| 1. | Fuzz Testing Mac OS X: An Examination of Application and Utility Reliability Using Random Input | Fred Moore, Greg Cooksey |
| Abstract:
We have tested the reliability of nearly 140 command-line Unix utilities
and of 26 graphical applications on Mac OS X by feeding random input to each.
In previous studies, this technique has proven effective at causing
application failures in Unix, Linux, and Windows applications.
We report on application failures -- crashes (with core dump) or hangs
(infinite loop) -- and, where source code is available,
we identify and categorize the causes of these failures and provide
suggested fixes.
Our testing crashed only 7% of the command-line utilities, a considerably lower rate of failure than observed in almost all cases of previous studies. We found the graphical applications to be less reliable: of the 26 we tested, only eight passed. 17 others crashed, and one hung. |
||
| 2. | Cracking InstallShield Trialware | Matt Anderson, Eric Lantz |
| Abstract: InstallShield is a commonly used installation scripting program. The newest versions include a feature called InstallShield Activation Service, which provides a software wrapper that can enforce trial-version limitations on any executable or library. The wrapper employs several anticircumvention methods including stripping symbols, encoding, independent server processes, debugger detection, static binary modification, and dynamic code modification. We demonstrate a method for bypassing these protections to generate an unhindered executable. The method involves removing debugger checks, rebuilding the original jump table, and short-cutting jumps that will execute InstallShield code. We were able to successfully remove the protections on a test executable that we wrapped with the Activation Service code. A second executable is produced that is completely free of trial limitations. The project demonstrates that modern commercial anti-cracking techniques are still vulnerable to circumvention. We also explain how the use of anti-cracking methods did limit the types of circumvention techniques we could employ. | ||
| 3. | Reducing Linux Boot Time | Mohamed Eldawy, Andrew Phelps, Nate Rosenblum |
| Abstract: The Linux boot process is comprised of numerous complex subsystems and may take several minutes to execute on modern hardware. Interactions between different subsystems are complicated and may obscure opportunities for reducing the time to achieve a responsive system state. We present a detailed analysis of system boot, identifying high-cost subsystems within the kernel initialization process. The IDE subsystem in particular offers a compelling example of a component dominating the boot process, and makes an attractive target for optimizations. We demonstrate a modification of the IDE device subsystem which yields significant improvements, and go on to identify potential optimizations in other areas of the boot process. We also compare our work to other efforts at reducing Linux boot time, and offer suggestions for future work. | ||
Return to CS736 home page.