CS 6V Program Analysis I: Dynamic Detection of Likely Invariants and Robust Signatures for Kernel Data Structure.
|
|
- Janel King
- 6 years ago
- Views:
Transcription
1 CS 6V81-05 Program Analysis I: Dynamic Detection of Likely Invariants and Robust Signatures for Kernel Data Structure Junyuan Zeng Department of Computer Science The University of Texas at Dallas November 4 th, 2011
2 Outline 1 Dynamic Invariant Detection Concepts Daikon 2 Background Robust Signatures
3 Outline 1 Dynamic Invariant Detection Concepts Daikon 2 Background Robust Signatures
4 Outline 1 Dynamic Invariant Detection Concepts Daikon 2 Background Robust Signatures
5 what is program invariant?
6 what is program invariant? refer to a property that holds at a certain point or points in a program
7 what is program invariant? refer to a property that holds at a certain point or points in a program being constant x = a, non-zero x 0, ordering x y, being in a range a x b, containment x y
8 what is program invariant? refer to a property that holds at a certain point or points in a program being constant x = a, non-zero x 0, ordering x y, being in a range a x b, containment x y linear relationships y = ax + b, functions from a library x = fn(y)
9 what is program invariant? refer to a property that holds at a certain point or points in a program being constant x = a, non-zero x 0, ordering x y, being in a range a x b, containment x y linear relationships y = ax + b, functions from a library x = fn(y)... often used in assert statements, documentation and formal specifications
10 what is program invariant? refer to a property that holds at a certain point or points in a program being constant x = a, non-zero x 0, ordering x y, being in a range a x b, containment x y linear relationships y = ax + b, functions from a library x = fn(y)... often used in assert statements, documentation and formal specifications also useful in program understanding and a host of other applications
11 example
12 dynamic invariant detection
13 dynamic invariant detection expecting programmers to fully annotate code with invariants but programmers do not usually explicitly annotate or document code with invariants
14 dynamic invariant detection expecting programmers to fully annotate code with invariants but programmers do not usually explicitly annotate or document code with invariants dynamic invariant detection
15 dynamic invariant detection expecting programmers to fully annotate code with invariants but programmers do not usually explicitly annotate or document code with invariants dynamic invariant detection runs a program
16 dynamic invariant detection expecting programmers to fully annotate code with invariants but programmers do not usually explicitly annotate or document code with invariants dynamic invariant detection runs a program observes the values that the program computes
17 dynamic invariant detection expecting programmers to fully annotate code with invariants but programmers do not usually explicitly annotate or document code with invariants dynamic invariant detection runs a program observes the values that the program computes reports properties that were true over the observe executions
18 dynamic invariant detection expecting programmers to fully annotate code with invariants but programmers do not usually explicitly annotate or document code with invariants dynamic invariant detection runs a program observes the values that the program computes reports properties that were true over the observe executions Daikon proposes to automatically determine program invariants and report them in a meaningful manner
19 Outline 1 Dynamic Invariant Detection Concepts Daikon 2 Background Robust Signatures
20 Daikon an implementation of dynamic detection of likely invariants
21 Daikon an implementation of dynamic detection of likely invariants uses machine learning techniques
22 Daikon an implementation of dynamic detection of likely invariants uses machine learning techniques can detect invariants in C, C++, Java and Perl programs
23 Daikon an implementation of dynamic detection of likely invariants uses machine learning techniques can detect invariants in C, C++, Java and Perl programs input is the program and output is a set of likely program invariants
24 architecture
25 architecture: original program i,s := 0,0; do i!= n -> i,s := i + 1, s + b[i] od
26 architecture: instrumenters
27 architecture: instrumenters add instructions to the target program so that it will output the values of variables
28 architecture: instrumenters add instructions to the target program so that it will output the values of variables language dependent (C/C++, Java and Perl etc.)
29 architecture: instrumented program print b, n; i,s := 0,0; do i!= n -> print i, s, n, b[i]; i,s := i + 1, s + b[i] od
30 architecture: trace file ENTER B = , modified N = 8, modified LOOP B = , unmodified N = 8, modified I = 0, modified s = 0, modified LOOP B = , unmodified N = 8, unmodified I = 1, modified s = 92, modified...
