Articles by Volodymyr
Activity
-
The Infrared 100 is now live. Our list of 100 transformative companies in cloud infrastructure. https://lnkd.in/gVRDNS6Q
The Infrared 100 is now live. Our list of 100 transformative companies in cloud infrastructure. https://lnkd.in/gVRDNS6Q
Liked by Volodymyr Kuznetsov
-
Today, we at Khosla Ventures, are thrilled to announce we have co-led an investment in Cyberhaven, as part of their $88M Series C! Every decade or…
Today, we at Khosla Ventures, are thrilled to announce we have co-led an investment in Cyberhaven, as part of their $88M Series C! Every decade or…
Liked by Volodymyr Kuznetsov
-
I'm thrilled we have reached this incredible milestone - and the future that it opens! I'm very proud to be a part of the fantastic team that made it…
I'm thrilled we have reached this incredible milestone - and the future that it opens! I'm very proud to be a part of the fantastic team that made it…
Shared by Volodymyr Kuznetsov
Experience & Education
Publications
-
High System-Code Security with Low Overhead
36th IEEE Symposium on Security and Privacy, San Jose, CA, USA
Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy; these checks guard critical operations, like memory accesses. Alas, the induced slowdown usually exceeds by a wide margin what system users are willing to tolerate in production, so these tools are hardly ever used. As a result, the insecurity of real-world systems persists.
We…Security vulnerabilities plague modern systems because writing secure systems code is hard. Promising approaches can retrofit security automatically via runtime checks that implement the desired security policy; these checks guard critical operations, like memory accesses. Alas, the induced slowdown usually exceeds by a wide margin what system users are willing to tolerate in production, so these tools are hardly ever used. As a result, the insecurity of real-world systems persists.
We present an approach in which developers/operators can specify what level of overhead they find acceptable for a given workload (e.g., 5%); our proposed tool ASAP then automatically instruments the program to maximize its security while staying within the specified “overhead budget.” Two insights make this approach effective: most overhead in existing tools is due to only a few “hot” checks, whereas the checks most useful to security are typically “cold” and cheap.
We evaluate ASAP on programs from the Phoronix and SPEC benchmark suites. It can precisely select the best points in the security-performance spectrum. Moreover, we analyzed existing bugs and security vulnerabilities in RIPE, OpenSSL, and the Python interpreter, and found that the protection level offered by the ASAP approach is sufficient to protect against all of them.Other authorsSee publication -
Code-Pointer Integrity
11th USENIX Symposium on Operating Systems Design and Implementation, Broomfield, CO, USA
Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed defense mechanisms (e.g., ASLR, DEP) are incomplete, and stronger defense mechanisms (e.g., CFI) often have high overhead and limited guarantees.
We introduce code-pointer integrity (CPI), a new design point that guarantees the…Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed defense mechanisms (e.g., ASLR, DEP) are incomplete, and stronger defense mechanisms (e.g., CFI) often have high overhead and limited guarantees.
We introduce code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program (e.g., function pointers, saved return addresses) and thereby prevents all control-flow hijack attacks, including return-oriented programming. We also introduce code-pointer separation (CPS), a relaxation of CPI with better performance properties. CPI and CPS offer substantially better security-to-overhead ratios than the state of the art, they are practical (we protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevent all attacks in the RIPE benchmark), and efficient: on SPEC CPU2006, CPS averages 1.2% overhead for C and 1.9% for C/C++, while CPI’s overhead is 2.9% for C and 8.4% for C/C++.
A prototype implementation of CPI and CPS can be obtained from http://levee.epfl.ch.Other authorsSee publication -
-OVERIFY: Optimizing Programs for Fast Verification
14th Workshop on Hot Topics in Operating Systems (HotOS), Santa Ana Pueblo, NM, USA
Developers rely on automated testing and verification tools to gain confidence in their software. The input to such tools is often generated by compilers that have been designed to generate code that runs fast, not code that can be verified easily and quickly. This makes the verification tool’s task unnecessarily hard.
We propose that compilers support a new kind of switch, -OVERIFY, that generates code optimized for the needs of verification tools. We implemented this idea for one class of…Developers rely on automated testing and verification tools to gain confidence in their software. The input to such tools is often generated by compilers that have been designed to generate code that runs fast, not code that can be verified easily and quickly. This makes the verification tool’s task unnecessarily hard.
