Edward J. Schwartz

All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)

Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts. The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.

BAP: a binary analysis platform

BAP is a publicly available infrastructure for performing program verification and analysis tasks on binary (i.e., executable) code. In this paper, we describe BAP as well as lessons learned from previous incarnations of binary analysis platforms. BAP explicitly represents all side effects of instructions in an intermediate language (IL), making syntaxdirected analysis possible. We have used BAP to routinely generate and solve verification conditions that are hundreds of megabytes in size and encompass 100,000s of assembly instructions.

Automatic exploit generation

The idea is to identify security-critical software bugs so they can be fixed first.

Interactive SIGHT into information graphics

Information graphics (such as bar charts and line graphs) play a vital role in many multimodal documents. Unfortunately, visually impaired individuals who use screen reader programs to navigate through such documents have limited access to the graphics. This paper presents the Interactive SIGHT (Summarizing Information GrapHics Textually) system that provides visually impaired individuals with the high-level knowledge that one would gain from viewing graphics in electronic documents. The current system, which is implemented as a browser extension, works on simple bar charts. Once launched by a keystroke combination, Interactive SIGHT first provides a brief initial summary that conveys the underlying message of the bar chart along with the charts most significant features. The system is then able to generate history-aware follow-up responses that provide further information upon request from the user. User evaluations with sighted and visually impaired users showed that the initial summary and follow-up responses are very effective in conveying the informational content of graphics and that the system interface is easy to use.

Access to multimodal articles for individuals with sight impairments

Although intelligent interactive systems have been the focus of many research efforts, very few have addressed systems for individuals with disabilities. This article presents our methodology for an intelligent interactive system that provides individuals with sight impairments with access to the content of information graphics (such as bar charts and line graphs) in popular media. The article describes the methodology underlying the systems intelligent behavior, its interface for interacting with users, examples processed by the implemented system, and evaluation studies both of the methodology and the effectiveness of the overall system. This research advances universal access to electronic documents.

How to model a TCP/IP network using only 20 parameters

Most simulation models for data communication networks encompass hundreds of parameters that can each take on millions of values. Such models are difficult to understand, parameterize and investigate. This paper explains how to model a modern data communication network concisely, using only 20 parameters. Further, the paper demonstrates how this concise model supports efficient design of simulation experiments. The model has been implemented as a sequential simulation called MesoNet, which uses Simulation Language with Extensibility (SLX). The paper discusses model resource requirements and the performance of SLX. The model and principles delineated in this paper have been used to investigate parameter spaces for large (hundreds of thousands of simultaneously active flows), fast (hundreds of Gigabits/ second) simulated networks under a variety of congestion control algorithms.

Interactive SIGHT: textual access to simple bar charts

Information graphics, such as bar charts and line graphs, are an important component of many articles from popular media. The majority of such graphics have an intention (a high-level message) to communicate to the graph viewer. Since the intended message of a graphic is often not repeated in the accompanying text, graphics together with the textual segments contribute to the overall purpose of an article and cannot be ignored. Unfortunately, these visual displays are provided in a format which is not readily accessible to everyone. For example, individuals with sight impairments who use screen readers to listen to documents have limited access to the graphics. This article presents a new accessibility tool, the Interactive SIGHT (Summarizing Information GrapHics Textually) system, that is intended to enable visually impaired users to access the knowledge that one would gain from viewing information graphics found on the web. The current system, which is implemented as a browser extension that works on simple bar charts, can be invoked by a user via a keystroke combination while navigating the web. Once launched, Interactive SIGHT first provides a brief summary that conveys the underlying intention of a bar chart along with the charts most significant and salient features, and then produces history-aware follow-up responses to provide further information about the chart upon request from the user. We present two user studies that were conducted with sighted and visually impaired users to determine how effective the initial summary and follow-up responses are in conveying the informational content of bar charts, and to evaluate how easy it is to use the system interface. The evaluation results are promising and indicate that the system responses are well-structured and enable visually impaired users to answer key questions about bar charts in an easy-to-use manner. Post-experimental interviews revealed that visually impaired participants were very satisfied with the system offering different options to access the content of a chart to meet their specific needs and that they would use Interactive SIGHT if it was publicly available so as not to have to ignore graphics on the web. Being a language based assistive technology designed to compensate for the lack of sight, our work paves the road for a stronger acceptance of natural language interfaces to graph interpretation that we believe will be of great benefit to the visually impaired community.

