Automatically patching errors in deployed software

SOSP'09 - Proceedings of the 22nd ACM SIGOPS Symposium on Operating Systems Principles

Volumn , Issue , 2009, Pages 87-102

  Perkins, Jeff H ^a   Kim, Sunghun ^b   Larsen, Sam ^c   Amarasinghe, Saman ^a   Bachrach, Jonathan ^a   Carbin, Michael ^a   Pacheco, Carlos ^d   Sherwood, Frank ^d   Sidiroglou, Stelios ^a   Sullivan, Greg ^d   Wong, Weng Fai ^d   Zibin, Yoav ^d   Ernst, Michael D ^e   Rinard, Martin ^a  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

^b HONG KONG UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Hong Kong)

^c VMWARE INC   (United States)

^d BCG ^*

^e UNIVERSITY OF WASHINGTON   (United States)

Author keywords

Self healing

Indexed keywords

AUTOMATICALLY GENERATED; CODE INJECTION; CORRECT ERROR; DEBUGGING INFORMATION; DEPLOYED SOFTWARE; ERROR DETECTORS; FLOW OF CONTROL; HIGH AVAILABILITY; HUMAN INTERVENTION; NORMAL BEHAVIOR; RUNNING APPLICATIONS; SECURITY VULNERABILITIES; SELF-HEALING; SOURCE CODES;

COMPUTER OPERATING SYSTEMS; ERRORS; SECURITY OF DATA;

COMPUTER SOFTWARE SELECTION AND EVALUATION;

EID: 72249104274     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1629575.1629585     Document Type: Conference Paper

References (49)

