Rubicon: Scalable Bounded Verification of Web Applications
|
|
- Noah Sims
- 5 years ago
- Views:
Transcription
1 Joseph P. Near Research Statement My research focuses on developing domain-specific static analyses to improve software security and reliability. In contrast to existing approaches, my techniques leverage properties specific to a particular domain to improve scalability and reduce programmer burden. Scalability. Existing research has focused on general-purpose static analyses for all kinds of programs. The most precise analyses come with poor scalability, prompting the development of less precise, more scalable versions. My work chooses instead to compromise on generality, but maintain preciseness: by focusing on a particular domain of programs, I have developed precise static analyses that scale to real-world problems. Programmer Burden. Static analysis can be used to determine what a program does, but not to figure out what the program is supposed to do. Existing research has focused on classes of bugs with general specifications (e.g. buffer overflows or SQL injection) or required the programmer to write a formal specification. My work, on the other hand, leverages domain properties to eliminate the requirement of a written specification. The process typically becomes interactive the programmer inspects an inferred specification for correctness or explores the space of program behavior to find bugs relieving the programmer of the burden of writing a specification. To address the problem of scalability, I developed Rubicon, a scalable bounded verifier for web applications. To reduce programmer burden, I built Derailer, which leverages Rubicon s scalable analysis but uses developer interaction rather than a specification to uncover security bugs. Rubicon: Scalable Bounded Verification of Web Applications The web is fast becoming the most popular platform for application programming, but web applications continue to be prone to security bugs. Rather than write them explicitly, developers encode security policies in the form of checks embedded in application code. Many security bugs are the result of programmers simply forgetting to include one of these checks. To find these missing security checks, I built Rubicon [1], a verifier for Ruby on Rails applications. Rubicon provides automatic bounded verification of application code against a specification written by the developer. Its specification language is as expressive as first-order logic, but based on a popular domain-specific testing language. To extract verification conditions from the target Rails application, Rubicon uses symbolic execution a technique that yields precise results but can be exponential in the number of program paths. The key insight of Rubicon is that web applications are different from regular programs in ways that can be exploited to improve the scalability of symbolic execution. First, web applications are built from independent actions, each of which is typically fewer than 20 lines of code; these actions can be analyzed independently. Second, web developers tend to embed program logic in database queries, so applications have few conditionals and few loops. For example, the 20 most popular Rails applications on Github have only 12 while loops in total. These properties minimize the exponential behavior of symbolic execution, enabling the technique to scale to even the largest Rails applications. A second challenge in building Rubicon was the size and complexity of Rails itself. The framework is over 200,000 lines of code, and is so reliant on the unspecified behaviors of the standard Ruby interpreter that until recently no other Ruby implementation could run Rails applications. I began by building a 1
2 standalone symbolic evaluator for Ruby, but quickly realized that replicating enough of the standard interpreter to run Rails programs would take several years of work. The solution was to take advantage of Ruby s flexibility to build a symbolic evaluator as a library, and use the standard Ruby interpreter to perform symbolic execution [3]. This strategy ensures compatibility with Rails, since the standard interpreter is used. The symbolic evaluation library defines a class of symbolic values and overrides the operators of the standard library to compute over them. The resulting symbolic execution library is less than 1000 lines of code long. Rubicon translates the verification conditions resulting from symbolic execution into the Alloy specification language and performs bounded verification against the specification using the Alloy Analyzer. Like the symbolic execution step, this verification step is scalable due to careful leverage of domain properties. First, Rubicon specifications are intentionally partial, with granularity selected by the developer: a single specification may cover only a single property on a single action. Second, symbolically executing the code with respect to a single specification produces a slice that omits parts of the implementation unrelated to the property. Finally, Alloy s relational logic is a good fit for Rails relational database, so Alloy s optimizations apply directly. As a result, both steps of Rubicon s analysis scale to real-world Rails applications. I used Rubicon to specify and check properties of five open-source Rails applications. I converted a total of 250 developer-written test cases into general specifications checking the same desired property as the test case. Rubicon s analysis took an average of 3 seconds per partial specification, and no specification