31 architecture: inference engine
32 architecture: inference engine read the trace data and produces likely invariants
33 architecture: inference engine read the trace data and produces likely invariants adopt optimizations to reduce redundant invariant checking
34 architecture: inference engine read the trace data and produces likely invariants adopt optimizations to reduce redundant invariant checking equal variables:if x = y, then for any invariant f, f (x) = f (y)
35 architecture: inference engine read the trace data and produces likely invariants adopt optimizations to reduce redundant invariant checking equal variables:if x = y, then for any invariant f, f (x) = f (y) dynamically constant variables: x = 5 = odd(x) and x 5
36 architecture: inference engine read the trace data and produces likely invariants adopt optimizations to reduce redundant invariant checking equal variables:if x = y, then for any invariant f, f (x) = f (y) dynamically constant variables: x = 5 = odd(x) and x 5 variable hierachy: for two program points A and B, if all samples for B also appear at A = (invariants true at A= true at B)
37 architecture: inference engine read the trace data and produces likely invariants adopt optimizations to reduce redundant invariant checking equal variables:if x = y, then for any invariant f, f (x) = f (y) dynamically constant variables: x = 5 = odd(x) and x 5 variable hierachy: for two program points A and B, if all samples for B also appear at A = (invariants true at A= true at B) suppression of weaker invariants: x > y = x y
38 architecture: invariants 1) n >= 0 2) s = SUM(B) 3) i >= 0
39 java example Java class StackAr fields: Object[] thearray; // Array that contains the stack elements. int topofstack; // Index of top element. -1 if stack is empty. methods: void push(object x) // Insert x void pop() // Remove most recently inserted item Object top() // Return most recently inserted item Object topandpop() // Remove and return most recently inserted item boolean isempty() // Return true if empty; else false boolean isfull() // Return true if full; else false void makeempty() // Remove all items
40 output (1) Object invariants for StackAr this.thearray!= null this.thearray.getclass() == java.lang.object[].class this.topofstack >= -1 this.topofstack <= this.thearray.length - 1 this.thearray[0..this.topofstack] elements!= null this.thearray[this.topofstack+1..] elements == null
41 output (2) pre-conditions for the StackAr constructor capacity >= 0 post-conditions for the StackAr constructor orig(capacity) == this.thearray.length this.topofstack == -1 this.thearray[] elements == null
42 output (3) post-conditions for the isfull method this.thearray == orig(this.thearray) this.thearray[] == orig(this.thearray[]) this.topofstack == orig(this.topofstack) (return == false) <==> (this.topofstack<this.thearray.length - 1) (return == true) <==> (this.topofstack==this.thearray.length - 1)
43 other tools Agitator product by Agitar
44 other tools Agitator product by Agitar DIDUCE tool for Java programs
45 other tools Agitator product by Agitar DIDUCE tool for Java programs IODINE tool for hardware designs
46 other tools Agitator product by Agitar DIDUCE tool for Java programs IODINE tool for hardware designs SPIN model checker which checks if two variables are related by =, <, >, or ; the output is a graph with variables at the nodes and edges labeled by the comparison relations
47 other tools Agitator product by Agitar DIDUCE tool for Java programs IODINE tool for hardware designs SPIN model checker which checks if two variables are related by =, <, >, or ; the output is a graph with variables at the nodes and edges labeled by the comparison relations...
48 summary
49 summary a full-featured, scalable, robust tool for dynamic invariant detection
50 summary a full-featured, scalable, robust tool for dynamic invariant detection supports multiple programming languages
51 summary a full-featured, scalable, robust tool for dynamic invariant detection supports multiple programming languages likely invariants that it produces have been used from refactoring to testing to data structure repair etc.
52 Outline 1 Dynamic Invariant Detection Concepts Daikon 2 Background Robust Signatures
53 Outline 1 Dynamic Invariant Detection Concepts Daikon 2 Background Robust Signatures
54 attacks
55 attacks objective: conceal presence of an object from the user
56 attacks objective: conceal presence of an object from the user hooking: modify code, make the APIs lie
57 attacks objective: conceal presence of an object from the user hooking: modify code, make the APIs lie DKOM: manipulate kernel data structures instead of code
58 signature scans
59 signature scans some new tools (PTFinder, Volatility) use signature scans to find hidden objects in memory
60 signature scans some new tools (PTFinder, Volatility) use signature scans to find hidden objects in memory identify a set of invariants (signatures) for the object
61 signature scans some new tools (PTFinder, Volatility) use signature scans to find hidden objects in memory identify a set of invariants (signatures) for the object perform a linear scan through memory
62 signature scans some new tools (PTFinder, Volatility) use signature scans to find hidden objects in memory identify a set of invariants (signatures) for the object perform a linear scan through memory report regions of data where the fields match your invariants (signatures)
63 signature scans naive signature for EPROCESS
64 signature evasion
65 signature evasion assume attackers can read and modify any kernel data (like DKOM)
66 signature evasion assume attackers can read and modify any kernel data (like DKOM) attackers may modify some fields to hide objects from scanners without OS crashing
67 signature evasion assume attackers can read and modify any kernel data (like DKOM) attackers may modify some fields to hide objects from scanners without OS crashing false negative for a signature
68 Outline 1 Dynamic Invariant Detection Concepts Daikon 2 Background Robust Signatures
69 architecture develop robust signatures that resist signature evasion
70 architecture develop robust signatures that resist signature evasion feature selection:
71 architecture develop robust signatures that resist signature evasion feature selection: profile the data structure to determine which fields are most commonly accessed by the operating system
72 architecture develop robust signatures that resist signature evasion feature selection: profile the data structure to determine which fields are most commonly accessed by the operating system fuzz the most commonly accessed fields to determine which can be modified without OS crashing
73 architecture develop robust signatures that resist signature evasion feature selection: profile the data structure to determine which fields are most commonly accessed by the operating system fuzz the most commonly accessed fields to determine which can be modified without OS crashing signature generation based on the selected fields
74 data structure profiling
75 data structure profiling idea: watch the structure as OS executes
76 data structure profiling idea: watch the structure as OS executes if a field is never accessed, attacker can control it
77 data structure profiling idea: watch the structure as OS executes if a field is never accessed, attacker can control it monitor OS execution and build histogram of how frequently each field is accessed
78 EPROCESS profile
79 profiling is not enough
80 profiling is not enough don t know if functionality depends on a given member
81 profiling is not enough don t know if functionality depends on a given member being accessed is a necessary condition, but not sufficient
82 profiling is not enough don t know if functionality depends on a given member being accessed is a necessary condition, but not sufficient ensure that the field cannot be arbitrarily modified
83 fuzzing
84 fuzzing modify data fields and see if OS crashes
85 fuzzing modify data fields and see if OS crashes if OS consistently crashes, attacker probably can t modify that field
86 fuzzing modify data fields and see if OS crashes if OS consistently crashes, attacker probably can t modify that field during fuzz testing, failures are indications that a field is robust
87 fuzzing methodology
88 how to fuzz for each field, replace its contents with test data from one of several classes:
89 so far... original signatures
90 so far... after profiling...
