Program Checking Sampath Kannan University of Pennsylvania.

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

A Survey of Runtime Verification Jonathan Amir 2004.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
ECE 720T5 Fall 2012 Cyber-Physical Systems Rodolfo Pellizzoni.
Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,
Algorithmic Complexity Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.
The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.
Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.
Computational problems, algorithms, runtime, hardness
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
Self Adaptive Software
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
Lecture 20: April 12 Introduction to Randomized Algorithms and the Probabilistic Method.
CprE 458/558: Real-Time Systems
Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Recursion Chapter 7. Chapter 7: Recursion2 Chapter Objectives To understand how to think recursively To learn how to trace a recursive method To learn.
The Design and Analysis of Algorithms
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
THE TRANSITION FROM ARITHMETIC TO ALGEBRA: WHAT WE KNOW AND WHAT WE DO NOT KNOW (Some ways of asking questions about this transition)‏
Quadratic Residuosity and Two Distinct Prime Factor ZK Protocols By Stephen Hall.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
COMPSCI 102 Introduction to Discrete Mathematics.
1 Validation & Verification Chapter VALIDATION & VERIFICATION Very Difficult Very Important Conceptually distinct, but performed simultaneously.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Recursion Chapter 7. Chapter Objectives  To understand how to think recursively  To learn how to trace a recursive method  To learn how to write recursive.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Analysis of Algorithms
Chapter 3 Sec 3.3 With Question/Answer Animations 1.
Reasoning about Information Leakage and Adversarial Inference Matt Fredrikson 1.
Constraint Satisfaction Problems (CSPs) CPSC 322 – CSP 1 Poole & Mackworth textbook: Sections § Lecturer: Alan Mackworth September 28, 2012.
Introduction to Algorithms By Mr. Venkatadri. M. Two Phases of Programming A typical programming task can be divided into two phases: Problem solving.
5/27/03MDES Supporting Model-Based Validation at Run-time Insup Lee and Oleg Sokolsky Department of Computer and Information Science University of.
Major objective of this course is: Design and analysis of modern algorithms Different variants Accuracy Efficiency Comparing efficiencies Motivation thinking.
Safety-Critical Systems 5 Testing and V&V T
CS717 Algorithm-Based Fault Tolerance Matrix Multiplication Greg Bronevetsky.
Lecture 11 Data Structures, Algorithms & Complexity Introduction Dr Kevin Casey BSc, MSc, PhD GRIFFITH COLLEGE DUBLIN.
Umans Complexity Theory Lectures Lecture 1a: Problems and Languages.
University of Pennsylvania 7/15/98 Asymmetric Bandwidth Channel (ABC) Architecture Insup Lee University of Pennsylvania July 25, 1998.
SNU OOPSLA Lab. 1 Great Ideas of CS with Java Part 1 WWW & Computer programming in the language Java Ch 1: The World Wide Web Ch 2: Watch out: Here comes.
Title 11/5/2000 eSimplex Architecture Using MaCS Insup Lee Oleg Sokolsky Moonjoo Kim Anirban Majumdar Sampath Kannan Mahesh Viswanathan Insik Shin and.
OPERATING SYSTEMS CS 3530 Summer 2014 Systems and Models Chapter 03.
CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.
Introduction to Hardware Verification ECE 598 SV Prof. Shobha Vasudevan.
Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.
Onlinedeeneislam.blogspot.com1 Design and Analysis of Algorithms Slide # 1 Download From
Real-time Systems Group University of Pennsylvania 10/13/98 1 Design-time and Run-time Assurance Insup Lee Department of Computer and Information Science.
BITS Pilani Pilani Campus Data Structure and Algorithms Design Dr. Maheswari Karthikeyan Lecture1.
Static Translation of Stream Program to a Parallel System S. M. Farhad The University of Sydney.
Introductory Lecture. What is Discrete Mathematics? Discrete mathematics is the part of mathematics devoted to the study of discrete (as opposed to continuous)
CompSci Today’s Topics Computer Science Noncomputability Upcoming Special Topic: Enabled by Computer -- Decoding the Human Genome Reading Great.
Algorithms for Big Data: Streaming and Sublinear Time Algorithms
OPERATING SYSTEMS CS 3502 Fall 2017
Designing Programs that Check Their Work
Introduction to Randomized Algorithms and the Probabilistic Method
The Design and Analysis of Algorithms
The Variable-Increment Counting Bloom Filter
ONR MURI area: High Confidence Real-Time Misuse and Anomaly Detection
Formally Specified Monitoring of Temporal Properties
runtime verification Brief Overview Grigore Rosu
Monitoring, Checking and Steering of Real-Time Systems
Objective of This Course
Dongyun Jin, Patrick Meredith, Dennis Griffith, Grigore Rosu
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.
Presentation transcript:

Program Checking Sampath Kannan University of Pennsylvania

Talk Outline Traditional software reliability paradigms. Program Checking Examples Extensions Spot checking Streams and stream checking Monitoring JAVA programs Future Directions

Traditional Approaches Testing: ad hoc or random test cases. Need to know answers to these cases. No mathematical guarantees. May look inside program. Done during design phase.

Verification: Proves programs correct. Hard to do. Proofs not human-friendly. Looks inside programs. Done during design phase.

