We present a new system, KCoFI, that is the first we know of to provide complete Control-Flow Integrity protection for commodity operating systems without using heavyweight complete memory safety. Unlike previous syst...
详细信息
ISBN:
(纸本)9781479946860
We present a new system, KCoFI, that is the first we know of to provide complete Control-Flow Integrity protection for commodity operating systems without using heavyweight complete memory safety. Unlike previous systems, KCoFI protects commodity operating systems from classical control flow hijack attacks, return-to-user attacks, and code segment modification attacks. We formally verify a subset of KCoFI's design by modeling several features in small-step semantics and providing a partial proof that the semantics maintain control-flow integrity. The model and proof account for operations such as page table management, trap handlers, context switching, and signal delivery. Our evaluation shows that KCoFI prevents all the gadgets found by an open-source Return orientedprogramming (ROP) gadget-finding tool in the FreeBSD kernel from being used;it also reduces the number of indirect control-flow targets by 98.18%. Our evaluation also shows that the performance impact of KCoFI on web server bandwidth is negligible while file transfer bandwidth using OpenSSH is reduced by an average of 13%, and at worst 27%, across a wide range of file sizes. PostMark, an extremely file-system intensive benchmark, shows 2x overhead. Where comparable numbers are available, the overheads of KCoFI are far lower than heavyweight memory-safety techniques.
Hard-wired control systems are increasingly replaced by program-controlled embedded systems. The programming languages currently employed for their implementation lack constructs and design patterns enforcing intellig...
详细信息
ISBN:
(纸本)9781479950812
Hard-wired control systems are increasingly replaced by program-controlled embedded systems. The programming languages currently employed for their implementation lack constructs and design patterns enforcing intelligible code fostering its verification by certification authorities. Recommendations for such constructs necessary to guarantee safety integrity are given in the international standard IEC 61508-3. One of the recommendations refers to object-oriented programming (OOP). Therefore, we analyse both basic and advanced properties of OOP like encapsulation, polymorphism, inheritance, prototyping, delegation etc. with respect to functional safety. In a resulting programming language based on PEARL90 [1] we demonstrate coding with examples from hard real-time systems.
This paper summarizes our experiences integrating topics in the software development fundamentals (SDF), programming languages (PL), and software engineering (SE) knowledge areas of the ACM 2013 curriculum within a si...
详细信息
ISBN:
(纸本)9781450326056
This paper summarizes our experiences integrating topics in the software development fundamentals (SDF), programming languages (PL), and software engineering (SE) knowledge areas of the ACM 2013 curriculum within a single course. It is novel in combining object-oriented programming and software development practices with fundamental analytical reasoning about software correctness. The aim is to integrate and cover the topics in an effective fashion. The course description in this paper represents an approach we have applied successfully for over 5 years. Students tend to consider this course to be one of the more challenging encountered in the first two years of study. Interestingly, the challenge appears to stem equally from mastering object-oriented programming and design pattern components of the course, as it does from learning to use specifications for analytical reasoning of component correctness.
It has become common practice to build programs by using libraries. While the benefits of reuse are well known, an often overlooked risk are system runtime failures due to API changes in libraries that evolve independ...
详细信息
ISBN:
(纸本)9781479937523
It has become common practice to build programs by using libraries. While the benefits of reuse are well known, an often overlooked risk are system runtime failures due to API changes in libraries that evolve independently. Traditionally, the consistency between a program and the libraries it uses is checked at build time when the entire system is compiled and tested. However, the trend towards partially upgrading systems by redeploying only evolved library versions results in situations where these crucial verification steps are skipped. For Java programs, partial upgrades create additional interesting problems as the compiler and the virtual machine use different rule sets to enforce contracts between the providers and the consumers of APIs. We have studied the extent of the problem on the qualitas corpus, a data set consisting of Java open-source programs widely used in empirical studies. In this paper, we describe the study and report its key findings. We found that the above mentioned issues do occur in practice, albeit not on a wide scale.
Usage of model-driven and component-based development approaches in embedded systems allows timing analysis to be performed using system models. One of the problems rarely addressed by model-level analysis is support ...
详细信息
ISBN:
(纸本)9781479957958
Usage of model-driven and component-based development approaches in embedded systems allows timing analysis to be performed using system models. One of the problems rarely addressed by model-level analysis is support for analysis of cyclic execution paths. In this paper we present a method which allows compositional worst-case execution time analysis to be performed on software models containing such cycles. Our method allows defining cycle bounds for components and connections, and provides an algorithm to analyze cyclic paths containing such bounds. Additionally, we provide a possibility to propagate cycle bound definitions through the component hierarchy. The method is applied to the IEC 61499 component model and its applicability has been tested using a prototype tool.
