UTCS Colloquium-Michael Hicks/University of Maryland: "Dynamic Software Update Validation: An Empirical Study," ACES 2.302, Thursday, April 15, 2010, 11:00 a.m.
There is a sign-up schedule for this event th
at can be found at http://www.cs.utexas.edu/dep
artment/webevent/utcs/events/cgi/list_events.cgi
Type of Talk: UTCS Colloquium
Speaker/
Affiliation:Michael Hicks/University of Maryland
Date/Time: Thursday, April 15, 2010, 11:00 a.m.
Location: ACES 2.302
Host:Kathryn McKin
ley
Talk Title: Dynamic Software Update Validat
ion: An Empirical Study
Talk Abstract:
Dynamic software updating (DSU) systems, which allow p
rograms to be
patched on the fly, been researched extensively over th
e last 30+
years. Much of this research has focused on how to impleme
nt DSU
systems in a manner that is flexible and efficient. Comparably
less
research has considered how to establish that a program, once u
pdated
on the fly, will behave correctly. For example, most existin
g systems
employ one or more automatic safety checks intended to preve
nt updates
that could incur incorrect behavior; but these checks are
known to be
incomplete, and their practical effectiveness has never b
een
empirically evaluated. Strategies for thoroughly testing a dybami
c
update have also escaped careful study, calling into question thepractical utility of DSU---without means to reliably ensure that a
dynamic update will work as expected, practioners will be hesitant to
employ DSU technology.
In this talk, I will present recent wo
rk that aims to address these
problems. First, I will discuss a nove
l approach we developed to
systematically test dynamic updates. Our a
pproach works by running a
program''s existing system tests, and cons
idering the effect of
updating the program at any point during the exe
cution of each test.
To mitigate the increase in the number of tests,
we developed an
algorithm for test suite minimization that dramatical
ly reduces the
number of update points we must consider while retainin
g full
coverage. Second, I will discuss how we used this testing str
ategy to
study the effectiveness of the two most commonly-implemented
safety
checks in DSU systems, the activeness safety (AS) check and th
e
con-freeness safety (CFS) check. We measure how often such checksprevent failures that might otherwise occur, and how often they
p
revent successful test runs. Our study considered a series of
dynamic
patches to OpenSSH, vsftpd and ngIRCd, three open-source
server pro
grams. We found that our test minimization algorithm was
quite effect
ive, often eliminating more than 95% of the tests we would
otherwise
have to run. From the tests we found that AS and CFS
prevented most,
but not all, dynamic update failures; CFS allowed more
failures tha
n AS, but AS was more restrictive, disallowing many more
successful
updates. The reasons for the allowed failures are
interesting, and s
hed light on how to effectively use a DSU system.
Our work represents
an important step, and important insights, toward
developing safe,
easy-to-use DSU systems.
Speaker Bio:
Michael Hicks is an associate professor in the Computer
Science Department
and UMIACS, and an affiliate associate professor i
n the Electrical and
Computer Engineering Department, at the Universi
ty of Maryland, College
Park. His primary research interest is to dev
elop and evaluate techniques to
improve software reliability and secur
ity. With Bill Pugh and Jeff Foster,
he directs PLUM, the lab for Pr
ogramming Languages research at the
University of Maryland.
Michael received his Ph.D. in Computer and Information Science from the
University of Pennsylvania in August 2001, and he spent one year as apost-doctoral associate affiliated with the Information Assurance Insti
tute
of the Computer Science Department at Cornell University. During
academic
2008 - 2009, Michael was on sabbatical in Cambridge, Englan
d. From September
to November, he was at Microsoft Research and from
December to August 2009,
he was at the University of Cambridge Comput
er Laboratory.
- About
- Research
- Faculty
- Awards & Honors
- Undergraduate
- Graduate
- Careers
- Outreach
- Alumni
- UTCS Direct