Subject: Re: systrace features?
To: Alistair Crooks <>
From: Sam Leffler <>
List: tech-security
Date: 09/24/2003 09:45:01
--On Wednesday, September 24, 2003 12:37 PM +0200 Alistair Crooks
<> wrote:

> On Tue, Sep 23, 2003 at 08:19:07PM -0700, Sam Leffler wrote:
>> > I have written the code for two extra options to systrace that I
>> > think will help when systrace comes across less than usual situations.
>> > 
>> > They are:
>> > 
>> > Randomly cause system calls to fail.
>> >  * This can be used to explore code paths that may only be taken
>> >    rarely.  When used with automatic policy generation, this helps
>> >    the policy to converge on a programs actual behaviour.
>> You should learn about the ROC project going on at UCBerkeley/Stanford.
>> Part of that work is a tool for fault injection testing of systems.
>> 	<>
>> Look for FIG on Pete Broadwell's page.
> Fault-injection as a means of testing systems has been around for a
> while (ORCHESTRA,, if
> not before, and newer implementations like Mendosus, leading up to
> hybrid implementations as found in
> (

I suggest you read about ROC.  Fault injection is old hat and their papers
recognize that. But what they're trying to do with fault injection is
different. I directed the ROC folks to systrace a while ago; not sure if
they did anything with it. Probably not as they're more interested in using
virtual machines as a vehicle.

Anyway, the point was to make both groups aware of each other (I also poked
the ROC folks).