Masters thesis
Contacts: Benoit Baudry (benoit.baudry@inria.fr)
Keywords: Software engineering, software diversity, mutation, robustness.
Description
The goal of this master thesis is to develop and experiment techniques that automatically generate diversity in software components. We focus on code diversity, thus, there is diversity when two instances of the same component perform the same function, but with different code. This diversity can take different forms: diversity can be on the structure (different classes or methods), on the code (code mutation, obfuscation), on the quality of service (diversity in optimizing heuristics).
This work on software diversity relies on two essential observations: diversity is an essential property for the survival and resilience of any kind of large scale complex system that evolves in heterogeneous environments (e.g., ecosystems, economical systems or social systems); complex software systems are more and more open to runtime evolutions, but have low levels of diversity, which reduces their ability to face change and thus to survive in case of very heterogeneous environment changes.
The emergence of diversity in software components will rely on two major mechanisms: introduce changes in the code and check the validity of the newly created component. The objective of this master thesis will be to precisely define a set of program modifications that can be performed automatically and the associated mechanisms that check whether these modifications maintain the component in satisfactory functional or qualitative boundaries.
The student will study state of the art in different areas of software engineering that investigate diversity emergence (security [1,2] or system [3]), as well as the notions of contract [4] and approximate computation [5]. On the basis of these existing techniques, the student will experiment automatic software diversification on two different case studies: an optimization software component and an embedded controller. These experiments will aim at evaluating the performance of the diversification techniques as well as the capacity of the checkers to select valid diversity.
This work will be performed in the context of the DIVERSIFY European project aims at investigating the spontaneous emergence of software diversity to improve the robustness of software intensive systems.
References
[1] A. J. O’Donnell and H. Sethu. On achieving software diversity for improved network security using distributed coloring algorithms. In Proc. of CCS ’04, pages 121–131.
[2] C. Linn and S. Debray. Obfuscation of executable code to improve resistance to static disassembly. In Proc. of CCS’03, pages 290–299.
[3] S. Forrest, A. Somayaji, D.H. Ackley. Building diverse computer systems. In Proc. of the Sixth Workshop on Hot Topics in Operating Systems, pages 67-72, 1997.
[4] B. Meyer: Applying “Design by Contract”. IEEE Computer 25(10): 40-51 (1992)
[5] Z. A. Zhu, S. Misailovic, J. A. Kelner, M. C. Rinard: Randomized accuracy-aware program transformations for efficient approximate computations. POPL 2012: 441-454