Compiler assisted tracking of hacker assaults

Research output: Contribution to conferencePaper

2 Citations (Scopus)

Abstract

An ever-growing number of cyber attacks are made via network connections on open source software written in C or C++. Such software includes the popular Apache web server, various DHCP servers, etc. These attacks take advantage of flaws inadvertently left in software systems due to a lack of complete testing. Public domain tools such as "gcov" allow a software engineer to assure that each line of code has been executed and tested. These tools operate in a "batch" mode, first collecting statistics, then later displaying the program coverage. This paper presents a new approach to software coverage modifications have been made to the GCC compilers for C and C++, which allow for an execution-time monitoring facility. The program software is compiled with this "instrumentation". As the program executes, information is gathered concerning the execution of the source code. This information can be saved to a file for later processing (as in "gcov") or can be examined while the program executes. This "instrumenting compiler" is used for software which is run in a controlled environment as attacks are made. The call tree and execution trace of the software under test are examined as the hacker assault progresses. This paper outlines the techniques used to modify the internal representations of the GCC compilers to allow this instrumentation. The compiler uses an internal representation called RTX. Additional calls to the instrumentation functions are automatically generated in RTX prior to emitting assembly language output. The paper addresses the techniques for locating the instrumentation points, avoiding problems when software is compiled with optimization, and presents a sample case of open software being instrumented. The latter demonstrates the output formats and shows an example of an attack on an open source program.

Original languageEnglish (US)
Pages143-151
Number of pages9
StatePublished - Jan 1 2006
EventInternational Conference on i-Warfare and Security, ICIW 2006 - Eastern Shore, United States
Duration: Mar 15 2006Mar 16 2006

Conference

ConferenceInternational Conference on i-Warfare and Security, ICIW 2006
CountryUnited States
CityEastern Shore
Period3/15/063/16/06

Fingerprint

Servers
Statistics
Engineers
Defects
Monitoring
Testing
Processing
Open source software

Keywords

  • C
  • Compilation
  • Hacker
  • Instrumentation
  • Internal representation
  • Open source
  • RTX

ASJC Scopus subject areas

  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this

Mahoney, W. (2006). Compiler assisted tracking of hacker assaults. 143-151. Paper presented at International Conference on i-Warfare and Security, ICIW 2006, Eastern Shore, United States.

Compiler assisted tracking of hacker assaults. / Mahoney, William.

2006. 143-151 Paper presented at International Conference on i-Warfare and Security, ICIW 2006, Eastern Shore, United States.

Research output: Contribution to conferencePaper

Mahoney, W 2006, 'Compiler assisted tracking of hacker assaults' Paper presented at International Conference on i-Warfare and Security, ICIW 2006, Eastern Shore, United States, 3/15/06 - 3/16/06, pp. 143-151.
Mahoney W. Compiler assisted tracking of hacker assaults. 2006. Paper presented at International Conference on i-Warfare and Security, ICIW 2006, Eastern Shore, United States.
Mahoney, William. / Compiler assisted tracking of hacker assaults. Paper presented at International Conference on i-Warfare and Security, ICIW 2006, Eastern Shore, United States.9 p.
@conference{c8f015f353f54640a243ac51f28bdec7,
title = "Compiler assisted tracking of hacker assaults",
abstract = "An ever-growing number of cyber attacks are made via network connections on open source software written in C or C++. Such software includes the popular Apache web server, various DHCP servers, etc. These attacks take advantage of flaws inadvertently left in software systems due to a lack of complete testing. Public domain tools such as {"}gcov{"} allow a software engineer to assure that each line of code has been executed and tested. These tools operate in a {"}batch{"} mode, first collecting statistics, then later displaying the program coverage. This paper presents a new approach to software coverage modifications have been made to the GCC compilers for C and C++, which allow for an execution-time monitoring facility. The program software is compiled with this {"}instrumentation{"}. As the program executes, information is gathered concerning the execution of the source code. This information can be saved to a file for later processing (as in {"}gcov{"}) or can be examined while the program executes. This {"}instrumenting compiler{"} is used for software which is run in a controlled environment as attacks are made. The call tree and execution trace of the software under test are examined as the hacker assault progresses. This paper outlines the techniques used to modify the internal representations of the GCC compilers to allow this instrumentation. The compiler uses an internal representation called RTX. Additional calls to the instrumentation functions are automatically generated in RTX prior to emitting assembly language output. The paper addresses the techniques for locating the instrumentation points, avoiding problems when software is compiled with optimization, and presents a sample case of open software being instrumented. The latter demonstrates the output formats and shows an example of an attack on an open source program.",
keywords = "C, Compilation, Hacker, Instrumentation, Internal representation, Open source, RTX",
author = "William Mahoney",
year = "2006",
month = "1",
day = "1",
language = "English (US)",
pages = "143--151",
note = "International Conference on i-Warfare and Security, ICIW 2006 ; Conference date: 15-03-2006 Through 16-03-2006",

