Xing Gao,Zhongshu Gu,Zhengfa Li,Hani Jamjoom,Cong Wang

DOI: https://doi.org/10.1145/3319535.3354227

2019-01-01

Abstract:Linux Control Groups, i.e., cgroups, are the key building blocks to enable operating-system-level containerization. The cgroups mechanism partitions processes into hierarchical groups and applies different controllers to manage system resources, including CPU, memory, block I/O, etc. Newly spawned child processes automatically copy cgroups attributes from their parents to enforce resource control. Unfortunately, inherited cgroups confinement via process creation does not always guarantee consistent and fair resource accounting. In this paper, we devise a set of exploiting strategies to generate out-of-band>workloads via de-associating processes from their original process groups. The system resources consumed by such workloads will not be charged to the appropriate cgroups. To further demonstrate the feasibility, we present five case studies within Docker containers to demonstrate how to break the resource rein of cgroups in realistic scenarios. Even worse, by exploiting those cgroups' insufficiencies in a multi-tenant container environment, an adversarial container is able to greatly amplify the amount of consumed resources, significantly slow-down other containers on the same host, and gain extra unfair advantages on the system resources. We conduct extensive experiments on both a local testbed and an Amazon EC2 cloud dedicated server. The experimental results demonstrate that a container can consume system resources (e.g., CPU) as much as $200\times$ of its limit, and reduce both computing and I/O performance of particular workloads in other co-resident containers by 95%.

Xiaoqiong Zhao,Xin Xia,Pavneet Singh Kochhar,David Lo,Shanping Li

DOI: https://doi.org/10.1145/2554850.2555142

2014-01-01

Abstract:Software build process translates source codes into executable programs, packages the programs, generates documents, and distributes products. In this paper, we perform an empirical study to characterize build process bugs. We analyze bugs in build process in 5 open-source systems under Apache namely CXF, Camel, Felix, Struts, and Tuscany. We compare build process bugs and other bugs across 3 different dimensions, i.e., bug severity, bug fix time, and the number of files modified to fix a bug. Our results show that the fraction of build process bugs which are above major severity level is lower than that of other bugs. However, the time effort required to fix a build process bug is around 2.03 times more than that of a non-build process bug, and the number of source files modified to fix a build process bug is around 2.34 times more than that modified for a non-build bug.

Xiao Xuan,Xiaoqiong Zhao,Ye Wang,Shanping Li

DOI: https://doi.org/10.1587/transinf.2015edl8084

2015-01-01

IEICE Transactions on Information and Systems

Abstract:Bugs in industrial financial systems have not been extensively studied. To address this gap, we focused on the empirical study of bugs in three systems, PMS, beta-Analyzer, and OrderPro. Results showed the 3 most common types of bugs in industrial financial systems to be internal interface (19.00%), algorithm/ method (17.67%), and logic (15.00%).

Xiaoxue Ren,Qiao Huang,Xin Xia,Zhenchang Xing,Lingfeng Bao,David Lo

DOI: https://doi.org/10.1109/compsac.2018.00065

2018-01-01

Abstract:Ubuntu is an open source software platform that runs everywhere from the smartphone, the tablet and the PC to the server and the cloud. In Ubuntu, there are many self-contained or third-party software packages for different use, and a bug report in Ubuntu could affect one or more packages simultaneously. Identifying the common package bugs in Ubuntu can help both developers and users better understand the packages they are developing or using, and also provide further guidelines to developers of similar packages in the future. In this paper, we perform a large-scale empirical study of common package bugs on Ubuntu by leveraging topic modeling. By analyzing a total of 240,097 bug reports, we identify 3 general bugs that are common to all Ubuntu packages, i.e., Graphical User Interface (GUI), Maintenance, and Runtime bugs. Moreover, we categorize top-100 packages with most number of bug reports into 6 categories (i.e., graphics, internet, office, sound and video, system management, and kernel), and identify domain-specific bugs for each category.

Sishuai Gong,Pedro Fonseca,Cong Liu

DOI: https://doi.org/10.1145/3575693.3575731

2023-01-27

Abstract:Container isolation is implemented through OS-level virtualization, such as Linux namespaces. Unfortunately, these mechanisms are extremely challenging to implement correctly and, in practice, suffer from functional interference bugs, which compromise container security. In particular, functional interference bugs allow an attacker to extract information from another container running on the same machine or impact its integrity by modifying kernel resources that are incorrectly isolated. Despite their impact, functional interference bugs in OS-level virtualization have received limited attention in part due to the challenges in detecting them. Instead of causing memory errors or crashes, many functional interference bugs involve hard-to-catch logic errors that silently produce semantically incorrect results. This paper proposes KIT, a dynamic testing framework that discovers functional interference bugs in OS-level virtualization mechanisms, such as Linux namespaces. The key idea of KIT is to detect inter-container functional interference by comparing the system call traces of a container across two executions, where it runs with and without the preceding execution of another container. To achieve high efficiency and accuracy, KIT includes two critical components: an efficient algorithm to generate test cases that exercise inter-container data flows and a system call trace analysis framework that detects functional interference bugs and clusters bug reports. KIT discovered 9 functional interference bugs in Linux kernel 5.13, of which 6 have been confirmed. All bugs are caused by logic errors, showing that this approach is able to detect hard-to-catch semantic bugs.

Computer Science

Hao Ren,Yanhui Li,Lin Chen

DOI: https://doi.org/10.1145/3387904.3389267

2020-01-01

Abstract:Blocking bugs are a severe type of bugs that prevent other bugs from being fixed. As software becomes increasingly complex and large, blocking bugs occur in many large-scale software, especially in software ecosystems. Blocking bugs may have a high negative impact on software development and maintenance. Usually, blocking bugs preventing more bugs should be more concerned. In this paper, we focus on a special type of blocking bugs that block at least two bugs, which we call Critical Blocking Bugs (CBBs). We study CBBs from the following five aspects: the importance, the repair time, the scale of repair, the experience of developers who repair CBBs, and the circumstance why CBBs block multiple bugs. We build a dataset containing five open source projects and classify bugs into three types (i.e., critical blocking bugs, normal blocking bugs and other bugs, which block at least two, just one and zero bugs, respectively) to compare the differences between CBBs and other types of bugs. The experimental results show that CBBs are more important with longer repair time and larger repair scale, and CBBs are concentrated on parts of components of the project. These results highlight that CBBs are different from other types of bugs in many aspects, and we should pay more attention to such bugs in the future software maintenance process.

Junjie Chen,Yihua Liang,Qingchao Shen,Jiajun Jiang,Shuochuan Li

2024-08-21

Abstract:DL frameworks are the basis of constructing all DL programs and models, and thus their bugs could lead to the unexpected behaviors of any DL program or model relying on them. Such a wide effect demonstrates the necessity and importance of guaranteeing DL frameworks' quality. Understanding the characteristics of DL framework bugs is a fundamental step for this quality assurance task, facilitating designing effective bug detection and debugging approaches. Hence, in this work we conduct the most large-scale study on 1,000 bugs from four popular and diverse DL frameworks (i.e., TensorFlow, PyTorch, MXNet, and DL4J). By analyzing the root causes and symptoms of DL framework bugs associated with 5 components decomposed from DL frameworks, as well as measuring test coverage achieved by three state-of-the-art testing techniques, we obtain 12 major findings for the comprehensive understanding of DL framework bugs and the current status of existing DL framework testing practice, and then provide a series of actionable guidelines for better DL framework bug detection and debugging. Finally, based on the guidelines, we design and implement a prototype DL-framework testing tool, called TenFuzz, which is evaluated to be effective and finds 3 unknown bugs on the latest TensorFlow framework in a preliminary study, indicating the significance of our guidelines.

Software Engineering

Domenico Cotroneo,Luigi De Simone,Pietro Liguori,Roberto Natella,Nematollah Bidokhti

DOI: https://doi.org/10.1145/3338906.3338916

2019-07-09

Abstract:Cloud management systems provide abstractions and APIs for programmatically configuring cloud infrastructures. Unfortunately, residual software bugs in these systems can potentially lead to high-severity failures, such as prolonged outages and data losses. In this paper, we investigate the impact of failures in the context widespread OpenStack cloud management system, by performing fault injection and by analyzing the impact of the resulting failures in terms of fail-stop behavior, failure detection through logging, and failure propagation across components. The analysis points out that most of the failures are not timely detected and notified; moreover, many of these failures can silently propagate over time and through components of the cloud management system, which call for more thorough run-time checks and fault containment.

Software Engineering

Yutian Yang,Wenbo Shen,Bonan Ruan,Wenmao Liu,Kui Ren

DOI: https://doi.org/10.1109/tpsisa52974.2021.00016

2021-01-01

Abstract:In recent years, containerization has become a major trend in the cloud due to its high resource utilization efficiency and convenient DevOps support. However, the complexity of container system also introduces attack surfaces. This paper aims to summarize security challenges in the container cloud. In particular, we first divide the whole container system into different layers according to their functionalities, including the kernel layer, the container layer, and the orchestration layer. We then summarize security-related technologies. After that, we discuss the security challenges for each layer. Finally, we present the current protection status for the container system and highlight future research directions. Our study shows that to improve the container cloud security, we need to design and implement more robust kernel isolation mechanisms, conduct systematic and thorough security analysis on existing container techniques, and develop comprehensive configuration checking tools.

David A. Tomassi,Naji Dmeiri,Yichen Wang,Antara Bhowmick,Yen-Chuan Liu,Premkumar Devanbu,Bogdan Vasilescu,Cindy Rubio-González

DOI: https://doi.org/10.48550/arXiv.1903.06725

2019-07-23

Abstract:Fault-detection, localization, and repair methods are vital to software quality; but it is difficult to evaluate their generality, applicability, and current effectiveness. Large, diverse, realistic datasets of durably-reproducible faults and fixes are vital to good experimental evaluation of approaches to software quality, but they are difficult and expensive to assemble and keep current. Modern continuous-integration (CI) approaches, like Travis-CI, which are widely used, fully configurable, and executed within custom-built containers, promise a path toward much larger defect datasets. If we can identify and archive failing and subsequent passing runs, the containers will provide a substantial assurance of durable future reproducibility of build and test. Several obstacles, however, must be overcome to make this a practical reality. We describe BugSwarm, a toolset that navigates these obstacles to enable the creation of a scalable, diverse, realistic, continuously growing set of durably reproducible failing and passing versions of real-world, open-source systems. The BugSwarm toolkit has already gathered 3,091 fail-pass pairs, in Java and Python, all packaged within fully reproducible containers. Furthermore, the toolkit can be run periodically to detect fail-pass activities, thus growing the dataset continually.

Software Engineering

Ahmed Zerouali,Tom Mens,Gregorio Robles,Jesus Gonzalez-Barahona

DOI: https://doi.org/10.48550/arXiv.1811.12874

2018-12-01

Abstract:Packaging software into containers is becoming a common practice when deploying services in cloud and other environments. Docker images are one of the most popular container technologies for building and deploying containers. A container image usually includes a collection of software packages, that can have bugs and security vulnerabilities that affect the container health. Our goal is to support container deployers by analysing the relation between outdated containers and vulnerable and buggy packages installed in them. We use the concept of technical lag of a container as the difference between a given container and the most up-to-date container that is possible with the most recent releases of the same collection of packages. For 7,380 official and community Docker images that are based on the Debian Linux distribution, we identify which software packages are installed in them and measure their technical lag in terms of version updates, security vulnerabilities and bugs. We have found, among others, that no release is devoid of vulnerabilities, so deployers cannot avoid vulnerabilities even if they deploy the most recent packages. We offer some lessons learned for container developers in regard to the strategies they can follow to minimize the number of vulnerabilities. We argue that Docker container scan and security management tools should improve their platforms by adding data about other kinds of bugs and include the measurement of technical lag to offer deployers information of when to update.

Software Engineering,Programming Languages

Yutian Yang,Wenbo Shen,Xun Xie,Kangjie Lu,Mingsen Wang,Tianyu Zhou,Chenggang Qin,Wang Yu,Kui Ren

DOI: https://doi.org/10.1145/3564625.3564634

2022-01-01

Abstract:Linux kernel introduces the memory control group (memcg) to account and confine memory usage at the process-level. Due to its flexibility and efficiency, memcg has been widely adopted by container platforms and has become a fundamental technique. While being critical, memory accounting is prone to missing-account bugs due to the diverse memory accounting interfaces and the massive amount of allocation/free paths. To our knowledge, there is still no systematic analysis against the memory missing-account problem, with respect to its security impacts, detection, etc. In this paper, we present the first systematic study on the memory missing-account problem. We first perform an in-depth analysis of its exploitability and security impacts on container platforms. We then develop a tool named MANTA (short for Memory AccouNTing Analyzer), which combines both static and dynamic analysis techniques to detect and validate memory missing-account bugs automatically. Our analysis shows that all container runtimes, including runC and Kata container, are vulnerable to memory missing-accountbased attacks. Moreover, memory missing-account can be exploited to attack the Docker, the CaaS, and the FaaS platforms, leading to memory exhaustion, which crashes individual node or even the whole cluster. Our tool reports 53 exploitable memory missingaccount bugs, 37 of which were confirmed by kernel developers with the corresponding patches submitted, and two new CVEs are assigned. Through the in-depth analysis, automated detection, the reported bugs and the submitted patches, we believe our research improves the correctness and security of memory accounting for container platforms.

Pengcheng Zhang,Feng Xiao,Xiapu Luo

DOI: https://doi.org/10.48550/arXiv.2009.02066

2020-09-04

Abstract:Ethereum is the largest blockchain platform that supports smart contracts. Users deploy smart contracts by publishing the smart contract's bytecode to the blockchain. Since the data in the blockchain cannot be modified, even if these contracts contain bugs, it is not possible to patch deployed smart contracts with code updates. Moreover, there is currently neither a comprehensive classification framework for Ethereum smart contract bugs, nor detailed criteria for detecting bugs in smart contracts, making it difficult for developers to fully understand the negative effects of bugs and design new approaches to detect bugs. In this paper, to fill the gap, we first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies. Then, we design the criteria for detecting each kind of bugs, and construct a dataset of smart contracts covering all kinds of bugs. With our framework and dataset, developers can learn smart contract bugs and develop new tools to detect and locate bugs in smart contracts. Moreover, we evaluate the state-of-the-art tools for smart contract analysis with our dataset and obtain some interesting findings: 1) Mythril, Slither and Remix are the most worthwhile combination of analysis tools. 2) There are still 10 kinds of bugs that cannot be detected by any analysis tool.

Software Engineering

Wenbo Shen,Yifei Wu,Yutian Yang,Qirui Liu,Nanzi Yang,Jinku Li,Kangjie Lu,Jianfeng Ma

DOI: https://doi.org/10.1109/tdsc.2024.3403920

2024-01-01

Abstract:OS-level virtualization (a.k.a. container) has become a fundamental technology in cloud computing due to the efficiency provided by the shared-kernel design. However, this design results in containers sharing thousands of kernel variables and data structures (termed abstract resources ), which are prevalent but under-protected. Without exploiting other kernel vulnerabilities, a non-privileged container can easily exhaust abstract resources to cause DoS attacks against other containers. Even worse, our experiments demonstrate that abstract resource attacks are a broad class of attacks that affect Linux, FreeBSD, Fuchsia, and all shared-kernel container environments on the top four cloud vendors. To defend against the abstract resource attack, we automatically analyze vulnerable abstract resources in the Linux kernel and detect 501 container-exhaustible resources. To confine these abstract resources dynamically, we propose two new techniques: the flexible in-kernel attachment for flexible resource consumption attachment and the tree-based resource accounting for efficient usage retrieval. Based on these two techniques, we design and implement a fl exible a bstract re s ource confinement framewor k , named Flask, to achieve flexible and efficient abstract resource confinement. Our evaluation shows Flask can efficiently limit abstract resource usage with less than 0.6% performance overhead.

Christopher S. Timperley,Gijs van der Hoorn,André Santos,Harshavardhan Deshpande,Andrzej Wąsowski

DOI: https://doi.org/10.1007/s10664-024-10440-0

IF: 3.762

2024-03-24

Empirical Software Engineering

Abstract:As robotic systems such as autonomous cars and delivery drones assume greater roles and responsibilities within society, the likelihood and impact of catastrophic software failure within those systems is increased. To aid researchers in the development of new methods to measure and assure the safety and quality of robotics software, we systematically curated a dataset of 221 bugs across 7 popular and diverse software systems implemented via the Robot Operating System (ROS). We produce historically accurate recreations of each of the 221 defective software versions in the form of Docker images, and use a grounded theory approach to examine and categorize their corresponding faults, failures, and fixes. Finally, we reflect on the implications of our findings and outline future research directions for the community.

computer science, software engineering

Kaibo Liu,Yudong Han,Yiyang Liu,Jie M. Zhang,Zhenpeng Chen,Federica Sarro,Gang Huang,Yun Ma

DOI: https://doi.org/10.1145/3643991.3644870

2024-01-01

Abstract:We call a program that passes existing tests but still contains bugs as a buggy plausible program. Bugs in such a program can bypass the testing environment and enter the production environment, causing unpredictable consequences. Therefore, discovering and fixing such bugs is a fundamental and critical problem. However, no existing bug dataset is purposed to collect this kind of bug, posing significant obstacles to relevant research. To address this gap, we introduce TrickyBugs, a bug dataset with 3,043 buggy plausible programs sourced from human-written submissions of 324 real-world competition coding tasks. We identified the buggy plausible programs from approximately 400,000 submissions, and all the bugs in TrickyBugs were not previously detected. We hope that TrickyBugs can effectively facilitate research in the fields of automated program repair, fault localization, test generation, and test adequacy.

Hao Ren,Yanhui Li,Lin Chen,Yuming Zhou,Changhai Nie

DOI: https://doi.org/10.1016/j.infsof.2023.107354

IF: 3.9

2024-01-01

Information and Software Technology

Abstract:Blocking bugs prevents other bugs from being fixed, which is difficult to repair and negatively impacts software quality. During software maintenance, developers usually try to break the blocking relationship between blocking and blocked bugs, e.g., propose a temporary fix. However, to our knowledge, no studies have investigated why and how blocking relations between bugs are breakable. In this study, we aim to construct an empirical analysis to explore breakable blocking bugs (BBBs). Specifically, we employ quantitative and qualitative analysis to study these BBBs from two aspects. One is to investigate the characteristics of these bugs, and the other is to explore why and how developers break the blocking relationship between bugs during software maintenance. We build a dataset on five large-scale open-source projects and classify bugs into three types (BBBs, normal blocking bugs, and other bugs) to compare the differences between BBBs and other types of bugs. We observe that BBBs have higher levels of involvement, take longer to fix, and involve more complex source code than other bugs. Moreover, we summarize four reasons blocking relationships between bugs are broken, i.e., partial association (41.87%), serious influence (26.40%), time pressure (19.73%), and flawed blocking (12.21%), and three measures developers adopt to break these blocking relationships, i.e., quick patch for blocking bugs (41.33%), quick patch for blocked bugs (38.67%), and ignore the blocking relation and fix blocked bugs directly (20.00%). Through these analyses, it is meaningful for software maintainers to have a deeper understanding of the characteristics and repair practices of BBBs, which will help solve these BBBs effectively in the future.

Bipin Gajbhiye,Om Goel,Pandi Kirupa Gopalakrishna Pandian

DOI: https://doi.org/10.36676/jqst.v1.i2.16

2024-06-30

Abstract:The rise of containerized environments, exemplified by Docker and Kubernetes, has revolutionized software deployment and orchestration, enabling agile development and efficient resource utilization. However, the adoption of these technologies also introduces unique security challenges that organizations must address to safeguard their applications and infrastructure. This paper explores the complexities of managing vulnerabilities in containerized and Kubernetes environments, offering a comprehensive analysis of the potential risks and strategies to mitigate them.Containers encapsulate applications with their dependencies, ensuring consistency across different environments. However, this encapsulation can mask underlying vulnerabilities in the application code, base images, or third-party libraries. The ephemeral nature of containers, designed to be short-lived and scalable, adds another layer of complexity, as vulnerabilities can propagate rapidly across environments if not detected and addressed promptly. Moreover, the shared nature of the underlying host operating system and kernel in containerized environments increases the attack surface, making it crucial to secure both the containers and the host.Kubernetes, as a powerful orchestration platform, introduces additional layers of complexity in vulnerability management. The dynamic nature of Kubernetes clusters, with their multiple components such as pods, services, and nodes, can lead to misconfigurations, inadequate access controls, and exposure to security threats. Misconfigurations, such as overly permissive network policies or improper role-based access controls (RBAC), can lead to unauthorized access, privilege escalation, and data breaches. Additionally, the integration of third-party plugins and extensions into Kubernetes clusters can introduce new vulnerabilities, making it imperative to monitor and manage these components effectively.This paper delves into several key aspects of vulnerability management in containerized and Kubernetes environments. Firstly, it examines the importance of securing container images by employing best practices such as using minimal base images, regularly updating images, and scanning them for known vulnerabilities. The paper highlights the role of image scanning tools that can detect vulnerabilities in both base images and application code, emphasizing the need for continuous scanning throughout the development lifecycle.Secondly, the paper discusses the significance of runtime security in containerized environments. While securing container images is critical, monitoring and protecting containers during runtime is equally important. The paper explores tools and techniques for runtime security, including anomaly detection, behavior analysis, and intrusion detection systems that can identify and respond to threats in real-time.Furthermore, the paper addresses the challenges of managing vulnerabilities in Kubernetes clusters. It underscores the importance of securing the Kubernetes control plane, which includes securing API servers, etcd databases, and implementing stringent RBAC policies. The paper also explores the role of network security in Kubernetes, advocating for the use of network policies to control traffic flow between pods and ensure that only authorized communication is allowed.In addition to technical measures, the paper emphasizes the need for organizational practices to manage vulnerabilities effectively. This includes fostering a security-first culture, conducting regular security audits, and ensuring that development and operations teams are aligned on security best practices. The paper also highlights the importance of incident response planning and the need for rapid patching and updates to address newly discovered vulnerabilities.In conclusion, managing vulnerabilities in containerized and Kubernetes environments requires a multifaceted approach that combines technical measures with organizational practices. As organizations increasingly rely on these technologies for their application deployment and orchestration, a proactive and holistic approach to security is essential to mitigate risks and protect critical assets. This paper provides a roadmap for organizations to enhance their vulnerability management strategies, ensuring that their containerized and Kubernetes environments are secure, resilient, and capable of withstanding evolving threats.

Yi He,Roland Guo,Yunlong Xing,Xijia Che,Kun Sun,Zhuotao Liu,Ke Xu,Qi Li

2023-01-01

Abstract:The extended Berkeley Packet Filter (eBPF) provides powerful and flexible kernel interfaces to extend the kernel functions for user space programs via running bytecode directly in the kernel space. It has been widely used by cloud services to enhance container security, network management, and system observability. However, we discover that the offensive eBPF that has been extensively discussed in Linux hosts can bring new attack surfaces to containers. With eBPF tracing features, attackers can break the container's isolation and attack the host, e.g., steal sensitive data, DoS, and even escape the container. In this paper, we study the eBPF-based cross container attacks and reveal their security impacts in real world services. With eBPF attacks, we successfully compromise five online Jupyter/Interactive Shell services and the Cloud Shell of Google Cloud Platform. Furthermore, we find that the Kubernetes services offered by three leading cloud vendors can be exploited to launch cross-node attacks after the attackers escape the container via eBPF. Specifically, in Alibaba's Kubernetes services, attackers can compromise the whole cluster by abusing their over-privileged cloud metrics or management Pods. Unfortunately, the eBPF attacks on containers are seldom known and can hardly be discovered by existing intrusion detection systems. Also, the existing eBPF permission model cannot confine the eBPF and ensure secure usage in shared-kernel container environments. To this end, we propose a new eBPF permission model to counter the eBPF attacks in containers.