Failures in medical devices, banking software, and transportation systems have lead to both significant fiscal costs and even loss of life. Researchers have developed sophisticated methods to monitor and understand many of the complex system mis-behaviors behind these bugs, but their computational costs (often an order of magnitude or more) prohibit their use in production, leading to an ecosystem of critical software with little guaranteed protection, and no method of reconciling misbehaviors.
In this talk I present systems and techniques which reduce the run-time burden of the tools required to understand and monitor the complex behaviors of today’s critical systems. First, I present Optimistic Hybrid Analysis (OHA). OHA observes that when applying static analysis towards dynamic analysis optimization, the static analysis need not be correct in all cases, so long as any analysis errors can be caught at runtime. This observation enables the use of much more efficient and accurate static analyses than historically used, creating dynamic run-times dramatically lower than prior techniques. Second, I argue that computer systems should be capable of not only recalling any prior state, but also providing the provenance of any byte within the history of the computation. I call such a system an “Eidetic System”, and I present Arnold, the first practical eidetic system, capable of recording and recalling years of computation on a single disk. I show that Arnold can practically answer critical questions about serious information leakages, such as exactly what information (if any) was leaked by the Heartbleed vulnerability, or Equifax breach.
David Devecsery is currently a postdoctoral researcher at the University of Michigan, after completing his Ph.D. in January 2018 at the University of Michigan. His interests broadly span the areas of software systems, program analysis, and system security. David is particularly interested in creating practical tools that enable developers, users, and system administrators to practically observe and understand complex and unexpected behaviors of software systems.