Non-intrusive Code Coverage: How to Use ASSURED for Trace-based Debugging and Runtime Analysis

The complexity of today’s applications presents many new challenges for developers and security engineers, especially with regards to efficient mechanisms to verify software and device integrity for detecting runtime modifications. Recall the latest trend in the attack vectors, as documented by the Open Web Application Security Project (OWASP), where an updated ranking list of Common Vulnerabilities and Exposures (CVEs) was put forth: It is apparent that memory-related vulnerabilities are becoming more prevalent and lucrative targets to be exploited by adversaries for launching software-based attacks against deployed devices. Such attacks can range from the exploitation of loopholes due to security misconfiguration and insecure system design to vulnerable & outdated components and cryptographic failures. The common denominator in all such cases is the lack of appropriate security hardening across any part of the application stack: from the secure boot of a system (based on secure, certified, and tested software) to the run-time detection of software and data integrity failures through efficient and effective trustworthiness control design. 

In this context, there is a lot of work on remote attestation enablers for providing enhanced operational assurance and functional safety of the entire “Systems-of-Systems” for checking and assuring the integrity and execution correctness of the deployed safety-critical CPSoS. This defense mechanism enables the safeguarding of both the software and hardware layers covering all phases of devices’ execution: from the trusted boot and integrity measurement of a CPS, enabling the generation of static, boot-time, or load-time evidence of the system’s components correct configuration (Configuration Integrity Verification (CIV)), to the runtime behavioral attestation of those safety-critical components of a system providing strong guarantees on the correctness of the control- and information-flow properties, thus, enhancing the performance and scalability when composing secure systems from potentially insecure components.

However, most of the existing families of such attestation solutions suffer from the lack of software-based mechanisms for the efficient extraction of rigid system information traces. This limits their applicability to only those cyber-physical systems with the necessary amount of resources for being able to perform detailed code analysis or equipped with additional hardware support. Unfortunately, this approach does not capture the real-time constraints of emerging attestation security enablers that require a detailed dynamic tracing of properties stemming from diverse levels of a system’s architecture: kernel shared libraries, low-level code, etc. resulting in an in-depth investigation of the systems behavior and execution flow towards detecting any cheating attempts or if any type of (non-previously identified) exploits are resident to the memory.

Compounding this issue, ASSURED invites you to its third webinar focusing on the design of a mixture of software- and hardware-based device introspection techniques leveraging mechanisms like Dynamic Binary Re-writing and Coresight. All produced mechanisms enable code coverage in situations where other code coverage tools reach their limit:

• Where code instrumentation is not allowed anymore;
• Where the code is optimized by the compiler, and
• When tracing is needed without affecting the runtime behavior of an application.

The webinar will be held remotely on Tuesday, June 20^th between 10:30 – 12:30 CEST with the help of Ubitech and NVIDIA.

AGENDA