Predicting Macroscopic Dynamics in Large Distributed Systems: Part I

Society increasingly depends on large distributed systems, such as the Internet and Web-based service-oriented architectures deployed over the Internet. Such systems constantly evolve as new software components are injected to provide increased functionality, better performance and enhanced security. Unfortunately, designers lack effective methods to predict how new components might influence macroscopic behavior. Lacking effective methods, designers rely on engineering techniques, such as: analysis of critical algorithms at small scale and under limiting assumptions; factor-at-a-time simulations conducted at modest scale; and empirical measurements in small test beds. Such engineering techniques enable designers to characterize selected properties of new components but reveal little about likely dynamics at global scale. In this paper, we outline an approach that can be used to predict macroscopic dynamics when new components are deployed in a large distributed system. Our approach combines two main methods: scale reduction and multidimensional data analysis techniques. Combining these methods, we can search a wide parameter space to identify factors likely to drive global system response and we can predict the resulting macroscopic dynamics of key system behaviors. We demonstrate our approach in the context of the Internet, where researchers, motivated by a desire to increase user performance, have proposed new algorithms to replace the standard congestion control mechanism. Previously, the proposed algorithms were studied in three ways: using analytical models of single data flows, using empirical measurements in test beds where a few data flows compete for bandwidth, and using simulations at modest scale with a few sequentially varied parameters. In contrast, by applying our approach, we simulated configurations covering four-tier network topologies, spanning continental and global distances, comprising routers operating at state-of-the-art speeds and transporting more than 105 simultaneous data flows with varying traffic patterns and temporary spatiotemporal congestion. Our findings identify the main factors influencing macroscopic dynamics of Internet congestion control, and define the specific combination of factors that must hold for users to realize improved performance. We also uncover potential for one proposed algorithm to cause widespread performance degradation. Previous engineering studies of the proposed congestion control algorithms were unable to reveal such essential information.Copyright

Bar Charts in Popular Media: Conveying Their Message to Visually Impaired Users via Speech

Information graphics such as bar charts, line graphs, and pie charts play a vital role in many documents found on the Web. In contrast to graphics generated for the purposes of data visualization, which are intended to allow the viewer to visually explore the data, we posit that the majority of information graphics that appear in popular media are designed to convey a clear message to the viewer [5]. These visual constructs serve as a communication medium between the graphic designer and the viewer, since they enable the viewer to quickly and easily perform complex tasks such as comparing entities or identifying trends [26, 8, 2] in order to infer the message being conveyed by the graphic designer.

Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables

High-level C++ source code abstractions such as classes and methods greatly assist human analysts and automated algorithms alike when analyzing C++ programs. Unfortunately, these abstractions are lost when compiling C++ source code, which impedes the understanding of C++ executables. In this paper, we propose a system, OOAnalyzer, that uses an innovative new design to statically recover detailed C++ abstractions from executables in a scalable manner. OOAnalyzers design is motivated by the observation that many human analysts reason about C++ programs by recognizing simple patterns in binary code and then combining these findings using logical inference, domain knowledge, and intuition. We codify this approach by combining a lightweight symbolic analysis with a flexible Prolog-based reasoning system. Unlike most existing work, OOAnalyzer is able to recover both polymorphic and non-polymorphic C++ classes. We show in our evaluation that OOAnalyzer assigns over 78% of methods to the correct class on our test corpus, which includes both malware and real-world software such as Firefox and MySQL. These recovered abstractions can help analysts understand the behavior of C++ malware and cleanware, and can also improve the precision of program analyses on C++ executables.