91 so far... after fuzz...
92 signature generation dynamic invariant detection
93 signature generation dynamic invariant detection infer constraints (invariants) on robust fields
94 signature generation dynamic invariant detection infer constraints (invariants) on robust fields input: for each robust field, extract a list of the values for all processes found in the memory images (uninfected)
95 signature generation dynamic invariant detection infer constraints (invariants) on robust fields input: for each robust field, extract a list of the values for all processes found in the memory images (uninfected) output: constrains (invariants)
96 a list of constrains
97 results
98 conclusions existing signatures are vulnerable to evasion
99 conclusions existing signatures are vulnerable to evasion new systematic method for selecting features for data structure signatures
100 conclusions existing signatures are vulnerable to evasion new systematic method for selecting features for data structure signatures constrains attackers ability to evade signatures
101 references M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao. The Daikon system for dynamic detection of likely invariants. Science of Computer Programming, 69(1-3), Brendan Dolan-Gavitt, Abhinav Srivasta, Patrick Traynor, and Jonathon Giffin. Robust Signatures for Kernel Data Structures. Proceedings of the ACM Conference on Computer and Communications Security (CCS), November M. D. Ernst, J. Cockrell, W. G. Griswold, and D. Notkin, Dynamically discovering likely program invariants to support program evolution IEEE Transactions on Software Engineering, vol. 27, no. 2, Feb. 2001, pp
The Daikon system for dynamic detection of likely invariants
Science of Computer Programming 69 (2007) 35 45 www.elsevier.com/locate/scico The Daikon system for dynamic detection of likely invariants Michael D. Ernst, Jeff H. Perkins, Philip J. Guo, Stephen McCamant,
More informationWindows Memory Forensics and Direct Kernel Object Manipulation. Jesse Kornblum
Windows Memory Forensics and Direct Kernel Object Manipulation Jesse Kornblum Outline Introduction The Kernel Direct Kernel Object Manipulation Standard DKOM Devious DKOM Better Magic Relations Between
More informationAutomatic Generation of Program Specifications
Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science http://pag.lcs.mit.edu/ Joint work with Michael Ernst Jeremy Nimmer, page 1 Synopsis Specifications are useful
More informationExploiting Synergy Between Testing and Inferred Partial Specifications
Exploiting Synergy Between Testing and Inferred Partial Specifications Tao Xie David Notkin Department of Computer Science & Engineering, University of Washington {taoxie, notkin}@cs.washington.edu Technical
More informationSymbolic Execution, Dynamic Analysis
Symbolic Execution, Dynamic Analysis http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Symbolic execution Pavel Parízek Symbolic Execution, Dynamic Analysis
More informationLearning from Executions
Learning from Executions Dynamic analysis for program understanding and software engineering Michael D. Ernst and Jeff H. Perkins November 7, 2005 Tutorial at ASE 2005 Outline What is dynamic analysis?
