Speaker Olatunji Ruwase
Affiliation Carnegie Mellon University
Host Jim Larus
Date recorded 27 March 2013
Instruction-by-instruction checking of program execution is a powerful method for identifying and mitigating hard-to-find software bugs, including security vulnerabilities. However, adoption of this technique has been limited by the associated performance overheads. This talk will show that decoupling the analysis from, and running it concurrently with the monitored program is a promising approach for addressing the performance limitations of heavyweight program monitoring. Using system software monitoring, I will show that decoupling enables arbitrary instruction-grained dynamic analysis of kernel-mode drivers for safeguarding persistent I/O device state from corruption by driver bugs, without incurring slowdowns that could break timing-sensitive interrupt handling codes. I will present three novel tools for data races, DMA bugs and memory bugs in drivers that are enabled by decoupling. Using application software monitoring, I will show that decoupling enables further optimizations of hand-tuned instruction-grained dynamic analysis codes. I will present novel compiler-based and parallelism-based dynamic optimization techniques that individually achieve up to 3X speedup of state-of-the-art tools for mitigating data races, memory bugs and security vulnerabilities in applications.
©2013 Microsoft Corporation. All rights reserved.
People also watched