Service oriented Architectures and service-centric models arose in the last years as a standard de-facto in IT enterprises for offering practically any kind of services to users world-wide. Heterogeneity (of operating...
详细信息
ISBN:
(纸本)9781479941711
Service oriented Architectures and service-centric models arose in the last years as a standard de-facto in IT enterprises for offering practically any kind of services to users world-wide. Heterogeneity (of operating systems, programming languages, software and hardware infrastructures etc.) and transparency (for users) are the key issues of the actual trends in developing and providing services. In particular Cloud-based models provide means for realizing and distributing everything-asa-service, including infrastructures, hardware and software platforms and services. Even if at the moment Service-centric models and technologies are mature in the IT scenario, Composition, analysis and validation of Cloud services is an open research challenge. In this work we describe a methodology based on Multi-Agent Models which allows for description, composition and verification of requirements of Cloud-based services. The methodology uses a modeling profile able to describe services as agents in a multi-agent environment and it is based on Model Driven Engineering (MDE) techniques. The proposed methodology includes a verification process for requirements that exploits formal methods during the whole life cycle of services. An example of the application of the proposed techniques will be reported also.
The CBSE enables to reduce the time required for the development and testing, to create robust systems. However not all existing component-based software synthesis methods focus on the software quality. There is the n...
详细信息
ISBN:
(纸本)9781479971220
The CBSE enables to reduce the time required for the development and testing, to create robust systems. However not all existing component-based software synthesis methods focus on the software quality. There is the need for the method which can ensure software quality (in terms of consistence of specification and implementation) preserving short time required for software development at the same time. The component-based system synthesis method based on the Curry-Howard protocol is presented in this paper as the solution for this problem. Authors presents some implementation details of this method also and argue that the component-based software synthesis problem and the solution can be stated in terms of abstract component model.
We developed an UML-State-charts objectoriented Design Pattern for PLCs IEC61131-3. This PLC UML-State-chart Design Pattern aims to explore the advantage of objectorientedprogramming by IEC61131-3 in PLCs, and to p...
详细信息
ISBN:
(纸本)9781479948451
We developed an UML-State-charts objectoriented Design Pattern for PLCs IEC61131-3. This PLC UML-State-chart Design Pattern aims to explore the advantage of objectorientedprogramming by IEC61131-3 in PLCs, and to provide a direct map of UML State-chart to PLC code. We illustrates the design pattern and its use through UML Class diagrams and an application example. This Design Pattern can be used to reduce the development time of State-charts in automation software. It can also lead towards further investigations in PLC Design Patterns that may improve the whole development of automation software.
In component-based and model-driven development it is common to model embedded applications in a platform-independent manner. As an example, some approaches allow development of distributed applications while abstract...
详细信息
ISBN:
(纸本)9781479948451
In component-based and model-driven development it is common to model embedded applications in a platform-independent manner. As an example, some approaches allow development of distributed applications while abstracting away from details of communication between platform nodes. Using such an approach requires to implement this communication before an executable system is deployed. Currently it is common to automatically implement this communication on the level of code, while providing it on the model level is mostly a task that needs to be done manually. In this paper we present a framework for automatic generation of inter-node communication by adding communication components to software models. The framework provides flexibility in the level of automation of generation decisions, and is defined in a way which allows adding support for new communication media or protocols. We have implemented the generation framework for the IEC 61499 standard and provide a prototype generation tool, which we use for examining the applicability of the approach.
Phenomenography is a well-known empirical research approach that is often used to investigate students' ways of learning programming. Phenomenographic pedagogy is an instructional approach to plan learning and tea...
详细信息
ISBN:
(纸本)9781479935918
Phenomenography is a well-known empirical research approach that is often used to investigate students' ways of learning programming. Phenomenographic pedagogy is an instructional approach to plan learning and teaching activities. This theoretical paper gives an overview of prior research in phenomenographic studies of programming and shows how the results from these research studies can be applied to course design. Pedagogic principles grounded in the phenomenographic perspective on teaching and learning are then presented that consider how to tie students' experiences to the course goals ( relevance structure) and how to apply variation theory to focus on the desired critical aspects of learning. Building on this, an introductory object-oriented programming course is described as an example of research-based course design. The insights gained from the experience of running the course are shared with the community of computer science educators, as also the benefits and responsibilities for those who wish to adopt the phenomenographic perspective on learning to plan their teaching. The development of an increased awareness of the variation in students' ways of experiencing programming and the need to broaden the context of the programming course are discussed.
暂无评论