Efficient Dependability Assessment of Systems Software

Computing systems and the various services and applications they enable have become pervasive in our daily lives. We increasingly rely on these complex systems, including many systems built on general purpose hardware and software, to consistently provide important functionality. As we grow more and...

Full description

Bibliographic Details
Main Author: Coppik, Nicolas
Format: Others
Language:en
Published: 2020
Online Access:https://tuprints.ulb.tu-darmstadt.de/11829/1/thesis-coppik.pdf
Coppik, Nicolas <http://tuprints.ulb.tu-darmstadt.de/view/person/Coppik=3ANicolas=3A=3A.html> (2020): Efficient Dependability Assessment of Systems Software.Darmstadt, Technische Universität Darmstadt, DOI: 10.25534/tuprints-00011829 <https://doi.org/10.25534/tuprints-00011829>, [Ph.D. Thesis]
Description
Summary:Computing systems and the various services and applications they enable have become pervasive in our daily lives. We increasingly rely on these complex systems, including many systems built on general purpose hardware and software, to consistently provide important functionality. As we grow more and more dependent on such systems, we need to ensure that they are, in fact, dependable and that we can trust their ability to consistently provide the functionality we expect from them. Therefore, we need techniques for assessing and improving the dependability of such systems. To be practical, such techniques must not only be applicable to complex software systems, they need to scale with their increasing sizes. Common approaches to improve the dependability of software systems include testing techniques to find faults and dependability issues as well as techniques intended to predict the impact of residual software faults. Software Fault Injection (SFI) is an approach that can be useful in both contexts, for finding dependability shortcomings and estimating the impact of residual faults, whereas most other testing techniques, such as fuzzing, are primarily used to find faults. Many approaches to improve software dependability suffer from scalability issues and are difficult to apply to large, complex software systems, and particularly to systems software, such as operating system kernels. With this general background in mind, this thesis aims to improve the efficiency and precision of SFI techniques for systems software, as well as to develop novel guidance mechanisms for feedback-driven fuzzing. We develop a technique to trace error propagation in monolithic operating system kernels, apply it to modules from the widely used Linux kernel, and show that conventional oracles for SFI tests can misclassify a substantial fraction of seemingly successful executions. We then focus on accelerating SFI experiments since, due to increasing software complexity, comprehensive SFI testing requires an increasing amount of test executions, which in turn leads to long test latencies. Starting with user mode software, we develop a novel execution model that uses static and dynamic analysis to avoid redundant code re-execution and facilitates parallelization. Since long SFI test latencies are particularly problematic for systems which may require additional instrumentation to trace error propagation, we then develop a related approach to accelerate SFI experiments for kernel code, and apply it to the Linux kernel using error propagation analysis instrumentation and achieve substantial speedups. Finally, we develop a novel guidance mechanism for feedback-driven fuzzing that makes use of input-dependent memory accesses in the target program.