1. David Evans evans@cs.virginia.edu http://www.cs.virginia.edu/~evans The Bugs and the Bees Research in Swarm Programming and Security University of Virginia Department of Computer Science

2. 9 Nov 2001David Evans - CSCP2 Research Projects The Bugs The Bees - “Programming the Swarm” Splint How can we efficiently find coding errors? How can we program large collections of devices and reason about their behavior?

3. 9 Nov 2001David Evans - CSCP3 A Gross Oversimplification Effort Required Low Unfathomable Formal Verifiers Bugs Detected none all Compilers Splint

4. 9 Nov 2001David Evans - CSCP4 Approach Extend type checking to detect more classes of problems Programmers add annotations (formal specifications) –Simple and precise –Describe programmers intent: Types, memory management, data hiding, aliasing, modification, null-ity, buffer sizes, security, etc. Splint detects inconsistencies between annotations and code –Simple (fast!) dataflow analyses

5. 9 Nov 2001David Evans - CSCP5 Recent Work Detecting Buffer Overflow Vulnerabilities [David Larochelle] –Most commonly exploited security vulnerability –Still the most common attack Code Red exploited buffer overflow in IIS >50% of CERT advisories, 23% of CVE entries in 2001 Attributes describe sizes of allocated buffers

6. 9 Nov 2001David Evans - CSCP6 Splint More information: splint.cs.virginia.edu IEEE Software Jan/Feb 2002 USENIX Security ’01, PLDI ’96 Public release (since 1996 as LCLint) – real users, mentioned in C FAQ, C Unleashed, Linux Journal, etc. We need cooperative industrial users Students: –Graduate: David Larochelle, Greg Yukl –Undergraduate: David Friedman, Mike Lanouette, Hien Phan Funding: NASA

7. 9 Nov 2001David Evans - CSCP7 Programming the Swarm

8. 9 Nov 2001David Evans - CSCP8 (Really) Brief History of Computer Science 1950196019701980 1990 2001- Machines Programming Methods Reasoning Tools Monolithic Computers First High-Level Languages Manual Proof of Properties of Trivial Programs “Programming in the Small” Fixed Networks of PCs Modular Programming, Interfaces, Objects Tools for Reasoning about Distributed Programs “Programming in the Large” “Programming the Swarm” Billions of small, cheap unreliable devices in physical environments Swarm Programming, Group Behaviors Tools for Reasoning about Groups in unpredictable environments

9. 9 Nov 2001David Evans - CSCP9 Programming the Swarm: Long-Range Goal Cement 10 GFlop

10. 9 Nov 2001David Evans - CSCP10 Why this Might be Possible? Biology Does It –Ant routing Find best route to food source using pheromone trails –Bee house-hunting Reach consensus by dancing and split to new hive –Complex creatures self-organize from short DNA program and dumb chemicals Genetic code for 2 humans differs in only 2M base pairs (.5 MB < 1% of Win2000)

11. 9 Nov 2001David Evans - CSCP11 Swarm Programming Model Swarm Program Synthesizer Environment Model Behavioral Description Device Model Primitives Library Device Units Programmed Device Units Device Programs

12. 9 Nov 2001David Evans - CSCP12 Research Issues How can we describe the properties of swarm behaviors, devices and environments? What are the right primitives and combination mechanisms? How can we synthesize swarm programs with known functional and non-functional properties? Security –Can we use swarm programming to build systems that are resilient to classes of attack? –Can we produce swarm programs with known behavioral constraints? –Can we provide privacy using wireless communications in a swarm?

13. 9 Nov 2001David Evans - CSCP13 Programming the Swarm swarm.cs.virginia.edu Students: –Graduate: Gilbert Backers, Joel Winstead, Weilin Zhong –Undergraduates: Keen Browne, Mike Cuvelier, John Calandrino, Bill Oliver, Mike Hoyge, Jon McCune, Errol McEachron, Ankush Seth Funding: NSF