Doctor of Philosophy

dissertationA modern software system is a composition of parts that are themselves highly complex: operating systems, middleware, libraries, servers, and so on. In principle, compositionality of interfaces means that we can understand any given module independently of the internal workings of other parts. In practice, however, abstractions are leaky, and with every generation, modern software systems grow in complexity. Traditional ways of understanding failures, explaining anomalous executions, and analyzing performance are reaching their limits in the face of emergent behavior, unrepeatability, cross-component execution, software aging, and adversarial changes to the system at run time. Deterministic systems analysis has a potential to change the way we analyze and debug software systems. Recorded once, the execution of the system becomes an independent artifact, which can be analyzed offline. The availability of the complete system state, the guaranteed behavior of re-execution, and the absence of limitations on the run-time complexity of analysis collectively enable the deep, iterative, and automatic exploration of the dynamic properties of the system. This work creates a foundation for making deterministic replay a ubiquitous system analysis tool. It defines design and engineering principles for building fast and practical replay machines capable of capturing complete execution of the entire operating system with an overhead of several percents, on a realistic workload, and with minimal installation costs. To enable an intuitive interface of constructing replay analysis tools, this work implements a powerful virtual machine introspection layer that enables an analysis algorithm to be programmed against the state of the recorded system through familiar terms of source-level variable and type names. To support performance analysis, the replay engine provides a faithful performance model of the original execution during replay

Systematic support for accountability in the cloud

PhD ThesisCloud computing offers computational resources such as processing, networking, and storage to customers. Infrastructure as a Service (IaaS) consists of a cloud-based infrastructure to offer consumers raw computation resources such as storage and networking. These resources are billed using a pay-per-use cost model. However, IaaS is far from being a secure cloud infrastructure as the seven main security threats defined by the Cloud Security Alliance (CSA) indicate. Use of logging systems can provide evidence to support accountability for an IaaS cloud. An accountability helps when mitigating known threats. However, previous accountability with logging systems solutions are provided without systematic approaches. These solutions are usually either for the cloud customer side or for the cloud provider side, not for both of them. Moreover, the solutions also lack descriptions of logging systems in the context of a design pattern of the systems' components. This design pattern facilitates analysis of logging systems in terms of their quality. Additionally, there is a number of benefits of this pattern. They could be: to promote the reusability of design and development of logging systems; that designers can access this pattern more easily; to assist a designer adopts design approaches which make a logging system reusable and not to choose approaches which do not concern reusability concepts; and to enhance the documentation and maintenance of existing logging systems. Thus, the aim of this thesis is to provide support for accountability in the cloud with systematic approaches to assist in mitigating the risks associated with real world CSA threats, to benefit both customers and providers. We research the extent to which such logging systems help us to mitigate risks associated with the threats identified by the CSA. The thesis also presents a way of identifying the reference components of logging systems and how they may be arranged to satisfy logging requirements. 'Generic logging components' for logging systems are proposed. These components encompass all possible instantiations of logging solutions for IaaS cloud. The generic logging components can be used to map existing logging systems for the purposes of analysis of the systems' security. Based on the generic components, the thesis identifies design patterns in the context of logging in IaaS cloud. We believe that these identified patterns facilitate analysis of logging systems in terms of their quality. We also argue that: these identified patterns could increase reusability of the design and development of logging systems; designers should access these patterns more easily; the patterns could assist a designer adopts design approaches which make a logging system reusable and not to choose approaches which do not concern reusability concepts; and they can enhance the documentation and maintenance of existing logging systems. We identify a logging solution which is based on the generic logging components to mitigate the risks associated with CSA threat number one. An example of the threat is malicious activities, for example spamming, which are performed in consumers' virtual machines or VMs. We argue that the generic logging components we suggest could be used to perform a systematic analysis of logging systems in terms of security before deploying them in production systems. To assist in mitigating the risks associated with this threat to benefit both customers and providers, we investigate how CSA threat number one can affect the security of both consumers and providers. Then we propose logging solutions based on the generic logging components and the identified patterns. We systematically design and implement a prototype system of the proposed logging solutions in an IaaS to record history of customer's files. This prototype system can be also modified in order to record VMs' process behaviour log files. This system can record the log files while having a smaller trusted computing base, compared to previous work. Additionally, the system can be seen as possible solutions that could tackle the dificult problem of logging file and process activities in the IaaS. Thus, the proposed logging solutions can assist in mitigating the risks associated with the CSA threats to benefit both consumers and providers. This could promote systematic support for accountability in the cloud