Fast Automatic Software Survivability

Today many global critical infrastructures depend on software services. Not only information technology, but also several other industries including finance, transportation, telecommunication, energy, healthcare and entertainment highly depend on software services. These software services simply must run 24/7. Bugs in software disrupt availability of these services often causing catastrophic damages. Unfortunately, totally eliminating bugs in software has proven infeasible despite decades of research on the subject. Further, malicious actors exploit these bugs and vulnerabilities to attack and subvert software from their intended behaviors to cause devastating damages in the form of sensitive information leakage, cyber espionage and cyber crimes. This dissertation introduces new techniques to survive software faults that originate from bugs in deployed C/C++ software, ranging from operating systems to server applications. Our compiler-based techniques automatically transform target software for effectively surviving both transient and persistent runtime faults, near instantaneously. Our experimental results show that our solutions incur low performance overhead during normal software execution by striking a balance between performance and dependability carefully according to the application requirements. Our novel techniques piggyback on several inherent design characteristics of the software like compartmentalization, inter-component interactions, restartability and error handling to devise suitable program transformations and automatically introduce survivability into the target software. They also leverage hardware features readily available in commodity platforms to significantly reduce the performance impact and encourage practical deployment.