THE IMPACT OF PROGRAMMING LANGUAGES ON THE SOFTWARE’S SECURITY

Security is usually defined as the ability of a system to protect itself against accidental or deliberate intrusion1. Ensuring integrity, confidentiality, availability, and accountability requirements even in the presence of a determined, malicious opponent is essential for computer security. Sensitive data has to be manipulated and consulted by authorized users only (integrity, confidentiality). Furthermore, the system should resist “denial of service” attacks that attempt to render it unusable (availability). Also the system has to ensure the inability to deny the ownership of prior actions (accountability).security

Safety-critical Java for embedded systems

This paper presents the motivation for and outcomes of an engineering research project on certifiable Java for embedded systems. The project supports the upcoming standard for safety-critical Java, which defines a subset of Java and libraries aiming for development of high criticality systems. The outcome of this project include prototype safety-critical Java implementations, a time-predictable Java processor, analysis tools for memory safety, and example applications to explore the usability of safety-critical Java for this application area. The text summarizes developments and key contributions and concludes with the lessons learned

From Java to real-time Java : A model-driven methodology with automated toolchain

Real-time systems are receiving increasing attention with the emerging application scenarios that are safety-critical, complex in functionality, high on timing-related performance requirements, and cost-sensitive, such as autonomous vehicles. Development of real-time systems is error-prone and highly dependent on the sophisticated domain expertise, making it a costly process. There is a trend of the existing software without the real-time notion being re-developed to realise real-time features, e.g., in the big data technology. This paper utilises the principles of model-driven engineering (MDE) and proposes the first methodology that automatically converts standard time-sharing Java applications to real-time Java applications. It opens up a new research direction on development automation of real-time programming languages and inspires many research questions that can be jointly investigated by the embedded systems, programming languages as well as MDE communities

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India

Fast, Interactive Worst-Case Execution Time Analysis With Back-Annotation

Abstract—For hard real-time systems, static code analysis is needed to derive a safe bound on the worst-case execution time (WCET). Virtually all prior work has focused on the accuracy of WCET analysis without regard to the speed of analysis. The resulting algorithms are often too slow to be integrated into the development cycle, requiring WCET analysis to be postponed until a final verification phase. In this paper we propose interactive WCET analysis as a new method to provide near-instantaneous WCET feedback to the developer during software programming. We show that interactive WCET analysis is feasible using tree-based WCET calculation. The feedback is realized with a plugin for the Java editor jEdit, where the WCET values are back-annotated to the Java source at the statement level. Comparison of this treebased approach with the implicit path enumeration technique (IPET) shows that tree-based analysis scales better with respect to program size and gives similar WCET values. Index Terms—Real time systems, performance analysis, software performance, software reliability, software algorithms, safety I

A Methodology for Transforming Java Applications Towards Real-Time Performance

The development of real-time systems has traditionally been based on low-level programming languages, such as C and C++, as these provide a fine-grained control of the applications temporal behavior. However, the usage of such programming languages suffers from increased complexity and high error rates compared to high-level languages such as Java. The Java programming language provides many benefits to software development such as automatic memory management and platform independence. However, Java is unable to provide any real-time guarantees, as the high-level benefits come at the cost of unpredictable temporal behavior.This thesis investigates the temporal characteristics of the Java language and analyses several possibilities for introducing real-time guarantees, including official language extensions and commercial runtime environments. Based on this analysis a new methodology is proposed for Transforming Java Applications towards Real-time Performance (TJARP). This method motivates a clear definition of timing requirements, followed by an analysis of the system through use of the formal modeling languageVDM-RT. Finally, the method provides a set of structured guidelines to facilitate the choice of strategy for obtaining real-time performance using Java. To further support this choice, an analysis is presented of available solutions, supported by a simple case study and a series of benchmarks.Furthermore, this thesis applies the TJARP method to a complex industrialcase study provided by a leading supplier of mission critical systems. Thecase study proves how the TJARP method is able to analyze an existing and complex system, and successfully introduce hard real-time guaranteesin critical sub-components

Proceedings of the 9th Overture Workshop

This report contains the proceedings of The 9th Overture Workshop, held in Limerick on 20th June 2011