Human Error Injection

ConfErr is a tool for testing and quantifying the resilience of software systems to human-induced configuration errors. ConfErr uses human error models rooted in psychology and linguistics to generate realistic configuration mistakes; it then injects these mistakes and measures their effects, producing a resilience profile of the system under test. The resilience profile, capturing succinctly how sensitive the target software is to different classes of configuration errors, can be used for improving the software or to compare systems to each other. ConfErr is highly portable, because all mutations are performed on abstract representations of the configuration files.

Using ConfErr, we found several serious flaws in the MySQL and Postgres databases, Apache web server, and BIND and djbdns name servers; we were also able to directly compare the resilience of functionally-equivalent systems, such as MySQL and Postgres.


  • We recently created Arugula, a programming language for describing human errors. Next release, ConfErr will use Arugula to describe what errors to inject into configuration files. The Arugula GUI will transform writing error generators into a drag and drop process. We demoed Arugula during EuroSys 2010 in Paris.



  • Prasang Upadhyaya


Poster and Demo