We propose that compilers support a new kind of switch, -OVERIFY, that generates code optimized for the needs of verification tools. We implemented this idea for one class of verification (symbolic execution) and found that, when run on the Coreutils suite of UNIX utilities, it reduces verification time by up to 95x.Other authorsSee publication -
Efficient State Merging in Symbolic Execution.
33rd Conf. Programming Language Design and Implementation (PLDI), Beijing, China.
Symbolic execution has proven to be a practical technique for building automated test case generation and bug finding tools. Nevertheless, due to state explosion, these tools still struggle to achieve scalability. Given a program, one way to reduce the number of states that the tools need to explore is to merge states obtained on different paths. Alas, doing so increases the size of symbolic path conditions (thereby stressing the underlying constraint solver) and interferes with optimizations…
Symbolic execution has proven to be a practical technique for building automated test case generation and bug finding tools. Nevertheless, due to state explosion, these tools still struggle to achieve scalability. Given a program, one way to reduce the number of states that the tools need to explore is to merge states obtained on different paths. Alas, doing so increases the size of symbolic path conditions (thereby stressing the underlying constraint solver) and interferes with optimizations of the exploration process (also referred to as search strategies). The net effect is that state merging may actually lower performance rather than increase it.
We present a way to automatically choose when and how to merge states such that the performance of symbolic execution is significantly increased. First, we present query count estimation, a method for statically estimating the impact that each symbolic variable has on solver queries that follow a potential merge point; states are then merged only when doing so promises to be advantageous. Second, we present dynamic state merging, a technique for merging states that interacts favorably with search strategies in automated test case generation and bug finding tools.
Experiments on the 96 GNU COREUTILS show that our approach consistently achieves several orders of magnitude speedup over previously published results. Our code and experimental data are publicly available at http://cloud9.epfl.ch.Other authorsSee publication -
The S2E Platform: Design, Implementation, and Applications
ACM Transactions on Computer Systems (TOCS), vol. 30, num. 1
This article presents S2E, a platform for analyzing the properties and behavior of software systems, along with its use in developing tools for comprehensive performance profiling, reverse engineering of proprietary software, and automated testing of kernel-mode and user-mode binaries. Conceptually, S2E is an automated path explorer with modular path analyzers: the explorer uses a symbolic execution engine to drive the target system down all execution paths of interest, while analyzers measure…
This article presents S2E, a platform for analyzing the properties and behavior of software systems, along with its use in developing tools for comprehensive performance profiling, reverse engineering of proprietary software, and automated testing of kernel-mode and user-mode binaries. Conceptually, S2E is an automated path explorer with modular path analyzers: the explorer uses a symbolic execution engine to drive the target system down all execution paths of interest, while analyzers measure and/or check properties of each such path. S2E users can either combine existing analyzers to build custom analysis tools, or they can directly use S2E’s APIs.
S2E’s strength is the ability to scale to large systems, such as a full Windows stack, using two new ideas: selective symbolic execution, a way to automatically minimize the amount of code that has to be executed symbolically given a target analysis, and execution consistency models, a way to make principled performance/accuracy trade-offs during analysis. These techniques give S2E three key abilities: to simultaneously analyze entire families of execution paths instead of just one execution at a time; to perform the analyses in-vivo within a real software stack—user programs, libraries, kernel, drivers, etc.—instead of using abstract models of these layers; and to operate directly on binaries, thus being able to analyze even proprietary software.Other authorsSee publication -
S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems.
6th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Newport Beach, California, USA
This paper presents S2E, a platform for analyzing the properties and behavior of software systems. We demonstrate S2E's use in developing practical tools for comprehensive performance profiling, reverse engineering of proprietary software, and bug finding for both kernel-mode and user-mode binaries. Building these tools on top of S2E took less than 770 LOC and 40 person-hours each.
S2E's novelty consists of its ability to scale to large real systems, such as a full Windows stack. S2E is…This paper presents S2E, a platform for analyzing the properties and behavior of software systems. We demonstrate S2E's use in developing practical tools for comprehensive performance profiling, reverse engineering of proprietary software, and bug finding for both kernel-mode and user-mode binaries. Building these tools on top of S2E took less than 770 LOC and 40 person-hours each.
S2E's novelty consists of its ability to scale to large real systems, such as a full Windows stack. S2E is based on two new ideas: selective symbolic execution, a way to automatically minimize the amount of code that has to be executed symbolically given a target analysis, and relaxed execution consistency models, a way to make principled performance/accuracy trade-offs in complex analyses. These techniques give S2E three key abilities: to simultaneously analyze entire families of execution paths, instead of just one execution at a time; to perform the analyses in-vivo within a real software stack—user programs, libraries, kernel, drivers, etc.—instead of using abstract models of these layers; and to operate directly on binaries, thus being able to analyze even proprietary software.
