Program animation

About: Program animation is a research topic. Over the lifetime, 873 publications have been published within this topic receiving 16822 citations.

Randomized instruction set emulation to disrupt binary code injection attacks

Abstract: Binary code injection into an executing program is a common form of attack. Most current defenses against this form of attack use a 'guard all doors' strategy, trying to block the avenues by which execution can be diverted. We describe a complementary method of protection, which disrupts foreign code execution regardless of how the code is injected. A unique and private machine instruction set for each executing program would make it difficult for an outsider to design binary attack code against that program and impossible to use the same binary attack code against multiple machines. As a proof of concept, we describe a randomized instruction set emulator (RISE), based on the open-source Valgrind x86-to-x86 binary translator. The prototype disrupts binary code injection attacks against a program without requiring its recompilation, linking, or access to source code. The paper describes the RISE implementation and its limitations, gives evidence demonstrating that RISE defeats common attacks, considers how the dense x86 instruction set affects the method, and discusses potential extensions of the idea.

Method of controlling the copying of software

Abstract: An authorized user of the program is allowed to make any number of backup copies of a computer program and to execute each such backup copy on the same authorized machine, but is inhibited from executing either the original or any copy thereof on any other machine. The method is implemented by including a control program with the application program to be copy controlled, which control program causes an interaction and registration of the program during initialization of the program with a central computer. The method includes generating a configuration code based on the configuration of the user's computer and the communication of the configuration code to the central computer. The central computer thereafter generates a permission code based on the communicated configuration code and communicates the permission code back to the user. The permission code is then entered into the user's computer and stored as a part of the control program. Prior to each subsequent execution of the program, a recalculation of the permission code is made by the control program and a comparison of the recalculated and the stored permission codes allows further execution of the program. The configuration code may include special data unique to the user's authorized computer and the recalculation of the permission code may be enabled only by data supplied by the central computers generated permission code. Further, self destruct code may be included in the control code to avoid tampering with the copy control scheme.

Debugging with dynamic slicing and backtracking

Abstract: Programmers spend considerable time debugging code. Symbolic debuggers provide some help but the task remains complex and difficult. Other than breakpoints and tracing, these tools provide little high-level help. Programmers must perform many tasks manually that the tools could perform automatically, such as finding which statements in the program affect the value of an output variable for a given test case, and what was the value of a given variable when the control last reached a given program location. If debugging tools provided explicit support for these tasks, the debugging process could be automated to a significant extent. In this paper we present a debugging model, based on dynamic program slicing and execution backtracking techniques, that easily lends itself to automation. This model is based on experience with using these techniques to debug software. We also present a prototype debugging tool, SPYDER, that explicitly supports the proposed model, and with which we are performing further debugging research.

Reprogrammable subscriber terminal

Abstract: A reprogrammable subscriber terminal of a subscription television service which can have the control program code of its control processor modified by downloading new program code from the headend. The control processor stores a boot program in an internal read only memory. Upon start up and resets, the boot program determines whether the control program should be changed from a command sent from the headend. The command, termed a parameters transactions, includes the number of expected download program code transactions required to complete the control code modification, the memory space areas where the code is to be loaded, and the channel over which the download program code transactions are to be transmitted. The channel is tuned and when the boot program receives all the download program code transactions accurately and stores them, the boot program will cause the control program to be restarted at a selected address of the new or modified control program code which has been downloaded. The boot program may download code to different configurations of subscriber terminals including those with Flash EPROM or extended memories from plug-in expansion modules.

Framework for instruction-level tracing and analysis of program executions

Abstract: Program execution traces provide the most intimate details of a program's dynamic behavior. They can be used for program optimization, failure diagnosis, collecting software metrics like coverage, test prioritization, etc. Two major obstacles to exploiting the full potential of information they provide are: (i) performance overhead while collecting traces, and (ii) significant size of traces even for short execution scenarios. Reducing information output in an execution trace can reduce both performance overhead and the size of traces. However, the applicability of such traces is limited to a particular task. We present a runtime framework with a goal of collecting a complete, machine- and task-independent, user-mode trace of a program's execution that can be re-simulated deterministically with full fidelity down to the instruction level. The framework has reasonable runtime overhead and by using a novel compression scheme, we significantly reduce the size of traces. Our framework enables building a wide variety of tools for understanding program behavior. As examples of the applicability of our framework, we present a program analysis and a data locality profiling tool. Our program analysis tool is a time travel debugger that enables a developer to debug in both forward and backward direction over an execution trace with nearly all information available as in a regular debugging session. Our profiling tool has been used to improve data locality and reduce the dynamic working sets of real world applications.