The Scalable Commutativity Rule: Designing Scalable Software for Multicore Processors

What fundamental opportunities for scalability are latent in interfaces, such as system call APIs? Can scalability opportunities be identified even before any implementation exists, simply by considering interface specifications? To answer these questions this paper introduces the following rule: Whenever interface operations commute, they can be implemented in a way that scales. This rule aids developers in building more scalable software starting from interface design and carrying on through implementation, testing, and evaluation. To help developers apply the rule, a new tool named Commuter accepts high-level interface models and generates tests of operations that commute and hence could scale. Using these tests, Commuter can evaluate the scalability of an implementation. We apply Commuter to 18 POSIX calls and use the results to guide the implementation of a new research operating system kernel called sv6. Linux scales for 68% of the 13,664 tests generated by Commuter for these calls, and Commuter finds many problems that have been observed to limit application scalability. sv6 scales for 99% of the tests.Engineering and Applied Science

Engineering Agile Big-Data Systems

To be effective, data-intensive systems require extensive ongoing customisation to reflect changing user requirements, organisational policies, and the structure and interpretation of the data they hold. Manual customisation is expensive, time-consuming, and error-prone. In large complex systems, the value of the data can be such that exhaustive testing is necessary before any new feature can be added to the existing design. In most cases, the precise details of requirements, policies and data will change during the lifetime of the system, forcing a choice between expensive modification and continued operation with an inefficient design.Engineering Agile Big-Data Systems outlines an approach to dealing with these problems in software and data engineering, describing a methodology for aligning these processes throughout product lifecycles. It discusses tools which can be used to achieve these goals, and, in a number of case studies, shows how the tools and methodology have been used to improve a variety of academic and business systems

Control-Flow Security.

Computer security is a topic of paramount importance in computing today. Though enormous effort has been expended to reduce the software attack surface, vulnerabilities remain. In contemporary attacks, subverting the control-flow of an application is often the cornerstone to a successful attempt to compromise a system. This subversion, known as a control-flow attack, remains as an essential building block of many software exploits. This dissertation proposes a multi-pronged approach to securing software control-flow to harden the software attack surface. The primary domain of this dissertation is the elimination of the basic mechanism in software enabling control-flow attacks. I address the prevalence of such attacks by going to the heart of the problem, removing all of the operations that inject runtime data into program control. This novel approach, Control-Data Isolation, provides protection by subtracting the root of the problem; indirect control-flow. Previous works have attempted to address control-flow attacks by layering additional complexity in an effort to shield software from attack. In this work, I take a subtractive approach; subtracting the primary cause of both contemporary and classic control-flow attacks. This novel approach to security advances the state of the art in control-flow security by ensuring the integrity of the programmer-intended control-flow graph of an application at runtime. Further, this dissertation provides methodologies to eliminate the barriers to adoption of control-data isolation while simultaneously moving ahead to reduce future attacks. The secondary domain of this dissertation is technique which leverages the process by which software is engineered, tested, and executed to pinpoint the statements in software which are most likely to be exploited by an attacker, defined as the Dynamic Control Frontier. Rather than reacting to successful attacks by patching software, the approach in this dissertation will move ahead of the attacker and identify the susceptible code regions before they are compromised. In total, this dissertation combines software and hardware design techniques to eliminate contemporary control-flow attacks. Further, it demonstrates the efficacy and viability of a subtractive approach to software security, eliminating the elements underlying security vulnerabilities.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/133304/1/warthur_1.pd

Supporting Software Development by an Integrated Documentation Model for Decisions

