Files in this item



application/pdfHui_Xue.pdf (4MB)
(no description provided)PDF


Title:Using redundancy to improve security and testing
Author(s):Xue, Hui
Director of Research:King, Samuel T.
Doctoral Committee Chair(s):King, Samuel T.
Doctoral Committee Member(s):Gunter, Carl A.; Gupta, Indranil; Voelker, Geoffrey M.
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
Software testing
Operating System
Web browser
Abstract:Modern computer systems are complex. Their complexity leads to security vulnerabilities and software bugs that are hard to fix using existing techniques. One current trend is that nowadays we have more redundant resources available in computer systems. Redundant resources are independent computing units that provide the same or similar functionalities. We have redundant software instances such as standards compliant web browsers. We also have lots of users that participate directly in computing. In this dissertation, we study how to combine redundant resources to improve software systems. Redundant software instances are implemented independently, they are unlikely to have the same security vulnerability. It is hard to exploit all of them with the same attack. We first study improving security using redundant software to detect anomaly behaviors. In specific, we build Cocktail, which uses replicated execution of redundant web browsers to improve browser security. Cocktail mirrors inputs to each replica and votes on browser states and outputs to detect potential attacks, while continuing to run. The net effect of Cocktail’s architecture is to shift the security burden of the system from complex browsers to a simplified layer of software. We demonstrate that Cocktail can withstand real-world browser exploits and reliability issues, such as browser crashes, while adding only 31.5% overhead to page load latency times on average, and remaining compatible with popular web sites. With Cocktail, we make use of the independent implementations of redundant software. Next, we leverage users’ independent interactions with mobile apps to build CrowdBlaze. CrowdBlaze recruits users through crowdsourcing to help improve mobile app testing. CrowdBlaze combines human directed interactive testing and automatic testing. CrowdBlaze constructs a model of the app using static analysis and explore it first with automatic testing. Users recruited through crowdsourcing help improve model coverage by providing inputs that are too complex to generate during automatic testing. By switching between the two testing mechanisms, CrowdBlaze achieve high coverage effectively. We apply CrowdBlaze to cover reachable user interfaces in Android apps. On average, CrowdBlaze is able to cover 66.6% more user interfaces comparing to using automatic testing alone. By designing and implementing Cocktail and CrowdBlaze, we show that redundant resources are effective in improving nowadays software systems in terms of security and testing.
Issue Date:2013-05-24
Rights Information:Copyright 2013 Hui Xue. All rights reserved.
Date Available in IDEALS:2013-05-24
Date Deposited:2013-05

This item appears in the following Collection(s)

Item Statistics