Conceptually, S2E is an automated path explorer with modular path analyzers: the explorer drives the target system down all execution paths of interest, while analyzers check properties of each such path (e.g., to look for bugs) or simply collect information (e.g., count page faults). Desired paths can be specified in multiple ways, and S2E users can either combine existing analyzers to build a custom analysis tool, or write new analyzers using the S2E API.Other authorsSee publication -
Testing Closed-Source Binary Device Drivers with DDT.
USENIX Annual Technical Conference (USENIX ATC), Boston, MA, USA
DDT is a system for testing closed-source binary device drivers against undesired behaviors, like race conditions, memory errors, resource leaks, etc. One can metaphorically think of it as a pesticide against device driver bugs. DDT combines virtualization with a specialized form of symbolic execution to thoroughly exercise tested drivers; a set of modular dynamic checkers identify bug conditions and produce detailed, executable traces for every path that leads to a failure. These traces can be…
DDT is a system for testing closed-source binary device drivers against undesired behaviors, like race conditions, memory errors, resource leaks, etc. One can metaphorically think of it as a pesticide against device driver bugs. DDT combines virtualization with a specialized form of symbolic execution to thoroughly exercise tested drivers; a set of modular dynamic checkers identify bug conditions and produce detailed, executable traces for every path that leads to a failure. These traces can be used to easily reproduce and understand the bugs, thus both proving their existence and helping debug them. We applied DDT to several closed-source Microsoft-certified Windows device drivers and discovered 14 serious new bugs. DDT is easy to use, as it requires no access to source code and no assistance from users. We therefore envision DDT being useful not only to developers and testers, but also to consumers who want to avoid running buggy drivers in their OS kernels.
Other authorsSee publication
Patents
-
System and method for in-vivo multi-path analysis of binary software
Issued US 8,776,026
Honors & Awards
-
The Open Source Software World Challenge Award
The Open Source Software World Challenge 2012
The DDT project, started by my "Testing Closed-Source Binary Device Drivers with DDT" USENIX ATC 2010 paper, won a silver prize on the Open Source Software World Challenge competition.
-
ASPLOS 2011 Best Paper Award
6th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS)
Our "S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems" ASPLOS 2011 got the Best Paper Award on ASPLOS.
Languages
-
English
Full professional proficiency
-
French
Elementary proficiency
-
Ukrainian
Native or bilingual proficiency
More activity by Volodymyr
-
I’m excited to announce some big news at Cyberhaven with our $88 million Series C financing led by Adams Street Partners and Khosla Ventures! Data…
I’m excited to announce some big news at Cyberhaven with our $88 million Series C financing led by Adams Street Partners and Khosla Ventures! Data…
Liked by Volodymyr Kuznetsov
-
🔍 Unveiling the Real Risks of Shadow AI At Cyberhaven, we're diving deep into the phenomenon of Shadow AI. Our latest blog post reveals how…
🔍 Unveiling the Real Risks of Shadow AI At Cyberhaven, we're diving deep into the phenomenon of Shadow AI. Our latest blog post reveals how…
Liked by Volodymyr Kuznetsov
-
The Large Lineage Model (LLiM) is a keen-eyed analyst who can understand every data workflow within your organization and surface critical insights…
The Large Lineage Model (LLiM) is a keen-eyed analyst who can understand every data workflow within your organization and surface critical insights…
Liked by Volodymyr Kuznetsov
-
What is a Large Lineage Model (LLiM)? Read about Cyberhaven’s breakthrough technology, which combines the power of data lineage with the scale…
What is a Large Lineage Model (LLiM)? Read about Cyberhaven’s breakthrough technology, which combines the power of data lineage with the scale…
Liked by Volodymyr Kuznetsov
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Volodymyr Kuznetsov
-
Volodymyr Kuznetsov
-
Volodymyr Kuznetsov 🇺🇦
Senior IT Solution Specialist for Market Data
-
Volodymyr Kuznetsov
-
Volodymyr Kuznetsov
CEO - Creative web studio "Kuznetsov_production"
13 others named Volodymyr Kuznetsov are on LinkedIn
See others named Volodymyr Kuznetsov