Decision-making is a vital activity during software development. Decisions made during requirements engineering, software design, and implementation guide the development process. In order to make decisions, developers may apply different strategies. For instance, they can search for alternatives and evaluate them according to given criteria, or they may rely on their personal experience and heuristics to make single solution claims. Thereby, knowledge emerges during the process of decision making, as the content, outcome, and context of decisions are explored by developers. For instance, different solution options may be considered to address a given decision problem. In particular, such knowledge is growing rapidly, when multiple developers are involved. Therefore, it should be documented to make decisions comprehensible in the future. However, this documentation is often not performed by developers in practice. First, developers need to find and use a documentation approach, which provides support for the decision making strategies applied for the decision to be documented. Thus, documentation approaches are required to support multiple strategies. Second, due to the collaborative nature of the decision making process during one or more development activities, decision knowledge needs to be captured and structured according to one integrated model, which can be applied during all these development activities. This thesis uncovers two important reasons, why the aforementioned requirements are currently not fulfilled sufficiently. First, it is investigated, which decision making strategies can be identified in the documentation of decisions within issue tickets from the Firefox project. Interestingly, most documented decision knowledge originates from naturalistic decision making, whereas most current documentation approaches structure the captured knowledge according to rational decision making strategies. Second, most decision documentation approaches focus on one development activity, so that for instance decision documentation during requirements engineering and implementation are not supported within the same documentation model. The main contribution of this thesis is a documentation model for decision knowledge, which addresses these two findings. In detail, the documentation model supports the documentation of decision knowledge resulting from both naturalistic and rational decision making strategies, and integrates this knowledge within flexible documentation structures. Also, it is suitable for capturing decision knowledge during the three development activities of requirements engineering, design, and implementation. Furthermore, a tool support is presented for the model, which allows developers to integrate decision capturing and documentation in their activities using the Eclipse IDE

Engineering Agile Big-Data Systems

To be effective, data-intensive systems require extensive ongoing customisation to reflect changing user requirements, organisational policies, and the structure and interpretation of the data they hold. Manual customisation is expensive, time-consuming, and error-prone. In large complex systems, the value of the data can be such that exhaustive testing is necessary before any new feature can be added to the existing design. In most cases, the precise details of requirements, policies and data will change during the lifetime of the system, forcing a choice between expensive modification and continued operation with an inefficient design.Engineering Agile Big-Data Systems outlines an approach to dealing with these problems in software and data engineering, describing a methodology for aligning these processes throughout product lifecycles. It discusses tools which can be used to achieve these goals, and, in a number of case studies, shows how the tools and methodology have been used to improve a variety of academic and business systems

Remedying Security Concerns at an Internet Scale

The state of security across the Internet is poor, and it has been so since the advent of the modern Internet. While the research community has made tremendous progress over the years in learning how to design and build secure computer systems, network protocols, and algorithms, we are far from a world where we can truly trust the security of deployed Internet systems. In reality, we may never reach such a world. Security concerns continue to be identified at scale through-out the software ecosystem, with thousands of vulnerabilities discovered each year. Meanwhile, attacks have become ever more frequent and consequential.As Internet systems will continue to be inevitably affected by newly found security concerns, the research community must develop more effective ways to remedy these issues. To that end, in this dissertation, we conduct extensive empirical measurements to understand how remediation occurs in practice for Internet systems, and explore methods for spurring improved remediation behavior. This dissertation provides a treatment of the complete remediation life cycle, investigating the creation, dissemination, and deployment of remedies. We start by focusing on security patches that address vulnerabilities, and analyze at scale their creation process, characteristics of the resulting fixes, and how these impact vulnerability remediation. We then investigate and systematize how administrators of Internet systems deploy software updates which patch vulnerabilities across the many machines they manage on behalf of organizations. Finally, we conduct the first systematic exploration of Internet-scale outreach efforts to disseminate information about security concerns and their remedies to system administrators, with an aim of driving their remediation decisions. Our results show that such outreach campaigns can effectively galvanize positive reactions.Improving remediation, particularly at scale, is challenging, as the problem space exhibits many dimensions beyond traditional computer technical considerations, including human, social, organizational, economic, and policy facets. To make meaningful progress, this work uses a diversity of empirical methods, from software data mining to user studies to Internet-wide network measurements, to systematically collect and evaluate large-scale datasets. Ultimately, this dissertation establishes broad empirical grounding on security remediation in practice today, as well as new approaches for improved remediation at an Internet scale

Reification as the key to augmenting software development: an object is worth a thousand words

Software development has become more and more pervasive, with influence in almost every human activity. To be able to fit in so many different scenarios and constantly implement new features, software developers adopted methodologies with tight development cycles, sometimes with more than one release per day. With the constant growth of modern software projects and the consequent expansion of development teams, understanding all the components of a system becomes a task too big to handle. In this context understanding the cause of an error or identifying its source is not an easy task, and correcting the erroneous behavior can lead to unexpected downtime of vital services. Being able to keep track of software defects, usually referred to as bugs, is crucial in the development of a project and in containing maintenance costs. For this purpose, the correctness and completeness of the information available has a great impact on the time required to understand and solve a problem. In this thesis we present an overview of the current techniques commonly used to report software defects. We show why we believe that the state of the art needs to be improved, and present a set of approaches and tools to collect data from software failures, model it, and turn it into actionable knowledge. Our goal is to show that data generated from errors can have a great impact on daily software development, and how it can be employed to augment the development environment to assist software engineers to build and maintain software systems

