A few billion lines of code later

Bessey, Al; Block, Ken; Chelf, Ben; Chou, Andy; Fulton, Bryan; Hallem, Seth; Henri-Gros, Charles; Kamsky, Asya; McPeak, Scott; Engler, Dawson

doi:10.1145/1646353.1646374

Cited by 473 publications

(48 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This exploit, reported as CVE-2014-0659 5 and sourced from the Metasploit Framework, attacks undocumented and badly-designed features of the scfgmgr service to remotely dump system configuration variables from NVRAM and obtain a shell. Public documentation for this vulnerability suggests that, as of 2015-01-28, it was known to affect firmware for networking devices manufactured by Cisco, Linksys, Netgear, and a variety of smaller vendors.…”

Section: ) Sercomm Configuration Dump (#47)mentioning

confidence: 99%

“…While this approach scales to thousands of firmware images, it suffers from the classic trade-offs of static analysis. Namely, either the analysis is very generic and produces a large number of false positives [5], or the analysis is too specific and results in many false negatives. Additionally, static analysis techniques based on program analysis usually target a specific problem domain, such as the C, PHP, or Java programming language, or alternatively binary code.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

Chen

Egele

Woo

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

258

184

View full text Add to dashboard Cite

Abstract-Commercial-off-the-shelf (COTS) network-enabled embedded devices are usually controlled by vendor firmware to perform integral functions in our daily lives. For example, wireless home routers are often the first and only line of defense that separates a home user's personal computing and information devices from the Internet. Such a vital and privileged position in the user's network requires that these devices operate securely. Unfortunately, recent research and anecdotal evidence suggest that such security assumptions are not at all upheld by the devices deployed around the world.A first step to assess the security of such embedded device firmware is the accurate identification of vulnerabilities. However, the market offers a large variety of these embedded devices, which severely impacts the scalability of existing approaches in this area. In this paper, we present FIRMADYNE, the first automated dynamic analysis system that specifically targets Linuxbased firmware on network-connected COTS devices in a scalable manner. We identify a series of challenges inherent to the dynamic analysis of COTS firmware, and discuss how our design decisions address them. At its core, FIRMADYNE relies on software-based full system emulation with an instrumented kernel to achieve the scalability necessary to analyze thousands of firmware binaries automatically.We evaluate FIRMADYNE on a real-world dataset of 23,035 firmware images across 42 device vendors gathered by our system. Using a sample of 74 exploits on the 9,486 firmware images that our system can successfully extract, we discover that 887 firmware images spanning at least 89 distinct products are vulnerable to one or more of the sampled exploit(s). This includes 14 previouslyunknown vulnerabilities that were discovered with the aid of our framework, which affect 69 firmware images spanning at least 12 distinct products. Furthermore, our results show that 11 of our tested attacks affect firmware images from more than one vendor, suggesting that code-sharing and common upstream manufacturers (OEMs) are quite prevalent.

show abstract

Section: ) Sercomm Configuration Dump (#47)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

Chen

Egele

Woo

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

258

184

View full text Add to dashboard Cite

show abstract

“…Developers build trust with analysis tools, and this trust is quickly lost if they do not understand the tool's output [8]. We also have found (by examining bug reports filed against analyzers) that many analysis results have confusingly worded messages; this is typically an easy problem to fix.…”

Section: Make Data-driven Usability Improvementsmentioning

confidence: 99%

Tricorder: Building a Program Analysis Ecosystem

Sadowski

Gogh

Jaspan

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

135

143

View full text Add to dashboard Cite

Abstract-Static analysis tools help developers find bugs, improve code readability, and ensure consistent style across a project. However, these tools can be difficult to smoothly integrate with each other and into the developer workflow, particularly when scaling to large codebases. We present TRICORDER, a program analysis platform aimed at building a data-driven ecosystem around program analysis. We present a set of guiding principles for our program analysis tools and a scalable architecture for an analysis platform implementing these principles. We include an empirical, in-situ evaluation of the tool as it is used by developers across Google that shows the usefulness and impact of the platform.

show abstract

“…• Static code analysis using Coverity [12] • Dynamic code analysis using Valgrind, AddressSanitizer [13] and UndefinedBehaviorSanitizer [14] • Regular CPU timing measurements on dedicated machines similar to the HLT farm nodes • Profile-guided optimisation using Callgrind [15] and GOoDA [16] …”

Section: Profiling and Validationmentioning

confidence: 99%

Performance and development plans for the Inner Detector trigger algorithms at ATLAS

Martin–Haugh

2015

J. Phys.: Conf. Ser.

View full text Add to dashboard Cite

Abstract. A description of the design and performance of the newly re-implemented tracking algorithms for the ATLAS trigger for LHC Run 2, to commence in spring 2015, is presented. The ATLAS High Level Trigger (HLT) has been restructured to run as a more flexible single stage process, rather than the two separate Level 2 and Event Filter stages used during Run 1. To make optimal use of this new scenario, a new tracking strategy has been implemented for Run 2. This new strategy will use a FastTrackFinder algorithm to directly seed the subsequent Precision Tracking, and will result in improved track parameter resolution and significantly faster execution times than achieved during Run 1 and with better efficiency. The timings of the algorithms for electron and tau track triggers are presented. The profiling infrastructure, constructed to provide prompt feedback from the optimisation, is described, including the methods used to monitor the relative performance improvements as the code evolves. The online deployment and commissioning are also discussed.

show abstract

A few billion lines of code later

Abstract: How Coverity built a bug-finding tool, and a business, around the unlimited supply of bugs in software systems.

Cited by 473 publications

References 8 publications

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

Towards Automated Dynamic Analysis for Linux-based Embedded Firmware

Tricorder: Building a Program Analysis Ecosystem

Performance and development plans for the Inner Detector trigger algorithms at ATLAS

Contact Info

Product

Resources

About