SlideShare a Scribd company logo

fault injection in operating systems

Lukas Pirl
Lukas Pirl

An overview of historical and current fault-injection techniques used to test operating systems. Additionally, questions that might trigger future work are presented.

Software
1 of 38
Download to read offline
fault injection in operating systems why, where, since when, how, and now? Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam
why
test specification (if any) ensure dependability attribute / OS goals availability, integrity, confidentiality, isolation, … fault model fail-stop? fail-crash? repair roll-back, service degradation, reset, … assess severity assess risk and adequacy of failures Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 3
example seL4 kernel high-assurance microkernel formal specification & proofs guaranteed run times bug-free (against spec.) but how many OSs have a specification? at least, minimal consensus seems to be “it should not crash” Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 4 http://sel4.org/ sources & reading
where
where to inject Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 6 operating system hardware applications hypervisor e.g. send invalid input e.g. introduce latency e.g. stuck bits e.g. device fuzzing e.g. WIN32 message fuzzing e.g. crashing emulated device e.g. syscall fuzzing e.g. crashing modules e.g. local overheating e.g. VM migration fails
where to inject focus of this talk Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 7 operating system hardware applications hypervisor e.g. syscall fuzzing
since
history theoretical foundation 1969 hardware fault injection at IBM simulated to evaluate integrity of logic units during design faults: stuck transistors, open/shorted diodes 1970+ A. Avižienis: early theory on faults coined “fault tolerance”, classification, modelling, … OS support for fault-tolerant HW ⇒ foundation for injection & detection Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 9 Ball, M., and F. Hardie. "Effects and detection of intermittent failures in digital systems." Proceedings of the November 18-20, 1969, fall joint computer conference. ACM, 1969. http://www.avizienis.info/
history fault injection in operating systems 1970 - 1993: nothing!? fault tolerance in hard- and software fault injection in hardware hardware for fault injection in hardware… not applied to OSs or not explicitly mentioned? what about operating systems? Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 10 a lot
history fault injection in operating systems 1993 FINE fault-injection environment for UNIX analyzed error propagation latency software & memory: high, hardware: low 1995 FERRARI flexible SW-based fault and error injection system injects into operating system Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 11 Kao, Wei-Lun, Ravishankar K. Iyer, and Dong Tang. "FINE: A fault injection and monitoring environment for tracing the UNIX system behavior under faults." Software Engineering, IEEE Transactions on 19.11 (1993): 1105-1118. Kanawati, Ghani, Nasser Kanawati, and Jacob Abraham. "FERRARI: A flexible software-based fault and error injection system." Computers, IEEE Transactions on 44.2 (1995): 248-260.
1989: Prof. Barton P. Miller, University of Wisconsin dial-up connection to campus computer thunderstorm → noise on the phone line random characters crashed UNIX utilities → let students write a random character generator to test as much UNIX utilities as possible tool called “fuzz” Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 12 http://karrierenews.diepresse.com/images/uploads/1/4/0/1380672/KnisterndeKarriere_1364287328585110.jpg Rathaus, Noam, and Gadi Evron. Open source fuzzing tools. Syngress, 2011.
13 early fuzzing a lot of utilities crash Miller, Barton P., Louis Fredriksen, and Bryan So. "An empirical study of the reliability of UNIX utilities." Communications of the ACM 33.12 (1990): 32-44.
history random testing / fuzzing again, what about operating systems? 1991: crashme by George J. Carrette developed for nowadays outdated platforms SUN-4, DECstation, IBM RT, Nixdorf, HP-UX, … actually test operating system robustness Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 14 http://people.delphiforums.com/gjc/crashme.html
how
implementations crashme invokes random data as procedure programmatic approach calculate_random(seed, &rand); (rand)(); no detection, monitoring, tracing, … Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 16
implementations crashme manually triggered during runtime (of kernel) fault model crash fault /! must be detected by user/tester Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 17
implementations crashme used for Linux kernel testing ~ since late 1996 (2.0.20) rare crash reports via mailing list ~400 messages Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 18
implementations crashme theoretically runs on wide variety of OSs ran on Linux, Windows 7, 8, Server 2008, 2012 crashed & rebooted: 7, 8.1, 2008; hung: 7, 8.1 no fault injection required for Win10: installer hung no success on Windows XP and 9x binary header produced by Visual Studio > 2005 forbid execution installed Windows XP & Visual Studio 2005 compiles, runs, no errors, no output -.- Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 19
let’s take a look in the lab (demo) Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 20
implementations using system calls Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 21 Haller, A. "Fault Injection in System Calls" seminar on fault injection, Talk, Hasso Plattner Institute Potsdam on 28 May 2015. use API instead of instructions to inject see Angelo Haller’s slides Trinity found bugs and still actively used grey-box testing knows about sanity checks in kernel iknowthis, sysfuzz grey-box testing
implementations using system calls: ballista 1998 - 2001 originally intended as internet service (???) test generated & executed based on API descriptions black-box: only knows interface functions, parameters, data types pretty similar to Trinity? aimed to be highly repeatable detailed logging, reporting later implemented for POSIX C-API on 15 OSs does not run on recent Linux (as noted on the Web site) Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 22 Kropp, Nathan P., Philip J. Koopman, and Daniel P. Siewiorek. "Automated robustness testing of off-the-shelf software components." Fault-Tolerant Computing, 1998. Digest of Papers. Twenty-Eighth Annual International Symposium on. IEEE, 1999. http://users.ece.cmu.edu/~koopman/ballista/
implementations using system calls: ballista Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 23 Koopman, Philip, and John DeVale. "Comparing the robustness of POSIX operating systems." Fault-Tolerant Computing, 1999. Digest of Papers. Twenty-Ninth Annual International Symposium on. IEEE, 1999. commercial or OSS does not seem to correlate with quality
implementations using system calls: ballista Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 24 Koopman, Philip, and John DeVale. "Comparing the robustness of POSIX operating systems." Fault-Tolerant Computing, 1999. Digest of Papers. Twenty-Ninth Annual International Symposium on. IEEE, 1999. so much crashes on expectable invalid input…
implementations iofuzz random input for IO devices to test hypervisors actually found serious bugs in major products ⇒ testing in VMs: not clear if host or guest crashed source not available also via T. Ormandy directly (asked via email) but probably easy to build (go! :)) QUEMU features a similar test looks inspired by iofuzz Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 25 Ormandy, Tavis. "An empirical study into the security exposure to hosts of hostile virtualized environments." (2007): 1-18. https://github.com/qemu/qemu/blob/master/docs/image-fuzzer.txt
implementations Linux Kernel via debugfs /sys/kernel/debug/fail* currently mem & IO configurable triggers interval, probabilities, count filterable by processes extensible some modules (e.g. NFS) come with extension Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 26 https://www.kernel.org/doc/Documentation/fault-injection/fault-injection.txt
and
random testing non-determinism OS scheduler workload interrupts hardware memory positions kernel address space randomization ⇒ hard/impossible to repeat but: no domain knowledge required Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 28
fault-injection tradeoffs generic vs specific higher re-use effective (in exec.) fuzzing edge-case black box Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 29 higher impl. efforts efficient incl. domain knowledge usual-case white box
work ahead? do we need a taxonomy for the tradeoffs? there are most likely more dimensions do we need a(nother) generic framework that can be made more specific by extending it? that can work on specifications? that can automatically test virtualized? that is implemented more high-level? for higher development speed? can we learn from testing old OSs? Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 30
puh…
http://worditout.com/ ? !
Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 33 you now enter the slide graveyard…
history fault injection in operating systems 1995 FIAT fault injection based automated testing environment distributed RT systems planned injection in OS 1995 DOCTOR SW fault injection env. for distributed RT systems yet focussed on HW (CPU, mem, net) instead of OS Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 34 Segall, Zary, et al. "Fiat-fault injection based automated testing environment." Fault-Tolerant Computing, 1995, Highlights from Twenty-Five Years., Twenty-Fifth International Symposium on. IEEE, 1995. Han, Seungjae, Kang G. Shin, and Harold Rosenberg. "Doctor: An integrated software fault injection environment for distributed real-time systems." Computer Performance and Dependability Symposium, 1995. Proceedings., International. IEEE, 1995
Sullivan, Mark, and Ram Chillarege. "Software defects and their impact on system availability: A study of field failures in operating systems." FTCS. 1991. results more or less confirm intuition common: overruns, wrong pointers, wrong allocs etc. skim paper for tables for more information Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 35
Forrester, Justin E., and Barton P. Miller. "An empirical study of the robustness of Windows NT applications using random testing." Proceedings of the 4th USENIX Windows System Symposium. 2000. interesting points random WIN32 messages cause high failure rates they can be sent from app to app! even OS can crash e.g. when generating very much HID input UNIX more likely than Windows Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 36
Gu, Weining, et al. "Characterization of linux kernel behavior under errors." null. IEEE, 2003. looks really elaborate & interesting seems to stick to establishes wording explain kernel fault-injection API do detailed fault analysis Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 37
Mukherjee, Arup, and Daniel P. Siewiorek. "Measuring software dependability by robustness benchmarking." Software Engineering, IEEE Transactions on 23.6 (1997): 366-378. have good discussion about random pro/con properties of test tools in an abstract manner features a comparison of failure classifications Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 38

Recommended

OS Command Injection Analysis
OS Command Injection AnalysisOS Command Injection Analysis
OS Command Injection Analysis
iAppSecure Solutions
 
Hardware hacking 101
Hardware hacking 101Hardware hacking 101
Hardware hacking 101
Tiago Henriques
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to Root
Yashin Mehaboobe
 
Embracing Failure - Fault Injection and Service Resilience at Netflix
Embracing Failure - Fault Injection and Service Resilience at NetflixEmbracing Failure - Fault Injection and Service Resilience at Netflix
Embracing Failure - Fault Injection and Service Resilience at Netflix
Josh Evans
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary Data
Lindsey Landolfi
 
identification and exercise of fault injection campaigns for experimental dep...
identification and exercise of fault injection campaigns for experimental dep...identification and exercise of fault injection campaigns for experimental dep...
identification and exercise of fault injection campaigns for experimental dep...
Lukas Pirl
 
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Jorge Cardoso
 
Cloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injectionCloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injection
Jorge Cardoso
 

Recommended

OS Command Injection Analysis
OS Command Injection AnalysisOS Command Injection Analysis
OS Command Injection Analysis
iAppSecure Solutions
 
Hardware hacking 101
Hardware hacking 101Hardware hacking 101
Hardware hacking 101
Tiago Henriques
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to Root
Yashin Mehaboobe
 
Embracing Failure - Fault Injection and Service Resilience at Netflix
Embracing Failure - Fault Injection and Service Resilience at NetflixEmbracing Failure - Fault Injection and Service Resilience at Netflix
Embracing Failure - Fault Injection and Service Resilience at Netflix
Josh Evans
 
Insider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary DataInsider Attacks: Theft of Intellectual and Proprietary Data
Insider Attacks: Theft of Intellectual and Proprietary Data
Lindsey Landolfi
 
identification and exercise of fault injection campaigns for experimental dep...
identification and exercise of fault injection campaigns for experimental dep...identification and exercise of fault injection campaigns for experimental dep...
identification and exercise of fault injection campaigns for experimental dep...
Lukas Pirl
 
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Cloud Operations and Analytics: Improving Distributed Systems Reliability usi...
Jorge Cardoso
 
Cloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injectionCloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injection
Jorge Cardoso
 
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Codenomicon
 
The 16th Intl. Workshop on Search-Based and Fuzz Testing
The 16th Intl. Workshop on Search-Based and Fuzz TestingThe 16th Intl. Workshop on Search-Based and Fuzz Testing
The 16th Intl. Workshop on Search-Based and Fuzz Testing
Sebastiano Panichella
 
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Iosif Itkin
 
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
Sebastiano Panichella
 
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Iosif Itkin
 
Fuzz
FuzzFuzz
Fuzz
Sunny Summer
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day Management
Codenomicon
 
5 Thomas Magedanz
5 Thomas Magedanz5 Thomas Magedanz
5 Thomas Magedanz
Fire Conference 2010
 
IFIP2023-Abhik.pptx
IFIP2023-Abhik.pptxIFIP2023-Abhik.pptx
IFIP2023-Abhik.pptx
Abhik Roychoudhury
 
Crash Analysis with Reverse Taint
Crash Analysis with Reverse TaintCrash Analysis with Reverse Taint
Crash Analysis with Reverse Taint
marekzmyslowski
 
Risks of Industry 4.0 - An Information Technology Perspective, Thomas USLÄNDER
Risks of Industry 4.0 - An Information Technology Perspective, Thomas USLÄNDERRisks of Industry 4.0 - An Information Technology Perspective, Thomas USLÄNDER
Risks of Industry 4.0 - An Information Technology Perspective, Thomas USLÄNDER
Global Risk Forum GRFDavos
 
Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
INFOGAIN PUBLICATION
 
What is system level analysis
What is system level analysisWhat is system level analysis
What is system level analysis
CAST
 
Fuzz nt
Fuzz ntFuzz nt
Fuzz nt
geeksec80
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ashok Kumar
 
verification of autonomous robotic system
verification of autonomous robotic systemverification of autonomous robotic system
verification of autonomous robotic system
ASJAYASURYA
 
Metaploit
MetaploitMetaploit
Metaploit
Ajinkya Pathak
 
MORSE & HRI -- SIMPAR 2014 (Florian Lier)
MORSE & HRI -- SIMPAR 2014 (Florian Lier)MORSE & HRI -- SIMPAR 2014 (Florian Lier)
MORSE & HRI -- SIMPAR 2014 (Florian Lier)
Florian Lier
 
Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...
Roberto Di Cosmo
 
ScilabTEC 2015 - Irill
ScilabTEC 2015 - IrillScilabTEC 2015 - Irill
ScilabTEC 2015 - Irill
Scilab
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
SelfMade bd
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 

More Related Content

Similar to fault injection in operating systems

Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
INFOGAIN PUBLICATION
 
MORSE & HRI -- SIMPAR 2014 (Florian Lier)
MORSE & HRI -- SIMPAR 2014 (Florian Lier)MORSE & HRI -- SIMPAR 2014 (Florian Lier)
MORSE & HRI -- SIMPAR 2014 (Florian Lier)
Florian Lier
 

Similar to fault injection in operating systems (20)

Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
Fuzzing101 uvm-reporting-and-mitigation-2011-02-10
 
The 16th Intl. Workshop on Search-Based and Fuzz Testing
The 16th Intl. Workshop on Search-Based and Fuzz TestingThe 16th Intl. Workshop on Search-Based and Fuzz Testing
The 16th Intl. Workshop on Search-Based and Fuzz Testing
 
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
 
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
 
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
Introduction into Fault-tolerant Distributed Algorithms and their Modeling (P...
 
Fuzz
FuzzFuzz
Fuzz
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day Management
 
5 Thomas Magedanz
5 Thomas Magedanz5 Thomas Magedanz
5 Thomas Magedanz
 
IFIP2023-Abhik.pptx
IFIP2023-Abhik.pptxIFIP2023-Abhik.pptx
IFIP2023-Abhik.pptx
 
Crash Analysis with Reverse Taint
Crash Analysis with Reverse TaintCrash Analysis with Reverse Taint
Crash Analysis with Reverse Taint
 
Risks of Industry 4.0 - An Information Technology Perspective, Thomas USLÄNDER
Risks of Industry 4.0 - An Information Technology Perspective, Thomas USLÄNDERRisks of Industry 4.0 - An Information Technology Perspective, Thomas USLÄNDER
Risks of Industry 4.0 - An Information Technology Perspective, Thomas USLÄNDER
 
Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
Software CrashLocator: Locating the Faulty Functions by Analyzing the Crash S...
 
What is system level analysis
What is system level analysisWhat is system level analysis
What is system level analysis
 
Fuzz nt
Fuzz ntFuzz nt
Fuzz nt
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
verification of autonomous robotic system
verification of autonomous robotic systemverification of autonomous robotic system
verification of autonomous robotic system
 
Metaploit
MetaploitMetaploit
Metaploit
 
MORSE & HRI -- SIMPAR 2014 (Florian Lier)
MORSE & HRI -- SIMPAR 2014 (Florian Lier)MORSE & HRI -- SIMPAR 2014 (Florian Lier)
MORSE & HRI -- SIMPAR 2014 (Florian Lier)
 
Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...Software Preservation: challenges and opportunities for reproductibility (Sci...
Software Preservation: challenges and opportunities for reproductibility (Sci...
 
ScilabTEC 2015 - Irill
ScilabTEC 2015 - IrillScilabTEC 2015 - Irill
ScilabTEC 2015 - Irill
 

Recently uploaded

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 

Recently uploaded (20)

Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 

fault injection in operating systems

  • 1. fault injection in operating systems why, where, since when, how, and now? Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam
  • 2. why
  • 3. test specification (if any) ensure dependability attribute / OS goals availability, integrity, confidentiality, isolation, … fault model fail-stop? fail-crash? repair roll-back, service degradation, reset, … assess severity assess risk and adequacy of failures Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 3
  • 4. example seL4 kernel high-assurance microkernel formal specification & proofs guaranteed run times bug-free (against spec.) but how many OSs have a specification? at least, minimal consensus seems to be “it should not crash” Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 4 http://sel4.org/ sources & reading
  • 6. where to inject Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 6 operating system hardware applications hypervisor e.g. send invalid input e.g. introduce latency e.g. stuck bits e.g. device fuzzing e.g. WIN32 message fuzzing e.g. crashing emulated device e.g. syscall fuzzing e.g. crashing modules e.g. local overheating e.g. VM migration fails
  • 7. where to inject focus of this talk Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 7 operating system hardware applications hypervisor e.g. syscall fuzzing
  • 9. history theoretical foundation 1969 hardware fault injection at IBM simulated to evaluate integrity of logic units during design faults: stuck transistors, open/shorted diodes 1970+ A. Avižienis: early theory on faults coined “fault tolerance”, classification, modelling, … OS support for fault-tolerant HW ⇒ foundation for injection & detection Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 9 Ball, M., and F. Hardie. "Effects and detection of intermittent failures in digital systems." Proceedings of the November 18-20, 1969, fall joint computer conference. ACM, 1969. http://www.avizienis.info/
  • 10. history fault injection in operating systems 1970 - 1993: nothing!? fault tolerance in hard- and software fault injection in hardware hardware for fault injection in hardware… not applied to OSs or not explicitly mentioned? what about operating systems? Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 10 a lot
  • 11. history fault injection in operating systems 1993 FINE fault-injection environment for UNIX analyzed error propagation latency software & memory: high, hardware: low 1995 FERRARI flexible SW-based fault and error injection system injects into operating system Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 11 Kao, Wei-Lun, Ravishankar K. Iyer, and Dong Tang. "FINE: A fault injection and monitoring environment for tracing the UNIX system behavior under faults." Software Engineering, IEEE Transactions on 19.11 (1993): 1105-1118. Kanawati, Ghani, Nasser Kanawati, and Jacob Abraham. "FERRARI: A flexible software-based fault and error injection system." Computers, IEEE Transactions on 44.2 (1995): 248-260.
  • 12. 1989: Prof. Barton P. Miller, University of Wisconsin dial-up connection to campus computer thunderstorm → noise on the phone line random characters crashed UNIX utilities → let students write a random character generator to test as much UNIX utilities as possible tool called “fuzz” Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 12 http://karrierenews.diepresse.com/images/uploads/1/4/0/1380672/KnisterndeKarriere_1364287328585110.jpg Rathaus, Noam, and Gadi Evron. Open source fuzzing tools. Syngress, 2011.
  • 13. 13 early fuzzing a lot of utilities crash Miller, Barton P., Louis Fredriksen, and Bryan So. "An empirical study of the reliability of UNIX utilities." Communications of the ACM 33.12 (1990): 32-44.
  • 14. history random testing / fuzzing again, what about operating systems? 1991: crashme by George J. Carrette developed for nowadays outdated platforms SUN-4, DECstation, IBM RT, Nixdorf, HP-UX, … actually test operating system robustness Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 14 http://people.delphiforums.com/gjc/crashme.html
  • 15. how
  • 16. implementations crashme invokes random data as procedure programmatic approach calculate_random(seed, &rand); (rand)(); no detection, monitoring, tracing, … Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 16
  • 17. implementations crashme manually triggered during runtime (of kernel) fault model crash fault /! must be detected by user/tester Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 17
  • 18. implementations crashme used for Linux kernel testing ~ since late 1996 (2.0.20) rare crash reports via mailing list ~400 messages Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 18
  • 19. implementations crashme theoretically runs on wide variety of OSs ran on Linux, Windows 7, 8, Server 2008, 2012 crashed & rebooted: 7, 8.1, 2008; hung: 7, 8.1 no fault injection required for Win10: installer hung no success on Windows XP and 9x binary header produced by Visual Studio > 2005 forbid execution installed Windows XP & Visual Studio 2005 compiles, runs, no errors, no output -.- Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 19
  • 20. let’s take a look in the lab (demo) Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 20
  • 21. implementations using system calls Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 21 Haller, A. "Fault Injection in System Calls" seminar on fault injection, Talk, Hasso Plattner Institute Potsdam on 28 May 2015. use API instead of instructions to inject see Angelo Haller’s slides Trinity found bugs and still actively used grey-box testing knows about sanity checks in kernel iknowthis, sysfuzz grey-box testing