}

TY - CONF

T1 - Compiler assisted tracking of hacker assaults

AU - Mahoney, William

PY - 2006/1/1

Y1 - 2006/1/1

N2 - An ever-growing number of cyber attacks are made via network connections on open source software written in C or C++. Such software includes the popular Apache web server, various DHCP servers, etc. These attacks take advantage of flaws inadvertently left in software systems due to a lack of complete testing. Public domain tools such as "gcov" allow a software engineer to assure that each line of code has been executed and tested. These tools operate in a "batch" mode, first collecting statistics, then later displaying the program coverage. This paper presents a new approach to software coverage modifications have been made to the GCC compilers for C and C++, which allow for an execution-time monitoring facility. The program software is compiled with this "instrumentation". As the program executes, information is gathered concerning the execution of the source code. This information can be saved to a file for later processing (as in "gcov") or can be examined while the program executes. This "instrumenting compiler" is used for software which is run in a controlled environment as attacks are made. The call tree and execution trace of the software under test are examined as the hacker assault progresses. This paper outlines the techniques used to modify the internal representations of the GCC compilers to allow this instrumentation. The compiler uses an internal representation called RTX. Additional calls to the instrumentation functions are automatically generated in RTX prior to emitting assembly language output. The paper addresses the techniques for locating the instrumentation points, avoiding problems when software is compiled with optimization, and presents a sample case of open software being instrumented. The latter demonstrates the output formats and shows an example of an attack on an open source program.

AB - An ever-growing number of cyber attacks are made via network connections on open source software written in C or C++. Such software includes the popular Apache web server, various DHCP servers, etc. These attacks take advantage of flaws inadvertently left in software systems due to a lack of complete testing. Public domain tools such as "gcov" allow a software engineer to assure that each line of code has been executed and tested. These tools operate in a "batch" mode, first collecting statistics, then later displaying the program coverage. This paper presents a new approach to software coverage modifications have been made to the GCC compilers for C and C++, which allow for an execution-time monitoring facility. The program software is compiled with this "instrumentation". As the program executes, information is gathered concerning the execution of the source code. This information can be saved to a file for later processing (as in "gcov") or can be examined while the program executes. This "instrumenting compiler" is used for software which is run in a controlled environment as attacks are made. The call tree and execution trace of the software under test are examined as the hacker assault progresses. This paper outlines the techniques used to modify the internal representations of the GCC compilers to allow this instrumentation. The compiler uses an internal representation called RTX. Additional calls to the instrumentation functions are automatically generated in RTX prior to emitting assembly language output. The paper addresses the techniques for locating the instrumentation points, avoiding problems when software is compiled with optimization, and presents a sample case of open software being instrumented. The latter demonstrates the output formats and shows an example of an attack on an open source program.

KW - C

KW - Compilation

KW - Hacker

KW - Instrumentation

KW - Internal representation

KW - Open source

KW - RTX

UR - http://www.scopus.com/inward/record.url?scp=84896297483&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84896297483&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:84896297483

SP - 143

EP - 151

ER -