CSCP: The Bugs and the Bees: Research in Swarm Programming and Security

1. The Bugs and the Bees Research in Swarm Programming and Security David Evans evans@cs.virginia.edu http://www.cs.virginia.edu/~evans University of Virginia Department of Computer Science

2. Splint Research Projects • The Bugs • The Bees - “Programming the Swarm” How can we efficiently find coding errors? How can we program large collections of devices and reason about their behavior? David Evans - CSCP

3. A Gross Oversimplification all Formal Verifiers Bugs Detected Splint Compilers none Low Unfathomable Effort Required David Evans - CSCP

4. Approach • Extend type checking to detect more classes of problems • Programmers add annotations (formal specifications) • Simple and precise • Describe programmers intent: • Types, memory management, data hiding, aliasing, modification, null-ity, buffer sizes, security, etc. • Splint detects inconsistencies between annotations and code • Simple (fast!) dataflow analyses David Evans - CSCP

5. Recent Work • Detecting Buffer Overflow Vulnerabilities [David Larochelle] • Most commonly exploited security vulnerability • Still the most common attack • Code Red exploited buffer overflow in IIS • >50% of CERT advisories, 23% of CVE entries in 2001 • Attributes describe sizes of allocated buffers David Evans - CSCP

6. Splint • More information: splint.cs.virginia.edu IEEE Software Jan/Feb 2002 USENIX Security ’01, PLDI ’96 • Public release (since 1996 as LCLint) – real users, mentioned in C FAQ, C Unleashed, Linux Journal, etc. • We need cooperative industrial users • Students: • Graduate: David Larochelle, Greg Yukl • Undergraduate: David Friedman, Mike Lanouette, Hien Phan • Funding: NASA David Evans - CSCP

7. Programming the Swarm David Evans - CSCP

8. “Programming the Swarm” “Programming in the Small” “Programming in the Large” Billions of small, cheap unreliable devices in physical environments Swarm Programming, Group Behaviors Tools for Reasoning about Groups in unpredictable environments Monolithic Computers First High-Level Languages Manual Proof of Properties of Trivial Programs Fixed Networks of PCs Modular Programming, Interfaces, Objects Tools for Reasoning about Distributed Programs (Really) Brief History of Computer Science 1990 1950 1960 1970 1980 2001- Machines Programming Methods Reasoning Tools David Evans - CSCP

9. Programming the Swarm: Long-Range Goal Cement 10 GFlop David Evans - CSCP

10. Why this Might be Possible? • Biology Does It • Ant routing • Find best route to food source using pheromone trails • Bee house-hunting • Reach consensus by dancing and split to new hive • Complex creatures self-organize from short DNA program and dumb chemicals • Genetic code for 2 humans differs in only 2M base pairs (.5 MB < 1% of Win2000) David Evans - CSCP

11. Swarm Programming Model Behavioral Description Device Units Swarm Program Synthesizer Device Programs Environment Model Programmed Device Units Device Model Primitives Library David Evans - CSCP

12. Research Issues • How can we describe the properties of swarm behaviors, devices and environments? • What are the right primitives and combination mechanisms? • How can we synthesize swarm programs with known functional and non-functional properties? • Security • Can we use swarm programming to build systems that are resilient to classes of attack? • Can we produce swarm programs with known behavioral constraints? • Can we provide privacy using wireless communications in a swarm? David Evans - CSCP

13. Programming the Swarm swarm.cs.virginia.edu • Students: • Graduate: Gilbert Backers, Joel Winstead, Weilin Zhong • Undergraduates: Keen Browne, Mike Cuvelier, John Calandrino, Bill Oliver, Mike Hoyge, Jon McCune, Errol McEachron, Ankush Seth • Funding: NSF David Evans - CSCP