Haiyang Sun

DFL: secure and practical fault localization for datacenter networks

Datacenter networking has gained increasing popularity in the past few years. While researchers paid considerable efforts to enhance the performance and scalability of datacenter networks, achieving reliable data delivery in these emerging networks with misbehaving routers and switches received far less attention. Unfortunately, documented incidents of router compromise underscore that the capability to identify adversarial routers and switches is an imperative and practical need rather than merely a theoretical exercise. To this end, data-plane fault localization (FL) aims to identify faulty links and is an effective means of achieving high network availability. However, existing secure FL protocols assume that the source node knows the entire outgoing path that delivers the source nodes packets and that the path is static and long-lived. These assumptions are invalidated by the dynamic traffic patterns and agile load balancing commonly seen in modern datacenter networks. We propose the first secure FL protocol, DFL, with no requirements on path durability or the source node knowing the outgoing paths. Through a core technique we named delayed function disclosure, DFL incurs little communication overhead and a small, constant router state independent of the network size or the number of flows traversing a router.

A programming model and framework for comprehensive dynamic analysis on Android

The multi-process architecture of Android applications combined with the lack of suitable APIs make dynamic program analysis (DPA) on Android challenging and unduly difficult. Existing analysis tools and frameworks are tailored mainly to the needs of security-related analyses and are not flexible enough to support the development of generic DPA tools. In this paper we present a framework that, besides providing the fundamental support for the development of DPA tools for Android, enables development of cross-platform analyses that can be applied to applications targeting the Android and Java platforms. The framework provides a convenient high-level programming model, flexible instrumentation support, and strong isolation of the base program from the analysis. To boost developer productivity, the framework retains Java as the main development language, while seamless integration with the platform overcomes the recurring obstacles hindering development of DPA tools for Android. We evaluate the framework on two diverse case studies, demonstrating key concepts, the flexibility of the framework, and analysis portability.

Comprehensive Multiplatform Dynamic Program Analysis for Java and Android

Dynamic program analysis, such as with profiling, tracing, and bug-finding tools, is essential for software engineering. Unfortunately, implementing dynamic analysis for managed languages such as Java is unduly difficult and error prone because the runtime environments provide only complex low-level mechanisms. Programmers writing custom tooling must expend great effort in tool development and maintenance, while still suffering substantial limitations such as incomplete code coverage or lack of portability. Ideally, programmers should have a framework that lets them express dynamic-analysis tools at a high level, robustly, with high coverage and supporting alternative runtimes such as Android. To satisfy these requirements, ShadowVM, an all-in-one dynamic-program-analysis framework, uses a combination of techniques.

DefDroid: Securing Android with Fine-Grained Security Policy

Android occupies the absolute dominant position in mobile operating system and has the largest market share. Meanwhile, Android faces the risk of malicious insiders leaking sensitive information. In this paper, we present DefDroid, a repackaging tool for enforcing security policies by modifying Android applications without root privilege. The main advantages of DefDroid are that it provides a user-friendly interface to configure fine-grained policies and it supplies multiple deploy- ment methods. We have implemented policies aimed at three types of services of Android system, i.e., content provider, file system, and network. We choose 74 arbitrary applications from Android market and the experimental results show that the successful rate of repackaging applications is about 94.6% which effectively improve the privacy security of Android system while the increased overhead can be tolerated. Keywords—Android; permission restriction; repackage; bytecode instrumentation

Memvisor: Application Level Memory Mirroring via Binary Translation

Memory failures are common in clusters, and their destructive effects (e.g., increasing downtime and losing data) make users suffer great loss. Current memory availability strategies mostly require extra expensive hardware. Software approaches based on check pointing technologies intend to reduce the expense, but their high overhead limits the practical usage. In this paper, we present a novel system called Memvisor to provide software mirrored memory for applications. Specifically, all memory write instructions are duplicated. Data written to memory are synchronized to backup space. If memory failures happen, Memvisor will recover the data from the backup space. Compared with traditional software approaches, the instruction-level synchronization lowers the probability of data loss and reduces backup overhead. The results show that even in the worst case, Memvisor outperforms the state-of-the-art software approaches.

Efficient dynamic analysis for Node.js

Due to its popularity, there is an urgent need for dynamic program-analysis tools for Node.js, helping developers find bugs, performance bottlenecks, and bad coding practices. Frameworks based on code-level instrumentation enable dynamic analyses close to program semantics and are more flexible than Node.js built-in profiling tools. However, existing code-level instrumentation frameworks for JavaScript suffer from enormous overheads and difficulties in instrumenting the built-in module library of Node.js. In this paper, we introduce a new dynamic analysis framework for JavaScript and Node.js called NodeProf. While offering similar flexibility as code-level instrumentation frameworks, NodeProf significantly improves analysis performance while ensuring comprehensive code coverage. NodeProf supports runtime (de)activation of analyses and incurs zero overhead when no analysis is active. NodeProf is based on dynamic instrumentation of the JavaScript runtime and leverages automatic partial evaluation to generate efficient machine code. In addition, NodeProf makes use of the language interoperability provided by the runtime and thus allows dynamic analyses to be written in Java and JavaScript with compatibility to Jalangi, a state-of-the-art code-level JavaScript instrumentation framework. Our experiments show that the peak performance of running the same dynamic analyses using NodeProf can be up to three orders of magnitude faster than Jalangi.

