The Taub Faculty of Computer Science Events and Talks

After a software product is shipped, it typically goes into a maintenance phase whereby related software updates are made available form time to time. Such updates should in principle have a positive effect (e.g. fixing bugs), but in reality the users often favor stability over the possible improvements brought by updates, worrying about the possibility of updates somehow adversely affecting their systems. However, leaving security vulnerabilities fixes unapplied might lead to highly undesirable consequences, such as denial of service or system compromise. To lower the risk of an update a staging environment can be created, containing the system replica to which an update is first applied. Then a regression testing is performed, ensuring the updated system still behaves correctly. This testing is usually a laborious manual process, limiting a frequency at which it can be performed. Deterministic Record/Replay is an ability of the system to precisely reproduce its previous execution. Such systems usually employ a combination of state snapshots with an event log, populated during record phase and used to guide the execution of replay phase. In this work we study security updates of a real life systems and applicability of deterministic record/replay techniques for automating regression testing of such updates.