Program Checking [BK95] IO I1 I2. Ik Ok. O2 O1 ProgramChecker Coin Tosser

Checker “Correct” if P is correct on all inputs. “Buggy” if P is wrong on input I. Checkers outputs are as above with high probability. Notion of correctness of P assumed to be provided by some rigorous means.

Example – Matrix Multiplication Checker A, B C Coin Tosser vector v A(Bv) = Cv ? Program Freivalds ’79.

Example – Graph Isomorphism G H

Program G, H “Yes”, here is isomorphism “No” Pick G or H at random. Permute to get graph K. Ask the program (G,K). If K obtained from G Expect “Yes”. If K obtained from H Expect “No”. Call program “Buggy” if it does not meet expectation. If Program says “No”: Checker[BK95]

Program Checking Paradigm Checking done at run-time: Overhead to program. Errors detected as they happen. Environment errors also detected. Actual implementation is checked. Checkers are problem specific: Checker design requires ingenuity. Not universal paradigm. Works against all programs for a problem. Don’t need to look at inside of program.

Checking Correctness of Memory Unreliable Memory User Checker Reliable memory checker requests user requests Can check using O(log N)-sized reliable memory that an adversarial memory (RAM, Stack, Queue) of size N is functioning correctly. Techniques used: Special classes of hash functions, cryptographic primitives. BEGKN ’94.

Problems/Areas with Checkers Linear Algebra Group Theory Arithmetic Number Theory Polynomial Algebra Computations with Real Numbers Sorting Data Structures Graph Problems Combinatorial Optimization

Summary of Part 1 Program checking works on mathematically “clean” problems... but it takes a fair amount of effort to come up with a good checker. The definition requires the checker itself to be “simpler” (faster) than the program being checked, but this does not count the cost of additional calls to the program. Challenge: 1) Reduce Overhead 2) Design checkers for more problems So that the technique can be applied to systems w. low resources.

Spot-Checking Question: Can we settle for an “approximate” notion of correctness in order to drastically reduce overhead? Answer: We can in some cases. Using spot checks [EKKRV ’99]

Spot Checking Sorting A program for sorting is approximately correct if (1 –  ) fraction of the output is in ascending order and (1 -  ) fraction of the output elements are input elements. We want a spot-checker that: Says “okay” to correct output Says “Buggy” to output that is not even approximately correct. How do we design such a spot-checker?

Repeat O(1/  ) times Pick random element x from input. Binary search for x in output. If (x not found) report “Buggy” Report “okay”. Method works because: All elements that are successfully found by binary search form an ascending sequence. We are verifying that there is a large ascending sequence and that most input elements are in output. Checker takes O(log n) time!

Streams Deluge of time-dependent data... if we don’t process it soon, it will become irrelevant! or it will be too late! Need to change both What we ask about the data. How we find the answer to our questions. Need good theoretical models to model the constraints under which we operate.

Model Processor Memory could be a CISCO router with netflow software. (size is small relative to stream size.) [FKSV ’99.]

Detecting Anomalies Is this the output of a fair coin? Given streams of data describing internet traffic flow is there an anomalous day? Application to intrusion detection? Can you stand on Times Square, watch the NYSE ticker tape go by twice and decide whether there was a big change in the stock market in between?

Main Results on Streams... (1, 3), (7, 12), (3, 6), (2, -1), (4, -5), (7, 6), (8, 0), (1, -4), (9, 5), (3, -2), (5, -10), (2, 6)... What is the L 1 distance between these two functions? (i.e., ) Our solution: Above distance can be approximated arbitrarily closely using memory that is only logarithmic in length of stream. Stream computing will become increasingly important as will the problem of verifying properties of data streams.

Run-time Monitoring and Checking Sampath Kannan Moonjoo Kim Insup Lee Oleg Sokolsky Mahesh Viswanathan

Objectives Static analysis –abstract model Dynamic behavior checking –consistency between abstract model and implementation To provide a framework for automatic generation of monitors and checkers

Fundamental Issues How does a monitor gather information from a running system? How does the monitor relate to requirements? How do we integrate dynamic monitoring with static analysis? Can monitor be used to steer a system? What mathematical guarantees do monitors provide?

System Spec System Spec Requirement Spec Requirement Spec Formal verification Design System Implementation System Implementation Monitoring Script Monitoring Script Implementation Checker/ Corrector Checker/ Corrector System Filter Communication Run-time Check MAC Architecture Event Handler Event Handler Corrector Checker

Design Issues Filter –passive versus active –when to take snapshot Event Handler –mapping between concrete state and abstract event Checker –inclusion based on trace, ready semantics, bisimulation Corrector –how to provide feedback

Properties Safety –e.g.: The gate is always closed while a train is in crossing. Security –e.g.: detecting denial of service attack. Performance, Real-time –e.g.: QoS - does my car accelerate from 0-60 in 5 sec’s? Resource usage –e.g.: 10 MB of memory.

Future Directions Run-time assurance of correctness is an attractive complement to static analysis. Traditional correctness paradigms are more able to deal with flow-of-control correctness, type checks and the like. The big gap is in ensuring correctness of mathematically sophisticated computation. Program checking fills this gap. As we begin to reason about large programs and large volumes of input and output we need non-traditional models (both in theory and practice) for talking about efficient computation.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.