Lead Inventor:
Angelos D. Keromytis
Software Programming Errors, Bugs, Require Recovery Mechanisms for Improved Software Quality and Security
Software programming errors, referred as ""bugs,"" often cause software applications to exhibit unintended behavior, to crash, and/or to be vulnerable to security threats or attacks. Once a software application containing bugs is deployed, various faults can occur. Due to the complexity of many software applications, conventional approaches dealing with software errors are often unsatisfactory, especially when high performance and high availability is required.
To improve software quality and security, speculative recovery/execution mechanisms have been introduced. While promising, the major limitation of these schemes is the lack of any assurances of ""good behavior"" of the program once the recovery mechanism is invoked. Therefore, a reactive and automated approach, in particular, an approach to enable a software application to self-healing during execution, is desirable.
Detection and Recovery of Software Applications
This invention, presents a new technique for detecting and recovering from faults. The idea of ""rescue points"" as program locations to which an application can recover its execution in the presence of failure is introduced. The use of rescue points reduces the chance of unanticipated execution paths, and therefore making recovery more robust.
The efficacy of a prototype was examined for the Linux operation system on six open source server applications. And the technique was shown to recover execution with 100% success rate on extensive fault injections with low operational overhead.
Patent application for this invention has been published, as well as a
book chapter in 'Aspects of Network and Information Security' and a number of
peer reviewed conference proceedings worldwide.
Applications:
• Method for recovering a software application i.e. server application, from a fault condition
• Can be used in a variety of computer programs for the purpose of fault detection
• Can be used in conjunction with a variety of fault-detection mechanisms
Advantages:
• The technique selects and returns appropriate error value to the caller, thus enabling the software application to avoid executing instructions that causes the application to crash.
• The use of rescue points makes the recovery more robust.
• Rescue points induce faults at locations that are known to propagate faults correctly, instead of trying to mask errors similar to some previous technologies.
• Decoupling of fault detection component and recovery mechanism allows the use of a variety of fault-detection mechanisms.
• This decoupling has additional fringe benefits on performance and completeness.
Opportunities:
• Sponsored research funding for continued improving of the technique
• Licensing
Patent Status: Patent Pending (
WO/2008/091272)
Publications:
""The Case for Self-Healing Software"" in 'Aspects of Network and Information Security' (book chapter)
Licensing Status: Available for Licensing and Sponsored Research Support