Using redundancy to improve security and testing

Xue, Hui

Permalink

https://hdl.handle.net/2142/44313 Copy

Description

Title

Using redundancy to improve security and testing

Author(s)

Xue, Hui

Issue Date

2013-05-24T22:07:25Z

Director of Research (if dissertation) or Advisor (if thesis)

King, Samuel T.

Doctoral Committee Chair(s)

King, Samuel T.

Committee Member(s)

• Gunter, Carl A.
• Gupta, Indranil
• Voelker, Geoffrey M.

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

Ph.D.

Degree Level

Dissertation

Keyword(s)

• Security
• Software testing
• Operating System
• Web browser
• Crowdsourcing

Abstract

Modern computer systems are complex. Their complexity leads to security vulnerabilities and software bugs that are hard to fix using existing techniques. One current trend is that nowadays we have more redundant resources available in computer systems. Redundant resources are independent computing units that provide the same or similar functionalities. We have redundant software instances such as standards compliant web browsers. We also have lots of users that participate directly in computing. In this dissertation, we study how to combine redundant resources to improve software systems. Redundant software instances are implemented independently, they are unlikely to have the same security vulnerability. It is hard to exploit all of them with the same attack. We first study improving security using redundant software to detect anomaly behaviors. In specific, we build Cocktail, which uses replicated execution of redundant web browsers to improve browser security. Cocktail mirrors inputs to each replica and votes on browser states and outputs to detect potential attacks, while continuing to run. The net effect of Cocktail’s architecture is to shift the security burden of the system from complex browsers to a simplified layer of software. We demonstrate that Cocktail can withstand real-world browser exploits and reliability issues, such as browser crashes, while adding only 31.5% overhead to page load latency times on average, and remaining compatible with popular web sites. With Cocktail, we make use of the independent implementations of redundant software. Next, we leverage users’ independent interactions with mobile apps to build CrowdBlaze. CrowdBlaze recruits users through crowdsourcing to help improve mobile app testing. CrowdBlaze combines human directed interactive testing and automatic testing. CrowdBlaze constructs a model of the app using static analysis and explore it first with automatic testing. Users recruited through crowdsourcing help improve model coverage by providing inputs that are too complex to generate during automatic testing. By switching between the two testing mechanisms, CrowdBlaze achieve high coverage effectively. We apply CrowdBlaze to cover reachable user interfaces in Android apps. On average, CrowdBlaze is able to cover 66.6% more user interfaces comparing to using automatic testing alone. By designing and implementing Cocktail and CrowdBlaze, we show that redundant resources are effective in improving nowadays software systems in terms of security and testing.

Graduation Semester

2013-05

Permalink

http://hdl.handle.net/2142/44313

Copyright and License Information

Copyright 2013 Hui Xue. All rights reserved.

Owning Collections