The engineering team for the Citrix AppDNA application migration software is in the midst of looking for the next version Microsoft Windows Blue, focusing on the discovery of the types of application compatibility problems that will occur in a typical business application portfolio. The R & D activities are numerous, but include things like manual testing applications in our test library, the digestion of information in the field of Citrix partners, and writing sample applications that demonstrate the issue subject of research. The objective of this process is to find the application compatibility issues, and to develop a model that can be applied to the universe of applications that identifies those affected by the issue. I thought compatibility curious application or as gurus of mind would be interested in a peek behind the scenes.
At its core, extracts and stores the DNA of a APPDNA application without having to install or run the application. This topic has been written about at length I will not go there, but for those of you new AppDNA remember that the building blocks of an application have been extracted and stored. In fact, DNA stored by AppDNA is so vast that the process and the scope of DNA extraction rarely changes.
Now it's time to see how these algorithms APPDNA come together to identify compatibility issues across thousands of applications. I thought it would be interesting to focus on an algorithm that was recently written for Windows 8 and Windows Server 2012.
Kernel-mode drivers not signed by a trusted publisher
on 64-bit versions of Windows 8 and Server 2012 or Windows 8 with Secure Boot enabled, drivers who are not signed by a trusted certificate authority fail to load. Depending on how an application uses the driver may not start or certain aspects of the application could simply not function properly. To develop an algorithm that detects this question there is a couple of key controls to be performed. First, identify the applications that install kernel-mode drivers. Second, ensure that the drivers are signed and that the signature was generated by a trusted certificate authority.
Identification of kernel-mode drivers is something AppDNA has been done for years and we have several well tested heuristic algorithms to make such identification. Sometimes DNA installer identifies a driver as kernel mode, sometimes a corresponding INF done as well. As a final check AppDNA look to see if a binary called Kernel Mode driver API. The DNA for installers, INF and binary files of API calls in our database in order to perform this check is a simple SQL query.
Each pilot identified in kernel mode, we then check to see if it is signed and if so by what certification authority. certificate information for all signed binaries is also stored in the database AppDNA. At this point, if a driver is not signed then the algorithm will report failure. If the driver is signed then AppDNA lies in the signing certificate authority for later.
In addition to storing DNA on applications, the database also has stores operating DNA AppDNA system that customers can load much the same way they load applications. As a part of DNA of the operating system, the database contains information describing AppDNA the certificate chain on the operating system image. Using the signature certification authority and the certificate chain of the operating system of the algorithm simply walking the certificate chain until it identifies the certificate as trusted or untrusted. Based on this finding algorithms can accurately report the success or failure as required. AppDNA even allows customers to upload multiple OS images in the same time, so if a company manages multiple OS images the algorithm can be run on all these images in a single pass.
So there you have it, an automated process to detect kernel-mode drivers not signed by a trusted publisher. Using AppDNA, this algorithm can run through thousands of applications and OS multiple images in minutes. So perhaps APPDNA algorithms are not magic once you get an understanding of how they work, very cool, but not magic.
0 Komentar