This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Automatically Patching Errors in Deployed Software Jeff H. Perkins α , Sunghun Kim β , Sam Larsen γ , Saman Amarasinghe α , Jonathan Bachrach α , Michael Carbin α , Carlos Pacheco δ , Frank Sherwood, Stelios Sidiroglou α , Greg Sullivan ε , Weng-Fai Wong ζ , Yoav Zibin η , Michael D. Ernst θ , and Martin Rinard α α MIT CSAIL, β HKUST, γ VMware, δ BCG, ε BAE AIT, ζ NUS, η Come2Play, θ U. of Washington [email protected], [email protected], [email protected] ABSTRACT We present ClearView, a system for automatically patching errors in deployed software. ClearView works on stripped Windows x86 binaries without any need for source code, debugging information, or other external information, and without human intervention. ClearView (1) observes normal executions to learn invariants that characterize the application’s normal behavior, (2) uses error detec- tors to monitor the execution to detect failures, (3) identifies viola- tions of learned invariants that occur during failed executions, (4) generates candidate repair patches that enforce selected invariants by changing the state or the flow of control to make the invariant true, and (5) observes the continued execution of patched applica- tions to select the most successful patch. ClearView is designed to correct errors in software with high availability requirements. Aspects of ClearView that make it par- ticularly appropriate for this context include its ability to generate patches without human intervention, to apply and remove patches in running applications without requiring restarts or otherwise per- turbing the execution, and to identify and discard ineffective or damaging patches by evaluating the continued behavior of patched applications. In a Red Team exercise, ClearView survived attacks that exploit security vulnerabilities. A hostile external Red Team developed ten code-injection exploits and used these exploits to repeatedly at- tack an application protected by ClearView. ClearView detected and blocked all of the attacks. For seven of the ten exploits, Clear- View automatically generated patches that corrected the error, en- abling the application to survive the attacks and successfully pro- cess subsequent inputs. The Red Team also attempted to make ClearView apply an undesirable patch, but ClearView’s patch eval- uation mechanism enabled ClearView to identify and discard both ineffective patches and damaging patches. Categories and Subject Descriptors: D.2.5 [ Testing and Debugging ]: Error Handling and Recovery, Monitors D.2.7 [ Distribution, Maintenance, and Enhancement ]: Correc- tions, Enhancement K.6.5 [ Security and Protection ]: Invasive Software General Terms: Security, Reliability, Design, Performance Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, tobear this notice and the full citation on the first page....
View Full Document
- Spring '11
- Call stack, Computer program, Clearview