research-article

ASSURE: automatic software self-healing using rescue points

Authors:

Stelios Sidiroglou,

Nicolas Viennot,

Angelos D. KeromytisAuthors Info & Claims

ASPLOS XIV: Proceedings of the 14th international conference on Architectural support for programming languages and operating systems

Pages 37 - 48

https://doi.org/10.1145/1508244.1508250

Published: 07 March 2009 Publication History

Abstract

Software failures in server applications are a significant problem for preserving system availability. We present ASSURE, a system that introduces rescue points that recover software from unknown faults while maintaining both system integrity and availability, by mimicking system behavior under known error conditions. Rescue points are locations in existing application code for handling a given set of programmer-anticipated failures, which are automatically repurposed and tested for safely enabling fault recovery from a larger class of (unanticipated) faults. When a fault occurs at an arbitrary location in the program, ASSURE restores execution to an appropriate rescue point and induces the program to recover execution by virtualizing the program's existing error-handling facilities. Rescue points are identified using fuzzing, implemented using a fast coordinated checkpoint-restart mechanism that handles multi-process and multi-threaded applications, and, after testing, are injected into production code using binary patching. We have implemented an ASSURE Linux prototype that operates without application source code and without base operating system kernel changes. Our experimental results on a set of real-world server applications and bugs show that ASSURE enabled recovery for all of the bugs tested with fast recovery times, has modest performance overhead, and provides automatic self-healing orders of magnitude faster than current human-driven patch deployment methods.

References

[1]

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow Integrity. In Proceedings of the ACM conference on Computer and Communications Security (CCS), pages 340--353, November 2005.

Digital Library

[2]

J. Boyd. Patterns of Conflict. Unpublished briefing, http://www.d-n-i.net/boyd/pdf/poc.pdf, 1986.

[3]

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. ACM Trans. Comput. Syst., 14(1):80--107, 1996.

Digital Library

[4]

D. Brumley, H. Wang, S. Jha, and D. Song. Creating vulnerability signatures using weakest pre-conditions. In Proceedings of the 2007 Computer Security Foundations Symposium, Venice, Italy, July 2007.

Digital Library

[5]

B. Buck and J. K. Hollingsworth. An API for runtime code patching. The International Journal of High Performance Computing Applications, 14(4):317--329, Winter 2000.

Digital Library

[6]

G. Candea and A. Fox. Crash-only software. In Proceedings of the 9th Workshop on Hot Topics in Operating Systems, May 2003.

Digital Library

[7]

S. Chandra. An evaluation of the recovery-related properties of Software Faults. PhD thesis, University of Michigan, 2000.

Digital Library

[8]

M. Costa, J. Crowcroft, M. Castro, and A. Rowstron. Vigilante: End-to-End Containment of Internet Worms. In Proceedings of the ACM Symposium on Systems and Operating Systems Principles (SOSP), December 2005.

Digital Library

[9]

B. Demsky and M. C. Rinard. Automatic detection and repair of errors in data structures. In Proceedings of the ACM Conference on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 2003.

Digital Library

[10]

J. Etoh. GCC extension for protecting applications from stack-smashing attacks. http://www.trl.ibm.com/projects/security/ssp/.

[11]

S. T. King, G. W. Dunlap, and P. M. Chen. Debugging operating systems with time-traveling virtual machines. In Proceedings of the USENIX Technical Conference, 2005.

Digital Library

[12]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In Proceedings of the USENIX Security Symposium, August 2002.

Digital Library

[13]

N. Kolettis and N. D. Fulton. Software rejuvenation: analysis, module and applications. In FTCS '95: Proceedings of the Twenty-Fifth International Symposium on Fault-Tolerant Computing, page 381, Washington, DC, USA, 1995. IEEE Computer Society.

Digital Library

[14]

O. Laadan and J. Nieh. Transparent checkpoint-restart of multiple processes on commodity operating systems. In Proceedings of the USENIX Technical Conference, 2007.

Digital Library

[15]

B. Miller, L. Fredriksen, and B. So. An empirical study of the reliability of unix utilities. Communications of the ACM, 33(12), December 1990.

