An Empirical Study on Detecting and Fixing Buffer Overflow Bugs
|
|
- Herbert Daniels
- 5 years ago
- Views:
Transcription
1 A Empirical Study o Detectig ad Fixig Buffer Overflow Bugs Lizhag Wag Joit work with Tao Ye, Xuadog Li, Najig Uiversity, Chia Ligmig Zhag,Uiversity of Texas at Dallas, USA Jue 6, 2016
2 Outlie Backgroud ad motivatio Empirical study Experimetal results Take home messages 2
3 Backgroud ad motivatio Careless programmig with umaaged C/C++ laguages may result i security vulerabilities Iappropriate memory maipulatio Mistake assumptios about size Makeup of a piece of data Misuse of API Buffer overflow is oe of the best kow security vulerabilities. Missig Iput validatio or boud checkig before memory maipulatio or API callig may overwrite the allocated bouds of buffers. 3
4 Backgroud ad motivatio Statistics of buffer overflows i CVE 14.6% of all, 3 rd most popular Prevalet attacks agaist legacy or ewly deployed systems Vulerabilities by type 13.1% 19.4% 14.6% 21.6% 31.2% Deial of Service Execute Code Overflow XSS Others 4
5 Backgroud ad motivatio Buffer overflow void fuc (char *str) { char buf[4]; strcpy(buf, str); } a bufferb c d sfp eoverflow f Stack grows ret addr str... Stack top str= abc Local variables str= abcdef... Poiter to previous frame Retur address Argumets 5
6 Backgroud ad motivatio Buffer overflow causes severe damage system crash edless loop executig arbitrary code What ca we do to deal with buffer overflow? Detectio Repair Prevetio/mitigatio 6
7 Backgroud ad motivatio Dyamic testig versus static aalysis Dyamic approach (Stackguard[1], CCured[2]): Isertig special code ito software to moitor buffer status Advatage: few false-positives Disadvatage: performace overhead, false-egatives Static approach (Fortify, Checkmarx, Split): scaig source code Advatage: discoverig buffer overflow before software deploymet, highly automated ad scalable Disadvatage: may false-positives [1] C. Cowa, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhag, ad H. Hito, Stackguard: Automatic adaptive detectio ad prevetio of buffer-overflow attacks. i USENIX Security, vol. 98, 1998, pp [2] G. C. Necula, S. McPeak, ad W. Weimer, Ccured: Type-safe retrofittig of legacy code, i ACM 7 SIGPLAN Notices, vol. 37, o. 1, 2002, pp
8 Backgroud ad motivatio Static techiques are widely used Few studies o effectiveess ad efficiecy of static techiques (Kratkiewicz[1]) Coductig a study o static techiques Effectiveess ad efficiecy of detectig buffer overflow [1] K. J. Kratkiewicz, Evaluatig static aalysis tools for detectig buffer overflows i c code, Master s thesis, Harvard Uiversity,
9 Outlie Backgroud ad motivatio Empirical study Experimetal results Take home messages 9
10 Empirical Study Research questios Subject system Selected techiques Experimetal setup Experimetal steps 10
11 Research questios RQ1. Effectiveess? False positive ad false egative RQ2. Efficiecy? Resource cosumptio RQ3. API? Root cause of buffer overflow vulerabilites RQ4. Maual fix patters? Official repair 11
12 Subject systems Start Selectio criterio Ope-source Radomly select bo bugs from CVE website No Buffer overflow If it is from ope source 100 buffer overflow bugs from 63 real-world projects, totalig 28MLoc, ragig from CVE-1999 to CVE No Yes Obtai buggy ad fixed versios If we have 100 bugs Yes Ed 12
13 Subject systems Subject Descriptio Size(LoC) # BO bugs (#Versios) mapserver libzip ma libthai Platform for publishig data to web Library for hadlig zip archives Commad used to display user maual Thai laguage support routies 276K 4(2) 10K 1(1) 10K 3(2) 6K 1(1) Total 28M 100(81) 13
14 Static techiques Represetative static techiques: Fortify, Checkmarx, ad Split Accordig to Garter Group report, Fortify ad Checkmarx are leadig commercial products i applicatio security market. Split is oe of the first ope-source tools that cocer safety issues, ad it is widely used. 14
15 Static techiques Fortify (versio ) Code compiled Data flow aalysis source ad sik Cotrol flow aalysis -- a set of operatios Sematic aalysis dagerous use of fuctios ad APIs 15
16 Static techiques Checkmarx (versio 7.1.6) U-compiled, icomplete code Meticulous model betwee users ad other data Trackig data ad logic flows Idetifyig vulerabilities accordig to static aalysis rules 16
17 Static techiques Split (versio 3.1.1) Modelig buffer ad aotatig buffer size Precoditio ad postcoditio of buffer access Costrait solver 17
18 Experimetal setup Fortify ad Split: o a server with Itel Xeo CPU E (1.80GHz) ad 128GB RAM o Ubutu Liux Checkmarx o a server with Itel Xeo CPU E (2.30GHz) ad 384GB RAM o Widows Server
19 Experimetal steps Apply all techiques to the subjects buggy versio-> fid the bugs that caot be detected ->falseegatives. fixed versio->fid the fixed bugs that are still idetified as bugs- >false-positives. Categorize the root cause of BO->API Start Apply techiques to buggy versios Apply techiques to fixed versios Collect APIs ad fix patters Falseegatives ad time Falsepositives ad time APIs ad fix patters Categorize the maual fix patter. Ed 19
20 A example Subject Descriptio Size(LoC) # BO bugs (#Versios) libzip ma libthai Library for hadlig zip archives Commad used to display user maual Thai laguage support routies 10K 1(1) 10K 3(2) 6K 1(1) Total 28M 100(81) A commad used to display user maual 20
21 CVE iformatio ID: CVE Descriptio: Buffer overflow i ultimate_source fuctio of ma 1.5 ad earlier allows local users to gai privileges. 21
22 Source code Buggy code (ma-1.5i2): static cost char* ultimate_source(cost char* ame0) {... static char ultame[bufsize]; } strcpy(ultame, ame0);... Fixed code (ma-1.5p): static cost char* ultimate_source(cost char* ame0) {... static char ultame[bufsize]; if (strle(ame0) >= sizeof(ultame)) retur ame0; strcpy(ultame, ame0);... } 22
23 Results O the buggy versio Forfity: detected, 3m50s Checkmarx: detected, 2m25s Split: preprocess error O the fixed versio Fortify: udetected (fixed), 3m58s Checkmarx: detected (ot fixed), 2m25s Split: preprocess error API: strcpy Fix patter: add boudary check 23
24 Outlie Backgroud ad motivatio Empirical study Experimetal results Take home messages 24
25 RQ1: Effectiveess Techs # Idetified Bugs FN Rate # Idetified Fixes By combiig these techiques, we ca get a lower false-egative rate. FP Rate Fortify %(41/60) %(6/19) Checkmarx %(68/100) 8 75%(24/32) Split %(13/23) %(10/1 0) The cost is a relatively higher false-positive rate. Ft+Cm %(58/100) %(28/42) Checkmarx ca detect most buffer overflow bugs. Cm+Sp 39 61%(61/100) %(32/39) Ft+Sp %(38/64) %(13/26) Split performs best i terms of false-egative rate. All %(53/100) %(34/47) Fortify performs best i terms of false-positive rate. 25
26 RQ2: Efficiecy (s) Checkmarx teds to be the most costly techique to apply, followed by Fortify Fortify Checkmarx Split
27 RQ3: API distributio Top three APIs related to buffer overflow: array, memcpy, spritf
28 APIs ad techiques API # Istaces Fortify Checkmarx Split array 31 4/21 2/31 8/12 memcpy 15 0/5 9/15 0/1 spritf 13 Split 6/7 works well 7/13 o array. 1/2 poiter 7 Split 0/4 reports a 0/7 warig whe 0/1 the costrais are usolvable. strcpy 6 4/4 3/6 0/1 Evidece: Split idetifies 0/8 strcpy 5 fixes. 1/4 1/5 0/0... Fortify... ad Checkmarx... ca fid... most... bugs o APIs like spritf ad strcpy. They ted to report a warig o usafe API. Evidece: strcpy 1/4 1/5 28
29 RQ4: Fix strategy distributio Addig boudary check ca fix early half of the studied bugs. 29
30 Fix strategy ad API Most APIs prefer add boudary check For some of them, there may be a more suitable way. Strategies array memcpy spritf... Total Add boudary check Use larger buffer API substitutio Total
31 Outlie Backgroud ad motivatio Empirical study Experimetal results Take home messages 31
32 Take home messages Effectiveess: Use Fortify aloe to achieve low false-positive rate. Use techiques together to achieve low falseegative rate. Efficiecy: Checkmarx is the most costly techique amog studied techiques. 32
33 Take home messages API: Array, memcpy ad spritf are top three APIs related to buffer overflow. Split has the lowest false-egative rate o array Fortify ca fid most bugs o APIs like spritf ad strcpy, followed by Checkmarx. 33
34 Take home messages Fix strategy: Most buffer overflow bugs ca be fixed usig strategy addig boudary check. If addig boudary check fails, oe ca choose other strategy accordig to the API ivolved. 34
35 Coclusios A quatitative study of the state-of-art static techiques for buffer overflow detectio o 100 bugs from 63 real-world projects totalig 28 MLoC A qualitative aalysis of the false-positives ad falseegatives of studied static detectio techiques, which ca guide the desig ad implemetatio of more advaced buffer overflow detectio techiques. A categorizatio o the fix patters of buffer overflow bugs to guide both maual ad automated buffer overflow repair techiques. 35
36 Ogoig ad Future Work Automatic static Buffer Overflow Warig Ispectio Maual ispectio of static report is time cosumig ad lab itesive Static warig + dyamic symbolic executio Automatic Buffer Overflow Bug Repair Maual repair eeds programmig expertise ad may itroduce ew bugs. For validated true buffer overflow vulerabilities, we automatically geerate fix suggestios accordig to the predefied templates which are created based o huma repair patters. 36
37 More ifo Tao Ye, Ligmig Zhag, Lizhag Wag ad Xuadog Li. A Empirical Study o Detectig ad Fixig Buffer Overflow Bugs, i proceedigs of ICST2016, Aril 9-16, 2016, Chicago, US. Cotact lzwag@ju.edu.c 37
38 Thaks Questios? 38
3D Model Retrieval Method Based on Sample Prediction
20 Iteratioal Coferece o Computer Commuicatio ad Maagemet Proc.of CSIT vol.5 (20) (20) IACSIT Press, Sigapore 3D Model Retrieval Method Based o Sample Predictio Qigche Zhag, Ya Tag* School of Computer
More informationOutline. Research Definition. Motivation. Foundation of Reverse Engineering. Dynamic Analysis and Design Pattern Detection in Java Programs
Dyamic Aalysis ad Desig Patter Detectio i Java Programs Outlie Lei Hu Kamra Sartipi {hul4, sartipi}@mcmasterca Departmet of Computig ad Software McMaster Uiversity Caada Motivatio Research Problem Defiitio
More informationPseudocode ( 1.1) Analysis of Algorithms. Primitive Operations. Pseudocode Details. Running Time ( 1.1) Estimating performance
