blog.babaks.com
Babak Salamat's Research Blog: November 2007
http://blog.babaks.com/2007_11_01_archive.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Low-overhead access to the memory space of a trace. Thursday, November 15, 2007. Low-overhead access to the memory space of a traced process, part II. And then runs a given executable inside the child. The communication pipes are created after the child is spawned and before executing the executable. To keep the pipes open after the execution, the monitor uses execve. To start the execution. Writing to the process' memory i...
blog.babaks.com
Babak Salamat's Research Blog: November 2008
http://blog.babaks.com/2008_11_01_archive.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Dealing with Asynchronous Signal Delivery in Multi. Tuesday, November 11, 2008. Dealing with Asynchronous Signal Delivery in Multi-Variant Execution. The following flowchart depicts the algorithm that removes false-positives caused by asynchronous signal delivery in multi-variant environments (Click for larger picture). One could call this method "semi-synchronous signal delivery". Subscribe to: Posts (Atom).
blog.babaks.com
Babak Salamat's Research Blog: August 2007
http://blog.babaks.com/2007_08_01_archive.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Friday, August 31, 2007. After running the benchmarks compiled using llvm-gcc and making sure that the technique was working, it was time to modify gcc. In order to take advantage of gcc's optimizations, I changed my strategy a little bit and modified the RTL. One of the instructions in x86 which is difficult to transform for upward growing stack, is RET 16-bit Integer. Instruction, the value that the RET. A solution to thi...
blog.babaks.com
Babak Salamat's Research Blog: January 2008
http://blog.babaks.com/2008_01_01_archive.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Signal Handling in Reverse Stack Executables. Thursday, January 31, 2008. System calls that create child processes, such as fork. We solved the problem by letting the parent thread start monitoring the new child processes until they invoke the first system call. At this point, the parent thread saves the system call and its arguments and replaces it by sigsuspend. We block all the signals using sigsuspend. And get suspended...
blog.babaks.com
Babak Salamat's Research Blog: March 2008
http://blog.babaks.com/2008_03_01_archive.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Running User Mode Linux - Part I. Wednesday, March 26, 2008. Tuesday, March 18, 2008. Running User Mode Linux - Part I. Recently, I have been trying to run User Mode Linux (UML) on our monitor. Running UML is very challenging, because it performs many low level operations that need special handling. For example, UML reads CPU Time Stamp Counters. Reading these counters is done at user-level (using rdtsc. Another challenge w...
blog.babaks.com
Babak Salamat's Research Blog: February 2008
http://blog.babaks.com/2008_02_01_archive.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Sending Signals in The Multi-Variant Execution Sys. Thursday, February 7, 2008. Sending Signals in The Multi-Variant Execution System. As mentioned in the previous posts, multi-variant execution must be transparent to the variants. Also as mentioned previously, the variants must call the same system calls with equal or equivalent arguments. The system calls which obtain the process ID (PID) of a running process ( getpid.
blog.babaks.com
Babak Salamat's Research Blog: Low-overhead access to the memory space of a traced process, Part IV
http://blog.babaks.com/2009/02/low-overhead-access-to-memory-space-of.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Low-overhead access to the memory space of a trace. Thursday, February 5, 2009. Low-overhead access to the memory space of a traced process, Part IV. Low-overhead access to the memory space of a traced process is a major challenge when using a user-space tracer. I have devoted a few posts. Evaluating performance of shared memory versus FIFOs versus ptrace. When transferring a 128KB buffer. March 7, 2009 at 2:31 AM. I have a...
blog.babaks.com
Babak Salamat's Research Blog: The Project
http://blog.babaks.com/2007/08/my-project.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Wednesday, August 29, 2007. I am trying to build a multi-variant execution environment which runs multiple variants of a single program on different processors/cores and monitors their outputs. Any divergence among the outputs raises an exception and interrupts the execution. The goal of this system is to make programs resilient against malware (viruses, internet worms, etc.). Subscribe to: Post Comments (Atom).
blog.babaks.com
Babak Salamat's Research Blog: Running User Mode Linux - Part I
http://blog.babaks.com/2008/03/running-user-mode-linux-part-i.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Running User Mode Linux - Part I. Tuesday, March 18, 2008. Running User Mode Linux - Part I. Recently, I have been trying to run User Mode Linux (UML) on our monitor. Running UML is very challenging, because it performs many low level operations that need special handling. For example, UML reads CPU Time Stamp Counters. Reading these counters is done at user-level (using rdtsc. Another challenge when running UML is supporti...
blog.babaks.com
Babak Salamat's Research Blog: Low-overhead access to the memory space of a traced process, Part III
http://blog.babaks.com/2008/05/low-overhead-access-to-memory-space-of.html
Babak Salamat's Research Blog. My notes about challenges that I face in research. Low-overhead access to the memory space of a trace. Monday, May 12, 2008. Low-overhead access to the memory space of a traced process, Part III. I addressed low overhead access to the memory space of a traced process in a previous post. We measured the performance of FIFOs versus ptrace. And observed that for buffer sizes of 160 bytes or smaller, using ptrace. Takes 16 times as much as it takes using FIFOs. If you're on a m...