1 / 34

Automating Configuration Troubleshooting with Dynamic Information Flow Analysis

Automating Configuration Troubleshooting with Dynamic Information Flow Analysis. Mona Attariyan Jason Flinn University of Michigan. Configuration Troubleshooting Is Difficult. Software systems difficult to configure. Users make mistakes. Misconfigurations happen.

shiloh
Télécharger la présentation

Automating Configuration Troubleshooting with Dynamic Information Flow Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automating Configuration Troubleshooting with Dynamic Information Flow Analysis Mona Attariyan Jason Flinn University of Michigan

  2. Mona Attariyan - University of Michigan Configuration Troubleshooting Is Difficult Software systems difficult to configure Users make mistakes Misconfigurations happen

  3. Mona Attariyan - University of Michigan Configuration Troubleshooting Is Difficult

  4. Mona Attariyan - University of Michigan What To Do With Misconfiguration? Ask colleagues config file …… …… &$%#! ….. ….. A tool that automatically finds the root cause of the misconfiguration in applications? Search manual, FAQ, online forums Look at the code if available

  5. Mona Attariyan - University of Michigan ConfAid Insight • Application code has enough information • to lead us to the root cause How? • Dynamic information flow analysis on application binaries

  6. Mona Attariyan - University of Michigan How to Use ConfAid? ConfAid config file Application …… …… …… likely root causes 1)… 2)… 3)… …… error

  7. Mona Attariyan - University of Michigan Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion

  8. Mona Attariyan - University of Michigan How Developers Find Root Cause Application Config file file = open(config file) token = read_token(file) if (token equals “ExecCGI”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() ExecCGI

  9. Mona Attariyan - University of Michigan How ConfAid Finds Root Cause • ConfAid uses taint tracking Config file file = open(config file) token = read_token(file) if (token equals “ExecCGI”) execute_cgi = 1 … if (execute_cgi == 1) ERROR() ExecCGI

  10. How to Avoid Error? if (a) This path ends before the error happens if (b) This path leads to some other error likely root cause if (c) This path successfully avoids the error

  11. Mona Attariyan - University of Michigan Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion

  12. Mona Attariyan - University of Michigan Data Flow Analysis value of x might change, if tokens or change Tx= { , } Taint propagates via data flow and control flow Ty = { , } x = y + z , Tx= { , , } Tz= { , } Ty Tz

  13. Mona Attariyan - University of Michigan Control Flow Analysis Tc= { } Ta = { } /* c = 0 */ /* x is read from file*/ if (c == 0) { x = a } Tx= { } , , ( ) } Tx= { Ʌ What could cause x to be different? Data flow Control flow

  14. Mona Attariyan - University of Michigan Alternate Path Exploration /* c = 1*/ /* y is read from file*/ if (c) { /*taken path*/ … } else { y = a } ckpt if(c) if(!c) y = a y depends on c

  15. Mona Attariyan - University of Michigan Effect of Alternate Path Exploration /* c = 1*/ /* y is from file*/ if (c) { … } else { y = a } Tc= { } Ta = { } Ty = { } , , ( ) } Ty = { Ʌ Alternate path + Data flow Alternate path exploration What could cause y to be different?

  16. Mona Attariyan - University of Michigan Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion

  17. Mona Attariyan - University of Michigan Embracing Imprecise Analysis • Complete and sound analysis leads to: • poor performance • high false positive rate • To improve performance • To reduce false positives Bounded horizon heuristic Single mistake heuristic • Weighting heuristic

  18. Bounded Horizon Heuristic • Bounded horizon prevents path explosion • Alternate path runs a fixed # of instructions if (b) likely root causes max reached, abort exploration if (c)

  19. Mona Attariyan - University of Michigan Single Mistake Heuristic • Configuration file contains a single mistake • Reduces amount of taint and # of explored paths /* x=1, c=0*/ if (c == 0) { x = a } Tx= { } Tx= { , , ( Ʌ )} Tc= { } Ta = { }

  20. Mona Attariyan - University of Michigan Weighting Heuristic • Insufficient to treat all taint propagations equally • Data flow introduces stronger dependency than ctrl flow • Branches closer to error stronger than farther branches • Assign weights to taints to represent strength level • Data flow taint gets a higher weight than ctrl flow taint • Branches closer to error get higher weight than farther

  21. Mona Attariyan - University of Michigan Example of Weighting Heuristic if (x) { … if (y) { … if (z) { ERROR() } } } likely root causes

  22. Heuristics: Pros and Cons FP = False Positive, FN = False Negative

  23. Mona Attariyan - University of Michigan ConfAid and Multi-process Apps • ConfAid propagates taints between processes • Intercepts IPC system calls • Sends taint along with the data • ConfAid currently supports communication via: • Unix sockets, pipes, TCP and UDP sockets • Regular files

  24. Mona Attariyan - University of Michigan Outline • Motivation • How ConfAid runs • Information flow analysis algorithms • Embracing imprecise analysis • Evaluation • Conclusion

  25. Mona Attariyan - University of Michigan Evaluation • ConfAid debugs misconfiguration in: • OpenSSH 5.1 (2 processes) • Apache HTTP server 2.2.14 (1 process) • Postfix mail transfer agent 2.7 (up to 6 processes) • Manually inject errors to configuration files • Evaluation metrics: • The ranking of the correct root cause • The time to execute the application with ConfAid

  26. Mona Attariyan - University of Michigan Data Sets • Real-world misconfigurations: • total of 18 bugs from manuals, forums and FAQs • Randomly generated bugs: • 60 bugs using ConfErr [Keller et al. DSN 08]

  27. Mona Attariyan - University of Michigan How Effective is ConfAid ? Correct root caused ranked first or second for all 18 real-world bugs 0% 72% 28%

  28. Mona Attariyan - University of Michigan How Effective is ConfAid ? Correct root caused ranked first or second for 55 out of 60 randomly-generated bugs 8% 7% 85%

  29. Mona Attariyan - University of Michigan How Fast is ConfAid? Average execution time for real-world bugs: 1m 32s Average time for randomly-generated bugs: 23s

  30. Mona Attariyan - University of Michigan Conclusion • ConfAid automatically finds root cause of problems • ConfAid uses dynamic information flow analysis • ConfAid ranks the correct root cause as first or second in: • 18 out of 18 real-world bugs • 55 out of 60 random bugs • ConfAid takes only a few minutes to run

  31. Mona Attariyan - University of Michigan Questions?

  32. Mona Attariyan - University of Michigan What if there are multiple mistakes? • ConAid may or may not report all • For independent mistakes, ConfAid first finds the one that led to the first failure • For dependent mistakes, ConfAid may report all based on their effect on program

  33. Mona Attariyan - University of Michigan Effect of Bounded Horizon Heuristic

  34. Mona Attariyan - University of Michigan Effect of Weighting Heuristic Max # tokens: 93 Max # tokens: 49 Max # tokens: 5

More Related