Address space layout randomization (ASLR) can hide code addresses, which has been widely adopted by security solutions. However, code probes can bypass it. In real attack scenarios, a single code probe can only obtain...
详细信息
Address space layout randomization (ASLR) can hide code addresses, which has been widely adopted by security solutions. However, code probes can bypass it. In real attack scenarios, a single code probe can only obtain very limited code information instead of the information of the entire code segment. So, randomizing the entire code segment is unnecessary. How to minimize the size of the randomized object is a key to reducing the complexity and overhead for ASLR methods. Moreover, ASLR needs to be completed between the time after code probe occurs and before the probed code is used by attackers, otherwise it is meaningless. How to select an appropriate randomization time point is a basic condition for achieving effective address hiding. In this paper, we propose a runtime partial randomization method RandFun. It only randomizes the probed function with parallel threads. And the randomization is performed when and only when potential code probes are detected. In addition, RandFun can protect the probed code from being used as gadgets, whether during or after randomization. Experiments and analysis show RandFun has a good defense effect on code probes and only introduces 1.6% overhead to CPU.
Trusted Execution Environments (TEEs) such as Intel SGX are becoming a commonplace for the security in server processors. Intel SGX provides the guarantees of confidentiality, integrity and replay attack protection fo...
详细信息
Trusted Execution Environments (TEEs) such as Intel SGX are becoming a commonplace for the security in server processors. Intel SGX provides the guarantees of confidentiality, integrity and replay attack protection for a specific region of memory. However, the downside of it is the performance bottleneck due to the context switching overhead and the page faults for the larger memory footprint applications. In this article, we propose a scheme SGXFault which ensures for major part of the execution, the pages are available in the secure memory when needed. We do this decision at the last level cache (LLC) by locking the blocks of the frequent pages to the LLC using Cache Lockdown mechanism. In addition to this, we do a page-level prediction based prefetching when there is a miss in the LLC. Using the combination of both the approaches, we are able to outperform baseline Intel SGX and recent competing scheme by around 18.6% and 17.8% respectively.
Malware poses a significant threat to organizations, necessitating robust countermeasures. One such measure involves attributing malware to its respective Advanced Persistent Threat (APT) group, which serves several p...
详细信息
Malware poses a significant threat to organizations, necessitating robust countermeasures. One such measure involves attributing malware to its respective Advanced Persistent Threat (APT) group, which serves several purposes, two of the most important ones are: aiding in incident response and facilitating legal recourse. Recent years have witnessed a surge in research efforts aimed at refining methods for attributing malware to specific threat groups. These endeavors have leveraged a variety of machine learning and deep learning techniques, alongside diverse features extracted from malware binary files, to develop attribution systems. Despite these advancements, the field continues to beckon further investigation to enhance attribution methodologies. The basis of developing an effective attribution systems is to benefit from a rich dataset. Previous studies in this domain have meticulously detailed the process of model training and evaluation using distinct datasets, each characterized by unique strengths, weaknesses, and varying number of samples. In this paper, we scrutinize previous datasets from several perspectives while focusing on analyzing our dataset, which we claim is the most comprehensive in the realm of malware attribution. This dataset encompasses 64,440 malware samples attributed to 22 APT groups and spans a minimum of 40 malware families. The samples in the dataset span the years 2020 to 2024, and their developer APT groups originate from Russia, South Korea, China, USA, Nigeria, North Korea, Pakistan and Belarus. Its richness and breadth render it invaluable for future research endeavors in the field of malware attribution.
High-level synthesis (HLS) has democratized field programmable gate arrays (FPGAs) by enabling high-level device programmability and rapid microarchitecture customization through the use of directives. Nevertheless, t...
详细信息
High-level synthesis (HLS) has democratized field programmable gate arrays (FPGAs) by enabling high-level device programmability and rapid microarchitecture customization through the use of directives. Nevertheless, the manual selection of the appropriate directives, i.e., the annotations included in the high-level source code to instruct the synthesis process, is a difficult task for programmers without a hardware background. In this letter, we present CollectiveHLS, an ultrafast knowledge-based HLS design optimization method that automatically extracts the most promising directive configurations and applies them to the original source code. The proposed optimization scheme is a fully data-driven approach for generalized HLS tuning, as it is not based on quality of result models or meta-heuristics. We design, implement, and evaluate our method with more than 100 applications of Machsuite, Rodinia, and GitHub on a ZCU104 FPGA. We achieve an average geometric mean speedup of x14.1 and x10.5 compared to the unoptimized, i.e., without HLS directives and optimized designs, a high design feasibility score, and an average inference latency of 38 ms.
Large Language Models (LLMs) have grown in popularity in recent years and are now employed in a variety of software engineering domains thanks to their Natural Language Processing (NLP) capabilities, which include sou...
详细信息
Large Language Models (LLMs) have grown in popularity in recent years and are now employed in a variety of software engineering domains thanks to their Natural Language Processing (NLP) capabilities, which include source code generation, understanding, and documentation. Selecting the appropriate model for source code generation presents a problem to developers as more and more powerful LLMs become available. While some studies have evaluated Copilot or ChatGPT, there is a lack of research on how developers can choose from available LLMs, which is a key factor in the growing set of available models and services. It is crucial to know if a model is capable of generating useful source code that meets the quality requirements and if the developers will be able to use the generated code. Regarding these factors, one has to decide which model to utilize during everyday tasks. This paper shows a methodology to compare such models by demonstrating an actual comparison of two models. Subsequently, we investigated the functional and non-functional qualities of the code synthesized by the models on a program synthesis benchmark containing 25 tasks. On average, the functional testing shows that ChatGPT generated 17 perfect solutions, while Copilot could only solve 13. The non-functional analysis reflected that both models generated good quality code, however, both have characteristic code smells. Our evaluation shows that ChatGPT performs better using this methodology, which is supported by human reviewers who evaluated the generated code by hand.