took longer than 5 seconds to check. In the largest application, Fat Free CRM (23k lines of code), Rubicon s analysis of a converted test case found a previously unknown security bug, which the developers confirmed and fixed in the next release. Derailer: Specification-Free Bug Finding Web developers are reluctant even to attempt writing specifications, and when they do, they often make mistakes. Moreover, properties that are the most difficult to test like security are also the most difficult to specify. Even my own security policy specifications often contained errors, and were regardless timeconsuming to produce. Rubicon s requirement for a specification has therefore been a barrier to its adoption, despite its success as a verification tool. In writing a number of security policy specifications, I found striking similarities across applications. Most policies implement some form of access control, and most security vulnerabilities are caused by either a missing security check or an access path not exposed by the user interface that bypasses the security checks. This experience led to the key insight of Derailer: that web application security policies tend to be uniform. Sensitive data is usually subject to security checks everywhere it is used, so an access that is missing one of those checks is likely to be a mistake. Derailer [2] helps Rails developers find security bugs without writing a specification. It uses the same symbolic evaluator I developed for Rubicon; instead of producing verification conditions, however, Derailer builds a set of data exposures. Each exposure comprises a symbolic representation of a set of database records and the constraints under which they might be displayed to a user of the application; the set of 2
3 exposures therefore represents all the ways in which information from the database can appear on a page rendered by the application. To find missing security checks, the developer and the tool together infer a specification of the application s security policy, and the tool finds exposures that do not obey the policy. First, the developer classifies the constraints on an exposure according to whether or not they are securityrelated. Then, Derailer highlights exposures missing some of the selected security constraints. The developer chooses either to iterate adding or removing constraints to make the highlighted exposures obey the policy or to consider those exposures security bugs. When the developer is finished with this iterative process, the selected constraints represent a specification of the security policy, and the remaining highlighted exposures are security bugs. This approach has been very successful in finding bugs, mainly because Derailer does not require the time-consuming step of writing a specification. For example, I have used Derailer to: Find security bugs in 65% of student projects from a web design course at MIT 30% of which the TAs missed Find security bugs in 18% of the 50 most popular Rails applications on Github; of applications that implement security, 30% had bugs Test scalability on the 1000 most popular Rails applications on Github: 90% of analyses completed in 15 seconds, and 100% in 45 seconds Summary & Future Directions Rubicon s scalability comes from properties unique to the domain of web applications the decision to use symbolic execution was due to the structure of Rails programs. Similarly, Derailer s ability to find bugs in the absence of a formal specification is based on another domain property: the uniformity of security policies. The success of these projects suggests both further improvements in the domain of web applications, and that similar improvements are possible in other domains. Cyber-physical systems. My domain-specific approach to static analysis was actually inspired by a case study in building a dependability case for the proton therapy system at Massachusetts General Hospital [4], which provides radiation treatment to cancer patients. The safety requirements of this system involve statements about its environment, so verification requires building a formal model of the environment s properties. This is a difficult task, even for an expert, since the environment is complex; and if the environmental model is incomplete, the system may be verified correct even if it has a bug. I found that it was sufficient to check only the environmental properties on which the software actually depended, eliminating the need for a complete model of the environment. I used static analysis to enumerate the calls to libraries used for environmental interaction, and produced a short list of conditions for a domain expert to check. The same kind of environment-focused analysis could be used to ensure both security and reliability for the new generation of internet-connected cyber-physical systems. My work on web applications is a good starting point, since cyber-physical systems have similar structural properties, and the success of the proton therapy analysis suggests that analyses of other cyber-physical systems could likewise benefit from the application of domain-specific properties. To support this effort, I will build new collaborations with 3
