Detectors

This project deals with the derivation of error and attack detectors for programs and is part of my PhD thesis at the University of Illinois.

Motivation

Many techniques have been developed to remove errors in programs prior to their deployment. Yet, subtle errors continue to persist even in well-tested applications, leading to catastrophic failures during deployment. It is well-known that error-propagation is the leading cause of long down-times in systems. However, not every error matters to the program – many are either masked or affect data that is not is use. Techniques such as Dual-Modular Redundancy (DMR) incur high overheads and detect a large fraction of benign errors, thus leading to false-positives. The goal of this project is to develop detectors that are targeted towards errors that impact the application, and at the same time, prevent errors from propagating.

Analogously, security attacks persist in applications in spite of the best efforts of researchers and we need a way to deal with security attacks at run-time. The goal is to detect security attacks before they propagate and result in security compromise, with no false-alarms and with low performance overheads. In this work, we consider both errors mounted by external attackers as well as by insiders within the application.

Project Summary

Unified framework derivation of error and attack detectors

A novel feature of this project is that we propose a unified approach to derive both errors and attack detectors. The above figure shows the unified approach for detector derivation. The approach leverages static and dynamic analysis of applications’ code to derive customized error and attack detectors. The center (in blue) shows the common steps in the derivation – the right-side (in green) shows the steps in the derivation of error-detectors while the left-side (in red) shows the steps for attack detector derivation. The error-detectors are based on a technique known as Critical Variable Recomputation (CVR) and the attack detectors are based on a technique known as Information Flow Signatures (IFS).

The detectors are implemented using a combination of reconfigurable hardware and software and continuously monitor the application for errors and attacks during run-time (see Trusted Illiac project).

Project Publications.

Collaborators : William Healey, Flore Yuan, Daniel Chen, Giacinto Paulo Sagesse, Zbigniew Kalbarczyk, and Ravishankar Iyer