Extended Code Coverage for AspectJ-Based Runtime Verification Tools

Many runtime verification tools for the Java virtual machine rely on aspect-oriented programming, particularly on AspectJ, to weave the verification logic into the observed program. However, AspectJ imposes several limitations on the verification tools, such as a restricted join point model and the inability of weaving certain classes, particularly the Java and Android class libraries. In this paper, we show that our domain-specific aspect language DiSL can overcome these limitations. While offering a programming model akin to AspectJ, DiSL features an extensible join point model and ensures weaving with complete bytecode coverage for Java and Android. We present a new compiler that translates runtime-verification aspects written in AspectJ to DiSL. Hence, it is possible to use existing, unmodified runtime verification tools on top of the DiSL framework to bypass the limitations of AspectJ. As a case study, we show that the AspectJ-based runtime verification tool JavaMOP significantly benefits from the automated translation of AspectJ to DiSL code, gaining increased code coverage. Thanks to DiSL, JavaMOP analyses are able to unveil violations in the Java class library that cannot be detected when using AspectJ.

Custom full-coverage dynamic program analysis for Android

Dynamic analysis tools often perform instrumentation via interfaces that are implementation-specific, so are not supported by alternative implementations of a given source language. The Android mobile platform is one example: its Dalvik virtual machine executes an alternative, register-based bytecode, and lacks debugging and instrumentation interfaces that Java analysis developers rely upon. In this demonstration, we present a framework for dynamic program analysis development on Android, based on the existing ShadowVM framework for Java. By re-creating the latters abstractions in the impoverished Android environment, it offers a high-level programming interface, load-time instrumentation, full bytecode coverage, and strong isolation, thereby avoiding common problems suffered by existing dynamic analyses on Android (offline-only instrumentation, lack of support for dynamic loading, and risk of unsound results owing to gaps in coverage). We will demonstrate our system with an Android-specific network traffic analysis, deployed on both an ARM/Intel-based emulator and a real device.

Comprehensive multi-platform dynamic program analysis for the Java and Dalvik virtual machines

Despite its importance for many software engineering tasks, dynamic program analysis is only insufficiently supported on the Java platform [2]. Existing Java Virtual Machines (JVMs) as well as Androids Dalvik Virtual Machine (DVM) lack dedicated mechanisms for expressing arbitrary dynamic program analysis tasks at a high abstraction level, for ensuring complete code coverage of the analysis, and for isolating analysis tasks from the observed program to prevent interference. For example, the JVM Tool Interface requires analysis tasks to be written in low-level native code, and some virtual machines (e.g., DVM) do not support it. As a consequence, dynamic program analysis tools are often implemented using low-level mechanisms, resulting in error-prone code that is difficult to maintain, and support only a particular virtual machine. Moreover, many analysis tools produce unsound profiles (due to interference of the analysis with the observed program) or incomplete profiles (due to limited code coverage). We present a novel dynamic program analysis framework that offers high-level abstractions for comprehensive, multi-platform analysis for the JVM and DVM. Our framework ensures complete bytecode coverage and isolates the execution of the analysis code from the observed program. It is based on the concepts developed for DiSL [4], ShadowVM [3], and FRANC [1]. The domain-specific aspect language DiSL is used to specify the events of interest for an analysis. The events captured during program execution are transmitted to the ShadowVM, where the user-defined analysis code processes the events. Different event-ordering semantics are supported, avoiding synchronization for analyses that do not require global event ordering across all threads. In addition to events specified by DiSL code, our framework also generates lifecycle events and inter-process communication events. The latter is particularly important for the analysis of Android applications, as they typically involve multiple processes. Several state-of-the-art analysis tools have already been ported to our framework, including code coverage testing tools, calling-context profilers, and object liftetime profilers.

ADRENALIN-RV: Android Runtime Verification Using Load-Time Weaving

Android has become one of the most popular operating systems for mobile devices. As the number of applications for the Android ecosystem grows, so is their complexity, increasing the need for runtime verification on the Android platform. Unfortunately, despite the presence of several runtime verification frameworks for Java bytecode, DEX bytecode used in Android does not benefit from such a wide support. While a few runtime verification tools support applications developed for Android, such tools offer only limited bytecode coverage and may not be able to detect property violations in certain classes. In this paper, we show that ADRENALIN-RV, our new runtime verification tool for Android, overcomes this limitation. In contrast to other frameworks, ADRENALIN-RV weaves monitoring code at load time and is able to instrument all loaded classes. In addition to the default classes inside the application package (APK), ADRENALIN-RV covers both the Android class library and libraries dynamically loaded from the storage, network, or generated dynamically, which related tools cannot verify. Evaluation results demonstrate the increased code coverage of ADRENALIN-RV with respect to other runtime validation tools for Android. Thanks to ADRENALIN-RV, we were able to detect violations that cannot be detected by other tools.