4 the networking and security communities, to investigate the security and reliability guarantees desired by users and possible in each device s environment. Access control and APIs. My work on Derailer has focused on consistent application of access control policies, since failures in this area account for a large number of security bugs. But there is more work to be done in this area both in expanding the kinds of bugs Derailer can find and in providing more automation to make finding bugs easier. My experience with Rails applications suggests that developers make certain kinds of security mistakes over and over again. These mistakes suggest a corresponding set of heuristics that can detect them automatically. Derailer s analysis, combined with heuristics highlighting common kinds of mistakes, could make Derailer even easier to use. A large enough set of heuristics could, in turn, form a partial model of correctly implemented access control; violations of this model represent security bugs, and could be found automatically. Libraries for enforcing access-control policies are increasingly popular, since they represent a significant improvement over ad hoc security checks, but these libraries still require programmers to use them correctly. Derailer s model of analysis, interaction, and automation is also suitable for detecting inconsistent API use within an application; I plan to extend my work on Derailer to detect these mistakes. In fact, Derailer s model might even extend to other kinds of APIs, since they, too, expect consistent use. I therefore plan to build new collaborations within the software engineering community to explore the extent to which Derailer s analysis can help programmers use APIs correctly. Statistical models of behavior. If two exposures of the same data have inconsistent constraints, one of them represents a bug. But without information about the security policy, it is impossible to determine which one is buggy. Automatic anomaly detection techniques consider a large majority of consistent examples to represent a specification, and highlight examples outside of that set. Since web applications contain relatively few exposures, however, these techniques do not apply. The set of all web applications, on the other hand, contains a huge number of exposures. This aggregate set of exposures represents a library of specifications for different kinds of applications. Individual applications may contain bugs, but the average of all implementations of a particular piece of functionality represents a correct specification of that functionality. And as the amount of publicly available application code grows, so does the size of the library. I have already tested Derailer s scalability by running its analysis on more than 1000 open-source applications from Github; using Derailer s analysis to compile a database of the data exposures from every Rails application on Github would take only a few weeks of compute time. In collaboration with the machine learning community, I plan to explore the use of Derailer s analysis to build clusters of applications according to aspects of their functionality. Analysis results typical of a cluster would be considered a specification of that cluster, and would be compared against the analysis results of the target application. Security checks typical of the cluster but missing from the target represent likely bugs. A tool based on this approach may produce some false positives, but would enumerate bugs in a target application automatically. 4
5 References [1] Joseph P. Near and Daniel Jackson. Rubicon: bounded verification of web applications. In Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE), page 60. ACM, [2] Joseph P. Near and Daniel Jackson. Derailer: interactive security analysis for web applications. In Proceedings of the 29th ACM/IEEE international conference on Automated Software Engineering (ASE), pages ACM, [3] Joseph P. Near and Daniel Jackson. Symbolic execution for (almost) free: Hijacking an existing implementation to perform symbolic execution. MIT CSAIL Technical Report MIT-CSAIL-TR , [4] Joseph P. Near, Aleksandar Milicevic, Eunsuk Kang, and Daniel Jackson. A lightweight code analysis and its role in evaluation of a dependability case. In Proceedings of the 33rd International Conference on Software Engineering (ICSE), pages IEEE,
Capturing Design Expertise in Customized Software Architecture Design Environments
Capturing Design Expertise in Customized Software Architecture Design Environments Robert T. Monroe School of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213 Abstract: Software architecture
More informationDerailer: interactive security analysis for web applications
Derailer: interactive security analysis for web applications The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation As Published
More informationSecure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
More informationEmpirical Study on Impact of Developer Collaboration on Source Code
Empirical Study on Impact of Developer Collaboration on Source Code Akshay Chopra University of Waterloo Waterloo, Ontario a22chopr@uwaterloo.ca Parul Verma University of Waterloo Waterloo, Ontario p7verma@uwaterloo.ca
More informationFinding Security Bugs in Web Applications using a Catalog of Access Control Patterns
Finding Security Bugs in Web Applications using a Catalog of Access Control Patterns The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters.
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon {bethenco, jfrankli, vernon}@cs.wisc.edu Computer Sciences Department University of Wisconsin, Madison
More informationModule: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationMaking Program Refactoring Safer
Making Program Refactoring Safer Gustavo Soares 1, Rohit Gheyi 1, Dalton Serey 1 1 Department of Computing and Systems UFCG 58429-900 Campina Grande PB Brazil {gsoares,rohit,dalton}@dsc.ufcg.edu.br Abstract.
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks Computer Sciences Department University of Wisconsin, Madison Introduction Outline Background Example Attack Introduction to the Attack Basic Probe
More informationLightweight Verification of Array Indexing
Lightweight Verification of Array Indexing Martin Kellogg*, Vlastimil Dort**, Suzanne Millstein*, Michael D. Ernst* * University of Washington, Seattle ** Charles University, Prague The problem: unsafe
More informationF-Soft: Software Verification Platform
F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com
More informationModule: Future of Secure Programming
Module: Future of Secure Programming Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Programmer s Little Survey Problem What does program for
More informationAn Eclipse Plug-in for Model Checking
An Eclipse Plug-in for Model Checking Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala Electrical Engineering and Computer Sciences University of California, Berkeley, USA Rupak Majumdar Computer Science
More informationPredictive malware response testing methodology. Contents. 1.0 Introduction. Methodology version 1.0; Created 17/01/2018
Predictive malware response testing methodology Methodology version 1.0; Created 17/01/2018 Contents Contents... 1 1.0 Introduction... 1 2.0 Test framework... 2 3.0 Threat selection and management... 3
More informationRanking Vulnerability for Web Application based on Severity Ratings Analysis
Ranking Vulnerability for Web Application based on Severity Ratings Analysis Nitish Kumar #1, Kumar Rajnish #2 Anil Kumar #3 1,2,3 Department of Computer Science & Engineering, Birla Institute of Technology,
More informationTesting, code coverage and static analysis. COSC345 Software Engineering
Testing, code coverage and static analysis COSC345 Software Engineering Outline Various testing processes ad hoc / formal / automatic Unit tests and test driven development Code coverage metrics Integration
More informationData Analyst Nanodegree Syllabus
Data Analyst Nanodegree Syllabus Discover Insights from Data with Python, R, SQL, and Tableau Before You Start Prerequisites : In order to succeed in this program, we recommend having experience working
More informationUsing Static Code Analysis to Find Bugs Before They Become Failures
Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker Senior Software Engineer, Video Product Line, Tektronix, Inc. Pacific Northwest Software Quality Conference,
More informationIs Power State Table Golden?
Is Power State Table Golden? Harsha Vardhan #1, Ankush Bagotra #2, Neha Bajaj #3 # Synopsys India Pvt. Ltd Bangalore, India 1 dhv@synopsys.com 2 ankushb@synopsys.com 3 nehab@synopsys.com Abstract: Independent
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationLog System Based on Software Testing System Design And Implementation
4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) Log System Based on Software Testing System Design And Implementation Yan Liu1, a, Dahai Jin1,
More informationHow to Conduct a Heuristic Evaluation
Page 1 of 9 useit.com Papers and Essays Heuristic Evaluation How to conduct a heuristic evaluation How to Conduct a Heuristic Evaluation by Jakob Nielsen Heuristic evaluation (Nielsen and Molich, 1990;
More informationSecurity Issues Formalization
Security Issues Formalization V. T. Dimitrov University of Sofia, Faculty of Mathematics and Informatics, 5 James Bourchier Blvd, 1164, Sofia, Bulgaria E-mail: cht@fmi.uni-sofia.bg Software bugs are primary
More informationResearch on the Static Analysis Method of the Localization Embedded Platform Software Code Zhijie Gaoa, Ling Lu, Wen Jiao
6th International Conference on Information Engineering for Mechanics and Materials (ICIMM 2016) Research on the Static Analysis Method of the Localization Embedded Platform Software Code Zhijie Gaoa,
More informationLeveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance
Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance Prashant Mathapati Senior Application Engineer MATLAB EXPO 2013 The MathWorks, Inc. 1 The problem
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationSample Exam Syllabus
ISTQB Foundation Level 2011 Syllabus Version 2.9 Release Date: December 16th, 2017. Version.2.9 Page 1 of 46 Dec 16th, 2017 Copyright 2017 (hereinafter called ISTQB ). All rights reserved. The authors
More informationEvaluating State Modeling Techniques in Alloy
16 Evaluating State Modeling Techniques in Alloy ALLISON SULLIVAN, KAIYUAN WANG, and SARFRAZ KHURSHID, The University of Texas at Austin, USA DARKO MARINOV, University of Illinois at Urbana-Champaign,
More informationStatic Analysis and Bugfinding
Static Analysis and Bugfinding Alex Kantchelian 09/12/2011 Last week we talked about runtime checking methods: tools for detecting vulnerabilities being exploited in deployment. So far, these tools have
More informationStatic Analysis of C++ Projects with CodeSonar
Static Analysis of C++ Projects with CodeSonar John Plaice, Senior Scientist, GrammaTech jplaice@grammatech.com 25 July 2017, Meetup C++ de Montréal Abstract Static program analysis consists of the analysis
More informationAnswering Theoretical Questions with R
Department of Psychology and Human Development Vanderbilt University Using R to Answer Theoretical Questions 1 2 3 4 A Simple Z -Score Function A Rescaling Function Generating a Random Sample Generating
More informationSecure Mission-Centric Operations in Cloud Computing
Secure Mission-Centric Operations in Cloud Computing Massimiliano Albanese, Sushil Jajodia, Ravi Jhawar, Vincenzo Piuri George Mason University, USA Università degli Studi di Milano, Italy ARO Workshop
More informationProbabilistic Abstraction Lattices: A Computationally Efficient Model for Conditional Probability Estimation
Probabilistic Abstraction Lattices: A Computationally Efficient Model for Conditional Probability Estimation Daniel Lowd January 14, 2004 1 Introduction Probabilistic models have shown increasing popularity
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationOverview AEG Conclusion CS 6V Automatic Exploit Generation (AEG) Matthew Stephen. Department of Computer Science University of Texas at Dallas
CS 6V81.005 Automatic Exploit Generation (AEG) Matthew Stephen Department of Computer Science University of Texas at Dallas February 20 th, 2012 Outline 1 Overview Introduction Considerations 2 AEG Challenges
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationjunit RV Adding Runtime Verification to junit
junit RV Adding Runtime Verification to junit Normann Decker, Martin Leucker, and Daniel Thoma Institute for Software Engineering and Programming Languages Universität zu Lübeck, Germany {decker, leucker,
More informationHonours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui
Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing
More informationFinding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar
Finding and Fixing Bugs in Liquid Haskell Anish Tondwalkar Overview Motivation Liquid Haskell Fault Localization Fault Localization Evaluation Predicate Discovery Predicate Discovery Evaluation Conclusion
More informationCloud Communications for Healthcare
Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization
More informationMilind Kulkarni Research Statement
Milind Kulkarni Research Statement With the increasing ubiquity of multicore processors, interest in parallel programming is again on the upswing. Over the past three decades, languages and compilers researchers
More informationVulnerabilities. To know your Enemy, you must become your Enemy. Information security: Vulnerabilities & attacks threats. difficult.
Vulnerabilities To know your Enemy, you must become your Enemy. "The Art of War", Sun Tzu André Zúquete Security 1 Information security: Vulnerabilities & attacks threats Discouragement measures difficult
More informationA Knowledge-based Alert Evaluation and Security Decision Support Framework 1
A Knowledge-based Alert Evaluation and Security Decision Support Framework 1 Jinqiao Yu Department of Mathematics and Computer Science Illinois Wesleyan Univerisity P.O.Box 2900 Bloomington, IL 61701 Ramana
More informationSecure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO
Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO tom.stiehm@coveros.com 1 About Coveros Coveros helps organizations accelerate the delivery of business value through
More informationSoftware Architecture and Engineering Introduction Peter Müller
Software Architecture and Engineering Introduction Peter Müller Chair of Programming Methodology Spring Semester 2018 1. Introduction Software Failures 2 1. Introduction 1.1 Software Failures 1.2 Challenges
More informationVisualizing Access Control Policies in Databases. Jared Chandler. Comp 116 Fall 2015
Visualizing Access Control Policies in Databases Jared Chandler Comp 116 Fall 2015 To the Community I chose this topic because it is something I have an interest in improving. SQL databases are widespread
More informationFormal Modeling and Analysis of a Flash File System in Alloy
Formal Modeling and Analysis of a Flash File System in Alloy Eunsuk Kang & Daniel Jackson MIT ABZ 2008 September 17, London, UK Flash memory Increasingly popular as storage device Benefits: High durability,
More informationAttributes as Operators (Supplementary Material)
In Proceedings of the European Conference on Computer Vision (ECCV), 2018 Attributes as Operators (Supplementary Material) This document consists of supplementary material to support the main paper text.
