6 research outputs found
The Role of Reliability, Availability and Serviceability (RAS) Models in the Design and Evaluation of Self-Healing Systems
In an idealized scenario, self-healing systems predict, prevent or diagnose problems and take the appropriate actions to mitigate their impact with minimal human intervention. To determine how close we are to reaching this goal we require analytical techniques and practical approaches that allow us to quantify the effectiveness of a system's remediations mechanisms. In this paper we apply analytical techniques based on Reliability, Availability and Serviceability (RAS) models to evaluate individual remediation mechanisms of select system components and their combined effects on the system. We demonstrate the applicability of RAS-models to the evaluation of self-healing systems by using them to analyze various styles of remediations (reactive, preventative etc.), quantify the impact of imperfect remediations, identify sub-optimal (less effective) remediations and quantify the combined effects of all the activated remediations on the system as a whole
Simulation-based Fault Injection with QEMU for Speeding-up Dependability Analysis of Embedded Software
Simulation-based fault injection (SFI) represents a valuable solu- tion for early analysis of software dependability and fault tolerance properties before the physical prototype of the target platform is available. Some SFI approaches base the fault injection strategy on cycle-accurate models imple- mented by means of Hardware Description Languages (HDLs). However, cycle- accurate simulation has revealed to be too time-consuming when the objective is to emulate the effect of soft errors on complex microprocessors. To overcome this issue, SFI solutions based on virtual prototypes of the target platform has started to be proposed. However, current approaches still present some draw- backs, like, for example, they work only for specific CPU architectures, or they require code instrumentation, or they have a different target (i.e., design errors instead of dependability analysis). To address these disadvantages, this paper presents an efficient fault injection approach based on QEMU, one of the most efficient and popular instruction-accurate emulator for several microprocessor architectures. As main goal, the proposed approach represents a non intrusive technique for simulating hardware faults affecting CPU behaviours. Perma- nent and transient/intermittent hardware fault models have been abstracted without losing quality for software dependability analysis. The approach mini- mizes the impact of the fault injection procedure in the emulator performance by preserving the original dynamic binary translation mechanism of QEMU. Experimental results for both x86 and ARM processors proving the efficiency and effectiveness of the proposed approach are presented
Bringing Virtualization to the x86 Architecture with the Original VMware Workstation
This article describes the historical context, technical challenges, and main implementation techniques used by VMware Workstation to bring virtualization to the x86 architecture in 1999. Although virtual machine monitors (VMMs) had been around for decades, they were traditionally designed as part of monolithic, single-vendor architectures with explicit support for virtualization. In contrast, the x86 architecture lacked virtualization support, and the industry around it had disaggregated into an ecosystem, with different ven- dors controlling the computers, CPUs, peripherals, operating systems, and applications, none of them asking for virtualization. We chose to build our solution independently of these vendors. As a result, VMware Workstation had to deal with new challenges associated with (i) the lack of virtual- ization support in the x86 architecture, (ii) the daunting complexity of the architecture itself, (iii) the need to support a broad combination of peripherals, and (iv) the need to offer a simple user experience within existing environments. These new challenges led us to a novel combination of well-known virtualization techniques, techniques from other domains, and new techniques. VMware Workstation combined a hosted architecture with a VMM. The hosted architecture enabled a simple user experience and offered broad hardware compatibility. Rather than exposing I/O diversity to the virtual machines, VMware Workstation also relied on software emulation of I/O devices. The VMM combined a trap-and-emulate direct execution engine with a system-level dynamic binary translator to ef- ficiently virtualize the x86 architecture and support most commodity operating systems. By relying on x86 hardware segmentation as a protection mechanism, the binary translator could execute translated code at near hardware speeds. The binary translator also relied on partial evaluation and adaptive retranslation to reduce the overall overheads of virtualization. Written with the benefit of hindsight, this article shares the key lessons we learned from building the original system and from its later evolution
DISCOVERING ANOMALOUS BEHAVIORS BY ADVANCED PROGRAM ANALYSIS TECHNIQUES
As soon as a technology started to be used by the masses, ended
up as a target of the investigation of bad guys that write
malicious software with the only and explicit intent to damage
users and take control of their systems to perform different
types of fraud. Malicious programs, in fact, are a serious threat
for the security and privacy of billions of users. The bad guys
are the main characters of this unstoppable threat which improves
as the time goes by. At the beginning it was pure computer
vandalism, then turned into petty theft followed by cybercrime,
cyber espionage, and finally gray market business. Cybercrime is
a very dangerous threat which consists of, for instance, stealing
credentials of bank accounts, sending SMS to premium number,
stealing user sensitive information, using resources of infected
computer to develop e.g., spam business, DoS, botnets, etc. The
interest of the cybercrime is to intentionally create malicious
programs for its own interest, mostly lucrative. Hence, due to
the malicious activity, cybercriminals have all the interest in
not being detected during the attack, and developing their
programs to be always more resilient against anti-malware
solution. As a proof that this is a dangerous threat, the FBI
reported a decline in physical crime and an increase of
cybercrime. In order to deal with the increasing number of exploits found in
legacy code and to detect malicious code which leverages every
subtle hardware and software detail to escape from malware
analysis tools, the security research community started to
develop and improve various code analysis techniques (static,
dynamic or both), with the aim to detect the different forms of
stealthy malware and to individuate security bugs in legacy
code. Despite the improvement of the research solutions, yet the
current ones are inadequate to face new stealthy and mobile
malware. Following such a line of research, in this dissertation,
we present new program analysis techniques that aim to improve
the analysis environment and deal with mobile malware. To perform
malware analysis, behavior analysis technique is the prominent:
the actions that a program is performing during its real-time
execution are collected to understand its behavior. Nevertheless,
they suffer of some limitations. State-of-the-Art malware
analysis solutions rely on emulated execution environment to
prevent the host to get infected, quickly recover to a pristine
state, and easily collect process information. A drawback of
these solutions is the non-transparency, that is, the execution
environment does not faithfully emulate the physical end-user
environment, which could lead to end up with incomplete
results. In fact, malicious programs could detect when they are
monitored in such environment, and thus modifying their behavior
to mislead the analysis and avoid detection. On the contrary, a
faithful emulator would drastically reduce the chance of
detection of the analysis environment from the analyzed
malware. To this end, we present EmuFuzzer, a novel testing
methodology specific for CPU emulators, based on fuzzing to
verify whether the CPU is properly emulated or not. Another
shortcoming regards the stimulation of the analyzed
application. It is not uncommon that an application exhibit
certain behaviors only when exercised with specific events (i.e.,
button click, insert text, socket connection, etc.). This flaw is
even exacerbated when analyzing mobile application. At this aim,
we introduce CopperDroid, a program analysis tool built on top of
QEMU to automatically perform out-of-the-box dynamic behavior
analysis of Android malware. To this end, CopperDroid presents a
unified analysis to characterize low-level OS-specific and
high-level Android-specific behaviors
UMLinux -- A Versatile SWIFI Tool
This tool presentation describes UMLinux, a versatile framework for testing the behavior of networked machines running the Linux operating system in the presence of faults. UMLinux can inject a variety of faults into the hardware of simulated machines, such as faults in the computing core or peripheral devices of a machine or faults in the network connecting the machines. The system under test, which may include several machines, as well as the fault- and workload run on this system are configurable. UMLinux has
Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12
This document is the first product of work package WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellenc