Automatic generation of software diversity in application source code
, INRIA, France
Date: Monday, September 28, 2015
Time: 11:00 AM to 12:00 PM
Refreshments: 10:45 AM
Location: Seminar Room D463 (Star)
Host: Martin Rinard, MIT-CSAIL
Contact: Mary McDavitt, 617-253-9620, firstname.lastname@example.org
Speaker URL: None
TALK: Automatic generation of software diversity in application source code
Abstract: The phenomenon of ``software monoculture'' was coined more than a decade ago to highlight the risks of using a handful of operating systems and databases. We believe that a new form of software monoculture is emerging among software applications: the applicative monoculture. We address the risks of monoculture through the automatic production of diverse variants of the same application.
In this talk I will present our work about the automatic synthesis of large sets of program variants, called sosies. Sosie programs provide the same expected functionality as the original program (as expressed in the test suite), while exhibiting different executions. We explore the intricate interplay between source code, test suites and transformations in the context of sosie synthesis. Our investigation exploits the following observation: test suites cover the different regions of programs in very unequal ways. Hence, we hypothesize that sosie synthesis has different performances on a statement that is covered by one hundred test case and on a statement that is covered by a single test case.
Our results show that there are two dimensions for diversification. The first one lies in the specification: the more test cases cover a statement, the more difficult it is to synthesize sosies. Yet, to our surprise, we are also able to synthesize sosies on highly tested statements (up to 600 test cases), which indicates an intrinsic property of the programs we study. The second dimension is in the code: we manually explore dozens of sosies and characterize new types of forgiving code regions that are prone to diversification.
Bio: Benoit Baudry is a research scientist at INRIA, France. His research is in the area of software testing, modeling and analysis. He currently investigates automatic software diversification for the construction of robust systems. He leads the DiverSE research group, a software engineering group that investigates automatic composition and synthesis of software diversity to manage unpredictability. He received his PhD from the University of Rennes in 2003.
Created by Mary McDavitt at Monday, September 14, 2015 at 11:18 AM.