1. ANAGNOSTAKIS, K., SIDIROGLOU, S., AKRITIDIS, P., XINIDIS, K., MARKATOS, E.,AND KEROMYTIS, A. D. Detecting targeted attacks using shadow honeypots. In USENIX Security (Aug. 2005).
2. AUSTIN, T., BREACH, S., AND SOHI, G. Efficient detection of all pointer and array access errors. In PLDI (June 2004).
3. BALIGA, A., GANAPATHY, V., AND IFTODE, L. Automatic inference and enforcement of kernel data structure invariants. In ACSAC (Dec. 2008), pp. 77-86.
4. BERGER, E., AND ZORN, B. DieHard: probabilistic memory safety for unsafe languages. In PLDI (June 2006).
5. BRUENING, D. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. Ph.D., MIT Department of Electrical Engineering and Computer Science, Cambridge, MA, Sep. 2004.
6. CANDEA, G., AND FOX, A. Recursive restartability: Turning the reboot sledgehammer into a scalpel. In HotOS (Schloss Elmau, Germany, May 2001).
7. CONDIT, J., HARREN, M., MCPEAK, S., NECULA, G. C., AND WEIMER, W. CCured in the real world. In PLDI (June 2003).
8. COSTA, M., CASTRO, M., ANTONY, ZHOU, L., ZHANG, L., AND PEINADO, M. Bouncer: securing software by blocking bad input. In SOSP (Oct. 2007).
9. COSTA, M., CROWCROFT, J., CASTRO, M., ROWSTRON, A., ZHOU, L., ZHANG, L., AND BARHAM, P. Vigilante: End-to-end containment of Internet worms. In SOSP (Oct. 2005).
10. COWAN, C., PU, C., MAIER, D., WALPOLE, J., BAKKE, P., BEATTIE, S., GRIER, A., WAGLE, P., ZHANG, Q., AND HINTON, H. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX Security (January 1998).
11. CRANDALL, J., AND CHONG, F. Minos: Control data attack prevention orthogonal to memory model. In MICRO (Dec. 2004).
12. CUI, W., PEINADO, M., WANG, H. J., AND LOCASTO, M. E. ShieldGen: Automatic data patch generation for unknown vulnerabilities with informed probing. In IEEE S&P (May 2007).
13. DEMSKY, B., ERNST, M. D., GUO, P. J., MCCAMANT, S., PERKINS, J. H., AND RINARD, M. Inference and enforcement of data structure consistency specifications. In ISSTA (July 2006).
14. DEMSKY, B., AND RINARD, M. Automatic detection and repair of errors in data structures. In 18th Annual ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (Oct. 2003).
15. DEMSKY, B., AND RINARD, M. Data structure repair using goal-directed reasoning. In ICSE (May 2005).
16. ERNST, M. D., COCKRELL, J., GRISWOLD, W. G., AND NOTKIN, D. Dynamically discovering likely program invariants to support program evolution. IEEE TSE 27, 2 (Feb. 2001).
17. ERNST, M. D., PERKINS, J. H., GUO, P. J., MCCAMANT, S., PACHECO, C., TSCHANTZ, M. S., AND XIAO, C. The Daikon system for dynamic detection of likely invariants. Science of Computer Programming 69, 1-3 (Dec. 2007).
18. FORREST, S., WEIMER, W., NGUYEN, T., AND GOUES, C. L. A genetic programming approach to automated software repair. In GECCO (July 2009).
19. GRAY, J., AND REUTER, A. Transaction Processing: Concepts and Techniques. Morgan Kaufmann, 1993.
20. JIM, T., MORRISETT, G., GROSSMAN, D., HICKS, M., CHENEY, J., AND WANG, Y. Cyclone: A safe dialect of C. In USENIX (June 2002).
21. JONES, R., AND KELLY, P. Backwards-compatible bounds checking for arrays and pointers in C programs. In AADEBUG (May 1997).
22. JULA, H., TRALAMAZZA, D., ZAMFIR, C., AND CANDEA, G. Deadlock immunity: Enabling systems to defend against deadlocks. In OSDI (Dec. 2008), pp. 295-308.
23. KENDALL, S. C. Bcc: Run-time checking for C programs. In USENIX Summer (1983).
24. KIRIANSKY, V., BRUENING, D., AND AMARASINGHE, S. Secure execution via program shepherding. In USENIX Security (Aug. 2002).
25. LIN, L., AND ERNST, M. D. Improving adaptability via program steering. In ISSTA (July 2004).
26. LITZKOW, M., AND SOLOMON, M. The evolution of condor checkpointing. In Mobility: processes, computers, and agents (1999), ACM Press/Addison-Wesley.
27. LOCASTO, M. E., SIDIROGLOU, S., AND KEROMYTIS, A. D. Software self-healing using collaborative application communities. In SNDSS (Feb. 2005).
28. LORENZOLI, D., MARIANI, L., AND PEZZÈ, M. Towards self-protecting enterprise applications. In ISSRE (Nov. 2007), pp. 39-48.
29. NEWSOME, J., AND SONG, D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In NDSS (Feb. 2005).
30. NOVARK, G., BERGER, E., AND ZORN, B. Exterminator: Automatically correcting memory errors with high probability. Communications of the ACM 51, 12 (Dec. 2008).
31. PERKINS, J. H., AND ERNST, M. D. Efficient incremental algorithms for dynamic detection of likely invariants. In FSE (Nov. 2004).
32. QIN, F., TUCEK, J., SUNDARESAN, J., AND ZHOU, Y. Rx: treating bugs as allergies-a safe method to survive software failures. SIGOPS Oper. Syst. Rev. 39, 5 (2005), 235-248.
33. RINARD, M. Acceptability-oriented computing. In OOPSLA Companion (Oct. 2003).
34. RINARD, M., CADAR, C., DUMITRAN, D., ROY, D. M., AND LEU, T. A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors). In ACSAC (Dec. 2004).
35. RINARD, M., CADAR, C., DUMITRAN, D., ROY, D. M., LEU, T., AND WILLIAMS. BEEBEE, J. Enhancing server availability and security through failure-oblivious computing. In OSDI (December 2004).
36. RINARD, M., CADAR, C., AND NGUYEN, H. H. Exploring the acceptability envelope. In OOPSLA Companion (Oct. 2005).
37. RUWASE, O., AND LAM, M. S. A practical dynamic buffer overflow detector. In NDSS (February 2004).
38. SHACHAM, H., PAGE, M., PFAFF, B., GOH, E.-H., MODADUGU, N., AND BONEH, D. On the effectiveness of address-space randomization. In ACM CCS (Oct. 2004).
39. SIDIROGLOU, S., GIOVANIDIS, G., AND KEROMYTIS, A. D. A dynamic mechanism for recovering from buffer overflow attacks. In ISC (Sep. 2005).
40. SIDIROGLOU, S., LAADAN, O., KEROMYTIS, A. D., AND NIEH, J. Using rescue points to navigate software recovery. In IEEE S&P (May 2007).
41. SIDIROGLOU, S., LAADAN, O., PEREZ, C., VIENNOT, N., NIEH, J., AND KEROMYTIS, A. D. Assure: automatic software self-healing using rescue points. In ASPLOS '09 (2009).
42. SIDIROGLOU, S., LOCASTO, M. E., BOYD, S. W., AND KEROMYTIS, A. D. Building a reactive immune system for software services. In USENIX (Apr. 2005).
43. SMIRNOV, A., AND CHIUEH, T. DIRA: Automatic detection, identification and repair of control-hijacking attacks. In NDSS (Feb. 2005).
44. SPITZNER, L. Honeypots: Tracking Hackers. Addison-Wesley, 2002.
45. Stackshield. www.angelfire.com/sk/stackshield.
46. SUH, G., LEE, J., ZHANG, D., AND DEVADAS, S. Secure program execution via dynamic information flow tracking. In ASPLOS (Oct. 2004).
47. Symantech Internet security threat report. www.symantec.com, Sep. 2006.
48. TUCEK, J., NEWSOME, J., LU, S., HUANG, C., XANTHOS, S., BRUMLEY, D., ZHOU, Y., AND SONG, D. Sweeper: A lightweight end-to-end system for defending against fast worms. In EuroSys (Mar. 2007).
49. YONG, S. H., AND HORWITZ, S. Protecting C programs from attacks via invalid pointer dereferences. In ESEC/FSE (2003).