Developing Secure Software With C And C++: A Different Approach

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2005Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2005Ağa bağlı bilgisayarlar yaygınlaştıkça, günlük işlerin yürütülmesinden devlet sistemlerinin otomasyonuna kadar her seviyede rol almaya başlamışlar ve bu sistemlerin güvenliği de kritik hal almıştır. Bilgi işlem sistemlerinin güvene layık olabilmesi için bütün bileşenlerinin güvenli olması gerekir, yazılım da bu bileşenlerden belki de en önemlisidir. Yazılımların, yaşam süreçlerinin bütün aşamalarında güvenli bir yapıyla sonuçlanacak şekilde tasarlanmaları gerekmektedir. Bu makale, bir yazılımın yaşam sürecini baştan sona ele almaktadır. Güvene layık bir yazılım için her aşamada, nelere dikkat edilmesi gerektiği anlatılmış, hangi tasarım seçeneklerinin olduğu sıralanmış, farklı metotlardan hangilerinin izlenmesinin daha iyi olacağı tartışılmış ve hangi araçların kullanılabileceği incelenmiştir. Bu sayede geliştirme veya bakım gibi değişik aşamalardaki projelere referans kaynağı olarak hizmet verebilmektedir. Bu makalede ele alınan yaşam süreci, yazılım mühendisliğinde sıklıkla başvuru olarak kullanılan, süreci isteklerin tanımı, tasarım, geliştirme, kontrol etme ve bakım olarak bölümleyen “Şelale Yaşam Süreci”dir. Yeni nesil programlama dilleri çıktıkça, C/C++ ve Birleştirici gibi düşük seviye dillerin yeni öğrencilerce benimsenmesi azalmaktadır. Buna ve başka sebeplere de bağlı olarak bu dillerde tecrübeli eleman eksikliği baş gösterdikçe, zaten güvenliğin sağlanmasının göreceli olarak daha zor olduğu bu ortamlarda ciddi güvenlik açıkları oluşmaktadır. Dünya üzerindeki kod tabanının çoğunluğunun halen bu dillerden oluşması durumu daha kritik yapmaktadır. Bu makalede bahsedilen konuların çoğunluğu dilden bağımsız olsa da, ilgili bölümlerde, az önce bahsedilen sorunu göz önüne alarak C/C++ ve Birleştirici dilleri üstünde durulmuştur. Sonuç olarak, yazılım güvenliğinin etkin olarak sağlanabilmesi için, güvenliğin bütün yaşam süreci evrelerinde ele alınması gerekliliği gösterilmiştir. Ayrıca, yaşam sürecinin aşamalarından bir çoğuna, daha önce bu kapsamda uygulanmamış olan yeni yöntemler önerilmiştir.As networked computing penetrates daily life more and more, it becomes more common in every level from daily life to automation of government systems. In order computing systems to be secure, each and every of their components must be secure, too. Software is most important component among those. Each phase of software lifecycle must be implemented in a secure fashion. This thesis is inspecting lifecycle of software from beginning to the end and aligns the new ideas that it is bringing to the lifecycle. After giving necessary background information about the subject, new ideas have been presented, examples have been given and possible other options have been discussed. During explaining most of the subjects, the topics that is considered to be complimentary is either added or referred to. Thanks to that, this thesis can be a reference source to projects in different phases like implementation and maintenance. Waterfall lifecycle model, which is used frequently in software development projects and divides software projects into phases as analysis of requirements, design, implementation, verification and maintenance, is used as a template in this thesis. As new generations of programming languages emerge, adoption of low-level languages such as C/C++ and assembly by new students is decreasing. As lack of experienced staff shows up itself due to this and other causes, severe vulnerabilities are happening in such environments, where developing of secure software is already proven to be hard. The fact that majority of current code base in the world is in those languages makes the situation even more critical. Although most of the subjects in this thesis are programming language independent, C/C++ and assembler language problems are especially covered because of the reasons just mentioned. As a result, it has been shown that security countermeasures must be taken in all phases of software lifecycle in order to ensure high level of security throughout the application. Furthermore, new ideas of security countermeasures have been brought to many of the phases of software lifecycle.Yüksek LisansM.Sc