AI helps you reading Science
AI generates interpretation videos
AI extracts and analyses the key points of the paper to generate videos automatically
AI parses the academic lineage of this thesis
AI extracts a summary of this paper
We have proposed the Strider state-based approach to Change and Configuration Management and Support, and built and evaluated a system based on this approach
STRIDER: A Black-box, State-based Approach to Change and Configuration Management and Support
Science of Computer Programming, no. 2 (2004): 159-172
EI WOS SCOPUS
We describe a new approach, called Strider, to Change and Configuration Management and Support (CCMS). Strider is a black-box approach: without relying on specifications, it uses state differencing to identify potential causes of differing program behaviors, uses state tracing to identify actual, run-time state dependencies, and uses stat...More
PPT (Upload PPT)
- Change and Configuration Management (CCM) refers to the task of monitoring configuration changes and maintaining systems in healthy configuration states.
- A whitebox approach could greatly simplify the tasks: the developers of every OS component and every application would accurately and fully specify the set of configuration data that their programs use, the health invariants that subsets of these configuration data must satisfy, and the dependencies among the OS components and applications
- Such information could be used to compose machine-wide dependency information and golden configuration states , in which all OS components and applications function correctly
- Change and Configuration Management (CCM) refers to the task of monitoring configuration changes and maintaining systems in healthy configuration states
- To reduce the dimensionality to the level that can be handled by humans, we develop mechanical techniques to exclude those entries that are irrelevant to the current failure, and develop statistical techniques to filter out those entries that are relevant but less likely to be the root cause
- The Strider approach would not work if the following worst case were the norm: a large percentage of the Registry entries change every day and a large percentage of them are used by every application action, resulting in a large candidate set that no human could reasonably handle
- We have proposed the Strider state-based approach to Change and Configuration Management and Support, and built and evaluated a system based on this approach
- In the context of our primary example, troubleshooting of configuration failures, we have demonstrated that combining the blackbox techniques of state differencing, tracing, intersection, and ranking can effectively narrow down the list of root-cause candidates for many real-world cases
- As we continue to build up the computer genomics database, where we provide precise mappings from configuration state items to their known functions and/or problems, more knowledge will be captured in a structured format, enabling even more effective root-cause analysis
- The Strider approach would not work if the following worst case were the norm: a large percentage of the Registry entries change every day and a large percentage of them are used by every application action, resulting in a large candidate set that no human could reasonably handle.
The authors present empirical results to show that the above worst case is not the norm.
- The authors use the ten cases listed below in the experiments
- They were all real-world failures that troubled some users.
- The authors reproduced these failures on machines in the group and ran Strider to produce the results.
- All the chosen machines were desktop machines used by their owners on a daily basis
- This is important because they would exhibit “regular” Registry change behaviors; using test machines from the lab would have produced better but invalid results.
- The authors have proposed the Strider state-based approach to Change and Configuration Management and Support, and built and evaluated a system based on this approach.
- As the authors continue to build up the computer genomics database, where the authors provide precise mappings from configuration state items to their known functions and/or problems, more knowledge will be captured in a structured format, enabling even more effective root-cause analysis.
- The authors' future work includes providing differencing and tracing of more types of configuration state to increase coverage, collecting a large number of state snapshots and program traces to enable advanced statistical analysis and reduce Strider’s dependence on manual steps, and evolving the current Strider toolkit for troubleshooting into a systems management framework for self-monitoring and self-healing
- The body of work related to systems management through specification is quite large [2,3,9,15,18,23]. The general approach is to provide languages and tools to allow developers or system administrators to specify “rules” of proper system behavior and configuration for monitoring, and “actions” to correct any detected lack of compliance with a given rule to enable the system to converge with the specified requirements. Strider complements the specification-based approach by adopting a black-box approach to discover unspecified rules of proper system operation and gradually build up a genomics database of known-good requirements and known-bad issues.
Burgess [4,6] proposed a general “diffing” concept of adaptive, statistical, long-term anomaly detection for systems management, which is implemented into the configuration agent system cfengine for the Unix environment. The Strider Inverse Change Frequency ranking applies a similar concept to the Windows environment. Specifically, a “statistical quantifier” in the summary form of change frequency is maintained for each Registry entry to approximately characterize its “normal” behavior; operational data exhibiting long-term, high frequency behavior is then de-emphasized at troubleshooting time even though it appears in the state diffing result. The garbage collection operation of System Restore defines a natural sliding window for Strider; contributions from data changes corresponding to the past, garbage-collected period are degraded to allow the ranking algorithm to adapt to progressive behavioral changes due to newly installed software or changes in user usage patterns.
- F. Apap, A. Honig, S. Hershkop, E. Eskin, S.J. Stolfo, Detecting malicious software by monitoring anomalous windows registry accesses, in: Proc. of the Fifth International Symposium on Recent Advances in Intrusion Detection, RAID, 2002.
- E. Bailey, Maximum RPM, 1997.
- M. Burgess, A site configuration engine, Computing Systems 8 (1995) 309.
- M. Burgess, Automated system administration with feedback regulation, Software Practice and Experience, vol. 28, 1998.
- M. Burgess, Computer immunology, in: Proc. of LISA, 1998, pp. 283–297.
- M. Burgess, Two dimensional time-series for anomaly detection and regulation in adaptive systems, in: Proc. IFIP/IEEE 13th International Workshop on Distributed Systems: Operations and Management, DSOM, 2002.
- M. Chen, E. Kiciman, E. Fratkin, A. Fox, E. Brewer, Pinpoint: problem determination in large, dynamic, internet services, in: Proc. Int. Conf. on Dependable Systems and Networks, IPDS Track, 2002.
- K.W. Church, W.A. Gale, A comparison of the enhanced good-Turing and deleted estimation methods for estimating probabilities of English bigrams, Computer Speech and Language 5 (1991) 19–54.
- A. Couch, M. Gilfix, It’s elementary, dear Watson: applying logic programming to convergent system management processes, in: Proc. of LISA, 1999.
- C. Dennis, R. Gallagher, The Human Genome, Nature Publishing Group, 2001.
- D. Engler, D.Y. Chen, S. Hallem, A. Chou, B. Chelf, Bugs as deviant behavior: a general approach to inferring errors in systems code, in: Proc. ACM Symp. on Operating Systems Principles, October, 2001.
- I.J. Good, The population frequencies of species and the estimation of population parameters, Biometrika 40 (1953) 237–264.
- V. Gotsch, A. Wuersch, T. Oetiker, Gossips: system and service monitor, in: Proc. of LISA, 2001.
- J. Hart, J. D’Amelia, An analysis of RPM validation drift, in: Proc. LISA, 2002.
- A. Keller, C. Ensel, An approach for managing service dependencies with XML and the resource description framework, Journal of Network and Systems Management 10 (2) (2002).
- M. Larsson, I. Crnkovic, Configuration management for component-based systems, in: Proc. Int. Conf. on Software Engineering, ICSE, May, 2001.
- B. Liblit, A. Aiken, A.X. Zheng, M.I. Jordan, Bug isolation via remote program sampling, in: Proc. Programming Language Design and Implementation, PLDI, 2003, pp. 141–154.
- R. Osterlund, PIKT: problem informant/killer tool, in: Proc. LISA, 2000.
- J.A. Redstone, M.M. Swift, B.N. Bershad, Using computers to diagnose computer problems, in: Proc. HotOS, 2003.
- D.A. Solomon, M. Russinovich, Inside Microsoft Windows 2000, 3rd edition, Microsoft Press, 2000.
- Y. Sun, A.L. Couch, Global analysis of dynamic library dependencies, in: Proc. of LISA, 2001.
- S. Traugott, J. Huddleston, Bootstrapping an infrastructure, in: Proc. LISA, 1998.
- Tripwire, http://www.tripwire.com/. Y.M. Wang, C. Verbowski, D.R. Simon, Persistent-state checkpoint comparison for troubleshooting configuration failures, in: Proc. Int. Conf.on Dependable Systems and Networks, DSN, 2003.
-  Windows XP System Restore, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/windowsxpsystemrestore.asp.