Tag Archives: 2009

Discovering Application-level Insider Attacks Using Symbolic Execution

Karthik Pattabiraman, Zbigniew Kalbarczyk and Ravishankar Iyer, Proceedings of the IFIP International Conference on Information Security (SEC), 2009.[ PDF File | Talk ]
You can find the technical report version of the paper here.
Continue reading

An End-to-end Approach for the Automatic Derivation of Application-aware Error Detectors

Galen Lyle, Shelley Chen, Karthik Pattabiraman, Zbigniew Kalbarczyk and Ravishankar Iyer, Proceedings of the International Conference on Dependable Systems and Networks (DSN), 2009.
[ PDF File | Talk ]
Continue reading

Detecting and Tolerating Asymmetric Races

Paruj Ratanaworabhan, Martin Burtscher, Darko Kirovski, Rahul Nagpal, Benjamin Zorn and Karthik Pattabiraman, Proceedings of the International Symposium on the Principles and Practice of Parallel Programming (PPoPP), 2009. [ PDF File | Talk ]
You can find the technical report version here.
Continue reading

Automated Derivation of Application-aware Error and Attack Detectors

Karthik Pattabiraman, PhD thesis, University of Illinois at Urbana-Champaign (UIUC), May 2009.

Part 1 (Pages 1 – 160)
Part 2 (Pages 161 – 318)

Abstract : As computer systems become more and more complex, it becomes harder to ensure that they are dependable i.e. reliable and secure. Existing dependability techniques do not take into account the characteristics of the application and hence detect errors that may not manifest in the application. This results in wasteful detections and high overheads. In contrast to these techniques, this dissertation proposes a novel paradigm called “Application-Aware Dependability”, which leverages application properties to provide low-overhead, targeted detection of errors and attacks that impact the application. The dissertation focuses on derivation, validation and implementation of application-aware error and attack detectors.

The key insight in this dissertation is that certain data in the program is more important than other data from a reliability or security point of view (we call this the critical data). Protecting only the critical data provides significant performance improvements while achieving high detection coverage. The technique derives error and attack detectors to detect corruptions of critical data at runtime using a combination of static and dynamic approaches. The derived detectors are validated using both experimental approaches and formal verification. The experimental approaches validate the detectors using random fault-injection and known security attacks. The formal approach considers the effect of all possible errors and attacks according to a given fault or threat model and finds the corner cases that escape detection. The detectors have also been implemented in reconfigurable hardware in the context of the Reliability and Security Engine (RSE).

CCC workshop invited talk

I was invited to speak at a workshop on Cross-Layer Resilience organized by the Computing Community Consortium (CCC).
My talk was on protecting critical infrastructure systems such as the power-grid from errors. You can find the slides here .

Automated Derivation of Application-aware Error Detectors using Static Analysis: The Trusted Illiac Approach

Karthik Pattabiraman, Zbigniew Kalbarczyk and Ravishankar Iyer. To appear in the Proceedings of the IEEE Transactions on Dependable and Secure Computing (TDSC). (Accepted on May 1, 2009). [ PDF File ]

Continue reading