More informationBug Localization in Test-Driven Development
Bug Localization in Test-Driven Development Massimo Ficco (2)(3), Roberto Pietrantuono (1), and Stefano Russo (1)(3) (1) Dipartimento di Informatica e Sistemistica, Università di Napoli Federico II Via
More informationSeminar in Software Engineering. DySy. Dynamic Symbolic Execution for Invariant Inference. April 28th Lukas Schwab
Seminar in Software Engineering DySy Dynamic Symbolic Execution for Invariant Inference April 28th 2009 Lukas Schwab lschwab@student.ethz.ch The authors Christoph Csallner - College of Computing, Georgia
More informationComputer Science CS221 Test 2 Name. 1. Give a definition of the following terms, and include a brief example. a) Big Oh
Computer Science CS221 Test 2 Name 1. Give a definition of the following terms, and include a brief example. a) Big Oh b) abstract class c) overriding d) implementing an interface 10/21/1999 Page 1 of
More informationCS350: Data Structures Stacks
Stacks James Moscola Department of Engineering & Computer Science York College of Pennsylvania James Moscola Stacks Stacks are a very common data structure that can be used for a variety of data storage
More informationData Structures. BSc in Computer Science University of New York, Tirana. Assoc. Prof. Marenglen Biba 1-1
Data Structures BSc in Computer Science University of New York, Tirana Assoc. Prof. Marenglen Biba 1-1 General info Course : Data Structures (3 credit hours) Instructor : Assoc. Prof. Marenglen Biba Office
More informationCS-152: Software Testing
CS-152: Software Testing Neal Holtschulte July 2, 2013 Software Testing Outline Terminology Assertions and when to use them Try-catch and when to use them What are Exceptions Further resources Practice
More informationA new conditional invariant detection framework (CIDF)
Scientific Research and Essays Vol. 8(6), pp. 265-273, 11 February, 2013 Available online at http://www.academicjournals.org/sre DOI: 10.5897/SRE11.1020 ISSN 1992-2248 2013 Academic Journals Full Length
More informationCMPSCI 187: Programming With Data Structures. Lecture #11: Implementing Stacks With Arrays David Mix Barrington 28 September 2012
CMPSCI 187: Programming With Data Structures Lecture #11: Implementing Stacks With Arrays David Mix Barrington 28 September 2012 Implementing Stacks With Arrays The Idea of the Implementation Data Fields
More informationAutomated Software Testing in the Absence of Specifications
Automated Software Testing in the Absence of Specifications Tao Xie North Carolina State University Department of Computer Science Nov 2005 http://www.csc.ncsu.edu/faculty/xie/ Why Automate Testing? Software
More informationQuickly Detecting Relevant Program Invariants
Quickly Detecting Relevant Program Invariants Michael Ernst, Adam Czeisler, Bill Griswold (UCSD), and David Notkin University of Washington http://www.cs.washington.edu/homes/mernst/daikon Michael Ernst,
More informationAutomated Documentation Inference to Explain Failed Tests
Automated Documentation Inference to Explain Failed Tests Sai Zhang University of Washington Joint work with: Cheng Zhang, Michael D. Ernst A failed test reveals a potential bug Before bug-fixing, programmers
More informationDySy: Dynamic Symbolic Execution for Invariant Inference
DySy: Dynamic Symbolic Execution for Invariant Inference C. Csallner N. Tillmann Y. Smaragdakis Marc Egg Invariant Inference Object top() { if(empty) return null; return thearray[topofstack]; Invariant
More informationCSC 1052 Algorithms & Data Structures II: Stacks
CSC 1052 Algorithms & Data Structures II: Stacks Professor Henry Carter Spring 2018 Recap Abstraction allows for information to be compartmentalized and simplifies modular use Interfaces are the Java construction
More informationA Novel Approach to Unit Testing: The Aspect-Oriented Way
A Novel Approach to Unit Testing: The Aspect-Oriented Way Guoqing Xu and Zongyuan Yang Software Engineering Lab, Department of Computer Science East China Normal University 3663, North Zhongshan Rd., Shanghai
More informationAn Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing
An Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing Marcelo d Amorim (UIUC) Carlos Pacheco (MIT) Tao Xie (NCSU) Darko Marinov (UIUC) Michael D.
More informationChianti: A Tool for Change Impact Analysis of Java Programs
Chianti: A Tool for Change Impact Analysis of Java Programs Andrej Galad 04/19/2017 CS 6704 - Software Engineering Research Virginia Polytechnic Institute and State University, Blacksburg, VA Professor
More informationPlease note that if you write the mid term in pencil, you will not be allowed to submit a remark request.
University of Toronto CSC148 Introduction to Computer Science Fall 2001 Mid Term Test Section L5101 Duration: 50 minutes Aids allowed: none Make sure that your examination booklet has 8 pages (including
More informationWhy Design by Contract! CS 619 Introduction to OO Design and Development. Design by Contract. Fall 2012
Why Design by Contract What s the difference with Testing? CS 619 Introduction to OO Design and Development Design by Contract Fall 2012 Testing tries to diagnose (and cure) defects after the facts. Design
More informationLeveraging Data Invariants in Model Inference for Test Case Generation
Leveraging Data Invariants in Model Inference for Test Case Generation Roykrong Sukkerd Abstract Testing is an effective mean to find bugs in systems, but manually writing test cases is often tedious.
