A Self-healing Component Sandbox for Untrustworthy Third Party Code Execution

Gama, Kiev; Donsez, Didier

doi:10.1007/978-3-642-13238-4_8

Cited by 13 publications

(6 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Gama and Donsez [62] propose using virtual machines in separate processes or using MVM isolates [60] to manage trusted and untrusted components. After an evaluation period, untrusted components can be moved to the trusted JVM if no problems are detected.…”

Section: Related Workmentioning

confidence: 99%

ScapeGoat: Spotting abnormal resource usage in component-based reconfigurable software systems

Gonzalez-Herrera

Bourcier

Daubert

et al. 2016

Journal of Systems and Software

View full text Add to dashboard Cite

Modern component frameworks support continuous deployment and simultaneous execution of multiple software components on top of the same virtual machine. However, isolation between the various components is limited. A faulty version of any one of the software components can compromise the whole system by consuming all available resources. In this paper, we address the problem of efficiently identifying faulty software components running simultaneously in a single virtual machine. Current solutions that perform permanent and extensive monitoring to detect anomalies induce high overhead on the system, and can, by themselves, make the system unstable. In this paper we present an optimistic adaptive monitoring system to determine the faulty components of an application. Suspected components are finely analyzed by the monitoring system, but only when required. Unsuspected components are left untouched and execute normally. Thus, we perform localized just-in-time monitoring that decreases the accumulated overhead of the monitoring system. We evaluate our approach on two case studies against a state-of-the-art monitoring system and show that our technique correctly detects faulty components, while reducing overhead by an average of 93%.

show abstract

Section: Related Workmentioning

confidence: 99%

ScapeGoat: Spotting abnormal resource usage in component-based reconfigurable software systems

Gonzalez-Herrera

Bourcier

Daubert

et al. 2016

Journal of Systems and Software

View full text Add to dashboard Cite

show abstract

“…However, their work is focused on CPU usage and does not consider other resources, such as, memory or I/O. Gama and Donsez [18] propose using virtual machines in separate processes or using MVM isolates [13] to manage trusted and untrusted components. After an evaluation period, untrusted components can be moved to the trusted JVM if no problems are detected.…”

Section: Related Workmentioning

confidence: 99%

Scapegoat: An Adaptive Monitoring Framework for Component-Based Systems

Gonzalez-Herrera

Bourcier

Daubert

et al. 2014

2014 IEEE/IFIP Conference on Software Architecture

View full text Add to dashboard Cite

Abstract-Modern component frameworks support continuous deployment and simultaneous execution of multiple software components on top of the same virtual machine. However, isolation between the various components is limited. A faulty version of any one of the software components can compromise the whole system by consuming all available resources. In this paper, we address the problem of efficiently identifying faulty software components running simultaneously in a single virtual machine. Current solutions that perform permanent and extensive monitoring to detect anomalies induce high overhead on the system, and can, by themselves, make the system unstable. In this paper we present an optimistic adaptive monitoring system to determine the faulty components of an application. Suspected components are finely instrumented for deeper analysis by the monitoring system, but only when required. Unsuspected components are left untouched and execute normally. Thus, we perform localized just-in-time monitoring that decreases the accumulated overhead of the monitoring system. We evaluate our approach against a state-of-the-art monitoring system and show that our technique correctly detects faulty components, while reducing overhead by an average of 80%.

show abstract

“…Gama et al presented a self-healing sandbox for the execution of third party components in OSGi. In the sandbox, no faults are propagated to the trusted parts of the application [32]. The protocol between the trusted platform and the sandbox platform brings considerable performance overhead, and the correct functioning is based on a set of assumptions which may not apply to some real applications.…”

Section: Anomaly Detectionmentioning

confidence: 99%

Online Anomaly Detection for Service-Oriented Components in OSGi-based Applications

Wang¹,

Wei²,

Zhang³

et al. 2013

Appl. Math. Inf. Sci.

View full text Add to dashboard Cite

Abstract:OSGi has become one of the most promising frameworks for managing service-oriented and component-based applications. The OSGi-based service-oriented components delivered by different vendors are usually black-box program units which lack source code and design documents. Thus, it is difficult to evaluate their quality by static code analysis, and the defective components may lead to the failure of the whole system eventually. In this paper, we propose an online method for detecting anomalous service-oriented components in OSGi-based applications. A thread-tracing method is presented to monitor resource utilization and interactions between components. The method considers both the dynamic service invocation and static method invocation. Furthermore, according to the monitored data, we detect anomalous components by control charts, which can detect the anomalous trend of resource utilization without prior knowledge. A prototype tool was implemented and applied to a real application server. The experimental results show that our method 1) is of high accuracy for monitoring resource utilization in component perspective; 2) does not introduce significant overhead; 3) and can detect anomalous components effectively.

show abstract

A Self-healing Component Sandbox for Untrustworthy Third Party Code Execution

Cited by 13 publications

References 24 publications

ScapeGoat: Spotting abnormal resource usage in component-based reconfigurable software systems

ScapeGoat: Spotting abnormal resource usage in component-based reconfigurable software systems

Scapegoat: An Adaptive Monitoring Framework for Component-Based Systems

Online Anomaly Detection for Service-Oriented Components in OSGi-based Applications

Contact Info

Product

Resources

About