Ilia Kravets, M.Sc. Thesis Seminar
Wednesday, 31.12.2014, 15:30
After a software product is shipped, it typically goes into a
maintenance phase whereby related software updates are made available
form time to time. Such updates should in principle have a positive
effect (e.g. fixing bugs), but in reality the users often favor
stability over the possible improvements brought by updates, worrying
about the possibility of updates somehow adversely affecting their
systems. However, leaving security vulnerabilities fixes unapplied
might lead to highly undesirable consequences, such as denial of
service or system compromise. To lower the risk of an update a staging
environment can be created, containing the system replica to which an
update is first applied. Then a regression testing is performed,
ensuring the updated system still behaves correctly. This testing is
usually a laborious manual process, limiting a frequency at which it
can be performed.
Deterministic Record/Replay is an ability of the system to precisely
reproduce its previous execution. Such systems usually employ a
combination of state snapshots with an event log, populated during
record phase and used to guide the execution of replay phase.
In this work we study security updates of a real life systems and
applicability of deterministic record/replay techniques for automating
regression testing of such updates.