Micro-speculation, Micro-sandboxing, and Self-Correcting Assertions: Support for Self-Healing Software and Application Communities

Locasto, Michael E.

Software faults and vulnerabilities continue to present significant obstacles to achieving reliable and secure software. The critical problem is that systems currently lack the capability to respond intelligently and automatically to attacks – especially attacks that exploit previously unknown vulnerabilities or are delivered by previously unseen inputs. Therefore, the goal of this thesis is to provide an environment where both supervision and automatic remediation can take place. Also provided is a mechanism to guide the supervision environment in detection and repair activities. This thesis supports the notion of Self-Healing Software by introducing three novel techniques: micro-sandboxing, micro-speculation, and self-correcting assertions. These techniques are combined in a kernel-level emulation framework to speculatively execute code that may contain faults or vulnerabilities and automatically repair such faults or exploited vulnerabilities. The framework, VPUF, introduces the concept of computation as an operating system service by providing control for an array of virtual processors in the Linux kernel (creating the concept of an endolithic kernel). This thesis introduces ROAR (Recognize, Orient, Adapt, Respond) as a conceptual workflow for Self-healing Software systems. This thesis proposal outlines a 17 month program for developing the major components of the proposed system, implementing them on a COTS operating system and programming language, subjecting them to a battery of evaluations for performance and efficacy, and publishing the results. In addition, this proposal looks forward to several areas of follow-on work, including implementing some of the proposed techniques in hardware and leveraging the general kernel-level framework to support Application Communities.



More About This Work

Academic Units
Computer Science
Department of Computer Science, Columbia University
Columbia University Computer Science Technical Reports, CUCS-048-05
Published Here
April 21, 2011