as there are various security stuff that could cover it<br />
- not worth the spent resource look for this vs updating security<br />
<br />
-if went to program analysis conference <br />
- laugh out of the room<br />
- timeline of paper is funny, paper they used were years ago, major gap in publication<br />
- could have been previously rejected by sub community - program analysis - and dumped to security community <br />
- as a security paper<br />
<br />
<br />
'''WebEval'''<br />
<br />
- malicious extension detector, <br />
- one statistic that horrifying<br />
- 10% of whole<br />
- only 95% are accurate<br />
<br />
major security problem<br />
- nothing on the user end that can counter act <br />
- why are we downloading extension?<br />
- added functionality<br />
<br />
<br />
- security restriction of web broswer is too limiting <br />
- by installing extension means I WISH TO BREAK SECURITY POLICY<br />
<br />
- what happen to web if give developer the permission they want<br />
<br />
- bad things get distributed<br />
<br />
- chrome extensions to prevent this<br />
- key things to have : permission model, <br />
- but developer give more permission first and then as they work on it they scale it<br />
<br />
- set up the problem so that people could be sending our data at all time<br />
- so what are we doing to handle this issue?<br />
<br />
- keep list of behaviour of malicious extension<br />
- binary classification - two set good or bad and try to classifier <br />
<br />
- human used when high entropy from the classification <br />
<br />
<br />
automated system can be get around <br />
- change the code, until it gets passed this to get around the restriction <br />
- evade the classification rule that are impelemented<br />
- so only way to find this is to use humans<br />
- classical problem of binary classification</div>Xiaodog1234