More informationStatic Analysis. Systems and Internet Infrastructure Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Static Analysis Trent
More informationOn the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR
1 / 16 On the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR Philipp Rümmer Oxford University, Computing Laboratory philr@comlab.ox.ac.uk 8th KeY Symposium May 19th 2009
More informationStudents Guide. Requirements of your homework
Students Guide Requirements of your homework During the SQL labs you should create SQL scripts, which correspond to the SQL script skeleton provided. In the case of the SQL1 lab, you should also hand in
More informationCOMP 465: Data Mining Classification Basics
Supervised vs. Unsupervised Learning COMP 465: Data Mining Classification Basics Slides Adapted From : Jiawei Han, Micheline Kamber & Jian Pei Data Mining: Concepts and Techniques, 3 rd ed. Supervised
More informationNew research on Key Technologies of unstructured data cloud storage
2017 International Conference on Computing, Communications and Automation(I3CA 2017) New research on Key Technologies of unstructured data cloud storage Songqi Peng, Rengkui Liua, *, Futian Wang State
More informationDerivation of Feature Component Maps by means of Concept Analysis
Derivation of Feature Component Maps by means of Concept Analysis Thomas Eisenbarth, Rainer Koschke, Daniel Simon University of Stuttgart, Breitwiesenstr. 20-22, 70565 Stuttgart, Germany {eisenbts, koschke,
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationExamination Questions Time allowed: 1 hour 15 minutes
Swedish Software Testing Board (SSTB) International Software Testing Qualifications Board (ISTQB) Foundation Certificate in Software Testing Practice Exam Examination Questions 2011-10-10 Time allowed:
More informationAutomating Instance Migration in Response to Ontology Evolution
Automating Instance Migration in Response to Ontology Evolution Mark Fischer 1, Juergen Dingel 1, Maged Elaasar 2, Steven Shaw 3 1 Queen s University, {fischer,dingel}@cs.queensu.ca 2 Carleton University,
More informationDOWNLOAD PDF INSIDE RELATIONAL DATABASES
Chapter 1 : Inside Microsoft's Cosmos DB ZDNet Inside Relational Databases is an excellent introduction to the topic and a very good resource. I read the book cover to cover and found the authors' insights
More informationCombined Static and Dynamic Mutability Analysis 1/31
Combined Static and Dynamic Mutability Analysis SHAY ARTZI, ADAM KIEZUN, DAVID GLASSER, MICHAEL D. ERNST ASE 2007 PRESENTED BY: MENG WU 1/31 About Author Program Analysis Group, Computer Science and Artificial
More informationThe Role of Context in Exception-Driven Rework
The Role of Context in Exception-Driven Rework Xiang Zhao University of Massachuestts Amherst Amherst, USA xiang@cs.umass.edu Barbara Staudt Lerner Mount Holyoke College South Hadley, USA blerner@mtholyoke.edu
More informationEconomies of Scale in Hacking Dave Aitel Immunity
Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 1 Demand Side/Supply Side Economies of Scale Networked increase in value High barrier of entry Cheaper as you get bigger
More informationData Mining. Data preprocessing. Hamid Beigy. Sharif University of Technology. Fall 1395
Data Mining Data preprocessing Hamid Beigy Sharif University of Technology Fall 1395 Hamid Beigy (Sharif University of Technology) Data Mining Fall 1395 1 / 15 Table of contents 1 Introduction 2 Data preprocessing
More informationData Mining. Data preprocessing. Hamid Beigy. Sharif University of Technology. Fall 1394
Data Mining Data preprocessing Hamid Beigy Sharif University of Technology Fall 1394 Hamid Beigy (Sharif University of Technology) Data Mining Fall 1394 1 / 15 Table of contents 1 Introduction 2 Data preprocessing
More informationBug Finding with Under-approximating Static Analyses. Daniel Kroening, Matt Lewis, Georg Weissenbacher
Bug Finding with Under-approximating Static Analyses Daniel Kroening, Matt Lewis, Georg Weissenbacher Overview Over- vs. underapproximating static analysis Path-based symbolic simulation Path merging Acceleration
More informationDo Not Track Compromise Proposal
Do Not Track Compromise Proposal Unofficial Draft 06 June 2012 Editors: Peter Eckersley, Electronic Frontier Foundation Tom Lowenthal, Mozilla Jonathan Mayer, Stanford University This document is licensed
More informationHarvard School of Engineering and Applied Sciences CS 152: Programming Languages
Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 18 Thursday, April 3, 2014 1 Error-propagating semantics For the last few weeks, we have been studying type systems.
