Hardware-Assisted Transparent Tracing and Debugging on ARM

Total Page:16

File Type:pdf, Size:1020Kb

Hardware-Assisted Transparent Tracing and Debugging on ARM IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 14, NO. 6, JUNE 2019 1595 Hardware-Assisted Transparent Tracing and Debugging on ARM Zhenyu Ning and Fengwei Zhang Abstract— The existing malware analysis platforms leave artifacts on instruction execution semantics that could be detectable fingerprints such as uncommon string properties in detected by malware [14]. QEMU, signatures in Android Java virtual machine, and artifacts To address this challenge, researchers study the mal- in Linux kernel profiles. Since these fingerprints provide the malware a chance to split its behavior depending on whether the ware on bare-metal devices via modifying the system analysis system is present or not, the existing analysis systems are software [2]–[4], [7] or leveraging OS APIs [8], [15] to not sufficient to analyze the sophisticated malware. In this paper, monitor the runtime behavior of malware. Although bare- we propose NINJA, a transparent malware analysis framework metal based approaches eliminate the detection of the emu- on the ARM platform with low artifacts. NINJA leverages a lator or hypervisor, the artifacts introduced by the analysis hardware-assisted isolated execution environment TrustZone to transparently trace and debug a target application with the help tool itself are still detectable by malware. Moreover, privileged of performance monitor unit and embedded trace macrocell. malware can even manipulate the analysis tool since they run These hardware features help NINJA to achieve transparency in the same environment. How to build a transparent mobile while avoiding heavy performance overhead. NINJA does not malware analysis system is still a challenging problem. modify system software and is OS-agnostic on the ARM platform. This transparency problem has been well studied in the We implement a prototype of NINJA (i.e., tracing and debugging subsystems), and the experimental results show that NINJA is traditional x86 architecture, and similar milestones have been efficient and transparent for malware analysis. An improved fast made from emulation-based analysis systems [16], [17] to system restoration mechanism is also designed to facilitate the hardware-assisted virtualization analysis systems [18]–[20], continuous malware analysis. and then to bare-metal analysis systems [21]–[24]. However, Index Terms— ARM, transparent, tracing and debugging. this problem still challenges the state-of-the-art malware analy- sis systems. We consider that an analysis system consists of an Environ- I. INTRODUCTION ment (e.g., operating system, emulator, hypervisor, or sand- ALWARE on the mobile platform exhibits an explosive box) and an Analyzer (e.g., instruction analyzer, API Mgrowth in recent years, and a variety of tools have tracer, or application debugger). The Environment provides the been proposed for malware detection and analysis [1]–[8]. Analyzer with the access to the states of the target malware, However, sophisticated malware, which is also known as and the Analyzer is responsible for the further analysis of evasive malware, is able to evade the analysis by collecting the states. Consider an analysis system that leverages the the artifacts of the execution environment or the analysis tool, emulator to record the system call sequence and sends the and refuses to perform any malicious behavior if an analysis sequence to a remote server for further analysis. In this system, system is detected. the Environment is the emulator, which provides access to the As most of the existing mobile malware analysis system call sequence, and both the system call recorder and systems [1], [5], [6] are based on emulation or virtu- the remote server belong to the Analyzer. Evasive malware can alization technology, a series of anti-emulation and anti- detect this analysis system via anti-emulation techniques and virtualization techniques [9]–[11] have been developed to evade the analysis. challenge them. These techniques show that the emula- To build a transparent analysis system, we propose three tion or virtualization can be detected by footprints like string requirements. Firstly, the Environment must be isolated. Oth- properties, the absence of particular hardware components, erwise, the Environment itself can be manipulated by the and performance slowdown. The hardware-assisted virtual- malware. Secondly, the Environment exists on an off-the- ization technique [12], [13] improves the transparency of the shelf (OTS) bare-metal platform without modifying the soft- virtualization-based systems; however, this approach leaves ware or hardware (e.g., emulation and virtualization are not). Manuscript received April 23, 2018; revised September 30, 2018; accepted Although studying the anti-emulation and anti-virtualization November 16, 2018. Date of publication November 22, 2018; date of current techniques [9]–[11], [14] helps us to build a more transpar- version March 7, 2019. This work was supported by the National Science ent system by fixing the imperfections of the Environment, Foundation under Grants OAC-1738929 and IIS-1724227. The associate editor coordinating the review of this manuscript and approving it for publication we consider perfect emulation or virtualization is impracti- was Prof. Chip-Hong Chang. (Corresponding author: Zhenyu Ning.) cal due to the complexity of the software. Instead, if the The authors are with the Computer and Systems Security Laboratory, Environment already exists in the OTS bare-metal platform, Department of Computer Science, Wayne State University, Detroit, MI 48202 USA (e-mail: [email protected]; [email protected]). malware cannot detect the analysis system by the presence of Digital Object Identifier 10.1109/TIFS.2018.2883027 the Environment. Finally, the Analyzer should not leave any 1556-6013 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information. 