Software Behaviour Correlation in a Redundant and Diverse Environment Using the Concept of Trace Abstraction

Redundancy and diversity has been shown to be an effective approach for ensuring service continuity (an important requirement for autonomic systems) despite the presence of anomalies due to attacks or faults. In this paper, we focus on operating system (OS) diversity, which is useful in helping a system survive  kernel-level anomalies. We propose an approach for detecting anomalies in the presence of OS diversity. We achieve this by comparing kernel-level traces generated from instances of the same application deployed on different OS. Our trace correlation process relies on the concept of trace abstraction, in which low-level system events are transformed into higher-level concepts, freeing the trace from OS-related events. We show the effectiveness of our approach through a case study, in which we selected Linux and FreeBSD as target OS. We also report on lessons learned, setting the ground for future research.

Date: 
Thursday, October 3, 2013
Publication authors (members): 
Abdelwahab Hamou-Lhadj
Mario Couture
Shariyar Murtaza
Publication authors (collaborators): 
Maher Idris
Ali Mehrabian
Raphael Khoury
Publisher: 
ACM
Bibtex: 
A. Hamou-Lhadj, S. S. Murtaza, W. Fadel, A. Mehrabian, M. Couture, R. Khoury, "Software Behaviour Correlation in a Redundant and Diverse Environment Using the Concept of Trace Abstraction," In Proc. of the ACM 2013 Research in Adaptive and Convergent Systems Conference (RACS'13), Montrela, QC, Canada 2013.
Publication status: 
Published
Publication upload: 

Tracks concerned: