Deploying Incompatible Unmodified Dynamic Analyses in Production via Multi-version Execution
Imperial College London
Abstract : Popular dynamic analysis tools such as Valgrind and compiler sanitizers are effective at finding and diagnosing challenging bugs and security vulnerabilities. However, they cannot be combined on the same program execution, and incur a high overhead, which typically prevents them from being used in production.
In this talk I will present the FreeDA system which enables to deploy existing multiple incompatible dynamic analysis tools without requiring any modification and while masking their overhead. FreeDA levarages on multi-version execution, in which the dynamic analyses are run alongside the production system. FreeDA is applicable in several common scenarios, involving network servers and interactive applications. In particular, FreeDA is able to deploy Valgrind and Clang's sanitizers to high-performance servers, such as Ngninx and Redis, and interactive applications, such as Git and HTop.
Bio: Luís Pina is currently a post-doc at the Software Reliability Group (SRG) at Imperial College London. He was part of the Programming Languages Group (PLUM) at University of Maryland from 2012 to 2015, and part of the Software Engineering Group (ESW) at INESC-ID in Lisbon from 2009 to 2012.
He holds a PhD on Computer Science from Instituto Superior Técnico, University of Lisbon, Portugal. He developed his dissertation under the supervision of Prof. Luís Veiga and Prof. Michael Hicks, focusing on making Dynamic Software Updates (DSU) practical.
Luís is now working on Multi-Version Execution, with Prof. Cristian Cadar, exploring how to use this technique to deploy costly dynamic analysis techniques in production environments.
For more information: