Cyber theft is a serious threat to Internet security. It is one of the major security concerns by both network service providers and Internet users. Though sensitive information can be encrypted when stored in non-vol...
详细信息
Cyber theft is a serious threat to Internet security. It is one of the major security concerns by both network service providers and Internet users. Though sensitive information can be encrypted when stored in non-volatile memory such as hard disks, for many e-commerce and network applications, sensitive information is often stored as plaintext in main memory. Documented and reported exploits facilitate an adversary stealing sensitive information from an application's memory. These exploits include illegitimate memory scan, information theft oriented buffer overflow, invalid pointer manipulation, integer overflow, password stealing Trojans and so forth. Today's computing system and its hardware cannot address these exploits effectively in a coherent way. This paper presents a unified and lightweight solution, called InfoShield that can strengthen application protection against theft of sensitive information such as passwords, encryption keys, and other private data with a minimal performance impact. Unlike prior whole memory encryption and information flow based efforts, InfoShield protects the usage of information. InfoShield ensures that sensitive data are used only as defined by application semantics, preventing misuse of information. Comparing with prior art, InfoShield handles a broader range of information theft scenarios in a unified framework with less overhead. Evaluation using popular network client-server applications shows that InfoShield is sound for practical use and incurs little performance loss because InfoShield only protects absolute, critical sensitive information. Based on the profiling results, only 0.3% of memory accesses and 0.2% of executed codes are affected by InfoShield.
By now, the concept of program slicing has been known in the research community for around 25 years. As a research topic, it has enjoyed a fair share of popularity, evidenced by the number of articles published on the...
Modelica is a modern, strongly typed, declarative, and object-oriented language for modeling and simulation of complex systems. This paper gives a quick overview of some aspects of the OpenModelica environment - an op...
详细信息
Modelica is a modern, strongly typed, declarative, and object-oriented language for modeling and simulation of complex systems. This paper gives a quick overview of some aspects of the OpenModelica environment - an open-source environment for modeling, simulation, and development of Modelica applications. An introduction of the objectives of the environment is given, an overview of the architecture is outlined and a number of examples are illustrated.
A new field in distributed computing, called Ambient Intelligence, has emerged as a consequence of the increasing availability of wireless devices and the mobile networks they induce. Developing software for such mobi...
详细信息
A new field in distributed computing, called Ambient In-telligence, has emerged as a consequence of the increasing availability of wireless devices and the mobile networks they induce. Developing software for such mob...
详细信息
Criteria for software quality measurement depend on the application area. In large software systems criteria like maintainability, comprehensibility and extensibility play an important role. My aim is to identify desi...
详细信息
Domain Specific Languages (DSLs) are high level languages designed for solving problems in a particular domain, and have been suggested as means for developing reliable software systems. However, designing of a domain...
详细信息
Domain Specific Languages (DSLs) are high level languages designed for solving problems in a particular domain, and have been suggested as means for developing reliable software systems. However, designing of a domain specific language is a difficult task. The design of a domain specific language will evolve as it is used more and more and experienced is gained by its designers. Being able to rapidly develop the implementation infrastructure (interpreter, compiler, debugger, profiler, etc.) of a domain specific language is thus of utmost importance so that as the language evolves, the implementation infrastructure can keep pace. In this paper we present a framework for automatically generating interpreters, compilers, debuggers, and profilers from semantic specification of a domain specific language. We illustrate our approach via the SCR language, a language used by the US defense department for developing control systems. Copyright 2005 ACM.
In this chapter an introduction to model checking and model learning was given. Furthermore, it was shown how to combine both techniques to an approach in which properties of a SUT are verified directly. First of all ...
详细信息
ISBN:
(纸本)3540262784
In this chapter an introduction to model checking and model learning was given. Furthermore, it was shown how to combine both techniques to an approach in which properties of a SUT are verified directly. First of all we have presented Kripke transition systems which build a simple basis for temporal logics used in model checking. The essential difference between linear time logics and branching time logics was made plain on the basis of an example. Subsequently we presented linear time logic (LTL) and computational tree logic (CTL) which are widely used for model checking purposes. Since the combination of model checking and model learning for testing purposes is only meaningful with linear time logics we presented a basic model checking algorithm for linear time logic. In the second part of the chapter we first gave an introduction to the general ideas of model learning algorithms. Continuing in the same subject, we presented a number of learning algorithms;the observation pack algorithm, Angluin's algorithm, the reduced observation table algorithm and, the discrimination tree algorithm. Subsequently we discussed the algorithms' query complexity and presented some domain specific optimizations to reduce the number of queries. We rounded the model learning part off with some experimental results. The final part in this chapter presented the adaptive model checking algorithm, which combines model checking and model learning into one approach. The approach try to make use of information in an existing model of the SUT in order to save effort in the learning procedure. If no model exist or the existing model is irrelevant compared to the current SUT, the approach is still applicable. Although model checking and model learning are both established research areas, a lot of work remains to be done when considering testing. The combination of model checking and testing techniques should be clarified. Models to be used for testing might ask for different characteristics of
The benefits associated with separation of concerns are well established. Aspect-Orientation is a methodology that aims at separating components and aspects from the early stages of the software life cycle, and using ...
详细信息
ISBN:
(纸本)9781932415490
The benefits associated with separation of concerns are well established. Aspect-Orientation is a methodology that aims at separating components and aspects from the early stages of the software life cycle, and using techniques to combining them together at the implementation phase. Componentbased programming systems have shown themselves to be a natural way of constructing extensible software. Well-defined interfaces, encapsulation, late binding and polymorphism promote extensibility, yet despite this synergy, components have not been widely employed at the systems level. This is primarily due to the failure of existing component technologies to provide the protection and performance required of systems software. In this paper we identify the requirements for a component system to support extensions, and describe an extensibility and adaptability in the design of system software. We discuss an aspect-oriented framework that can simplify system design by expressing it at a higher level of abstraction. Our work concentrates on how to achieve a higher separation of aspects, components, and layers from each other. Our goal is to achieve a better design model for system software in terms of extensibility, reuse and adaptability.
In this paper we present the design and usage of a debugging framework for the Relational Meta-Language (RML), which is a language for writing executable Natural Semantics specifications. The language is successfully ...
详细信息
ISBN:
(纸本)1595930507
In this paper we present the design and usage of a debugging framework for the Relational Meta-Language (RML), which is a language for writing executable Natural Semantics specifications. The language is successfully used at our department for writing large specifications for a range of languages like Java, Modelica, Pascal, MiniML etc. The RML system previously had no debugging facilities, which made it hard for programmers to debug their specifications. With this work we address these issues by providing a debugging framework for debugging high level Natural Semantics specifications in RML. Copyright 2005 ACM.
暂无评论