Aalysis of Algorithms Iput Algorithm Output A algorithm is a step-by-step procedure for solvig a problem i a fiite amout of time. Pseudocode ( 1.1) High-level descriptio of a algorithm More structured
More informationData diverse software fault tolerance techniques
Data diverse software fault tolerace techiques Complemets desig diversity by compesatig for desig diversity s s limitatios Ivolves obtaiig a related set of poits i the program data space, executig the
More informationBayesian approach to reliability modelling for a probability of failure on demand parameter
Bayesia approach to reliability modellig for a probability of failure o demad parameter BÖRCSÖK J., SCHAEFER S. Departmet of Computer Architecture ad System Programmig Uiversity Kassel, Wilhelmshöher Allee
More informationCOP4020 Programming Languages. Compilers and Interpreters Prof. Robert van Engelen
COP4020 mig Laguages Compilers ad Iterpreters Prof. Robert va Egele Overview Commo compiler ad iterpreter cofiguratios Virtual machies Itegrated developmet eviromets Compiler phases Lexical aalysis Sytax
More informationtop() Applications of Stacks
CS22 Algorithms ad Data Structures MW :00 am - 2: pm, MSEC 0 Istructor: Xiao Qi Lecture 6: Stacks ad Queues Aoucemets Quiz results Homework 2 is available Due o September 29 th, 2004 www.cs.mt.edu~xqicoursescs22
More informationData Structures and Algorithms. Analysis of Algorithms
Data Structures ad Algorithms Aalysis of Algorithms Outlie Ruig time Pseudo-code Big-oh otatio Big-theta otatio Big-omega otatio Asymptotic algorithm aalysis Aalysis of Algorithms Iput Algorithm Output
More informationChapter 4 Threads. Operating Systems: Internals and Design Principles. Ninth Edition By William Stallings
Operatig Systems: Iterals ad Desig Priciples Chapter 4 Threads Nith Editio By William Stalligs Processes ad Threads Resource Owership Process icludes a virtual address space to hold the process image The
More informationA static comprehensive analytical method for buffer overflow vulnerability detection
Iteratioal Coferece o Computer Sciece ad Electroic Techology (CSET 2016) A static comprehesive aalytical method for buffer overflow vulerability detectio Shao Bili, Ya Jiafe, Bia Geqig, Zhao Yu, Sog Da
More informationChapter 1. Introduction to Computers and C++ Programming. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 1 Itroductio to Computers ad C++ Programmig Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 1.1 Computer Systems 1.2 Programmig ad Problem Solvig 1.3 Itroductio to C++ 1.4 Testig
More informationRunning Time. Analysis of Algorithms. Experimental Studies. Limitations of Experiments
Ruig Time Aalysis of Algorithms Iput Algorithm Output A algorithm is a step-by-step procedure for solvig a problem i a fiite amout of time. Most algorithms trasform iput objects ito output objects. The
More informationLast class. n Scheme. n Equality testing. n eq? vs. equal? n Higher-order functions. n map, foldr, foldl. n Tail recursion
Aoucemets HW6 due today HW7 is out A team assigmet Submitty page will be up toight Fuctioal correctess: 75%, Commets : 25% Last class Equality testig eq? vs. equal? Higher-order fuctios map, foldr, foldl
More informationRunning Time ( 3.1) Analysis of Algorithms. Experimental Studies. Limitations of Experiments
Ruig Time ( 3.1) Aalysis of Algorithms Iput Algorithm Output A algorithm is a step- by- step procedure for solvig a problem i a fiite amout of time. Most algorithms trasform iput objects ito output objects.
More informationAnalysis of Algorithms
Aalysis of Algorithms Iput Algorithm Output A algorithm is a step-by-step procedure for solvig a problem i a fiite amout of time. Ruig Time Most algorithms trasform iput objects ito output objects. The
More informationWhat are we going to learn? CSC Data Structures Analysis of Algorithms. Overview. Algorithm, and Inputs
What are we goig to lear? CSC316-003 Data Structures Aalysis of Algorithms Computer Sciece North Carolia State Uiversity Need to say that some algorithms are better tha others Criteria for evaluatio Structure
More informationGE FUNDAMENTALS OF COMPUTING AND PROGRAMMING UNIT III
GE2112 - FUNDAMENTALS OF COMPUTING AND PROGRAMMING UNIT III PROBLEM SOLVING AND OFFICE APPLICATION SOFTWARE Plaig the Computer Program Purpose Algorithm Flow Charts Pseudocode -Applicatio Software Packages-
More informationChapter 5. Functions for All Subtasks. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 5 Fuctios for All Subtasks Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 5.1 void Fuctios 5.2 Call-By-Referece Parameters 5.3 Usig Procedural Abstractio 5.4 Testig ad Debuggig
More informationOutline and Reading. Analysis of Algorithms. Running Time. Experimental Studies. Limitations of Experiments. Theoretical Analysis
Outlie ad Readig Aalysis of Algorithms Iput Algorithm Output Ruig time ( 3.) Pseudo-code ( 3.2) Coutig primitive operatios ( 3.3-3.) Asymptotic otatio ( 3.6) Asymptotic aalysis ( 3.7) Case study Aalysis
More informationOur second algorithm. Comp 135 Machine Learning Computer Science Tufts University. Decision Trees. Decision Trees. Decision Trees.
