Distributed event-based (DEB) software systems are widespread, spanning diverse domains such as user interfaces, financial markets, logistics, and mobile applications. Unlike traditional software systems, in DEB systems software components do not directly interact but rely on brokers to transfer data and notifications of different events. Consequently, components in DEB systems are highly decoupled, which yields scalable, easy-to-evolve applications. However, this flexibility and scalability comes at a price: It is difficult to have an accurate insight into the structure and functionality of a DEB system, which makes it difficult to ensure a DEB system's desired behavior and absence of security vulnerabilities. Many techniques have been developed for dealing with analogous issues in traditional software systems. However, those techniques provide inadequate and/or misleading information when applied to DEB systems. This project is providing a suite of tools for ensuring software correctness, reliability, and security that are specifically targeted at DEB systems.
The project does so by developing novel program analysis, runtime monitoring, and visualization techniques that account for the implicit invocation, concurrency, and ambiguous interfaces inherent in DEB systems. The project's specific focus is on (1) data-flow anomalies that cause correctness and reliability issues and (2) data- and control-flow anomalies that cause security problems. The broader impact of this research is direct: It provides to engineers in a wide range of important software development domains analysis and visualization techniques that are comparable to techniques available in traditional domains. On one hand, the flexibility of DEB systems bodes well for their continued adoption and expansion. On the other hand, that adoption is impeded by obstacles in understanding, analyzing, debugging, evolving, and securing DEB systems. This research presents a significant step in the direction of providing the necessary remedies and helping to realize the full potential of DEB systems.