1596 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 14, NO. 6, JUNE 2019 detectable footprints (e.g., files, memory, registers, or code) capable of studying kernel- or hypervisor-level malware. to the outside of the Environment.AnAnalyzer violating this The tracing subsystem exhibits a low performance over- requirement can be detected. head. Our evaluation results show that the instruction In light of the three requirements, we present NINJA,1 a tracing and system call tracing are immune to timing transparent malware analysis framework on ARM platform attacks. based on hardware features including TrustZone technology, This paper is an extended version of [28] published in Performance Monitoring Unit (PMU), and Embedded Trace USENIX Security 2017. Based on that work, we implement a Macrocell (ETM). We implement a prototype of NINJA that fast restoration mechanism to facilitate the continuous malware embodies a trace subsystem with different tracing granularities analysis. We also improve the functionality and usability of and a debug subsystem with a GDB-like debugging protocol the trace and debug subsystem. The main differences between on ARM Juno development board. Additionally, hardware- these two versions are summarized as follows: based traps and memory protection are leveraged to keep the • use of system registers transparent to the target application. We improve previous fast restoration mechanism with The experimental results show that our framework can trans- selective memory restoration, runtime file system switch- parently monitor and analyze the behavior of the malware ing, and complete context recovery. The selective memory restoration and runtime file system switching help to samples. Moreover, NINJA introduces reasonable overhead. We evaluate the performance of the trace subsystem with improve the performance of system restoration while the several popular benchmarks, and the result shows that the complete context recovery mitigates the incompleteness overheads of the instruction trace and system call trace are of previous restoration systems. • less than 1% and the Android API trace introduces 4 to 154 This paper introduces data address trace in the trace times slowdown. subsystem which allows analysts to learn the target In addition, as the malware sample may tamper the current memory address of memory read/write instructions. The system state, which can lead to an inaccurate analysis result of data address trace is helpful in many different use cases the next sample, a fast restoration mechanism is required for such as fast restoration (see Section V-E), dynamic taint continuous malware analysis. Previous restoration mechanisms analysis [29], and inferring encryption keys [30]. • either require a system reboot [24] or require special hard- The usability of trace subsystem is improved via introduc- ware components [22], [25]. We also implement a prototype ing address range and process ID filters. These filters help of an improved fast restoration mechanism which leverages analysts to focus on the interested processes and memory TrustZone and ETM data address trace to selectively restore addresses, and greatly reduce the noise in the trace result. memory and Network File System (NFS) to swap file system Moreover, we add six more stepping modes for step-by- for speeding up the restoration. The experiments show that our step debugging including speculative-execution-related fast restoration mechanism can restore the system in 0.029s to stepping that may help analyze recent Meltdown [31]
Recommended publications
  • Drilling Network Stacks with Packetdrill
    Drilling Network Stacks with packetdrill NEAL CARDWELL AND BARATH RAGHAVAN Neal Cardwell received an M.S. esting and troubleshooting network protocols and stacks can be in Computer Science from the painstaking. To ease this process, our team built packetdrill, a tool University of Washington, with that lets you write precise scripts to test entire network stacks, from research focused on TCP and T the system call layer down to the NIC hardware. packetdrill scripts use a Web performance. He joined familiar syntax and run in seconds, making them easy to use during develop- Google in 2002. Since then he has worked on networking software for google.com, the ment, debugging, and regression testing, and for learning and investigation. Googlebot web crawler, the network stack in Have you ever had the experience of staring at a long network trace, trying to figure out what the Linux kernel, and TCP performance and on earth went wrong? When a network protocol is not working right, how might you find the testing. [email protected] problem and fix it? Although tools like tcpdump allow us to peek under the hood, and tools like netperf help measure networks end-to-end, reproducing behavior is still hard, and know- Barath Raghavan received a ing when an issue has been fixed is even harder. Ph.D. in Computer Science from UC San Diego and a B.S. from These are the exact problems that our team used to encounter on a regular basis during UC Berkeley. He joined Google kernel network stack development. Here we describe packetdrill, which we built to enable in 2012 and was previously a scriptable network stack testing.
    [Show full text]
  • Navigating the Next Evolution of Application Development Using Distributed Tracing
    Navigating the Next Evolution of Application Development Using Distributed Tracing Navigating the Next Evolution of Application Development 1 Table of Contents Introduction ...........................................................................................................................................................................................3 How has software been built? Waterfall vs. DevOps ................................................................................. ............................. 4 The next evolution: Microservices ................................................................................................................................................5 What will you need to do differently to capitalizeon modern application development? ..........................................6 Get started with Epsagon on AWS ...............................................................................................................................................8 Case Study: Bastian Solutions .......................................................................................................................................................9 Learn More ..........................................................................................................................................................................................10 Navigating the Next Evolution of Application Development 2 Introduction Building and maintaining a competitive edge often requires you to evolve with your customers’
    [Show full text]
  • Traceability Establishment and Visualization of Software Artefacts in Devops Practice: a Survey
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 10, No. 7, 2019 Traceability Establishment and Visualization of Software Artefacts in DevOps Practice: A Survey D. A. Meedeniya1, I. D. Rubasinghe2, I. Perera3 Dept. of Computer Science and Engineering, University of Moratuwa, Sri Lanka Abstract—DevOps based software process has become the artefacts in the SDLC [2][3]. There are different forms of popular with the vision of an effective collaboration between the relationships between the homogeneous and heterogeneous development and operations teams that continuously integrates software artefacts. Some artefacts may be highly coupled, and the frequent changes. Traceability manages the artefact some may depend on other artefacts in different degrees, consistency during a software process. This paper explores the unidirectionally or bidirectionally. Thus, software artefacts trace-link creation and visualization between software artefacts, consistency management helps to fine-tune the software existing tool support, quality aspects and the applicability in a process. The incomplete, outdated software artefacts and their DevOps environment. As the novelty of this study, we identify the inconsistencies mislead both the development and maintenance challenges that limit the traceability considerations in DevOps process. Thus, artefact management is essential such that the and suggest research directions. Our methodology consists of changes are accurately propagated to the impacted artefacts concept identification, state-of-practice exploration and analytical review. Despite the existing related work, there is a without creating inconsistencies. Traceability is the potential to lack of tool support for the traceability management between relate artefacts considering their relationships [4][5]; thus, a heterogeneous artefacts in software development with DevOps solution for artefact management.
    [Show full text]
  • ARM Assembly Shellcode from Zero to ARM Assembly Bind Shellcode
    Lab: ARM Assembly Shellcode From Zero to ARM Assembly Bind Shellcode HITBSecConf2018 - Amsterdam 1 Learning Objectives • ARM assembly basics • Writing ARM Shellcode • Registers • System functions • Most common instructions • Mapping out parameters • ARM vs. Thumb • Translating to Assembly • Load and Store • De-Nullification • Literal Pool • Execve() shell • PC-relative Addressing • Reverse Shell • Branches • Bind Shell HITBSecConf2018 - Amsterdam 2 Outline – 120 minutes • ARM assembly basics • Reverse Shell • 15 – 20 minutes • 3 functions • Shellcoding steps: execve • For each: • 10 minutes • 10 minutes exercise • Getting ready for practical part • 5 minutes solution • 5 minutes • Buffer[10] • Bind Shell • 3 functions • 25 minutes exercise HITBSecConf2018 - Amsterdam 3 Mobile and Iot bla bla HITBSecConf2018 - Amsterdam 4 It‘s getting interesting… HITBSecConf2018 - Amsterdam 5 Benefits of Learning ARM Assembly • Reverse Engineering binaries on… • Phones? • Routers? • Cars? • Intel x86 is nice but.. • Internet of Things? • Knowing ARM assembly allows you to • MACBOOKS?? dig into and have fun with various • SERVERS?? different device types HITBSecConf2018 - Amsterdam 6 Benefits of writing ARM Shellcode • Writing your own assembly helps you to understand assembly • How functions work • How function parameters are handled • How to translate functions to assembly for any purpose • Learn it once and know how to write your own variations • For exploit development and vulnerability research • You can brag that you can write your own shellcode instead
    [Show full text]
  • Hardware-Driven Evolution in Storage Software by Zev Weiss A
    Hardware-Driven Evolution in Storage Software by Zev Weiss A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Sciences) at the UNIVERSITY OF WISCONSIN–MADISON 2018 Date of final oral examination: June 8, 2018 ii The dissertation is approved by the following members of the Final Oral Committee: Andrea C. Arpaci-Dusseau, Professor, Computer Sciences Remzi H. Arpaci-Dusseau, Professor, Computer Sciences Michael M. Swift, Professor, Computer Sciences Karthikeyan Sankaralingam, Professor, Computer Sciences Johannes Wallmann, Associate Professor, Mead Witter School of Music i © Copyright by Zev Weiss 2018 All Rights Reserved ii To my parents, for their endless support, and my cousin Charlie, one of the kindest people I’ve ever known. iii Acknowledgments I have taken what might be politely called a “scenic route” of sorts through grad school. While Ph.D. students more focused on a rapid graduation turnaround time might find this regrettable, I am glad to have done so, in part because it has afforded me the opportunities to meet and work with so many excellent people along the way. I owe debts of gratitude to a large cast of characters: To my advisors, Andrea and Remzi Arpaci-Dusseau. It is one of the most common pieces of wisdom imparted on incoming grad students that one’s relationship with one’s advisor (or advisors) is perhaps the single most important factor in whether these years of your life will be pleasant or unpleasant, and I feel exceptionally fortunate to have ended up iv with the advisors that I’ve had.
    [Show full text]
  • Proceedings of the Linux Symposium
    Proceedings of the Linux Symposium Volume One June 27th–30th, 2007 Ottawa, Ontario Canada Contents The Price of Safety: Evaluating IOMMU Performance 9 Ben-Yehuda, Xenidis, Mostrows, Rister, Bruemmer, Van Doorn Linux on Cell Broadband Engine status update 21 Arnd Bergmann Linux Kernel Debugging on Google-sized clusters 29 M. Bligh, M. Desnoyers, & R. Schultz Ltrace Internals 41 Rodrigo Rubira Branco Evaluating effects of cache memory compression on embedded systems 53 Anderson Briglia, Allan Bezerra, Leonid Moiseichuk, & Nitin Gupta ACPI in Linux – Myths vs. Reality 65 Len Brown Cool Hand Linux – Handheld Thermal Extensions 75 Len Brown Asynchronous System Calls 81 Zach Brown Frysk 1, Kernel 0? 87 Andrew Cagney Keeping Kernel Performance from Regressions 93 T. Chen, L. Ananiev, and A. Tikhonov Breaking the Chains—Using LinuxBIOS to Liberate Embedded x86 Processors 103 J. Crouse, M. Jones, & R. Minnich GANESHA, a multi-usage with large cache NFSv4 server 113 P. Deniel, T. Leibovici, & J.-C. Lafoucrière Why Virtualization Fragmentation Sucks 125 Justin M. Forbes A New Network File System is Born: Comparison of SMB2, CIFS, and NFS 131 Steven French Supporting the Allocation of Large Contiguous Regions of Memory 141 Mel Gorman Kernel Scalability—Expanding the Horizon Beyond Fine Grain Locks 153 Corey Gough, Suresh Siddha, & Ken Chen Kdump: Smarter, Easier, Trustier 167 Vivek Goyal Using KVM to run Xen guests without Xen 179 R.A. Harper, A.N. Aliguori & M.D. Day Djprobe—Kernel probing with the smallest overhead 189 M. Hiramatsu and S. Oshima Desktop integration of Bluetooth 201 Marcel Holtmann How virtualization makes power management different 205 Yu Ke Ptrace, Utrace, Uprobes: Lightweight, Dynamic Tracing of User Apps 215 J.
    [Show full text]
  • Linuxcon North America 2012
    LinuxCon North America 2012 LTTng 2.0 : Tracing, Analysis and Views for Performance and Debugging. E-mail: [email protected] Mathieu Desnoyers August 29th, 2012 1 > Presenter ● Mathieu Desnoyers ● EfficiOS Inc. ● http://www.efficios.com ● Author/Maintainer of ● LTTng, LTTng-UST, Babeltrace, Userspace RCU Mathieu Desnoyers August 29th, 2012 2 > Content ● Tracing benefits, ● LTTng 2.0 Linux kernel and user-space tracers, ● LTTng 2.0 usage scenarios & viewers, ● New features ready for LTTng 2.1, ● Conclusion Mathieu Desnoyers August 29th, 2012 3 > Benefits of low-impact tracing in a multi-core world ● Understanding interaction between ● Kernel ● Libraries ● Applications ● Virtual Machines ● Debugging ● Performance tuning ● Monitoring Mathieu Desnoyers August 29th, 2012 4 > Tracing use-cases ● Telecom ● Operator, engineer tracing systems concurrently with different instrumentation sets. ● In development and production phases. ● High-availability, high-throughput servers ● Development and production: ensure high performance, low-latency in production. ● Embedded ● System development and production stages. Mathieu Desnoyers August 29th, 2012 5 > LTTng 2.0 ● Rich ecosystem of projects, ● Key characteristics of LTTng 2.0: – Small impact on the traced system, fast, user- oriented features. ● Interfacing with: Common Trace Format (CTF) Interoperability Between Tracing Tools Tracing Well With Others: Integration with the Common Trace Format (CTF), of GDB Tracepoints Into Trace Tools, Mathieu Desnoyers, EfficiOS, Stan Shebs, Mentor Graphics,
    [Show full text]
  • “Out-Of-VM” Approach for Fine-Grained Process Execution Monitoring
    Workshop for Frontiers of Cloud Computing, Dec 1, 2011, IBM T.J. Watson Research Center, NY Process Out-Grafting: An Efficient “Out-of-VM” Approach for Fine-Grained Process Execution Monitoring Deepa Srinivasan, Zhi Wang, Xuxian Jiang, Dongyan Xu * North Carolina State University, Purdue University* Malware Infection Trend New malware samples collected by McAfee Labs, by month* *Figure source: McAfee Threats Report: Second Quarter 2011, McAfee Labs 2 Anti-Malware Isolation Traditional anti-malware tools are not well-isolated Virtual Machine (VM) introspection Isolate tool by placing it outside a VM Analyze states and events externally User-mode Applications Monitor Virtual Machine … OS Kernel Hypervisor 3 Anti-Malware Isolation Traditional anti-malware tools are not well-isolated Virtual Machine (VM) introspection Isolate tool by placing it outside a VM Analyze states and events externally User-mode Applications Monitor VM Virtual Introspection Machine … OS Kernel Hypervisor 4 Out-of-VM Solutions Livewire (Garfinkel et al. , NDSS ‘03) XenAccess (Payne et al. , ACSAC ‘07) VMScope (Jiang et al. , RAID ‘07) Lares (Payne et al. , Oakland ‘08) … 5 Semantic Gap in Introspection What we want to observe High-level states and events (e.g. system calls, processes) What we can observe Low-level states and events (e.g. raw memory, interrupts) Internal User-mode Applications Monitor … External Monitor Semantic Virtual Machine Gap OS Kernel Hypervisor 6 Addressing the Semantic Gap Guest view casting VMWatcher (Jiang et al. , CCS
    [Show full text]
  • System Wide Tracing and Profiling in Linux
    SYSTEM WIDE TRACING AND PROFILING IN LINUX Nadav Amit Agenda • System counters inspection • Profiling with Linux perf tool • Tracing using ftrace Disclaimer • Introductory level presentation • We are not going to cover many tools • We are not going to get deep into the implementation of the tools • I am not an expert on many of the issues Collect Statistics • First step in analyzing the system behavior • Option 1: Resource statistics tools • iostat, vmstat, netstat, ifstat • dstat Examples: dstat --vm --aio • dstat • dstat --udp --tcp --socket • dstat --vm --aio dstat --udp --tcp --socket Watch system behavior online • Option 2: Sample the counter • top • Use –H switch for thread specific • Use ‘f’ to choose additional fields: page faults, last used processor • Use ‘1’ to turn off cumulative mode • iotop • Remember to run as sudoer top Inspect Raw Counters • Option 3: Go to the raw counters • General • /proc/stat • /proc/meminfo • /proc/interrupts • Process specific • /proc/[pid]/statm – process memory • /proc/[pid]/stat – process execution times • /proc/[pid]/status – human readable • Device specific • /sys/block/[dev]/stat • /proc/dev/net • Hardware • smartctl /proc/interrupts /sys/block/[dev]/stat Name units description ---- ----- ----------- read I/Os requests number of read I/Os processed read merges requests number of read I/Os merged with in-queue I/O read sectors sectors number of sectors read read ticks milliseconds total wait time for read requests write I/Os requests number of write I/Os processed write merges requests number
    [Show full text]
  • Debugging and Profiling with Arm Tools