Comp 135 Machie Learig Computer Sciece Tufts Uiversity Fall 2017 Roi Khardo Some of these slides were adapted from previous slides by Carla Brodley Our secod algorithm Let s look at a simple dataset for
More informationCS 11 C track: lecture 1
CS 11 C track: lecture 1 Prelimiaries Need a CMS cluster accout http://acctreq.cms.caltech.edu/cgi-bi/request.cgi Need to kow UNIX IMSS tutorial liked from track home page Track home page: http://courses.cms.caltech.edu/courses/cs11/material
More informationStructuring Redundancy for Fault Tolerance. CSE 598D: Fault Tolerant Software
Structurig Redudacy for Fault Tolerace CSE 598D: Fault Tolerat Software What do we wat to achieve? Versios Damage Assessmet Versio 1 Error Detectio Iputs Versio 2 Voter Outputs State Restoratio Cotiued
More informationChapter 9. Pointers and Dynamic Arrays. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 9 Poiters ad Dyamic Arrays Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 9.1 Poiters 9.2 Dyamic Arrays Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Slide 9-3
More informationChapter 10. Defining Classes. Copyright 2015 Pearson Education, Ltd.. All rights reserved.
Chapter 10 Defiig Classes Copyright 2015 Pearso Educatio, Ltd.. All rights reserved. Overview 10.1 Structures 10.2 Classes 10.3 Abstract Data Types 10.4 Itroductio to Iheritace Copyright 2015 Pearso Educatio,
More informationTask scenarios Outline. Scenarios in Knowledge Extraction. Proposed Framework for Scenario to Design Diagram Transformation
6-0-0 Kowledge Trasformatio from Task Scearios to View-based Desig Diagrams Nima Dezhkam Kamra Sartipi {dezhka, sartipi}@mcmaster.ca Departmet of Computig ad Software McMaster Uiversity CANADA SEKE 08
More informationAnalysis Metrics. Intro to Algorithm Analysis. Slides. 12. Alg Analysis. 12. Alg Analysis
Itro to Algorithm Aalysis Aalysis Metrics Slides. Table of Cotets. Aalysis Metrics 3. Exact Aalysis Rules 4. Simple Summatio 5. Summatio Formulas 6. Order of Magitude 7. Big-O otatio 8. Big-O Theorems
More informationDesigning a learning system
CS 75 Itro to Machie Learig Lecture Desigig a learig system Milos Hauskrecht milos@pitt.edu 539 Seott Square, -5 people.cs.pitt.edu/~milos/courses/cs75/ Admiistrivia No homework assigmet this week Please
More informationSystem and Software Architecture Description (SSAD)
System ad Software Architecture Descriptio (SSAD) Diabetes Health Platform Team #6 Jasmie Berry (Cliet) Veerav Naidu (Project Maager) Mukai Nog (Architect) Steve South (IV&V) Vijaya Prabhakara (Quality
More informationGoals of the Lecture UML Implementation Diagrams
Goals of the Lecture UML Implemetatio Diagrams Object-Orieted Aalysis ad Desig - Fall 1998 Preset UML Diagrams useful for implemetatio Provide examples Next Lecture Ð A variety of topics o mappig from
More informationThe Simeck Family of Lightweight Block Ciphers
The Simeck Family of Lightweight Block Ciphers Gagqiag Yag, Bo Zhu, Valeti Suder, Mark D. Aagaard, ad Guag Gog Electrical ad Computer Egieerig, Uiversity of Waterloo Sept 5, 205 Yag, Zhu, Suder, Aagaard,
More informationOverview. Chapter 18 Vectors and Arrays. Reminder. vector. Bjarne Stroustrup
Chapter 18 Vectors ad Arrays Bjare Stroustrup Vector revisited How are they implemeted? Poiters ad free store Destructors Iitializatio Copy ad move Arrays Array ad poiter problems Chagig size Templates
More informationMorgan Kaufmann Publishers 26 February, COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Interface. Chapter 5.
Morga Kaufma Publishers 26 February, 208 COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Iterface 5 th Editio Chapter 5 Virtual Memory Review: The Memory Hierarchy Take advatage of the priciple
More informationPython Programming: An Introduction to Computer Science
Pytho Programmig: A Itroductio to Computer Sciece Chapter 1 Computers ad Programs 1 Objectives To uderstad the respective roles of hardware ad software i a computig system. To lear what computer scietists
More informationImage Segmentation EEE 508
Image Segmetatio Objective: to determie (etract) object boudaries. It is a process of partitioig a image ito distict regios by groupig together eighborig piels based o some predefied similarity criterio.