More informationUnderstanding BGP Miscounfiguration
Understanding Archana P Student of Department of Electrical & Computer Engineering Missouri University of Science and Technology appgqb@mst.edu 16 Feb 2017 Introduction Background Misconfiguration Outline
More informationWith turing you can: Identify, locate and mitigate the effects of botnets or other malware abusing your infrastructure
Decoding DNS data If you have a large DNS infrastructure, understanding what is happening with your real-time and historic traffic is difficult, if not impossible. Until now, the available network management
More informationHow Often and What StackOverflow Posts Do Developers Reference in Their GitHub Projects?
How Often and What StackOverflow Posts Do Developers Reference in Their GitHub Projects? Saraj Singh Manes School of Computer Science Carleton University Ottawa, Canada sarajmanes@cmail.carleton.ca Olga
More informationAn Approach to the Generation of High-Assurance Java Card Applets
An Approach to the Generation of High-Assurance Java Card Applets Alessandro Coglio Kestrel Institute 3260 Hillview Avenue, Palo Alto, CA 94304, USA Ph. +1-650-493-6871 Fax +1-650-424-1807 http://www.kestrel.edu/
More informationHelping the Tester Get it Right: Towards Supporting Agile Combinatorial Test Design
Helping the Tester Get it Right: Towards Supporting Agile Combinatorial Test Design Anna Zamansky 1 and Eitan Farchi 2 1 University of Haifa, Israel 2 IBM Haifa Research Lab, Israel Abstract. Combinatorial
More informationData Mining: Concepts and Techniques Classification and Prediction Chapter 6.1-3
Data Mining: Concepts and Techniques Classification and Prediction Chapter 6.1-3 January 25, 2007 CSE-4412: Data Mining 1 Chapter 6 Classification and Prediction 1. What is classification? What is prediction?
More informationWhat You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices Marius Muench 1 Jan Stijohann 2,3 Frank Kargl 3 Aurélien Francillon 1 Davide Balzarotti 1 1 EURECOM 2 Siemens AG 3 Ulm University
More informationWHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development
WHITE PAPER 10 Reasons to Use Static Analysis for Embedded Software Development Overview Software is in everything. And in many embedded systems like flight control, medical devices, and powertrains, quality
More informationInformation Security Specialist. IPS effectiveness
Information Security Specialist IPS effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of
More informationSecuring Your SWIFT Environment Using Micro-Segmentation
Securing Your SWIFT Environment Using Micro-Segmentation WP201801 Overview By January 1, 2018, all SWIFT customers must self-attest to their compliance with the new SWIFT Customer Security Program (CSP).
More informationDetecting and Resolving Inconsistency and Redundancy in Conditional Constraint Satisfaction Problems
From: AAAI Technical Report WS-99-05. Compilation copyright 1999, AAAI (www.aaai.org). All rights reserved. Detecting and Resolving Inconsistency and Redundancy in Conditional Constraint Satisfaction Problems
More informationSHIFTLEFT OCULAR THE CODE PROPERTY GRAPH
SHIFTLEFT OCULAR INTRODUCTION ShiftLeft Ocular offers code auditors the full range of capabilities of ShiftLeft s best-in-class static code analysis 1, ShiftLeft Inspect. Ocular enables code auditors to
More informationExamining the Code. [Reading assignment: Chapter 6, pp ]
Examining the Code [Reading assignment: Chapter 6, pp. 91-104] Static white-box testing Static white-box testing is the process of carefully and methodically reviewing the software design, architecture,
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior
More informationTesting. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?
