A Characterization of State Spill in Modern OSes

Similar documents
MODERN SYSTEMS: EXTENSIBLE KERNELS AND CONTAINERS

Columbia University in the city of new york

Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android

[07] SEGMENTATION 1. 1

Causes of Software Failures

Decoupling Cores, Kernels and Operating Systems

LightVMs vs. Unikernels

Distributed Systems COMP 212. Lecture 18 Othon Michail

OPERATING SYSTEM SUPPORT FOR REDUNDANT MULTITHREADING. Björn Döbel (TU Dresden)

Introduction to Cloud Computing and Virtualization. Mayank Mishra Sujesha Sudevalayam PhD Students CSE, IIT Bombay

PINPOINT: Efficient & Effective Resource Isolation for Mobile Security. & Privacy

Virtual Machines Disco and Xen (Lecture 10, cs262a) Ion Stoica & Ali Ghodsi UC Berkeley February 26, 2018

Virtualization and memory hierarchy

QuantDroid: Quantitative Approach towards Mitigating Privilege Escalation on Android

Interprocess Communication

MICROKERNELS: MACH AND L4

Interactively Verifying Absence of Explicit Information Flows in Android Apps

6.033 Spring Lecture #6. Monolithic kernels vs. Microkernels Virtual Machines spring 2018 Katrina LaCurts

Android System Development Day-4. Team Emertxe

Operating system organizaton

6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014

CS 350 Winter 2011 Current Topics: Virtual Machines + Solid State Drives

Microservices at Netflix Scale. First Principles, Tradeoffs, Lessons Learned Ruslan

GoAhead Software NDIA Systems Engineering 2010

Operating System Structure

Extensible Kernels: Exokernel and SPIN

SieveDroid: Intercepting Undesirable Private-Data Transmissions in Android Applications at Runtime

An Introduction to Software Architecture. David Garlan & Mary Shaw 94

CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 22: Remote Procedure Call (RPC)

Operating System: Chap2 OS Structure. National Tsing-Hua University 2016, Fall Semester

CSCI 420: Mobile Application Security. Lecture 15. Prof. Adwait Nadkarni

SMART DEVICES: DO THEY RESPECT YOUR PRIVACY?

Course Outline. Lesson 2, Azure Portals, describes the two current portals that are available for managing Azure subscriptions and services.

The Adapter Pattern. Interface with anything!

A State Spill-free Operating System. Theseus: Rice Efficient Computing Group Rice University. PLOS 2017 October 28

CS 307: Software Engineering. Lecture 10: Software Design and Architecture

CHAPTER 3 - PROCESS CONCEPT

Dynamic Translator-Based Virtualization

Operating-System Structures

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

COMMUNICATION IN DISTRIBUTED SYSTEMS

RUNTIME PERMISSIONS IN ANDROID 6.0 Lecture 10a

Data Centers and Cloud Computing

Data Centers and Cloud Computing. Slides courtesy of Tim Wood

Services are software components designed specifically to perform long background operations.

CIS Operating Systems CPU Mode. Professor Qiang Zeng Spring 2018

Data Centers and Cloud Computing. Data Centers

Part V. Process Management. Sadeghi, Cubaleska RUB Course Operating System Security Memory Management and Protection

Logging, Monitoring, and Alerting

Spring 2017 :: CSE 506. Introduction to. Virtual Machines. Nima Honarmand

IO virtualization. Michael Kagan Mellanox Technologies

AWS Lambda: Event-driven Code in the Cloud

Modern Stream Processing with Apache Flink

Operating Systems Overview

DISTRIBUTED SYSTEMS [COMP9243] Distributed Object based: Lecture 7: Middleware. Slide 1. Slide 3. Message-oriented: MIDDLEWARE

OPERATING SYSTEMS UNIT - 1

Android Services & Local IPC: The Activator Pattern (Part 2)

On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis

Mobile Middleware Course. Mobile Platforms and Middleware. Sasu Tarkoma

OS Structure. Kevin Webb Swarthmore College January 25, Relevant xkcd:

Virtual Memory I. CSE 351 Spring Instructor: Ruth Anderson

Processes, Threads and Processors

The Actor Model applied to the Raspberry Pi and the Embedded Domain. The Erlang Embedded Project. Omer

