David Devecsery, University of Michigan – “Efficient Recording and Analysis of Software Systems”

February 22, 2018 @ 10:45 am – 11:45 am


Hackerman Hall, B-17


Failures in medical devices, banking software, and transportation
systems have lead to both significant fiscal costs and even loss of
life. Researchers have developed sophisticated methods to monitor and
understand many of the complex system mis-behaviors behind these bugs,
but their computational costs (often an order of magnitude or more)
prohibit their use in production, leading to an ecosystem of
critical software with little guaranteed protection, and no method of
reconciling misbehaviors.

In this talk I present systems and techniques which reduce the
run-time burden of the tools required to understand and monitor the
complex behaviors of today’s critical systems. First, I present
Optimistic Hybrid Analysis (OHA). OHA observes that when applying
static analysis towards dynamic analysis optimization, the static
analysis need not be correct in all cases, so long as any analysis
errors can be caught at runtime. This observation enables the use of
much more efficient and accurate static analyses than historically
used, creating dynamic run-times dramatically lower than prior
techniques. Second, I argue that computer systems should be capable
of not only recalling any prior state, but also providing the
provenance of any byte within the history of the computation. I call
such a system an “Eidetic System”, and I present Arnold, the first
practical eidetic system, capable of recording and recalling years of
computation on a single disk. I show that Arnold can practically
answer critical questions about serious information leakages, such as
exactly what information (if any) was leaked by the Heartbleed
vulnerability, or Equifax breach.


David Devecsery

David Devecsery is currently a postdoctoral researcher at the
University of Michigan, after completing his Ph.D. in January 2018 at
the University of Michigan. His interests broadly span the areas of
software systems, program analysis, and system security. David is
particularly interested in creating practical tools that enable
developers, users, and system administrators to practically observe
and understand complex and unexpected behaviors of software systems.


Ryan Huang


Watch seminar video.

Back to top