255 research outputs found
A Tail-Recursive Semantics for Stack Inspections
Security folklore holds that a security mechanism based on stack inspection is incompatible with a global tail call optimization policy. An implementation of such a language may have to allocate memory for a source-code tail call, and a program that uses only tail calls (and no other memory-allocating construct) may nevertheless exhaust the available memory. In this paper, we prove this widely held belief wrong. We exhibit an abstract machine for a language with security stack inspection whose space consumption function is equivalent to that of the canonical tail call optimizing abstract machine. Our machine is surprisingly simple and suggests that tail-calls are as easy to implement in a security setting as they are in a conventional one
SAGA: A project to automate the management of software production systems
The Software Automation, Generation and Administration (SAGA) project is investigating the design and construction of practical software engineering environments for developing and maintaining aerospace systems and applications software. The research includes the practical organization of the software lifecycle, configuration management, software requirements specifications, executable specifications, design methodologies, programming, verification, validation and testing, version control, maintenance, the reuse of software, software libraries, documentation, and automated management
Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation
Largely known for attack scenarios, code reuse techniques at a closer look
reveal properties that are appealing also for program obfuscation. We explore
the popular return-oriented programming paradigm under this light, transforming
program functions into ROP chains that coexist seamlessly with the surrounding
software stack. We show how to build chains that can withstand popular static
and dynamic deobfuscation approaches, evaluating the robustness and overheads
of the design over common programs. The results suggest a significant amount of
computational resources would be required to carry a deobfuscation attack for
secret finding and code coverage goals.Comment: Published in the proceedings of DSN'21 (51st IEEE/IFIP Int. Conf. on
Dependable Systems and Networks). Code and BibTeX entry available at
https://github.com/pietroborrello/raindro
The performance evaluation of interpreter based computer systems
PhD ThesisThis thesis explores the problem of making accurate
assessments of the performance of high level language
interpreter programs which are embedded in some more
complex system. The overall system performance will be
determined by all the software and hardware components
present; but in order either to analyse and improve
particular components, or to select between alternative
versions of components, the concept of the performance
of individual components is important.
A model is developed for the abstract behaviour of
software components playing the role of an interpreter
by considering their interaction with the program code
which is being interpreted and with the underlying
virtual machine which is, in turn, interpreting them.
This model enables a flexible definition of performance
by relating the interactions in which an interpreter takes
part. A methodology is recommended for assessing
experimentally the performances defined within such a
framework.
The performances of an interesting selection of
pseudo-machine and high level interpreter implementations
of Lispkit and Prolog are then assessed and conclusions
drawn.United Kingdom Science Research Counci
Software maintenance by program transformation in a wide spectrum language
This thesis addresses the software maintenance problem of extracting high-level designs from code. The investigated solution is to use a mathematically-based formal program transformation system. The resulting tool, the Maintainer's Assistant, is based on Ward's [177] WSL (wide spectrum language) and method of proving program equivalence. The problems addressed include: how to reverse engineer from code alone (the only reliable source of information about a program [158]), how to express program transformations within the system, what kinds of transformations should be incorporated, how to make the tool simple to use, how to perform abstraction and how to create a tool suitable for use with large programs. Using the Maintainer's Assistant, the program code is automatically translated into WSL and the transformations, although tested for valid applicability by the system, are interactively applied by the user. Notable features include a mathematical simplifier, a large flexible transformation catalogue and, significantly, the use of an extension of WSL, A4etaWSL, for representing the transformations. MetaWSL expands WSL by incorporating a variety of extensions, including: program editing statements, pattern matching and template filling functions, symbolic mathematics and logic functions, statements for moving within the program’s syntax tree and statements for repeating an operation at each node of the tree. Using MetaWSL, 80% of the 601 transformations can be expressed in less than 20 program statements. The Maintainer's Assistant has been used on a wide variety of examples of up to several thousand lines, including commercial software written in IBM 370 assembler. It has been possible to transform initially unstructured programs into a hierarchy of procedures, facilitating subsequent design recovery. These results show that program transformation is a viable method of renovating old (370 assembler) code in a cost elective way, and that MetaWSL provides an effective basis for clearly and concisely expressing the required transformations
- …