Digital Library

[16]

J. Newsome, D. Brumley, and D. Song. Vulnerability-specific execution filtering for exploit prevention on commodity software. In Proceedings of the Symposium on Network and Distributed System Security (SNDSS), February 2006.

[17]

National Vulnerability Database. http://nvd.nist.gov/statistics.cfm, April 2006.

[18]

S. Osman, D. Subhraveti, G. Su, and J. Nieh. The design and implementation of Zap: A system for migrating computing environments. In Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 361--376, December 2002.

Digital Library

[19]

PaX Project. Address space layout randomization, Mar 2003. http://pageexec.virtualave.net/docs/aslr.txt.

[20]

A. D. Roelker. Snort 2.0: Protocol flow analyzer.

[21]

S. Sidiroglou, Y. Giovanidis, and A. Keromytis. A dynamic mechanism for recovery from buffer overflow attacks. In Proceedings of the Information Security Conference (ISC), September 2005.

Digital Library

[22]

S. Sidiroglou, M. E. Locasto, S. W. Boyd, and A. D. Keromytis. Building a reactive immune system for software services. In Proceedings of the USENIX Technical Conference, April 2005.

Digital Library

[23]

Y. Song, M. E. Locasto, A. Stavrou, A. D. Keromytis, and S. J. Stolfo. On the infeasibility of modeling polymorphic shellcode. In Proceedings of the 14th ACM conference on Computer and communications security (CCS), 2007.

Digital Library

[24]

M. Sullivan and R. Chillarege. Software defects and their impact on system availability -- a study of field failures in operating systems. 21st Int. Symp. on Fault-Tolerant Computing (FTCS--21), pages 2--9, 1991.

[25]

J. Tucek, J. Newsome, S. Lu, C. Huang, S. Xanthos, D. Brumley, Y. Zhou, and D. Song. Sweeper: a lightweight end-to-end system for defending against fast worms. In Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems (EUROSYS), 2007.

Digital Library

[26]

H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: vulnerability-driven network filters for Preventing Known Vulnerability Exploits. In Proceedings of the ACM SIGCOMM Conference, August 2004.

Digital Library

[27]

V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Networks (Amsterdam, Netherlands: 1999), 31(23-24):2435--2463, 1999.

Digital Library

[28]

F. Qin, J. Tucek, J. Sundaresan, and Y. Zhou. Rx: treating bugs as allergies -- a safe method to survive software failures. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), October 2005.

Digital Library

[29]

E. Rescorla. Security holes. Who cares? In Proceedings of the 12th USENIX Security Symposium, Washington, D.C., 2003.

Digital Library

[30]

M. Rinard. Acceptability-oriented Computing. In Proceedings of ACM Conference on Object Oriented Programming, Systems, Languages, and Applications, October 2003.

Digital Library

[31]

M. Rinard, C. Cadar, D. Dumitran, D. Roy, T. Leu, and J. W Beebee. Enhancing server availability and security through Failure-Oblivious Computing. In Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI), December 2004.

Digital Library

Cited By

Riganelli OMicucci DMariani L(2024)Automatic testing of runtime enforcers with Test4EnforcersJournal of Systems and Software10.1016/j.jss.2023.111949210(111949)Online publication date: Apr-2024
https://doi.org/10.1016/j.jss.2023.111949
Mansouri MXu JPortokalidis G(2023)Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary ProgramsProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3595796(259-273)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3595796
Riganelli OMicucci DMariani L(2022)Non-functional Testing of Runtime Enforcers in AndroidLeveraging Applications of Formal Methods, Verification and Validation. Verification Principles10.1007/978-3-031-19849-6_19(320-334)Online publication date: 17-Oct-2022
https://doi.org/10.1007/978-3-031-19849-6_19
Show More Cited By

Index Terms

ASSURE: automatic software self-healing using rescue points

Recommendations

ASSURE: automatic software self-healing using rescue points
ASPLOS 2009

Software failures in server applications are a significant problem for preserving system availability. We present ASSURE, a system that introduces rescue points that recover software from unknown faults while maintaining both system integrity and ...
ASSURE: automatic software self-healing using rescue points
ASPLOS 2009

