5 research outputs found
Recommended from our members
Contract-driven data structure repair : a novel approach for error recovery
textSoftware systems are now pervasive throughout our world. The reliability of these systems is an urgent necessity. A large degree of research effort on increasing software reliability is dedicated to requirements, architecture, design, implementation and testing---activities that are performed before system deployment. While such approaches have become substantially more advanced, software remains buggy and failures remain expensive. We take a radically different approach to reliability from previous approaches, namely contract-driven data structure repair for runtime error recovery, where erroneous executions of deployed software are corrected on-the-fly using rich behavioral contracts. Our key insight is to transform the software contract---which gives a high level description of the expected behavior---to an efficient implementation which repairs the erroneous data structures in the program state upon an error. To improve efficiency, scalability, and effectiveness of repair, in addition to rich behavioral contracts, we leverage the current erroneous state, dynamic behavior of the program, as well as repair history and abstraction. A core technical problem our approach to repair addresses is construction of structurally complex data that satisfy desired properties. We present a novel structure generation technique based on dynamic programming---a classic optimization approach---to utilize the recursive nature of the structures. We use our technique for constraint-based testing. It provides better scalability than previous work. We applied it to test widely-used web browsers and found some known and unknown bugs. Our use of dynamic programming in structure generation opens a new future direction to tackle the scalability problem of data structure repair. This research advances our ability to develop correct programs. For programs that already have contracts, error recovery using our approach can come at a low cost. The same contracts can be used for systematically testing code before deployment using existing as well as our new techniques. Thus, we enable a novel unification of software verification and error recovery.Electrical and Computer Engineerin
Recommended from our members
Contract-based data structure repair using alloy
textContracts and specifications have long been used in object-oriented design, programming and testing to enhance reliability before software deployment. However, the use of specifications in deployed software is commonly limited to runtime checking where assertions form a basis for detecting incorrect program states to terminate the erroneous executions. We present a contract-based approach for data structure repair, which repairs erroneous states in deployed software. The key novelty is the support for rich behavioral specifications, such as those that relate pre-states with post-states of a method to accurately specify expected behavior and precise repair. The approach is based on the view of a specification as a non-deterministic implementation. The key insight is to use any correct state mutations by an otherwise erroneous execution to prune non-determinism in the specification, thereby transmuting the specification to an implementation that does not incur a prohibitively high performance penalty. While invariants, pre-conditions and post-conditions could be provided in different modeling languages, we leverage the Alloy tool-set, specifically the Alloy language and the Alloy Analyzer for systematically repairing erroneous states. Four different algorithms are presented and implemented in our data structure repair framework. These algorithms can repair a medium sized erroneous data structure in a few seconds. We introduce repair guide annotations defined by the user to improve the accuracy and performance of the repair mechanism. Experiments using complex specifications show the approach holds much promise in increasing software reliability.Electrical and Computer Engineerin
Early Warning Identity Threat and Mitigation System
While many organizations share threat intelligence, there is still a lack of actionable data for organizations to proactively and effectively respond to emerging identity threats to mitigate a wide range of crimes. There currently exists no solution for organizations to access current trends and intelligence to understand emerging threats and how to appropriately respond to them. This research project delivers I-WARN to help bridge that gap. Using a wide range of open-source information, I-WARN gathers, analyzes, and reports on threats related to the theft, fraud, and abuse of Personally Identifiable Information (PII). I-WARN then maps those threats to the MITRE ATT&CK -- a framework that helps understand lateral movement of an attack -- to offer mitigation and risk reduction tactics. I-WARN aims to deliver actionable intelligence, offering early warning into threat behaviors, and mitigation responses. This paper discusses the technical details of I-WARN, non-exhaustive current solutions for threat intelligence sharing, and future work