More informationDesigning a learning system
CS 75 Machie Learig Lecture Desigig a learig system Milos Hauskrecht milos@cs.pitt.edu 539 Seott Square, x-5 people.cs.pitt.edu/~milos/courses/cs75/ Admiistrivia No homework assigmet this week Please try
More informationCS 111: Program Design I Lecture #26: Heat maps, Nothing, Predictive Policing
CS 111: Program Desig I Lecture #26: Heat maps, Nothig, Predictive Policig Robert H. Sloa & Richard Warer Uiversity of Illiois at Chicago November 29, 2018 Some Logistics Extra credit: Sample Fial Exam
More informationLecture 5. Counting Sort / Radix Sort
Lecture 5. Coutig Sort / Radix Sort T. H. Corme, C. E. Leiserso ad R. L. Rivest Itroductio to Algorithms, 3rd Editio, MIT Press, 2009 Sugkyukwa Uiversity Hyuseug Choo choo@skku.edu Copyright 2000-2018
More informationStudy on effective detection method for specific data of large database LI Jin-feng
Iteratioal Coferece o Automatio, Mechaical Cotrol ad Computatioal Egieerig (AMCCE 205) Study o effective detectio method for specific data of large database LI Ji-feg (Vocatioal College of DogYig, Shadog
More informationGoals of this Lecture Activity Diagram Example
Goals of this Lecture Activity Diagram Example Object-Orieted Aalysis ad Desig - Fall 998 Preset a example activity diagram Ð Relate to requiremets, use cases, ad class diagrams Also, respod to a questio
More informationMulti-Threading. Hyper-, Multi-, and Simultaneous Thread Execution
Multi-Threadig Hyper-, Multi-, ad Simultaeous Thread Executio 1 Performace To Date Icreasig processor performace Pipeliig. Brach predictio. Super-scalar executio. Out-of-order executio. Caches. Hyper-Threadig
More informationFire Recognition in Video. Walter Phillips III Mubarak Shah Niels da Vitoria Lobo.
Fire Recogitio i Video Walter Phillips III Mubarak Shah Niels da Vitoria Lobo {wrp65547,shah,iels}@cs.ucf.edu Computer Visio Laboratory Departmet of Computer Sciece Uiversity of Cetral Florida Orlado,
More informationn Haskell n Syntax n Lazy evaluation n Static typing and type inference n Algebraic data types n Pattern matching n Type classes
Aoucemets Quiz 7 HW 9 is due o Friday Raibow grades HW 1-6 plus 8. Please, read our commets o 8! Exam 1-2 Quiz 1-6 Ay questios/cocers, let us kow ASAP Last Class Haskell Sytax Lazy evaluatio Static typig
More informationReview: The ACID properties
Recovery Review: The ACID properties A tomicity: All actios i the Xactio happe, or oe happe. C osistecy: If each Xactio is cosistet, ad the DB starts cosistet, it eds up cosistet. I solatio: Executio of
More informationWe are IntechOpen, the first native scientific publisher of Open Access books. International authors and editors. Our authors are among the TOP 1%
We are ItechOpe, the first ative scietific publisher of Ope Access books 3,350 108,000 1.7 M Ope access books available Iteratioal authors ad editors Dowloads Our authors are amog the 151 Coutries delivered
More informationRecursion. Computer Science S-111 Harvard University David G. Sullivan, Ph.D. Review: Method Frames
Uit 4, Part 3 Recursio Computer Sciece S-111 Harvard Uiversity David G. Sulliva, Ph.D. Review: Method Frames Whe you make a method call, the Java rutime sets aside a block of memory kow as the frame of
More informationn Maurice Wilkes, 1949 n Organize software to minimize errors. n Eliminate most of the errors we made anyway.
Bjare Stroustrup www.stroustrup.com/programmig Chapter 5 Errors Abstract Whe we program, we have to deal with errors. Our most basic aim is correctess, but we must deal with icomplete problem specificatios,
More informationCopyright 2016 Ramez Elmasri and Shamkant B. Navathe
Copyright 2016 Ramez Elmasri ad Shamkat B. Navathe CHAPTER 26 Ehaced Data Models: Itroductio to Active, Temporal, Spatial, Multimedia, ad Deductive Databases Copyright 2016 Ramez Elmasri ad Shamkat B.