Software failures in server applications are a significant problem for preserving system availability. We present ASSURE, a system that introduces rescue points that recover software from unknown faults while maintaining both system integrity and ...
Self-healing multitier architectures using cascading rescue points
ACSAC '12: Proceedings of the 28th Annual Computer Security Applications Conference

Software bugs and vulnerabilities cause serious problems to both home users and the Internet infrastructure, limiting the availability of Internet services, causing loss of data, and reducing system integrity. Software self-healing using rescue points (...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS XIV: Proceedings of the 14th international conference on Architectural support for programming languages and operating systems

March 2009

358 pages

ISBN:9781605584065

DOI:10.1145/1508244

General Chair:
Mary Lou Soffa
University of Virginia, USA
,
Program Chair:
Mary Jane Irwin
Penn State University, USA

ACM SIGPLAN Notices Volume 44, Issue 3
ASPLOS 2009
March 2009
346 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1508284
Issue’s Table of Contents
ACM SIGARCH Computer Architecture News Volume 37, Issue 1
ASPLOS 2009
March 2009
346 pages
ISSN:0163-5964
DOI:10.1145/2528521
Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 March 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASPLOS09

Sponsor:

ASPLOS09: Architectural Support for Programming Languages and Operating Systems

March 7 - 11, 2009

DC, Washington, USA

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

178
Total Citations
View Citations
1,292
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)10

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Riganelli OMicucci DMariani L(2024)Automatic testing of runtime enforcers with Test4EnforcersJournal of Systems and Software10.1016/j.jss.2023.111949210(111949)Online publication date: Apr-2024
https://doi.org/10.1016/j.jss.2023.111949
Mansouri MXu JPortokalidis G(2023)Eliminating Vulnerabilities by Disabling Unwanted Functionality in Binary ProgramsProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3595796(259-273)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3595796
Riganelli OMicucci DMariani L(2022)Non-functional Testing of Runtime Enforcers in AndroidLeveraging Applications of Formal Methods, Verification and Validation. Verification Principles10.1007/978-3-031-19849-6_19(320-334)Online publication date: 17-Oct-2022
https://doi.org/10.1007/978-3-031-19849-6_19
Hirata HNunome A(2021)Reducing the Repairing Penalty on Misspeculation in Thread-Level SpeculationProceedings of the the 8th International Virtual Conference on Applied Computing & Information Technology10.1145/3468081.3471120(39-45)Online publication date: 20-Jun-2021
https://dl.acm.org/doi/10.1145/3468081.3471120
Bhat KKouwe EBos HGiuffrida C(2021)FIRestarter: Practical Software Crash Recovery with Targeted Library-level Fault Injection2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48987.2021.00048(363-375)Online publication date: Jun-2021
https://doi.org/10.1109/DSN48987.2021.00048
Guzman MRiganelli OMicucci DMariani L(2020)Test4Enforcers: Test Case Generation for Software EnforcersRuntime Verification10.1007/978-3-030-60508-7_15(279-297)Online publication date: 2-Oct-2020
https://doi.org/10.1007/978-3-030-60508-7_15
Schulte EYong SMelski DCavallaro LKinder JDoupé ALin Z(2019)InuringProceedings of the 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation10.1145/3338502.3359761(39-45)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338502.3359761
Vasilakis NKarel BPalkhiwala YSonchack JDeHon ASmith JMcKinley KFisher K(2019)Ignis: scaling distribution-oblivious systems with light-touch distributionProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314586(1010-1026)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314586
Jones JHiser JDavidson JForrest SLitoiu MClarke STei K(2019)Defeating denial-of-service attacks in a self-managing N-variant systemProceedings of the 14th International Symposium on Software Engineering for Adaptive and Self-Managing Systems10.1109/SEAMS.2019.00024(126-138)Online publication date: 25-May-2019
https://dl.acm.org/doi/10.1109/SEAMS.2019.00024
Zhang LMonperrus M(2019)TripleAgent: Monitoring, Perturbation and Failure-Obliviousness for Automated Resilience Improvement in Java Applications2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE.2019.00021(116-127)Online publication date: Oct-2019
https://doi.org/10.1109/ISSRE.2019.00021
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten