Linux-based Function Call Monitoring and Hot-patching for System Resilience

Abstract

In modern society, software is ubiquitous and very complex and diverse. Examples of complex modern software include medical systems, flight systems, and high-reliability systems. Such software must have safety thresholds and must not be interrupted, and must be designed considering high performance and high resilience even in situations such as disasters. However, even if a program planned with the best quality is written, damage to the system due to unpredictable external events is unavoidable. For groups that rely on software and web services, system compromise can have a huge financial impact, so it's important to do everything possible to avoid or mitigate the problematic situation.

The number of cases of system damage corresponding to the aforementioned disaster is quite large, but it can be roughly classified into four types. There are software failures, performance failures, hardware failures, and security failures. A resilient system is presented as a way to mitigate the systemic impact of these failures. A resilient system means a system that can continue to maintain or recover its function even if a problem occurs in the system. Elemental technologies of the resilience system include resistance, detection, reaction, and recovery. The combination of each technology constitutes a resilience system. In this thesis, a function call monitoring tool for detection and a hot-patching tool for reaction and recovery were designed and implemented.

A function call monitoring method was designed and implemented as a method for detecting software errors. The function call monitoring is a technology that determines an error when the application deviates from the function call pattern to be executed. It is implemented as a Linux kernel module for low overhead, and an automata detection technology was built to detect anomalies. Security problems in the system were simulated, and anomalies were normally detected through the proposed technology. In addition, performance comparison was performed with existing technologies that support function call monitoring. Finally, the method for extending the proposed monitoring technology and additional scenarios for it are described.

Hot-patching was designed and implemented as a recovery technique. Hot-patching is a technology that allows new features to be added and deleted without restarting the application. Based on this, an imprecise computing experiment was conducted that can be applied to performance errors that occur when an application lacks resources. In this thesis, an imprecise patch image was created and it was verified whether the application's computing resource usage could be dynamically adjusted using hot-patching. Sacrificing about 0.05% of square root accuracy for a square root application saved 17% CPU usage. In addition, it was confirmed that hot-patching can perform recovery resilience in the actual system by applying it to the communication-based train control resilience CPS example. And based on the experimental results, a scenario that can be applied to a mixed importance system is also described.

It was confirmed that the technology proposed and implemented in this paper runs on x86_64 architecture and ARM architecture. System administrators are expected to be able to build resilient systems using the applications proposed in this paper.