Software Behaviour Correlation in a Redundant and Diverse Environment using the Concept of Trace Abstraction

PDF

Authors
  1. Hmou-Lhadj, A.
  2. Murtaza, S.S.
  3. Fadel, W.
  4. Mehrabian, A.
  5. Couture, M.
  6. Khoury, R.
Corporate Authors
Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN);Concordia Univ, Montreal QUE (CAN) Dept of Electrical and Computer Engineering
Abstract
Redundancy and diversity has been shown to be an effective approach for ensuring service continuity (an important requirement for autonomic systems) despite the presence of anomalies due to attacks or faults. In this paper, we focus on operating system (OS) diversity, which is useful in helping a system survive kernel-level anomalies. We propose an approach for detecting anomalies in the presence of OS diversity. We achieve this by comparing kernel-level traces generated from instances of the same application deployed on different OS. Our trace correlation process relies on the concept of trace abstraction, in which low-level system events are transformed into higher-level concepts, freeing the trace from OS-related events. We show the effectiveness of our approach through a case study, in which we selected Linux and FreeBSD as target OS. We also report on lessons learned, setting the ground for future research.
Keywords
trace abstraction;redundancy;diversity;software behaviour
Report Number
DRDC-RDDC-2016-N024 — External Literature
Date of publication
04 Oct 2016
Number of Pages
8
DSTKIM No
CA043190
CANDIS No
804485
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: