Establishing Integrity in Dynamic Networks of Cyber Physical Devices
Abstract
There is vast heterogeneity in the software and hardware platforms used to implement cyber physical devices. While this heterogeneity has enabled a vast number of cyber physical applications, it has also complicated the way we engineer applications for these devices and establish their trustworthiness. In particular, software developers may develop their applications for one cyberphysical platform, but porting these to other platforms or using trust establishment tools developed for one platform to applications on another platform is still a laborious process.. One of the key difficulties in these tasks is tailoring applications and tools to use platform specific APIs. One way to ease this task is if providers have access to a database of likely mappings between the APIs of different cyberphysical platforms, which they can consult when porting software and establishing their trustworthiness.
We develop a novel approach to the problem of inferring likely mappings between the APIs of a source and target platform. Our approach relies on the observation that there are often independently- developed applications for several source and target cyber physical platforms implementing the same functionality. In implementing them, the developers exercised their knowledge of the corresponding APIs. We develop techniques to harvest this knowledge and establish a mapping between the APIs of the source and target platforms. Specifically, we analyze execution traces of similar, yet independently- developed applications for the source and target platforms. This analysis exploits the fact that when applications for the source and target platform implement similar functionality, their execution traces likely contain API calls that map to each other. We develop a probabilistic inference technique that uses factor graphs to identify likely mappings between methods of the source API and the target API. The output of our approach is a ranked list of target API methods that likely map to each source API method.
We have implemented this approach in a prototype tool called Rosetta. We applied Rosetta to infer likely mappings between two mobile computing platforms: the JavaME and Android graphics APIs. In experiments with twenty JavaME games and their independently-developed Android counterparts, we found that the Android API calls corresponding to 71% of JavaME API calls appeared within top ten possible mappings output by Rosetta. For 42% of JavaME API calls, Rosetta output the corresponding Android API call as the top-ranked mapping.
Award ID: 0931992 and 0931914