  • 22. implementations using system calls: ballista 1998 - 2001 originally intended as internet service (???) test generated & executed based on API descriptions black-box: only knows interface functions, parameters, data types pretty similar to Trinity? aimed to be highly repeatable detailed logging, reporting later implemented for POSIX C-API on 15 OSs does not run on recent Linux (as noted on the Web site) Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 22 Kropp, Nathan P., Philip J. Koopman, and Daniel P. Siewiorek. "Automated robustness testing of off-the-shelf software components." Fault-Tolerant Computing, 1998. Digest of Papers. Twenty-Eighth Annual International Symposium on. IEEE, 1999. http://users.ece.cmu.edu/~koopman/ballista/
  • 23. implementations using system calls: ballista Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 23 Koopman, Philip, and John DeVale. "Comparing the robustness of POSIX operating systems." Fault-Tolerant Computing, 1999. Digest of Papers. Twenty-Ninth Annual International Symposium on. IEEE, 1999. commercial or OSS does not seem to correlate with quality
  • 24. implementations using system calls: ballista Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 24 Koopman, Philip, and John DeVale. "Comparing the robustness of POSIX operating systems." Fault-Tolerant Computing, 1999. Digest of Papers. Twenty-Ninth Annual International Symposium on. IEEE, 1999. so much crashes on expectable invalid input…
  • 25. implementations iofuzz random input for IO devices to test hypervisors actually found serious bugs in major products ⇒ testing in VMs: not clear if host or guest crashed source not available also via T. Ormandy directly (asked via email) but probably easy to build (go! :)) QUEMU features a similar test looks inspired by iofuzz Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 25 Ormandy, Tavis. "An empirical study into the security exposure to hosts of hostile virtualized environments." (2007): 1-18. https://github.com/qemu/qemu/blob/master/docs/image-fuzzer.txt
  • 26. implementations Linux Kernel via debugfs /sys/kernel/debug/fail* currently mem & IO configurable triggers interval, probabilities, count filterable by processes extensible some modules (e.g. NFS) come with extension Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 26 https://www.kernel.org/doc/Documentation/fault-injection/fault-injection.txt
  • 27. and
  • 28. random testing non-determinism OS scheduler workload interrupts hardware memory positions kernel address space randomization ⇒ hard/impossible to repeat but: no domain knowledge required Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 28
  • 29. fault-injection tradeoffs generic vs specific higher re-use effective (in exec.) fuzzing edge-case black box Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 29 higher impl. efforts efficient incl. domain knowledge usual-case white box
  • 30. work ahead? do we need a taxonomy for the tradeoffs? there are most likely more dimensions do we need a(nother) generic framework that can be made more specific by extending it? that can work on specifications? that can automatically test virtualized? that is implemented more high-level? for higher development speed? can we learn from testing old OSs? Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 30
  • 33. Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 33 you now enter the slide graveyard…
  • 34. history fault injection in operating systems 1995 FIAT fault injection based automated testing environment distributed RT systems planned injection in OS 1995 DOCTOR SW fault injection env. for distributed RT systems yet focussed on HW (CPU, mem, net) instead of OS Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 34 Segall, Zary, et al. "Fiat-fault injection based automated testing environment." Fault-Tolerant Computing, 1995, Highlights from Twenty-Five Years., Twenty-Fifth International Symposium on. IEEE, 1995. Han, Seungjae, Kang G. Shin, and Harold Rosenberg. "Doctor: An integrated software fault injection environment for distributed real-time systems." Computer Performance and Dependability Symposium, 1995. Proceedings., International. IEEE, 1995
  • 35. Sullivan, Mark, and Ram Chillarege. "Software defects and their impact on system availability: A study of field failures in operating systems." FTCS. 1991. results more or less confirm intuition common: overruns, wrong pointers, wrong allocs etc. skim paper for tables for more information Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 35
  • 36. Forrester, Justin E., and Barton P. Miller. "An empirical study of the robustness of Windows NT applications using random testing." Proceedings of the 4th USENIX Windows System Symposium. 2000. interesting points random WIN32 messages cause high failure rates they can be sent from app to app! even OS can crash e.g. when generating very much HID input UNIX more likely than Windows Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 36
  • 37. Gu, Weining, et al. "Characterization of linux kernel behavior under errors." null. IEEE, 2003. looks really elaborate & interesting seems to stick to establishes wording explain kernel fault-injection API do detailed fault analysis Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 37
  • 38. Mukherjee, Arup, and Daniel P. Siewiorek. "Measuring software dependability by robustness benchmarking." Software Engineering, IEEE Transactions on 23.6 (1997): 366-378. have good discussion about random pro/con properties of test tools in an abstract manner features a comparison of failure classifications Lukas Pirl | fault injection in operating systems | seminar on fault injection | June 2015 | Hasso Plattner Institute Potsdam | 38