More informationASSESSING INVARIANT MINING TECHNIQUES FOR CLOUD-BASED UTILITY COMPUTING SYSTEMS
ASSESSING INVARIANT MINING TECHNIQUES FOR CLOUD-BASED UTILITY COMPUTING SYSTEMS ABSTRACT Likely system invariants model properties that hold in operating conditions of a computing system. Invariants may
More informationIntroduction to Programming Using Java (98-388)
Introduction to Programming Using Java (98-388) Understand Java fundamentals Describe the use of main in a Java application Signature of main, why it is static; how to consume an instance of your own class;
More informationCPSC 221: Algorithms and Data Structures Lecture #1: Stacks and Queues
CPSC 221: Algorithms and Data Structures Lecture #1: Stacks and Queues Alan J. Hu (Slides borrowed from Steve Wolfman) Be sure to check course webpage! http://www.ugrad.cs.ubc.ca/~cs221 1 Lab 1 is available.
More informationEfficient Incremental Dynamic Invariant Detection
Efficient Incremental Dynamic Invariant Detection and Michael Ernst MIT CSAIL Page 1 Dynamic invariant detection Program analysis that generalizes over observed runtime values to hypothesize program properties
More informationDySy: Dynamic Symbolic Execution for Invariant Inference
DySy: Dynamic Symbolic Execution for Invariant Inference Christoph Csallner College of Computing Georgia Tech Atlanta, GA 30332, USA csallner@cc.gatech.edu Nikolai Tillmann Microsoft Research One Microsoft
More informationUNDERSTANDING AND PROTECTING CLOSED-SOURCE SYSTEMS THROUGH DYNAMIC ANALYSIS
UNDERSTANDING AND PROTECTING CLOSED-SOURCE SYSTEMS THROUGH DYNAMIC ANALYSIS A Thesis Presented to The Academic Faculty by Brendan Dolan-Gavitt In Partial Fulfillment of the Requirements for the Degree
More information: A Bounded Model Checking Tool to Verify Qt Applications
23 rd International SPIN symposium on Model Checking of Software : A Bounded Model Checking Tool to Verify Qt Applications Mário A. P. Garcia, Felipe R. Monteiro, Lucas C. Cordeiro, and Eddie B. de Lima
More information0/38. Detecting Invariants. Andreas Zeller + Andreas Gross. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/38 Detecting Invariants Andreas Zeller + Andreas Gross Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken Exam 1/38 on Tuesday, 2003-02-18, 11:15 in lecture room 45/001 (here) Written
More informationCPSC 221: Algorithms and Data Structures ADTs, Stacks, and Queues
CPSC 221: Algorithms and Data Structures ADTs, Stacks, and Queues Alan J. Hu (Slides borrowed from Steve Wolfman) Be sure to check course webpage! http://www.ugrad.cs.ubc.ca/~cs221 1 Lab 1 available very
More informationReadability [Skrien 4.0] Programs must be written for people to read, and only incidentally for machines to execute.
Readability [Skrien 4.0] Programs must be written for people to read, and only incidentally for machines to execute. Abelson & Sussman Use a good set of coding conventions, such as the ones given in the
More informationDynamic Inference of Abstract Types
Dynamic Inference of Abstract Types Philip J. Guo, Jeff H. Perkins, Stephen McCamant, Michael D. Ernst Computer Science and A.I. Lab Massachusetts Institute of Technology Declared types // Order cost =
More informationCSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Unit Testing. Emina Torlak
CSE 403: Software Engineering, Fall 2016 courses.cs.washington.edu/courses/cse403/16au/ Unit Testing Emina Torlak emina@cs.washington.edu Outline Software quality control Effective unit testing Coverage
More informationMutually Enhancing Test Generation and Specification Inference
Mutually Enhancing Test Generation and Specification Inference Tao Xie David Notkin Department of Computer Science & Engineering University of Washington August 15th, 2003 Foundations of Software Engineering,
More informationStack ADT. ! push(x) puts the element x on top of the stack! pop removes the topmost element from the stack.