    Debugging and Profiling with Arm Tools [email protected] • Ryan Hulguin © 2018 Arm Limited • 4/21/2018 Agenda • Introduction to Arm Tools • Remote Client Setup • Debugging with Arm DDT • Other Debugging Tools • Break • Examples with DDT • Lunch • Profiling with Arm MAP • Examples with MAP • Obtaining Support 2 © 2018 Arm Limited Introduction to Arm HPC Tools © 2018 Arm Limited Arm Forge An interoperable toolkit for debugging and profiling • The de-facto standard for HPC development • Available on the vast majority of the Top500 machines in the world • Fully supported by Arm on x86, IBM Power, Nvidia GPUs and Arm v8-A. Commercially supported by Arm • State-of-the art debugging and profiling capabilities • Powerful and in-depth error detection mechanisms (including memory debugging) • Sampling-based profiler to identify and understand bottlenecks Fully Scalable • Available at any scale (from serial to petaflopic applications) Easy to use by everyone • Unique capabilities to simplify remote interactive sessions • Innovative approach to present quintessential information to users Very user-friendly 4 © 2018 Arm Limited Arm Performance Reports Characterize and understand the performance of HPC application runs Gathers a rich set of data • Analyses metrics around CPU, memory, IO, hardware counters, etc. • Possibility for users to add their own metrics Commercially supported by Arm • Build a culture of application performance & efficiency awareness Accurate and astute • Analyses data and reports the information that matters to users insight • Provides simple guidance to help improve workloads’ efficiency • Adds value to typical users’ workflows • Define application behaviour and performance expectations Relevant advice • Integrate outputs to various systems for validation (e.g.
    [Show full text]
  • Postmodern Strace Dmitry Levin
    Postmodern strace Dmitry Levin Brussels, 2020 Traditional strace [1/30] Printing instruction pointer and timestamps print instruction pointer: -i option print timestamps: -r, -t, -tt, -ttt, and -T options Size and format of strings string size: -s option string format: -x and -xx options Verbosity of syscall decoding abbreviate output: -e abbrev=set, -v option dereference structures: -e verbose=set print raw undecoded syscalls: -e raw=set Traditional strace [2/30] Printing signals print signals: -e signal=set Dumping dump the data read from the specified descriptors: -e read=set dump the data written to the specified descriptors: -e write=set Redirecting output to files or pipelines write the trace to a file or pipeline: -o filename option write traces of processes to separate files: -ff -o filename Traditional strace [3/30] System call filtering trace only the specified set of system calls: -e trace=set System call statistics count time, calls, and errors for each system call: -c option sort the histogram printed by the -c option: -S sortby option Tracing control attach to existing processes: -p pid option trace child processes: -f option Modern strace [4/30] Tracing output format pathnames accessed by name or descriptor: -y option network protocol associated with descriptors: -yy option stack of function calls: -k option System call filtering pathnames accessed by name or descriptor: -P option regular expressions: -e trace=/regexp optional specifications: -e trace=?spec new syscall classes: %stat, %lstat, %fstat, %statfs, %fstatfs, %%stat, %%statfs
    [Show full text]
  • Bidirectional Tracing of Requirements in Embedded Software Development
    Bidirectional Tracing of Requirements in Embedded Software Development Barbara Draxler _________________________________ Fachbereich Informatik Universität Salzburg Abstract Nowadays, the increased complexity of embedded systems applications re- quires a systematic process of software development for embedded systems. An important difficulty in applying classical software engineering processes in this respect is ensuring that specific requirements of safety and real-time properties, which are usually posed at the beginning of the development, are met in the final implementation. This difficulty stems from the fact that requirements engineering in general is not mature in the established soft- ware development models. Nevertheless, several manufacturers have recently started to employ available requirements engineering methods for embedded software. The aim of this report is to provide insight into manufacturer practices in this respect. The report provides an analysis of the current state-of-art of requirements engineering in embedded real-time systems with respect to re- quirements traceability. Actual examples of requirements traceability and requirements engineering are analyzed against current research in require- ments traceability and requirements engineering. This report outlines the principles and the problems of traceability. Fur- thermore, current research on new traceability methods is presented. The importance of requirements traceability in real-time systems is highlighted and related significant research issues in requirements engineering are out- lined. To gain an insight in how traceability can aid process improvement, the viewpoint of CMMI towards requirements engineering and traceability is described. A short introduction in popular tracing tools that support require- ments engineering and especially traceability is given. Examples of traceabil- ity in the development of real-time systems at the Austrian company AVL are presented.
    [Show full text]