Debugging Parallel Programs with Instant Replay
IEEE Transactions on Computers
Programming in the 1990s: an introduction to the calculation of programs
Programming in the 1990s: an introduction to the calculation of programs
Hardware-assisted replay of multiprocessor programs
PADD '91 Proceedings of the 1991 ACM/ONR workshop on Parallel and distributed debugging
Replay for concurrent non-deterministic shared-memory applications
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
NStrace: a bus-driven instruction trace tool for PowerPC microprocessors
IBM Journal of Research and Development - Special issue: performance analysis and its impact on design
Avoiding exponential explosion: generating compact verification conditions
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamically Discovering Likely Program Invariants to Support Program Evolution
IEEE Transactions on Software Engineering - Special issue on 1999 international conference on software engineering
A Discipline of Programming
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Towards Automatic Generation of Vulnerability-Based Signatures
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Debugging operating systems with time-traveling virtual machines
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Flashback: a lightweight extension for rollback and deterministic replay for software debugging
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Monkey see, monkey do: a tool for TCP tracing and replaying
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Eudaemon: involuntary and on-demand emulation against zero-day exploits
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Advanced Network Fingerprinting
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Towards automatic reverse engineering of software security configurations
Proceedings of the 15th ACM conference on Computer and communications security
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
Online Network Forensics for Automatic Repair Validation
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Panalyst: privacy-aware remote error analysis on commodity software
SS'08 Proceedings of the 17th conference on Security symposium
Measuring channel capacity to distinguish undue influence
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Automated Behavioral Fingerprinting
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Traffic to protocol reverse engineering
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
On campus beta site: architecture designs, operational experience, and top product defects
IEEE Communications Magazine
ASAP: automatic semantics-aware analysis of network payloads
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
ACM Transactions on Information and System Security (TISSEC)
Linear obfuscation to combat symbolic execution
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Learning stateful models for network honeypots
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Automatic protocol reverse-engineering: Message format extraction and field semantics inference
Computer Networks: The International Journal of Computer and Telecommunications Networking
Large-Scale analysis of malware downloaders
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
ProVeX: detecting botnets with encrypted command and control channels
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
We address the problem of replaying an application dialog between two hosts. The ability to accurately replay application dialogs is useful in many security-oriented applications, such as replaying an exploit for forensic analysis or demonstrating an exploit to a third party.A central challenge in application dialog replay is that the dialog intended for the original host will likely not be accepted by another without modification. For example, the dialog may include or rely on state specific to the original host such as its hostname, a known cookie, etc. In such cases, a straight-forward byte-by-byte replay to a different host with a different state (e.g., different hostname) than the original observed dialog participant will likely fail. These state-dependent protocol fields must be updated to reflect the different state of the different host for replay to succeed.We formally define the replay problem. We present a solution which makes novel use of program verification techniques such as theorem proving and weakest pre-condition. By employing these techniques, we create the first sound solution to the replay problem: replay succeeds whenever our approach yields an answer. Previous techniques, though useful, are based on unsound heuristics. We implement a prototype of our techniques called Replayer, which we use to demonstrate the viability of our approach.