STACK Stack ADT 2 A stack is an abstract data type based on the list data model All operations are performed at one end of the list called the top of the stack (TOS) LIFO (for last-in first-out) list is
More informationAn introduction to formal specifications and JML. Invariant properties
An introduction to formal specifications and JML Invariant properties Yves Ledru Université Grenoble-1 Laboratoire d Informatique de Grenoble Yves.Ledru@imag.fr 2013 Page 1 Invariant properties Invariants
More informationTool-Assisted Unit Test Selection Based on Operational Violations
Nominated for the best paper award at ASE 2003. Appears in Proceedings of the 18th IEEE International Conference on Automated Software Engineering (ASE 2003) An extended version is invited for submission
More informationToday s lecture. CS 314 fall 01 C++ 1, page 1
Today s lecture Midterm Thursday, October 25, 6:10-7:30pm general information, conflicts Object oriented programming Abstract data types (ADT) Object oriented design C++ classes CS 314 fall 01 C++ 1, page
More informationAn Introduction To Software Agitation
An Introduction To Software Agitation Alberto Savoia Chief Technology Officer Agitar Software Inc. www.agitar.com java.sun.com/javaone/sf Agenda The Developer Testing Revolution Four Types of Tests Software
More informationBackground SigGraph KOP Summary CS 6V Kernel Rootkit Defense I: Graph-based Scanning Approach. Zhiqiang Lin
CS 6V81-05 Kernel Rootkit Defense I: Graph-based Scanning Approach Zhiqiang Lin Department of Computer Science The University of Texas at Dallas September 2 nd, 2011 Outline 1 Background 2 SigGraph 3 KOP
More informationData Structures G5029
Data Structures G5029 Lecture 2 Kingsley Sage Room 5C16, Pevensey III khs20@sussex.ac.uk University of Sussex 2006 Lecture 2 Stacks The usual analogy is the stack of plates. A way of buffering a stream
More informationChristoph Csallner, University of Texas at Arlington (UTA)
Christoph Csallner, University of Texas at Arlington (UTA) Joint work with: Nikolai Tillmann (MSR), Yannis Smaragdakis (UMass), Ishtiaque Hussain (UTA), Chengkai Li (UTA) Dynamic symbolic execution Pioneered
More informationChapter 4 Defining Classes I
Chapter 4 Defining Classes I This chapter introduces the idea that students can create their own classes and therefore their own objects. Introduced is the idea of methods and instance variables as the
More informationAutomatic Extraction of Abstract- Object-State Machines Based on Branch Coverage
Automatic Extraction of Abstract- Object-State Machines Based on Branch Coverage Hai YUAN Tao XIE Department of Computer Science North Carolina State University hyuan3@ncsu.edu xie@csc.ncsu.edu Agenda
More informationVirtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection Brendan Dolan-Gavitt *, Tim Leek, Michael Zhivich, Jonathon Giffin *, and Wenke Lee * * Georgia Institute of Technology MIT Lincoln
More informationThe Contract Pattern. Design by contract
The Contract Pattern Copyright 1997, Michel de Champlain Permission granted to copy for PLoP 97 Conference. All other rights reserved. Michel de Champlain Department of Computer Science University of Canterbury,
More information22c:181 / 55:181 Formal Methods in Software Engineering
22c:181 / 55:181 Formal Methods in Software Engineering Design by Contract Copyright 2001-11, Matt Dwyer, John Hatcliff, Rod Howell, and Cesare Tinelli. Produced by Cesare Tinelli at the University of
More informationFinding Vulnerabilities in Source Code
Finding Vulnerabilities in Source Code Jason Miller CSCE 813 Fall 2012 Outline Approaches to code review Signatures of common vulnerabilities Language-independent considerations Tools for code browsing
More informationAutomatic Extraction of Abstract-Object-State Machines Based on Branch Coverage
Automatic Extraction of Abstract-Object-State Machines Based on Branch Coverage Hai Yuan Department of Computer Science North Carolina State University Raleigh, NC 27695 hyuan3@ncsu.edu Tao Xie Department
More informationProgram Verification using Templates over Predicate Abstraction. Saurabh Srivastava and Sumit Gulwani
Program Verification using Templates over Predicate Abstraction Saurabh Srivastava and Sumit Gulwani ArrayInit(Array A, int n) i := 0; while (i < n) A[i] := 0; i := i + 1; Assert( j: 0 j
More informationa correct statement? You need to know what the statement is supposed to do.
Using assertions for correctness How can we know that software is correct? It is only correct if it does what it is supposed to do. But how do we know what it is supposed to do? We need a specification.
More informationCS18000: Programming I
CS18000: Programming I Data Abstraction January 25, 2010 Prof. Chris Clifton Announcements Book is available (Draft 2.0) Syllabus updated with readings corresponding to new edition Lab consulting hours
More informationReferences: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1
References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1 Assertions Statements about input to a routine or state of a class Have two primary roles As documentation,
More informationEraser: Dynamic Data Race Detection
Eraser: Dynamic Data Race Detection 15-712 Topics overview Concurrency and race detection Framework: dynamic, static Sound vs. unsound Tools, generally: Binary rewriting (ATOM, Etch,...) and analysis (BAP,
More informationIvan Beschastnikh. Computer Science University of British Columbia. Vancouver, Canada
Ivan Beschastnikh Computer Science University of British Columbia Vancouver, Canada Software Practices Gail Murphy Ron Garcia Gregor Kiczales Reid Holmes Ivan Beschastnikh Computer Science University of
More informationThe Checker Framework: pluggable static analysis for Java
The Checker Framework: pluggable static analysis for Java http://checkerframework.org/ Werner Dietl University of Waterloo https://ece.uwaterloo.ca/~wdietl/ Joint work with Michael D. Ernst and many others.
