Tianyin Xu scite author profile

Similar to software bugs, configuration errors are also one of the major causes of today's system failures. Many configuration issues manifest themselves in ways similar to software bugs such as crashes, hangs, silent failures. It leaves users clueless and forced to report to developers for technical support, wasting not only users' but also developers' precious time and effort. Unfortunately, unlike software bugs, many software developers take a much less active, responsible role in handling configuration errors because "they are users' faults."This paper advocates the importance for software developers to take an active role in handling misconfigurations. It also makes a concrete first step towards this goal by providing tooling support to help developers improve their configuration design, and harden their systems against configuration errors. Specifically, we build a tool, called SPEX, to automatically infer configuration requirements (referred to as constraints) from software source code, and then use the inferred constraints to: (1) expose misconfiguration vulnerabilities (i.e., bad system reactions to configuration errors such as crashes, hangs, silent failures); and (2) detect certain types of errorprone configuration design and handling.We evaluate SPEX with one commercial storage system and six open-source server applications. SPEX automatically infers a total of 3800 constraints for more than 2500 configuration parameters. Based on these constraints, SPEX further detects 743 various misconfiguration vulnerabilities and at least 112 error-prone constraints in the latest versions of the evaluated systems. To this day, 364 vulnerabilities and 80 inconsistent constraints have been confirmed or fixed by developers after we reported them. Our results have influenced the Squid Web proxy project to improve its configuration parsing library towards a more user-friendly design.

show abstract

Hey, you have given me too many knobs!: understanding and dealing with over-designed configuration in system software

Jin

Fan

et al. 2015

146

View full text Add to dashboard Cite

Understanding Graph Sampling Algorithms for Social Network Analysis

Wang

Yang

Zhang

et al. 2011

View full text Add to dashboard Cite

Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud

Dang

Zhai

et al. 2019

View full text Add to dashboard Cite

Towards Network-level Efficiency for Cloud Storage Services

Jin

et al. 2014

View full text Add to dashboard Cite

Cloud storage services such as Dropbox, Google Drive, and Microsoft OneDrive provide users with a convenient and reliable way to store and share data from anywhere, on any device, and at any time. The cornerstone of these services is the data synchronization (sync) operation which automatically maps the changes in users' local filesystems to the cloud via a series of network communications in a timely manner. If not designed properly, however, the tremendous amount of data sync traffic can potentially cause (financial) pains to both service providers and users.This paper addresses a simple yet critical question: Is the current data sync traffic of cloud storage services efficiently used? We first define a novel metric named TUE to quantify the Traffic Usage Efficiency of data synchronization. Based on both real-world traces and comprehensive experiments, we study and characterize the TUE of six widely used cloud storage services. Our results demonstrate that a considerable portion of the data sync traffic is in a sense wasteful, and can be effectively avoided or significantly reduced via carefully designed data sync mechanisms. All in all, our study of TUE of cloud storage services not only provides guidance for service providers to develop more efficient, trafficeconomic services, but also helps users pick appropriate services that best fit their needs and budgets.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tianyin Xu

Do not blame users for misconfigurations

Hey, you have given me too many knobs!: understanding and dealing with over-designed configuration in system software

Understanding Graph Sampling Algorithms for Social Network Analysis

Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud

Towards Network-level Efficiency for Cloud Storage Services

Contact Info

Product

Resources

About