1 / 22

Mango: Performance and Vulnerability Detection Potential

Mango: Performance and Vulnerability Detection Potential. Frank Rimlinger Information Assurance Directorate National Security Agency http:// babelfish.arc.nasa.gov / trac / jpf /wiki/projects/ jpf -mango. Summary. Mango formal models for 5 Android apps

pavel
Download Presentation

Mango: Performance and Vulnerability Detection Potential

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mango: Performance and Vulnerability Detection Potential Frank Rimlinger Information Assurance Directorate National Security Agency http://babelfish.arc.nasa.gov/trac/jpf/wiki/projects/jpf-mango

  2. Summary • Mango formal models for 5 Android apps • Eclipse package explorer, Mango preferences • Project, Auto and Approx • Mango model build performance data. • Case exhaustion • Testing • Anatomy of the “resource not closed” vulnerability • All dressed up, nowhere to go.

  3. Side-markers show Mango model

  4. Loop side-markers are grey

  5. Formal model artifacts

  6. Artifact: piece of a giant puzzleFit together, make useful inferences

  7. Package Explorer and preferences

  8. Package explorer and preferences • Project X, say SampleSyncAdapter. • XAuto:SampleSyncAdapterAuto-contains Java declarations for non-source, like android.jar code. • XApprox: contains user generated declarations for “hidden code”. • XApprox: contains user generated code approximations

  9. The “admin user” has already created approximations for system level code

  10. Elaborate mechanism for resolving references, with possible user assist

  11. Auto-generated native source declarationstype only model

  12. Case study: user intervention to avoid “formal heap blow-out”

  13. The user generated approximation

  14. Mango by the numbers LOCLINK SPECIFY Native #Methods Min Auto User BluetoothHDP 534 70 0 86 4 JetBoy 868 59 4(2) 72 8* NotePad 968 117 11(4) 79 9 RandomMusicPlayer 988 89 0 112 12 SampleSyncAdapter 1786 151 3(2) 170 19 FirstYearCode 2700 2 0 163 104** Total 7844 682 156 (Mango) 198000 *requires abstraction of source code constructor: com.example.android.jetboy$JetBoyThread(SurfaceHoldersurfaceHolder, Context context, Handler handler); due to excessive load on heap. **Most of this time is to handle deeply nested loops in test.firstYearCode.tictactoe

  15. Case Exhaust

  16. Outcome

  17. Forcing the close method through a bottle-neck

  18. Code to tell Mango to check the garbage for “closed” flag.

  19. “Good” test, should not fire vulnerability

  20. “Bad” test should fire vulnerability

  21. Vulnerability Hit

  22. Summary • Mango can build a formal model for a small (<10k loc) Eclipse project with minimal user assistance. • To detect a vulnerability, user must devise a strategy based on known, quantifiable properties (e.g. the “closed” flag). • Mango supports strategy implementation and vulnerability test fielding via symbolic simulation.

More Related