I gave a presentation about the Google Talk Service a while ago at the Google Scalability Conference hosted by Googlers in Seattle. You can watch the video below.
Here is the abstract:
Since launching Google Talk in the summer of 2005, we have integrated the service with two large existing products: Gmail and orkut. Each of these integrations provided unique scalability challenges as we had to handle a sudden large increase in the number of users. Today, Google Talk supports millions of users and handles billions of packets per day. In the presentation, I discuss several practical lessons and key insights from our experience that can be used for any project. These lessons cover both engineering and operational areas.
Posted by Reza Behforooz, Software Engineer
Posted by Will Drewry, Security Team
Security testing of applications is regularly performed using fuzz testing. As previously discussed on this blog, Srinath’s Lemon uses a form of smart fuzzing. Lemon is aware of classes of web application threats and the input families which trigger them, but not all fuzz testing frameworks have to be this complicated. Fuzz testing originally relied on purely random data, ignorant of specific threats and known dangerous input. Today, this approach is often overlooked in favor of more complicated techniques. Early sanity checks in applications looking for something as a simple as a version number may render testing with completely random input ineffective. However, the newer, more complicated fuzz testers require a considerable initial investment in the form of complete input format specifications or the selection of a large corpus of initial input samples.
At WOOT’07,I presented a paper on Flayer, a tool we developed internally to augment our security testing efforts. In particular, it allows for a fuzz testing technique that compromises between the original idea and the most complicated. Flayer makes it possible to remove input sanity checks at execution time. With the small investment of identifying these checks, Flayer allows for completely random testing to be performed with much higher efficacy. Already, we’ve uncovered multiple vulnerabilities in Internet-critical software using this approach.
The way that Flayer allows for sanity checks to be identified is perhaps the more interesting point. Flayer uses a dynamic analysis framework to analyze the target application at execution time. Flayer marks, or taints, input to the program and traces that data throughout its lifespan. Considerable research has been done in the past regarding information flow tracing using dynamic analysis. Primarily, this work has been aimed at malware and exploit detection and defense. However, none of the resulting software has been made publicly available.
While Flayer is still in its early stages, it is available for download under the GNU Public License. External contributions and feedback are encouraged!