More informationNew HSL Distance Based Colour Clustering Algorithm
The 4th Midwest Artificial Itelligece ad Cogitive Scieces Coferece (MAICS 03 pp 85-9 New Albay Idiaa USA April 3-4 03 New HSL Distace Based Colour Clusterig Algorithm Vasile Patrascu Departemet of Iformatics
More information10/23/18. File class in Java. Scanner reminder. Files. Opening a file for reading. Scanner reminder. File Input and Output
File class i Java File Iput ad Output TOPICS File Iput Exceptio Hadlig File Output Programmers refer to iput/output as "I/O". The File class represets files as objects. The class is defied i the java.io
More informationOne advantage that SONAR has over any other music-sequencing product I ve worked
*gajedra* D:/Thomso_Learig_Projects/Garrigus_163132/z_productio/z_3B2_3D_files/Garrigus_163132_ch17.3d, 14/11/08/16:26:39, 16:26, page: 647 17 CAL 101 Oe advatage that SONAR has over ay other music-sequecig
More information. Written in factored form it is easy to see that the roots are 2, 2, i,
CMPS A Itroductio to Programmig Programmig Assigmet 4 I this assigmet you will write a java program that determies the real roots of a polyomial that lie withi a specified rage. Recall that the roots (or
More informationImprovement of the Orthogonal Code Convolution Capabilities Using FPGA Implementation
Improvemet of the Orthogoal Code Covolutio Capabilities Usig FPGA Implemetatio Naima Kaabouch, Member, IEEE, Apara Dhirde, Member, IEEE, Saleh Faruque, Member, IEEE Departmet of Electrical Egieerig, Uiversity
More informationImproving Template Based Spike Detection
Improvig Template Based Spike Detectio Kirk Smith, Member - IEEE Portlad State Uiversity petra@ee.pdx.edu Abstract Template matchig algorithms like SSE, Covolutio ad Maximum Likelihood are well kow for
More informationDesign and Implementation of Integrated Testing Tool based on Metrics and Quality Assurance
Iteratioal Joural of Applied Egieerig Research ISSN 0973-4562 Volume 9, Number 21 (2014) pp. 10463-10472 Research Idia Publicatios http://www.ripublicatio.com Desig ad Implemetatio of Itegrated Testig
More informationHADOOP: A NEW APPROACH FOR DOCUMENT CLUSTERING
Y.K. Patil* Iteratioal Joural of Advaced Research i ISSN: 2278-6244 IT ad Egieerig Impact Factor: 4.54 HADOOP: A NEW APPROACH FOR DOCUMENT CLUSTERING Prof. V.S. Nadedkar** Abstract: Documet clusterig is
More informationGoals of the Lecture Object Constraint Language
Goals of the Lecture Object Costrait Laguage Object-Orieted Aalysis ad Desig - Fall 1998 Preset the Object Costrait Laguage Ð As best as possible, with the limited iformatio available from UML i a Nutshell
More informationCOSC 1P03. Ch 7 Recursion. Introduction to Data Structures 8.1
COSC 1P03 Ch 7 Recursio Itroductio to Data Structures 8.1 COSC 1P03 Recursio Recursio I Mathematics factorial Fiboacci umbers defie ifiite set with fiite defiitio I Computer Sciece sytax rules fiite defiitio,
More informationAn Improved Shuffled Frog-Leaping Algorithm for Knapsack Problem
A Improved Shuffled Frog-Leapig Algorithm for Kapsack Problem Zhoufag Li, Ya Zhou, ad Peg Cheg School of Iformatio Sciece ad Egieerig Hea Uiversity of Techology ZhegZhou, Chia lzhf1978@126.com Abstract.
More informationService Oriented Enterprise Architecture and Service Oriented Enterprise
Approved for Public Release Distributio Ulimited Case Number: 09-2786 The 23 rd Ope Group Eterprise Practitioers Coferece Service Orieted Eterprise ad Service Orieted Eterprise Ya Zhao, PhD Pricipal, MITRE
More informationANN WHICH COVERS MLP AND RBF
ANN WHICH COVERS MLP AND RBF Josef Boští, Jaromír Kual Faculty of Nuclear Scieces ad Physical Egieerig, CTU i Prague Departmet of Software Egieerig Abstract Two basic types of artificial eural etwors Multi
More informationn Some thoughts on software development n The idea of a calculator n Using a grammar n Expression evaluation n Program organization n Analysis
Overview Chapter 6 Writig a Program Bjare Stroustrup Some thoughts o software developmet The idea of a calculator Usig a grammar Expressio evaluatio Program orgaizatio www.stroustrup.com/programmig 3 Buildig
More informationEuclidean Distance Based Feature Selection for Fault Detection Prediction Model in Semiconductor Manufacturing Process
Vol.133 (Iformatio Techology ad Computer Sciece 016), pp.85-89 http://dx.doi.org/10.1457/astl.016. Euclidea Distace Based Feature Selectio for Fault Detectio Predictio Model i Semicoductor Maufacturig
More informationELEG 5173L Digital Signal Processing Introduction to TMS320C6713 DSK
Departmet of Electrical Egieerig Uiversity of Arasas ELEG 5173L Digital Sigal Processig Itroductio to TMS320C6713 DSK Dr. Jigia Wu wuj@uar.edu ANALOG V.S DIGITAL 2 Aalog sigal processig ASP Aalog sigal
More informationA Study on the Performance of Cholesky-Factorization using MPI
A Study o the Performace of Cholesky-Factorizatio usig MPI Ha S. Kim Scott B. Bade Departmet of Computer Sciece ad Egieerig Uiversity of Califoria Sa Diego {hskim, bade}@cs.ucsd.edu Abstract Cholesky-factorizatio
More informationDynamic Programming and Curve Fitting Based Road Boundary Detection
Dyamic Programmig ad Curve Fittig Based Road Boudary Detectio SHYAM PRASAD ADHIKARI, HYONGSUK KIM, Divisio of Electroics ad Iformatio Egieerig Chobuk Natioal Uiversity 664-4 Ga Deokji-Dog Jeoju-City Jeobuk
More informationUNIVERSITY OF MORATUWA
UNIVERSITY OF MORATUWA FACULTY OF ENGINEERING DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING B.Sc. Egieerig 2010 Itake Semester 7 Examiatio CS4532 CONCURRENT PROGRAMMING Time allowed: 2 Hours September 2014
More informationA Method of Malicious Application Detection
5th Iteratioal Coferece o Educatio, Maagemet, Iformatio ad Medicie (EMIM 2015) A Method of Malicious Applicatio Detectio Xiao Cheg 1,a, Ya Hui Guo 2,b, Qi Li 3,c 1 Xiao Cheg, Beijig Uiv Posts & Telecommu,
More informationCSE 417: Algorithms and Computational Complexity