More informationExceptions and Design
Exceptions and Exceptions and Table of contents 1 Error Handling Overview Exceptions RuntimeExceptions 2 Exceptions and Overview Exceptions RuntimeExceptions Exceptions Exceptions and Overview Exceptions
More informationStacks (5.1) Abstract Data Types (ADTs) CSE 2011 Winter 2011
Stacks (5.1) CSE 2011 Winter 2011 26 January 2011 1 Abstract Data Types (ADTs) An abstract data type (ADT) is an abstraction of a data structure An ADT specifies: Data stored Operations on the data Error
More informationCS2210 Data Structures and Algorithms
CS2210 Data Structures and Algorithms Lecture 3: ADT and Java interfaces Instructor: Olga Veksler 2004 Goodrich, Tamassia Outline Review Data Structures Abstract Data Types 2 Principles of OO Programming
More informationProblem with Scanning an Infix Expression
Operator Notation Consider the infix expression (X Y) + (W U), with parentheses added to make the evaluation order perfectly obvious. This is an arithmetic expression written in standard form, called infix
More informationLists. CITS2200 Data Structures and Algorithms. Topic 9
CITS2200 Data Structures and Algorithms Topic 9 Lists Why lists? List windows Specification Block representation Singly linked representation Performance comparisons Reading: Lambert and Osborne, Sections
More informationMidterm Exam 2 CS 455, Spring 2011
Name: USC loginid (e.g., ttrojan): Midterm Exam 2 CS 455, Spring 2011 March 31, 2011 There are 6 problems on the exam, with 50 points total available. There are 7 pages to the exam, including this one;
More informationCSCD 326 Data Structures I Stacks
CSCD 326 Data Structures I Stacks 1 Stack Interface public interface StackInterface { public boolean isempty(); // Determines whether the stack is empty. // Precondition: None. // Postcondition: Returns
More informationProgramming II (CS300)
1 Programming II (CS300) Chapter 04: Exception Handling MOUNA KACEM mouna@cs.wisc.edu Spring 2018 Creating Classes 2 Introduction Exception Handling Common Exceptions Exceptions with Methods Assertions
More informationCSE 143 SAMPLE MIDTERM
CSE 143 SAMPLE MIDTERM 1. (5 points) In some methods, you wrote code to check if a certain precondition was held. If the precondition did not hold, then you threw an exception. This leads to robust code
More informationAssertions, pre/postconditions
Programming as a contract Assertions, pre/postconditions Assertions: Section 4.2 in Savitch (p. 239) Specifying what each method does q Specify it in a comment before method's header Precondition q What
More informationUC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara
CS189A - Capstone Christopher Kruegel Department of Computer Science http://www.cs.ucsb.edu/~chris/ Design by Contract Design by Contract and the language that implements the Design by Contract principles
More informationAutomatically Generating Refactorings to Suppport API Evolution
Automatically Generating Refactorings to Suppport API Evolution MIT CSAIL Page 1 Outline Library evolution Libraries evolve Clients often don t track library changes Contributions Mechanism to automatically
More informationITEC2620 Introduction to Data Structures
9//07 ITEC60 Introduction to Data Structures Lecture 7a ADTs and Stacks Abstract Data Types A way to specify the functionality of an entity without worrying about its implementation Similar to a JAVA interface
More informationAP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS PAUL L. BAILEY Abstract. This documents amalgamates various descriptions found on the internet, mostly from Oracle or Wikipedia. Very little of this
More informationChapter 19: Program Design. Chapter 19. Program Design. Copyright 2008 W. W. Norton & Company. All rights reserved.
Chapter 19 Program Design 1 Introduction Most full-featured programs are at least 100,000 lines long. Although C wasn t designed for writing large programs, many large programs have been written in C.
More informationWhat can go wrong in a Java program while running?
Exception Handling See https://docs.oracle.com/javase/tutorial/ essential/exceptions/runtime.html See also other resources available on the module webpage This lecture Summary on polymorphism, multiple
More informationNon-blocking Array-based Algorithms for Stacks and Queues. Niloufar Shafiei
Non-blocking Array-based Algorithms for Stacks and Queues Niloufar Shafiei Outline Introduction Concurrent stacks and queues Contributions New algorithms New algorithms using bounded counter values Correctness
More informationThe SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini Lezione 1 2013 Slides liberamente adattate da Logic Model Checking, per gentile concessione di Gerard J. Holzmann http://spinroot.com/spin/doc/course/
More information3. Design by Contract
3. Design by Contract Oscar Nierstrasz Design by Contract Bertrand Meyer, Touch of Class Learning to Program Well with Objects and Contracts, Springer, 2009. 2 Roadmap > Contracts > Stacks > Design by
More informationOutline and Reading. The Stack ADT ( 2.1.1) Applications of Stacks ( 2.1.1) Array-based implementation ( 2.1.1) Growable array-based stack ( 1.
Stacks Outline and Reading The Stack ADT ( 2.1.1) Applications of Stacks ( 2.1.1) Array-based implementation ( 2.1.1) Growable array-based stack ( 1.5) Stacks 2 Abstract Data Types (ADTs) An abstract data
More informationUsing Type Annotations to Improve Your Code
Using Type Annotations to Improve Your Code Birds-of-a-Feather Session Werner Dietl, University of Waterloo Michael Ernst, University of Washington Open for questions Survey: Did you attend the tutorial?
