AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
We have proposed the Strider state-based approach to Change and Configuration Management and Support, and built and evaluated a system based on this approach

STRIDER: A Black-box, State-based Approach to Change and Configuration Management and Support

Science of Computer Programming, no. 2 (2004): 159-172

Cited by: 236|Views159
EI WOS SCOPUS

Abstract

We describe a new approach, called Strider, to Change and Configuration Management and Support (CCMS). Strider is a black-box approach: without relying on specifications, it uses state differencing to identify potential causes of differing program behaviors, uses state tracing to identify actual, run-time state dependencies, and uses stat...More

Code:

Data:

0
Introduction
  • Change and Configuration Management (CCM) refers to the task of monitoring configuration changes and maintaining systems in healthy configuration states.
  • A whitebox approach could greatly simplify the tasks: the developers of every OS component and every application would accurately and fully specify the set of configuration data that their programs use, the health invariants that subsets of these configuration data must satisfy, and the dependencies among the OS components and applications
  • Such information could be used to compose machine-wide dependency information and golden configuration states [22], in which all OS components and applications function correctly
Highlights
  • Change and Configuration Management (CCM) refers to the task of monitoring configuration changes and maintaining systems in healthy configuration states
  • To reduce the dimensionality to the level that can be handled by humans, we develop mechanical techniques to exclude those entries that are irrelevant to the current failure, and develop statistical techniques to filter out those entries that are relevant but less likely to be the root cause
  • The Strider approach would not work if the following worst case were the norm: a large percentage of the Registry entries change every day and a large percentage of them are used by every application action, resulting in a large candidate set that no human could reasonably handle
  • We have proposed the Strider state-based approach to Change and Configuration Management and Support, and built and evaluated a system based on this approach
  • In the context of our primary example, troubleshooting of configuration failures, we have demonstrated that combining the blackbox techniques of state differencing, tracing, intersection, and ranking can effectively narrow down the list of root-cause candidates for many real-world cases
  • As we continue to build up the computer genomics database, where we provide precise mappings from configuration state items to their known functions and/or problems, more knowledge will be captured in a structured format, enabling even more effective root-cause analysis
Results
  • The Strider approach would not work if the following worst case were the norm: a large percentage of the Registry entries change every day and a large percentage of them are used by every application action, resulting in a large candidate set that no human could reasonably handle.

    The authors present empirical results to show that the above worst case is not the norm.
  • The authors use the ten cases listed below in the experiments
  • They were all real-world failures that troubled some users.
  • The authors reproduced these failures on machines in the group and ran Strider to produce the results.
  • All the chosen machines were desktop machines used by their owners on a daily basis
  • This is important because they would exhibit “regular” Registry change behaviors; using test machines from the lab would have produced better but invalid results.
Conclusion
  • The authors have proposed the Strider state-based approach to Change and Configuration Management and Support, and built and evaluated a system based on this approach.
  • As the authors continue to build up the computer genomics database, where the authors provide precise mappings from configuration state items to their known functions and/or problems, more knowledge will be captured in a structured format, enabling even more effective root-cause analysis.
  • The authors' future work includes providing differencing and tracing of more types of configuration state to increase coverage, collecting a large number of state snapshots and program traces to enable advanced statistical analysis and reduce Strider’s dependence on manual steps, and evolving the current Strider toolkit for troubleshooting into a systems management framework for self-monitoring and self-healing
Related work
  • The body of work related to systems management through specification is quite large [2,3,9,15,18,23]. The general approach is to provide languages and tools to allow developers or system administrators to specify “rules” of proper system behavior and configuration for monitoring, and “actions” to correct any detected lack of compliance with a given rule to enable the system to converge with the specified requirements. Strider complements the specification-based approach by adopting a black-box approach to discover unspecified rules of proper system operation and gradually build up a genomics database of known-good requirements and known-bad issues.

    Burgess [4,6] proposed a general “diffing” concept of adaptive, statistical, long-term anomaly detection for systems management, which is implemented into the configuration agent system cfengine for the Unix environment. The Strider Inverse Change Frequency ranking applies a similar concept to the Windows environment. Specifically, a “statistical quantifier” in the summary form of change frequency is maintained for each Registry entry to approximately characterize its “normal” behavior; operational data exhibiting long-term, high frequency behavior is then de-emphasized at troubleshooting time even though it appears in the state diffing result. The garbage collection operation of System Restore defines a natural sliding window for Strider; contributions from data changes corresponding to the past, garbage-collected period are degraded to allow the ranking algorithm to adapt to progressive behavioral changes due to newly installed software or changes in user usage patterns.
Reference
  • F. Apap, A. Honig, S. Hershkop, E. Eskin, S.J. Stolfo, Detecting malicious software by monitoring anomalous windows registry accesses, in: Proc. of the Fifth International Symposium on Recent Advances in Intrusion Detection, RAID, 2002.
    Google ScholarLocate open access versionFindings
  • E. Bailey, Maximum RPM, 1997.
    Google ScholarFindings
  • M. Burgess, A site configuration engine, Computing Systems 8 (1995) 309.
    Google ScholarLocate open access versionFindings
  • M. Burgess, Automated system administration with feedback regulation, Software Practice and Experience, vol. 28, 1998.
    Google ScholarLocate open access versionFindings
  • M. Burgess, Computer immunology, in: Proc. of LISA, 1998, pp. 283–297.
    Google ScholarLocate open access versionFindings
  • M. Burgess, Two dimensional time-series for anomaly detection and regulation in adaptive systems, in: Proc. IFIP/IEEE 13th International Workshop on Distributed Systems: Operations and Management, DSOM, 2002.
    Google ScholarLocate open access versionFindings
  • M. Chen, E. Kiciman, E. Fratkin, A. Fox, E. Brewer, Pinpoint: problem determination in large, dynamic, internet services, in: Proc. Int. Conf. on Dependable Systems and Networks, IPDS Track, 2002.
    Google ScholarLocate open access versionFindings
  • K.W. Church, W.A. Gale, A comparison of the enhanced good-Turing and deleted estimation methods for estimating probabilities of English bigrams, Computer Speech and Language 5 (1991) 19–54.
    Google ScholarFindings
  • A. Couch, M. Gilfix, It’s elementary, dear Watson: applying logic programming to convergent system management processes, in: Proc. of LISA, 1999.
    Google ScholarFindings
  • C. Dennis, R. Gallagher, The Human Genome, Nature Publishing Group, 2001.
    Google ScholarFindings
  • D. Engler, D.Y. Chen, S. Hallem, A. Chou, B. Chelf, Bugs as deviant behavior: a general approach to inferring errors in systems code, in: Proc. ACM Symp. on Operating Systems Principles, October, 2001.
    Google ScholarLocate open access versionFindings
  • I.J. Good, The population frequencies of species and the estimation of population parameters, Biometrika 40 (1953) 237–264.
    Google ScholarFindings
  • V. Gotsch, A. Wuersch, T. Oetiker, Gossips: system and service monitor, in: Proc. of LISA, 2001.
    Google ScholarLocate open access versionFindings
  • J. Hart, J. D’Amelia, An analysis of RPM validation drift, in: Proc. LISA, 2002.
    Google ScholarFindings
  • A. Keller, C. Ensel, An approach for managing service dependencies with XML and the resource description framework, Journal of Network and Systems Management 10 (2) (2002).
    Google ScholarLocate open access versionFindings
  • M. Larsson, I. Crnkovic, Configuration management for component-based systems, in: Proc. Int. Conf. on Software Engineering, ICSE, May, 2001.
    Google ScholarLocate open access versionFindings
  • B. Liblit, A. Aiken, A.X. Zheng, M.I. Jordan, Bug isolation via remote program sampling, in: Proc. Programming Language Design and Implementation, PLDI, 2003, pp. 141–154.
    Google ScholarLocate open access versionFindings
  • R. Osterlund, PIKT: problem informant/killer tool, in: Proc. LISA, 2000.
    Google ScholarFindings
  • J.A. Redstone, M.M. Swift, B.N. Bershad, Using computers to diagnose computer problems, in: Proc. HotOS, 2003.
    Google ScholarFindings
  • D.A. Solomon, M. Russinovich, Inside Microsoft Windows 2000, 3rd edition, Microsoft Press, 2000.
    Google ScholarLocate open access versionFindings
  • Y. Sun, A.L. Couch, Global analysis of dynamic library dependencies, in: Proc. of LISA, 2001.
    Google ScholarFindings
  • S. Traugott, J. Huddleston, Bootstrapping an infrastructure, in: Proc. LISA, 1998.
    Google ScholarFindings
  • Tripwire, http://www.tripwire.com/.[24] Y.M. Wang, C. Verbowski, D.R. Simon, Persistent-state checkpoint comparison for troubleshooting configuration failures, in: Proc. Int. Conf.on Dependable Systems and Networks, DSN, 2003.
    Locate open access versionFindings
  • [25] Windows XP System Restore, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/windowsxpsystemrestore.asp.
    Findings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科