Connectivity statistic ignores some of the sensitive functions

tum-i4 / self-checksumming

10 stars 6 forks source link

Connectivity statistic ignores some of the sensitive functions #58

Closed dennisfischer closed 5 years ago

dennisfischer commented 5 years ago

ProtectedFuncs is defined here: https://github.com/mr-ma/self-checksumming/blob/59c85f9ae2712e5bc7e4bbee5e39cdd0f20668cf/src/SC.cpp#L261

The only write access occurs here: https://github.com/mr-ma/self-checksumming/blob/59c85f9ae2712e5bc7e4bbee5e39cdd0f20668cf/src/SC.cpp#L278-L279

The connectivity statistic is calculated like this: https://github.com/mr-ma/self-checksumming/blob/59c85f9ae2712e5bc7e4bbee5e39cdd0f20668cf/src/SC.cpp#L309-L319

As a result, a function in the sensitiveFunctions list is ignored in the connectivity calculation if the function is not a checkee. This bug results in too high connectivity.

mr-ma commented 5 years ago

@dennisfischer SC's connectivity is computed based on the number of times/checkers that check sensitive functions. I assume if a (sensitive) function is checked by no functions, it should not be included in the connectivity calculation. Am I missing something?

dennisfischer commented 5 years ago

@mr-ma It depends on the definition of connectivity. If you define it like you stated, then the code above is fine. However, consider this case: You have ten sensitive functions. Only one of the ten functions is used as a checkee (connectivity: 9). The other nine are checkers, but don't act as a checkee (connectivity: 0).

Following your definition, this will result in a high connectivity (avg.: 9, std. dev.: 0). What we also observe is that you cannot use this value for any comparisons, i.e., you cannot argue that this connectivity value shows a higher resilience compared to another value. The values are incomparable because a varying number of functions is used to compute the connectivity.

The example I chose is a worst case scenario which is unlikely to occur. The connectivity may only be slightly too high for most cases.

mr-ma commented 5 years ago

Ah I see what you mean. The connectivity needs to capture that all sensitive functions are checked (checkee). Good catch! I will have a look at this..

dennisfischer commented 5 years ago

Exactly, this gives you two options: 1) All sensitives functions must be checkees. This works for all cases were sensitive functions is not equal to all functions in the program. Otherwise you this results in a cyclic check. 2) Just fix the statistic instead: Loop over all sensitive functions and initialize ProtectedFuncs with value 0.

mr-ma commented 5 years ago

@dennisfischer please see my commit.

dennisfischer commented 5 years ago

lgtm, will compare that to my connectivity result.