More informationCS 151. Linked Lists, Recursively Implemented. Wednesday, October 3, 12
CS 151 Linked Lists, Recursively Implemented 1 2 Linked Lists, Revisited Recall that a linked list is a structure that represents a sequence of elements that are stored non-contiguously in memory. We can
More informationarxiv: v1 [cs.se] 7 Aug 2017
: A Tool for the Automatic Detection of Regression Faults University of Milano-Bicocca, DISCo {pastore,mariani}@disco.unimib.it arxiv:1708.02052v1 [cs.se] 7 Aug 2017 ABSTRACT In this paper we present,
More informationThe Stack ADT. Stacks. The Stack ADT. The Stack ADT. Set of objects in which the location an item is inserted and deleted is prespecified.
The Stack ADT Stacks Set of objects in which the location an item is inserted and deleted is prespecified Stacks! Insert in order! Delete most recent item inserted! LIFO - last in, first out Stacks 2 The
More informationAn Introduction to Systematic Software Testing. Robert France CSU
An Introduction to Systematic Software Testing Robert France CSU Why do we need to systematically test software? Poor quality products can Inconvenience direct and indirect users Result in severe financial
More informationProgramming II (CS300)
1 Programming II (CS300) Chapter 04: Exception Handling MOUNA KACEM mouna@cs.wisc.edu Fall 2018 Creating Classes 2 Introduction Exception Handling Common Exceptions Exceptions with Methods Assertions and
More informationA parallelizable approach for mining likely invariants
A parallelizable approach for mining likely invariants Alessandro Danese Luca Piccolboni Graziano Pravadelli University of Verona, Strada le Grazie 15 37134, Verona, Italy name.surname@univr.it ABSTRACT
More informationApply to be a Meiklejohn! tinyurl.com/meikapply
Apply to be a Meiklejohn! tinyurl.com/meikapply Seeking a community to discuss the intersections of CS and positive social change? Interested in facilitating collaborations between students and non-profit
More informationImplementing an ADT: Representation invariants
Implementing an ADT: Representation invariants CSE 331 University of Washington Michael Ernst A data abstraction is defined by a specification An ADT is a collection of procedural abstractions Not a collection
More informationCS 6V Control-Flow Integrity Principles, Implementations, and Applications. Sureshbabu Murugesan
CS 6V81-05 Control-Flow Integrity Principles, Implementations, and Applications Sureshbabu Murugesan Department of Computer Science University of Texas at Dallas February 29 th, 2012 Outline 1 Overview
More informationSupporting Operating System Kernel Data Disambiguation using Points-to Analysis
Supporting Operating System Kernel Data Disambiguation using Points-to Analysis Amani Ibriham, James Hamlyn-Harris, John Grundy & Mohamed Almorsy Center for Computing and Engineering Software Systems Swinburne
More informationDo not turn over until you are told to do so by the Invigilator.
UNIVERSITY OF EAST ANGLIA School of Mathematics UG End of Year Examination 2002-2003 PROGRAMMING FOR MATHEMATICIANS Time allowed: TWO hours Answer ALL FOUR questions in Section A Answer ONE Question from
More informationMotivation. What s the Problem? What Will we be Talking About? What s the Solution? What s the Problem?
1 Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions Dawson Engler Benjamin Chelf Andy Chou Seth Hallem Stanford University Matthew Thornton November 9, 2005 2 Motivation
More informationQueues. CITS2200 Data Structures and Algorithms. Topic 5
CITS2200 Data Structures and Algorithms Topic 5 Queues Implementations of the Queue ADT Queue specification Queue interface Block (array) representations of queues Recursive (linked) representations of
More informationCIS 120 Midterm II November 8, Name (printed): Pennkey (login id):
CIS 120 Midterm II November 8, 2013 Name (printed): Pennkey (login id): My signature below certifies that I have complied with the University of Pennsylvania s Code of Academic Integrity in completing
More informationBuilding Trustworthy Intrusion Detection Through Virtual Machine Introspection
Building Trustworthy Intrusion Detection Through Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa 2 Department of Computer Science, University of Pisa IAS Conference,
More informationSelf-checking software insert specifications about the intent of a system
Assertions Reading assignment A. J. Offutt, A Practical System for Mutation Testing: Help for the Common Programmer, Proceedings of the 12th International Conference on Testing Computer Software, Washington,
More informationCosc 241 Programming and Problem Solving Lecture 9 (26/3/18) Collections and ADTs
1 Cosc 241 Programming and Problem Solving Lecture 9 (26/3/18) Collections and ADTs Michael Albert michael.albert@cs.otago.ac.nz Keywords: abstract data type, collection, generic class type, stack 2 Collections
More informationIntroduction to the Stack. Stacks and Queues. Stack Operations. Stack illustrated. elements of the same type. Week 9. Gaddis: Chapter 18
Stacks and Queues Week 9 Gaddis: Chapter 18 CS 5301 Fall 2015 Jill Seaman Introduction to the Stack Stack: a data structure that holds a collection of elements of the same type. - The elements are accessed
More informationInheritance. Transitivity
Inheritance Classes can be organized in a hierarchical structure based on the concept of inheritance Inheritance The property that instances of a sub-class can access both data and behavior associated
More information