Chapter 10 DISTRIBUTED OBJECT-BASED SYSTEMS

EEE 435 Principles of Operating Systems

Process. Operating Systems (Fall/Winter 2018) Yajin Zhou ( Zhejiang University

Azure Development Course

DISTRIBUTED COMPUTING

Course Outline. Developing Microsoft Azure Solutions Course 20532C: 4 days Instructor Led

Repairing crashes in Android Apps. Shin Hwei Tan Zhen Dong Xiang Gao Abhik Roychoudhury National University of Singapore

Secure Programming Lecture 15: Information Leakage

Protecting Users by Confining JavaScript with COWL

Information-Flow Analysis of Android Applications in DroidSafe

Dynamics of Hot-Potato Routing in IP Networks

Module 1: Introduction

JiST Java in Simulation Time An efficient, unifying approach to simulation using virtual machines

Automatically Identifying Critical Input and Code Regions in Applications

What are some common categories of system calls? What are common ways of structuring an OS? What are the principles behind OS design and

KLIMAX: Profiling Memory Write Patterns to Detect Keystroke-Harvesting Malware

Labels and Information Flow

05 Indirect Communication

Distributed Operating Systems Fall Prashant Shenoy UMass Computer Science. CS677: Distributed OS

CDMI for Cloud IPC David Slik NetApp, Inc.

Developing Microsoft Azure Solutions: Course Agenda

Virtual Machines. To do. q VM over time q Implementation methods q Hardware features supporting VM q Next time: Midterm?

Maxoid: Transparently Confining Mobile Applications with Custom Views of State

Introduction to OS (cs1550)

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN. Chapter 3 Processes

Exokernel: An Operating System Architecture for Application Level Resource Management

CS5460: Operating Systems Lecture 20: File System Reliability

Networks and Operating Systems Chapter 11: Introduction to Operating Systems

6.828: OS/Language Co-design. Adam Belay

DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices

K a t h y Meier- H e l l s t e r n, P h D

Xen and the Art of Virtualization. CSE-291 (Cloud Computing) Fall 2016

UNIVERSITY OF CAGLIARI

Virtualization. Dr. Yingwu Zhu

Towards Generic and Middleware-independent Support for Replicated, Distributed Objects

Techno Expert Solutions

MicroQoSCORBA A QoS-Enabled, Reflective, and Configurable Middleware Framework for Embedded Systems

Transcription:

A Characterization of State Spill in Modern OSes Kevin Boos Emilio Del Vecchio Lin Zhong ECE Department, Rice University EuroSys 2017

How do we deal with complexity? 2

Modularization 1234 complex system 3

Modularization 1 2 3 4 4

Reducing complexity should make things easier Process migration 1 2 3 4 Fault isolation & fault tolerance Live update, hotswapping, software virtualization Maintainability Security and more 5

Modularization is not enough! 1 2 interactions have complex effects! Effects of interactions: 3 4 Propagation of data and control Changes to the state of each entity state spill 6

State spill in a nutshell a new term to describe the phenomenon when: A software entity s state undergoes lasting change as a result of an interaction with another entity. 7

Outline of contributions 1. Define and identify state spill as a root cause of challenging problems in computing 2. Classify state spill examples collected from real OSes 3. Automate state spill detection with STATESPY 4. Results from Android system services 8

Definition of State Spill 9

State spill definition by example Source (application) public void main() { int id = ; byte cfg = ; fn cb = handlecb; service.addcallback( id, cfg, cb); log( added cb! ); } void handlecb() { // do something } Destination (system service) public class SystemService { static int scount; byte mconfig; List<Callback> mcallbacks; int unrelated; public void addcallback( int id, byte cfg, temporary Callback cb) { int b = id; Log.print("id=" + b); mconfig = cfg; mcallbacks.add(cb); scount++; } } Before (empty) During After 10

STATESPY: Automated State Spill Detection 11

STATESPY: runtime + static analysis Goal: help developers understand how state spill occurs in their entities Source files Running software entity Static analysis Resolution requests Modification-reachable whitelist Runtime analysis State spill results Runtime type resolutions 12

