Key Techniques For Software Behavior Dynamic Analysis

With rapidly progress of the computer technology, the software plays more and more important roles in nowaday information society. Althogh today’s world is increasingly dependent on software systems,the quality of software can’t always satisfy our requirements. You can use Google search to obtain billions of pages about software errors. Software faults and failures occur everywhere. And people suffer a great number of losses from them. Thus, more attentions are played on correctness, reliability, saftey and security of software. Research of trustworthy software is going to be a main direction of software theories and technologies.Currently, little attention has been played to trustworthy software in trusted computing research. There are many challenges placed in front of the research of trustworthy software. First, the traditional theory of software engineering for correctness is difficult to meet the trustworthy requirements for software systems in modern information society. Second, from static structure and internal logic of software, the current software technology analyzed and evaluated trustworthiness indirectly.To ensure the consistency between software run-time behavior and behavioral model is an important goal of the study of trustworthy software technology. This thesis focused on software runtime behavior to carry out our research. By use of program dynamic analysis, we have presented a novel type of behavioral model called hierarchical behavior model, which characterizes the hierarchy of software runtime behavior. Based on the model, several techniques for software behavioral analysis have been developed in the thesis to improve software trustworthiness.(1) Hierarchical behavioral model.Starting from concepts of software runtime behavior, we have discussed the relationship among software execution, behavior and behavioral model, and presented the survey of research related to software behavior. According to the hierarchy of software behavior, the thesis has proposed the behavioral model called hierarchical behavioral model and the method to construct the model from execution traces. With a preliminary tool called HBMer, we have carried out experiments for validating userfulness and extensibility of the model.(2) Automatic runtime anomaly detection based on behavioral model.Using specification mining technology, the thesis has presented software runtime behavior monitoring technique and developed an automatic approach to detect abnormal software behavior on the fly. The approach extracts hierarchical behavioral model from the history of software executions. Then the models are transformed to monitors with which the software system is armed. Our experiments have examined the impact of monitoring and ability of abnormal behavior detectors.(3) Fault localization via hierarchical behavioral model.Traditional program fault localization has many shortcomings. So we have proposed a lightweight fault localization based on analysis of software runtime behavior addressing to the problems of traditional approaches. The models are built according to program execution traces, and have a hierarchical structure. The approach ranks the runtime objects and calls rather than lines of program code, and takes more runtime behavior into consideration. Furthermore, we developed a tool called HMFLer and performed a study to empirically validate the approach. And experimental results indicated that our method outperformed other representative approaches in locating faults for the benchmark.(4) Software behavior analysis in cloud.For software behavior in cloud, we have proposed a behavioral hierarchy of service-based applications with three levels: the internal behavior, the external behavior and the workflow. Extracted models from event logs about interactions between services are used as behavioral specification in conformance checking to assist developers for understanding service-oriented applications. Finally, masquerader detection from analysis of software behavior has been studied. The mapping among user, user behavior, and software behavior has been discussed. Moreover we proposed an approach to detect masquerader attacks based on analysis of software extrernal behavior. Learned from fog computing, decoy information technique has been introduced to the approach for overcoming the limitations of prior works. The preliminary expriment shows that the approach can reduce false positives but without significantly affecting the detection rate in masquerader detection. Our proposed approach is not only to detect masquerade attacks, but also to protect user’s sensitive data on the fly by launching disinformation attacks against malicious insiders.By using of dynamic analysis, the thesis studies the technology of trustworthy software, and provides a new way to analyze dynamic trustworthiness. Not only has important theoretical value, but also has some technical significance in practice.