Software cruising: A new technology for building concurrent software monitor

Dinghao Wu, Peng Liu, Qiang Zeng, Donghai Tian

Research output: Chapter in Book/Report/Conference proceedingChapter

1 Scopus citations

Abstract

We introduce a novel concurrent software monitoring technology, called software cruising. It leverages multicore architectures and utilizes lock-free data structures and algorithms to achieve efficient and scalable security monitoring. Applications include, but are not limited to, heap buffer integrity checking, kernel memory cruising, data structure and object invariant checking, rootkit detection, and information provenance and flow checking. In the software cruising framework, one or more dedicated threads, called cruising threads, are running concurrently with the monitored user or kernel code, to constantly check, or cruise, for security violations. We believe the software cruising technology would result in a game-changing capability in security monitoring for the cloud-based and traditional computing and network systems. We have developed two prototypical cruising systems: Cruiser, a lock-free concurrent heap buffer overflow monitor in user space, and Kruiser, a semi-synchronized non-blocking OS kernel cruiser. Our experimental results showed that software cruising can be deployed in practice with modest overhead. In user space, heap buffer overflow cruising incurs only 5 % performance overhead on average for the SPEC CPU2006 benchmark, and the Apache throughput slowdown is only 3 % maximum and negligible on average. In kernel space, it is negligible for SPEC, and 3.8 % for Apache. Both technologies can be deployed in large scale for cloud data centers and server farms in an automated manner.

Original languageEnglish (US)
Title of host publicationSecure Cloud Computing
PublisherSpringer New York
Pages303-324
Number of pages22
Volume9781461492788
ISBN (Electronic)9781461492788
ISBN (Print)1461492777, 9781461492771
DOIs
StatePublished - Nov 1 2014

All Science Journal Classification (ASJC) codes

  • General Computer Science

Fingerprint

Dive into the research topics of 'Software cruising: A new technology for building concurrent software monitor'. Together they form a unique fingerprint.

Cite this