Time CSE 47: Algorithms ad Computatioal Readig assigmet Read Chapter of The ALGORITHM Desig Maual Aalysis & Sortig Autum 00 Paul Beame aalysis Problem size Worst-case complexity: max # steps algorithm
More informationn Haskell n Covered syntax, lazy evaluation, static typing n Algebraic data types and pattern matching n Type classes n Monads and more n Types
Aoucemets Exam 2 is graded, but I will eed some time to go over it I ll release grades this eveig (figers crossed!) Raibow grades: HW1-6, Exam 1-2, Quiz 1-5 Will post aswer key Still gradig: Quiz 6, HW7
More informationCSC 220: Computer Organization Unit 11 Basic Computer Organization and Design
College of Computer ad Iformatio Scieces Departmet of Computer Sciece CSC 220: Computer Orgaizatio Uit 11 Basic Computer Orgaizatio ad Desig 1 For the rest of the semester, we ll focus o computer architecture:
More informationLinked Lists 11/16/18. Preliminaries. Java References. Objects and references. Self references. Linking self-referential nodes
Prelimiaries Liked Lists public class StrageObject { Strig ame; StrageObject other; Arrays are ot always the optimal data structure: A array has fixed size eeds to be copied to expad its capacity Addig
More informationLecture Notes 6 Introduction to algorithm analysis CSS 501 Data Structures and Object-Oriented Programming
Lecture Notes 6 Itroductio to algorithm aalysis CSS 501 Data Structures ad Object-Orieted Programmig Readig for this lecture: Carrao, Chapter 10 To be covered i this lecture: Itroductio to algorithm aalysis
More informationFuzzy Membership Function Optimization for System Identification Using an Extended Kalman Filter
Fuzzy Membership Fuctio Optimizatio for System Idetificatio Usig a Eteded Kalma Filter Srikira Kosaam ad Da Simo Clevelad State Uiversity NAFIPS Coferece Jue 4, 2006 Embedded Cotrol Systems Research Lab
More informationFirewall and IDS. TELE3119: Week8
Firewall ad IDS TELE3119: Week8 Outlie Firewalls Itrusio Detectio Systems (IDSs) Itrusio Prevetio Systems (IPSs) 8-2 Example Attacks Disclosure, modificatio, ad destructio of data Compromise a host ad
More informationExceptions. Your computer takes exception. The Exception Class. Causes of Exceptions
Your computer takes exceptio s s are errors i the logic of a program (ru-time errors). Examples: i thread mai java.io.filenotfoud: studet.txt (The system caot fid the file specified.) i thread mai java.lag.nullpoiter:
More informationThe Magma Database file formats
The Magma Database file formats Adrew Gaylard, Bret Pikey, ad Mart-Mari Breedt Johaesburg, South Africa 15th May 2006 1 Summary Magma is a ope-source object database created by Chris Muller, of Kasas City,
More informationOPC Server ECL Comfort 210/310 OPC Server
OPC Server Descriptio j l j o j l k j l j Modbus-RS485 k Etheret or Iteret l Modbus-TCP ECL Cofort cotroller Heat eter o SCADA server The Dafoss is a OPC-copliat server that serves data to OPC cliets.
More informationIntroduction to SWARM Software and Algorithms for Running on Multicore Processors
Itroductio to SWARM Software ad Algorithms for Ruig o Multicore Processors David A. Bader Georgia Istitute of Techology http://www.cc.gatech.edu/~bader Tutorial compiled by Rucheek H. Sagai M.S. Studet,
More informationSoftware Fault Prediction of Unlabeled Program Modules
Software Fault Predictio of Ulabeled Program Modules C. Catal, U. Sevim, ad B. Diri, Member, IAENG Abstract Software metrics ad fault data belogig to a previous software versio are used to build the software
More informationn Learn how resiliency strategies reduce risk n Discover automation strategies to reduce risk
Chapter Objectives Lear how resiliecy strategies reduce risk Discover automatio strategies to reduce risk Chapter #16: Architecture ad Desig Resiliecy ad Automatio Strategies 2 Automatio/Scriptig Resiliet
More informationDefinitions. Error. A wrong decision made during software development
Debuggig Defiitios Error A wrog decisio made durig software developmet Defiitios 2 Error A wrog decisio made durig software developmet Defect bug sometimes meas this The term Fault is also used Property
More informationCMSC Computer Architecture Lecture 12: Virtual Memory. Prof. Yanjing Li University of Chicago
CMSC 22200 Computer Architecture Lecture 12: Virtual Memory Prof. Yajig Li Uiversity of Chicago A System with Physical Memory Oly Examples: most Cray machies early PCs Memory early all embedded systems
More informationA Note on Least-norm Solution of Global WireWarping
A Note o Least-orm Solutio of Global WireWarpig Charlie C. L. Wag Departmet of Mechaical ad Automatio Egieerig The Chiese Uiversity of Hog Kog Shati, N.T., Hog Kog E-mail: cwag@mae.cuhk.edu.hk Abstract
More informationPrivacy-preserving and Secure Top-k Query in Two-tier Wireless Sensor Network
Privacy-preservig ad Secure Top-k Query i Two-tier Wireless Sesor Network Xiaojig Liao, Jiazhog Li School of Computer Sciece ad Techology, Harbi Istitute of Techology, Heilogjiag, Chia Email:{xiaojigliao,lijzh}@hit.edu.c
More informationObject based Pseudo-3D Conversion of 2D Videos
Object based Pseudo-3D Coversio of 2D Videos J. Jiag 1,2 ad G. Xiao 1 1 Southwest Uiversity; 2 Uiversity of Bradford ABSTRACT: I this paper, we describe a ew algorithm to costruct pseudo-3d videos out
More informationLecture 13: Validation
Lecture 3: Validatio Resampli methods Holdout Cross Validatio Radom Subsampli -Fold Cross-Validatio Leave-oe-out The Bootstrap Bias ad variace estimatio Three-way data partitioi Itroductio to Patter Recoitio
More informationRecursion. Recursion. Mathematical induction: example. Recursion. The sum of the first n odd numbers is n 2 : Informal proof: Principle:
Recursio Recursio Jordi Cortadella Departmet of Computer Sciece Priciple: Reduce a complex problem ito a simpler istace of the same problem Recursio Itroductio to Programmig Dept. CS, UPC 2 Mathematical
More informationWhat Is Object-Orientation?