State Spill in Android Services 13

Evaluating Android system services Binder IPC transactions Application Proxy Stub Service StateSpy monitors service stub boundary (ontransact) monkey induces real apps to invoke various transactions Found state spill in 94% of service stubs analyzed. 14

Secondary state spill Entity S Entity D1 Entity D2 User Applications UiModeManagerService VibratorService KeyguardService AlarmManagerService UsbService AudioService InputManagerService ActivityManagerService HdmiControlService NotificationManagerService DisplayManagerService PowerManagerService UserManagerService StatusBarManagerService WindowManagerService SensorService PackageManagerService Hinders fault tolerance, hot-swapping, maintainability 15

Case study: Flux [EuroSys 15] App App App Sensor Location Input Sensor Location Input Alarm Notification Clipboard Alarm Notification Clipboard Android app migration via record & replay Manually handles residual dependencies with decorator methods for each service transaction Significant effort to overcome state spill Alex Van t Hof, et al., Flux: multi-surface computing in Android, EuroSys 2015. 16

Case study: Flux [EuroSys 15] App App App?? Sensor Location Input Sensor Location Input Alarm Notification Clipboard Alarm Notification Clipboard Android app migration via record & replay Manually handles residual dependencies with decorator methods for each service transaction Significant effort to overcome state spill Alex Van t Hof, et al., Flux: multi-surface computing in Android, EuroSys 2015. 17

Case study: Flux [EuroSys 15] App App App Sensor Location Input Sensor Location Input Alarm Notification Clipboard Alarm Notification Clipboard Android app migration via record & replay Manually handles residual dependencies with decorator methods for each service transaction Significant effort to overcome state spill 18

Comparison with Flux Not decorated 77% Flux 23% Using Flux apps, we reproduced 113 unique transactions for analysis with STATESPY 19

High correlation with state spill Not decorated 77% Flux 23% Causes State Spill 92% State spill identifies problematic service transactions and which states need special handling 20

STATESPY catches what s missing missed 21% Not decorated Safely ignored 79% 77% Flux 23% Found state spill in 18 (21%) undecorated methods, each is potentially dangerous Easy detection demonstrates STATESPY s utility 21

Parting Thoughts 22

Designs to avoid state spill Client-provided resources Stateless communication RESTful principle Separation of multiplexing from indirection Hardening of entity state Modularity without interdependence 23

Related work Coupling [1] /modularity [2] as a necessary condition Info-flow analysis [3,4] Designs that partially reduce state spill Compartmentalizing important states Barrelfish/DC [5], Microreboot [6], CuriOS [7] RESTful architectures (web) [11,12] 24

Conclusion State spill is an underlying problem that hinders many computing goals Prevalent and deeply ingrained in many OSes Reducing state spill will lead to better designs More so than minimizing coupling, etc. Next steps: redesign OS to minimize state spill STATESPY & more: http://download.recg.org 25

References (1) J. Offutt, et al., A software metric system for module coupling. Journal of Systems and Software, 1993. (2) B. Ford, et al., The Flux OSKit: A substrate for kernel and language research. SOSP, 1997. (3) S. Arzt, et al., FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. PLDI, 2014. (4) W. Enck, et al., TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. OSDI, 2010. (5) G. Zellweger, et al., Decoupling cores, kernels, and operating systems. OSDI, 2014. (6) G. Candea, et al., Microreboot - a technique for cheap recovery. OSDI, 2004. (7) F. David, et al., CuriOS: Improving reliability through operating system structure. OSDI, 2008. (8) D. Engler, et al., Exokernel: An operating system architecture for application-level resource management. SOSP, 1995. (9) D. Porter, et al., Rethinking the library os from the top down. ASPLOS, 2011. (10) A. Madhavapeddy, et al., Unikernels: Library operating systems for the cloud. ASPLOS, 2013. (11) C. Pautasso and E. Wilde. Why is the web loosely coupled?: a multi-faceted metric for service design. WWW, 2009. (12) C. Pautasso, et al., RESTful web services vs. big web services: making the right architectural decision. WWW, 2008. 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback