• COMP4801Owl: Automatically identifying and avoiding concurrency attacks

• Background
• Project objective
• Plan
• Team

Literature review
The research papers this project will take basis from are:
1- Concurrency Attacks by Junfeng Yang, Ang Cui, Sal Stolfo, Simha Sethumadhavan:
This paper describes the potential harms of concurrency attacks as well as which programming techniques are more prone to concurrency attacks e.g. API methods. It also discusses some defense techniques used for sequential programs such as hardware checks, metadata tracking, anomaly detection etc. most of them fail for concurrency attacks.
2- Analyzing The Tradeoff Between Throughput and Latency in Multicore Scalable In-Memory Database Systems Hitoshi Mitake, Hiroshi Yamada and Tatsuo Nakajima:
Analysis how throughput and latency correlate to each other in multi-core scalable in-memory database systems. Takes in to account the behavior of masstree. Does not directly touch on concurrency attacks; however it provides significant insight to measuring latency, which can be an indicator to suspicious activity. The research paper provides code available at https://github.com/mitake/mutilate.
3- COZ: Finding Code that Counts with Causal Profiling by Charlie Curtsinger and Emery D. Berger:
Describes and introduces a causal profiler that identifies which code will actually speed up the whole program if its own speed is improved using techniques such as virtual speedup.

The Idea
The project aims to invent a set of tools, each with a particular task that results in an output. These outputs when put together should identify and avoid a concurrency attack. Since the project scope is huge, my deliverable is one of those tools - a profiling tool. The profiling tool should count how many threads enter a particular section in a program and how much time they spend in there. This will be one of the tools in the set that indentifies and avoids concurrency attacks. A technical insight is provided in COZ: Finding Code that Counts with Causal Profiling. The paper COZ: Finding Code that Counts with Causal Profiling describes how to identify which codes that if improved, will improve the overall speed of the program, at a high level. Unlike a usual profiler this paper introduced Coz, a profiler that doesn't rely on just how long each part of the code takes to run. Take the simple example of a slow mobile application that shows the word "loading" when loading the results to display, this function keeps running until the results are shown, thus a potentially long time. Clearly improving this function is not going to improve the program, but improving the result generation process is the one that will. Thus not all code that runs for a long time has room for improving the overall performance of a program. Thus the deliverable for this final year project is going to be inspired by this idea. An example of how a causal profile looks like is below (figure 2), this was on an experiment on a program called fluidanimate. This project will be made by writing an LLVM pass in C/C++, which will serve as the profiling tool.