Iformatio Systems Cocepts What Is Object-Orietatio? Roma Kotchakov Birkbeck, Uiversity of Lodo Based o Chapter 4 of Beett, McRobb ad Farmer: Object Orieted Systems Aalysis ad Desig Usig UML, (4th Editio),
More informationCMSC Computer Architecture Lecture 11: More Caches. Prof. Yanjing Li University of Chicago
CMSC 22200 Computer Architecture Lecture 11: More Caches Prof. Yajig Li Uiversity of Chicago Lecture Outlie Caches 2 Review Memory hierarchy Cache basics Locality priciples Spatial ad temporal How to access
More informationCMSC22200 Computer Architecture Lecture 9: Out-of-Order, SIMD, VLIW. Prof. Yanjing Li University of Chicago
CMSC22200 Computer Architecture Lecture 9: Out-of-Order, SIMD, VLIW Prof. Yajig Li Uiversity of Chicago Admiistrative Stuff Lab2 due toight Exam I: covers lectures 1-9 Ope book, ope otes, close device
More informationCOMPUTER ORGANIZATION AND DESIGN The Hardware/Software Interface. Chapter 4. The Processor. Part A Datapath Design
COMPUTER ORGANIZATION AND DESIGN The Hardware/Software Iterface 5 th Editio Chapter The Processor Part A path Desig Itroductio CPU performace factors Istructio cout Determied by ISA ad compiler. CPI ad
More informationFrom last week. Lecture 5. Outline. Principles of programming languages
Priciples of programmig laguages From last week Lecture 5 http://few.vu.l/~silvis/ppl/2007 Natalia Silvis-Cividjia e-mail: silvis@few.vu.l ML has o assigmet. Explai how to access a old bidig? Is & for
More informationHow do we evaluate algorithms?
F2 Readig referece: chapter 2 + slides Algorithm complexity Big O ad big Ω To calculate ruig time Aalysis of recursive Algorithms Next time: Litterature: slides mostly The first Algorithm desig methods:
More informationAnalysis of Algorithms
Presetatio for use with the textbook, Algorithm Desig ad Applicatios, by M. T. Goodrich ad R. Tamassia, Wiley, 2015 Aalysis of Algorithms Iput 2015 Goodrich ad Tamassia Algorithm Aalysis of Algorithms
More informationOptimization for framework design of new product introduction management system Ma Ying, Wu Hongcui
2d Iteratioal Coferece o Electrical, Computer Egieerig ad Electroics (ICECEE 2015) Optimizatio for framework desig of ew product itroductio maagemet system Ma Yig, Wu Hogcui Tiaji Electroic Iformatio Vocatioal
More informationMOTIF XF Extension Owner s Manual
MOTIF XF Extesio Ower s Maual Table of Cotets About MOTIF XF Extesio...2 What Extesio ca do...2 Auto settig of Audio Driver... 2 Auto settigs of Remote Device... 2 Project templates with Iput/ Output Bus
More informationReliable Transmission. Spring 2018 CS 438 Staff - University of Illinois 1
Reliable Trasmissio Sprig 2018 CS 438 Staff - Uiversity of Illiois 1 Reliable Trasmissio Hello! My computer s ame is Alice. Alice Bob Hello! Alice. Sprig 2018 CS 438 Staff - Uiversity of Illiois 2 Reliable
More informationAn Estimation of Distribution Algorithm for solving the Knapsack problem
Vol.4,No.5, 214 Published olie: May 25, 214 DOI: 1.7321/jscse.v4.5.1 A Estimatio of Distributio Algorithm for solvig the Kapsack problem 1 Ricardo Pérez, 2 S. Jös, 3 Arturo Herádez, 4 Carlos A. Ochoa *1,
More informationCopyright 2016 Ramez Elmasri and Shamkant B. Navathe
Copyright 2016 Ramez Elmasri ad Shamkat B. Navathe CHAPTER 18 Strategies for Query Processig Copyright 2016 Ramez Elmasri ad Shamkat B. Navathe Itroductio DBMS techiques to process a query Scaer idetifies
More informationA Novel Feature Extraction Algorithm for Haar Local Binary Pattern Texture Based on Human Vision System
A Novel Feature Extractio Algorithm for Haar Local Biary Patter Texture Based o Huma Visio System Liu Tao 1,* 1 Departmet of Electroic Egieerig Shaaxi Eergy Istitute Xiayag, Shaaxi, Chia Abstract The locality
More information