Monitoring Untrusted Modern Applications with Collective Record and Replay


August 5, 2011


Brendan Dolan-Gavitt


MSR Intern


New platforms such as Windows Phone have a large number of applications yet platform providers currently have a very limited view of what behaviors these applications exhibit in the wild. In addition, these devices are typically resource-constrained, and so cannot support full recording of application behavior. To address these issues, we introduce collective record and replay, a new variation on record and replay that samples the non-deterministic inputs to a program probabilistically across a large number of users. These partial traces are then recombined on the server, allowing a view into the behavior of untrusted applications. In this talk, we will discuss the record and replay framework we have developed for Windows Phone 7. The choice of interface on which to interpose for recording significantly affects the efficiency and efficacy of the system, and so we will describe the tradeoffs of each interface, which one we chose, and why. Finally, we will outline the remaining steps needed to implement our system.


Brendan Dolan-Gavitt

Brendan Dolan-Gavitt is a third year PhD student at Georgia Tech, where he is co-advised by Wenke Lee and Jon Giffin. His primary research interests are in the area of virtualization and systems security, and how to achieve stronger security protections for commodity operating systems. This summer he is working with David Molnar and Weidong Cui.