Software developers spend a significant portion of time fixing bugs in their projects. To streamline this process, bug localization approaches have been proposed to identify the source code files that are likely respo...
详细信息
Software developers spend a significant portion of time fixing bugs in their projects. To streamline this process, bug localization approaches have been proposed to identify the source code files that are likely responsible for a particular bug. Prior work proposed several similarity-based machine-learning techniques for bug localization. Despite significant advances in these techniques, they do not directly optimize the evaluation measures. We argue that directly optimizing evaluation measures can positively contribute to the performance of bug localization approaches. Therefore, in this paper, we utilize Reinforcement Learning (RL) techniques to directly optimize the ranking metrics. We propose RLocator, a Reinforcement Learning-based bug localization approach. We formulate RLocator using a Markov Decision Process (MDP) to optimize the evaluation measures directly. We present the technique and experimentally evaluate it based on a benchmark dataset of 8,316 bug reports from six highly popular Apache projects. The results of our evaluation reveal that RLocator achieves a Mean Reciprocal Rank (MRR) of 0.62, a Mean Average Precision (MAP) of 0.59, and a Top 1 score of 0.46. We compare RLocator with three state-of-the-art bug localization tools, FLIM, BugLocator, and BL-GAN. Our evaluation reveals that RLocator outperforms both approaches by a substantial margin, with improvements of 38.3% in MAP, 36.73% in MRR, and 23.68% in the Top K metric. These findings highlight that directly optimizing evaluation measures considerably contributes to performance improvement of the bug localization problem.
Open source component libraries are widely used in software development. However, vulnerabilities of these components can threaten software security as they spread. Therefore, the industry commonly uses Software Compo...
详细信息
Open source component libraries are widely used in software development. However, vulnerabilities of these components can threaten software security as they spread. Therefore, the industry commonly uses Software Composition Analysis (SCA) technology to detect the security of open source components in software. However, due to the low effectiveness of feature selection and the difficulty of precise feature extraction from open source component libraries, the accuracy of component analysis is not high. In this paper, we propose a feature extraction method for open source component libraries of binary programs based on fingerprint analysis. The fingerprint library is constructed based on 30,000 open source projects on the GitHub platform. It is proposed to use exported function fingerprint analysis, binary compilation fingerprint analysis, source code strings, etc. to extract the component library. With the fingerprint, we achieved precise positioning of the open source component library of binary programs, and developed the prototype tool Csrcc Sca, which achieved remarkable results by testing and evaluating 164 firmware packages related to intelligent connected vehicle. In terms of component version identification of component software packages, an accuracy rate of up to 96.81% was achieved;in terms of component layout identification of firmware packages, the accuracy rate also reached 83.33%.
As an important outcome of complex IT systems in operation, logs provide valuable information for system operation and maintenance. Log event (or template) extraction plays a vital role in log analysis, as its accurac...
详细信息
As an important outcome of complex IT systems in operation, logs provide valuable information for system operation and maintenance. Log event (or template) extraction plays a vital role in log analysis, as its accuracy significantly impacts follow-up tasks such as log anomaly detection and event pattern discovery. Despite achieving high accuracy on specific system logs, existing log event extraction approaches still struggle with low accuracy and instability when handling logs from heterogeneous systems or logs with variable-length parameters. To address these issues, this paper proposes LogTransformer, an online event extraction approach based on a tree structure. A tree-based log content parsing approach is proposed to perform log event extraction by comparing the similarity between a log tree representing an incoming log message and an event tree representing a specific log template. Extensive experiments are conducted on sixteen benchmark log datasets to evaluate the effectiveness, robustness, and efficiency of the proposed approach. The experimental results demonstrate that an average accuracy exceeds 90%, surpassing the state-of-the-art online log parser, Drain.
Compiler is a tool that converts the high-level language into assembly code after enabling relevant optimizations. The automatic selection of suitable optimizations from an ample optimization space is a non-trivial ta...
详细信息
Compiler is a tool that converts the high-level language into assembly code after enabling relevant optimizations. The automatic selection of suitable optimizations from an ample optimization space is a non-trivial task mainly accomplished through hardware profiling and application-level features. These features are then passed through an intelligent algorithm to predict the desired optimizations. However, collecting these features requires executing the application beforehand, which involves high overheads. With the evolution of Natural Language Processing (NLP), the performance of an application can be solely predicted at compile time via source code analysis. There has been substantial work in source code analysis using NLP, but most of it is focused on offloading the computation to suitable devices or detecting code vulnerabilities. Therefore, it has yet to be used to identify the best optimization sequence for an application. Similarly, most works have focused on finding the best machine learning or deep learning algorithms, hence ignoring the other important phases of the NLP pipeline. This paper pioneers the use of NLP to predict the best set of optimizations for a given application at compile time. Furthermore, this paper uniquely studies the impact of four vectorization and seven regression techniques in predicting the application performance. For most applications, we show that tfidf vectorization and huber regression result in the best outcomes. On average, the proposed technique predicts the optimal optimization sequence with a performance drop of 18%, achieving a minimum drop of merely 0.5% compared to the actual best combination.
暂无评论