Testing ECE/CS 5780/6780: Embedded System Design Scott R. Little Lecture 24: Introduction to Software Testing and Verification What is software testing? Running a program in order to find bugs (faults,
More informationVerification and Test with Model-Based Design
Verification and Test with Model-Based Design Flight Software Workshop 2015 Jay Abraham 2015 The MathWorks, Inc. 1 The software development process Develop, iterate and specify requirements Create high
More informationRDGL Reference Manual
RDGL Reference Manual COMS W4115 Programming Languages and Translators Professor Stephen A. Edwards Summer 2007(CVN) Navid Azimi (na2258) nazimi@microsoft.com Contents Introduction... 3 Purpose... 3 Goals...
More informationSoftware Testing CS 408
Software Testing CS 408 1/09/18 Course Webpage: http://www.cs.purdue.edu/homes/suresh/408-spring2018 1 The Course Understand testing in the context of an Agile software development methodology - Detail
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationWeb Applications (Part 2) The Hackers New Target
Web Applications (Part 2) The Hackers New Target AppScan Source Edition Terence Chow Advisory Technical Consultant An IBM Rational IBM Software Proof of Technology Hacking 102: Integrating Web Application
More informationMapping Vector Codes to a Stream Processor (Imagine)
Mapping Vector Codes to a Stream Processor (Imagine) Mehdi Baradaran Tahoori and Paul Wang Lee {mtahoori,paulwlee}@stanford.edu Abstract: We examined some basic problems in mapping vector codes to stream
More informationPrinciples of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)
Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems) More Analysis for Functional Correctness Jonathan Aldrich Charlie Garrod School of Computer Science
More informationSCR: A PRACTICAL METHOD FOR REQUIREMENTS SPECIFICATION
SCR: A PRACTICAL METHOD FOR REQUIREMENTS SPECIFICATION Constance Heitmeyer, Naval Research Laboratory, Washington, DC Abstract A controversial issue in the formal methods research community is the degree
More informationData Analyst Nanodegree Syllabus
Data Analyst Nanodegree Syllabus Discover Insights from Data with Python, R, SQL, and Tableau Before You Start Prerequisites : In order to succeed in this program, we recommend having experience working
More informationMarkLogic 8 Overview of Key Features COPYRIGHT 2014 MARKLOGIC CORPORATION. ALL RIGHTS RESERVED.
MarkLogic 8 Overview of Key Features Enterprise NoSQL Database Platform Flexible Data Model Store and manage JSON, XML, RDF, and Geospatial data with a documentcentric, schemaagnostic database Search and
More informationProtecting Database Centric Web Services Against SQL/XPath Injection Attacks
Protecting Database Centric Web Services Against SQL/XPath Injection Attacks Nuno Laranjeiro, Marco Vieira, Henrique Madeira CISUC, Department of Informatics Engineering University of Coimbra, Portugal
More informationThe Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio
Prompt. Courteous. Knowledgeable. Support you deserve. The Value Of NEONet Cybersecurity Why You Need To Protect Your Private Student Data In Ohio 1 TABLE OF CONTENTS 2 2 2-3 4 5 7 Introduction The Three
More informationEfficient, Scalable, and Provenance-Aware Management of Linked Data
Efficient, Scalable, and Provenance-Aware Management of Linked Data Marcin Wylot 1 Motivation and objectives of the research The proliferation of heterogeneous Linked Data on the Web requires data management
More informationVerification, Testing, and Bugs
Verification, Testing, and Bugs Ariane 5 Rocket First Launch Failure https://www.youtube.com/watch?v=gp_d8r- 2hwk So What Happened? The sequence of events that led to the destruction of the Ariane 5 was
More informationChecking System Rules Using System-Specific, Programmer- Written Compiler Extensions
Motivation for using Checking System Rules Using System-Specific, Programmer- Written Compiler Extensions Dawson Engler Benjamin Chelf Andy Chou Seth Hallem 1 Computer Systems Laboratory Stanford University
More information