A Tail-Recursive Semantics for Stack Inspections

Security folklore holds that a security mechanism based on stack inspection is incompatible with a global tail call optimization policy. An implementation of such a language may have to allocate memory for a source-code tail call, and a program that uses only tail calls (and no other memory-allocating construct) may nevertheless exhaust the available memory. In this paper, we prove this widely held belief wrong. We exhibit an abstract machine for a language with security stack inspection whose space consumption function is equivalent to that of the canonical tail call optimizing abstract machine. Our machine is surprisingly simple and suggests that tail-calls are as easy to implement in a security setting as they are in a conventional one

SAGA: A project to automate the management of software production systems

The Software Automation, Generation and Administration (SAGA) project is investigating the design and construction of practical software engineering environments for developing and maintaining aerospace systems and applications software. The research includes the practical organization of the software lifecycle, configuration management, software requirements specifications, executable specifications, design methodologies, programming, verification, validation and testing, version control, maintenance, the reuse of software, software libraries, documentation, and automated management

Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation

Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that are appealing also for program obfuscation. We explore the popular return-oriented programming paradigm under this light, transforming program functions into ROP chains that coexist seamlessly with the surrounding software stack. We show how to build chains that can withstand popular static and dynamic deobfuscation approaches, evaluating the robustness and overheads of the design over common programs. The results suggest a significant amount of computational resources would be required to carry a deobfuscation attack for secret finding and code coverage goals.Comment: Published in the proceedings of DSN'21 (51st IEEE/IFIP Int. Conf. on Dependable Systems and Networks). Code and BibTeX entry available at https://github.com/pietroborrello/raindro

The performance evaluation of interpreter based computer systems

PhD ThesisThis thesis explores the problem of making accurate assessments of the performance of high level language interpreter programs which are embedded in some more complex system. The overall system performance will be determined by all the software and hardware components present; but in order either to analyse and improve particular components, or to select between alternative versions of components, the concept of the performance of individual components is important. A model is developed for the abstract behaviour of software components playing the role of an interpreter by considering their interaction with the program code which is being interpreted and with the underlying virtual machine which is, in turn, interpreting them. This model enables a flexible definition of performance by relating the interactions in which an interpreter takes part. A methodology is recommended for assessing experimentally the performances defined within such a framework. The performances of an interesting selection of pseudo-machine and high level interpreter implementations of Lispkit and Prolog are then assessed and conclusions drawn.United Kingdom Science Research Counci

Software maintenance by program transformation in a wide spectrum language

This thesis addresses the software maintenance problem of extracting high-level designs from code. The investigated solution is to use a mathematically-based formal program transformation system. The resulting tool, the Maintainer's Assistant, is based on Ward's [177] WSL (wide spectrum language) and method of proving program equivalence. The problems addressed include: how to reverse engineer from code alone (the only reliable source of information about a program [158]), how to express program transformations within the system, what kinds of transformations should be incorporated, how to make the tool simple to use, how to perform abstraction and how to create a tool suitable for use with large programs. Using the Maintainer's Assistant, the program code is automatically translated into WSL and the transformations, although tested for valid applicability by the system, are interactively applied by the user. Notable features include a mathematical simplifier, a large flexible transformation catalogue and, significantly, the use of an extension of WSL, A4etaWSL, for representing the transformations. MetaWSL expands WSL by incorporating a variety of extensions, including: program editing statements, pattern matching and template filling functions, symbolic mathematics and logic functions, statements for moving within the program’s syntax tree and statements for repeating an operation at each node of the tree. Using MetaWSL, 80% of the 601 transformations can be expressed in less than 20 program statements. The Maintainer's Assistant has been used on a wide variety of examples of up to several thousand lines, including commercial software written in IBM 370 assembler. It has been possible to transform initially unstructured programs into a hierarchy of procedures, facilitating subsequent design recovery. These results show that program transformation is a viable method of renovating old (370 assembler) code in a cost elective way, and that MetaWSL provides an effective basis for clearly and concisely expressing the required transformations