Towards a Generic Framework to Generate Explanatory Traces of Constraint Solving and Rule-Based Reasoning

In this report, we show how to use the Simple Fluent Calculus (SFC) to specify generic tracers, i.e. tracers which produce a generic trace. A generic trace is a trace which can be produced by different implementations of a software component and used independently from the traced component. This approach is used to define a method for extending a java based CHRor platform called CHROME (Constraint Handling Rule Online Model-driven Engine) with an extensible generic tracer. The method includes a tracer specification in SFC, a methodology to extend it, and the way to integrate it with CHROME, resulting in the platform CHROME-REF (for Reasoning Explanation Facilities), which is a constraint solving and rule based reasoning engine with explanatory traces

Towards a Generic Trace for Rule Based Constraint Reasoning

CHR is a very versatile programming language that allows programmers to declaratively specify constraint solvers. An important part of the development of such solvers is in their testing and debugging phases. Current CHR implementations support those phases by offering tracing facilities with limited information. In this report, we propose a new trace for CHR which contains enough information to analyze any aspects of \CHRv\ execution at some useful abstract level, common to several implementations. %a large family of rule based solvers. This approach is based on the idea of generic trace. Such a trace is formally defined as an extension of the $\omega_r^\lor$ semantics of CHR. We show that it can be derived form the SWI Prolog CHR trace

Towards a Generic Trace for Rule Based Constraint Reasoning

CHR is a very versatile programming language that allows programmers to declaratively specify constraint solvers. An important part of the development of such solvers is in their testing and debugging phases. Current CHR implementations support those phases by offering tracing facilities with limited information. In this report, we propose a new trace for CHR which contains enough information to analyze any aspects of \CHRv\ execution at some useful abstract level, common to several implementations. %a large family of rule based solvers. This approach is based on the idea of generic trace. Such a trace is formally defined as an extension of the $\omega_r^\lor$ semantics of CHR. We show that it can be derived form the SWI Prolog CHR trace.CHR (Constraint Handling Rules) est un langage de programmation adaptable qui permet de spécifier trés déclarativement des solveurs de contraintes. Un aspect important de leur mise au point concerne leur débogage. Les implantations actuelles de CHR offrent des possiblilités de traces avec relativement peu d'information. Dans ce rapport, nous proposons une nouvelle trace CHR qui contient suffisamment d'information pour analyser potentiellement tous les détails d'exécution de \CHRv, correspondant á un niveau d'analyse abstrait et utile, commun á différentes implémentations. Cette approche est fondée sur l'idée de trace générique. Une telle trace est définie comme une extension de la sémantique $\omega_r^\lor$ de CHR. On montre qu'elle peut être dérivée de la trace CHR de SWI Prolo

Publications of the Jet Propulsion Laboratory, July 1964 through June 1965

JPL publications bibliography with abstracts - reports on DSIF, Mariner program, Ranger project, Surveyor project, and other space programs, and space science

DEALING WITH NEXT-GENERATION MALWARE

Malicious programs are a serious problem that threatens the security of billions of Internet users. Today's malware authors are motivated by the easy financial gain they can obtain by selling on the underground market the information stolen from the infected hosts. To maximize their profit, miscreants continuously improve their creations to make them more and more resilient against anti-malware solutions. This increasing sophistication in malicious code led to next-generation malware, a new class of threats that exploit the limitations of state-of-the-art anti-malware products to bypass security protections and eventually evade detection. Unfortunately, current anti-malware technologies are inadequate to face next-generation malware. For this reason, in this dissertation we propose novel techniques to address the shortcomings of defensive technologies and to enhance current state-of-the-art security solutions. Dynamic behavior-based analysis is a very promising approach to automatically understand the behaviors a malicious program may exhibit at run-time. However, behavior-based solutions still present several limitations. First of all, these techniques may give incomplete results because the execution environments in which they are applied are synthetic and do not faithfully resemble the environments of end-users, the intended targets of the malicious activities. To overcome this problem, we present a new framework for improving behavior-based analysis of suspicious programs, that allows an end-user to delegate security labs the execution and the analysis of a program and to force the program to behave as if it were executed directly in the environment of the former. Our evaluation demonstrated that the proposed framework allows security labs to improve the completeness of the analysis, by analyzing a piece of malware on behalf of multiple end-users simultaneously, while performing a fine-grained analysis of the behavior of the program with no computational cost for the end-users. Another drawback of state-of-the-art defensive solutions is non-transparency: malicious programs are often able to determine that their execution is being monitored, and thus they can tamper with the analysis to avoid detection, or simply behave innocuously to mislead the anti-malware tool. At this aim, we propose a generic framework to perform complex dynamic system-level analyses of deployed production systems. By leveraging hardware support for virtualization available nowadays on all commodity machines, our framework is completely transparent to the system under analysis and it guarantees isolation of the analysis tools running on top of it. The internals of the kernel of the running system need not to be modified and the whole platform runs unaware of the framework. Once the framework has been installed, even kernel-level malware cannot detect it or affect its execution. This is accomplished by installing a minimalistic virtual machine monitor and migrating the system, as it runs, into a virtual machine. To demonstrate the potentials of our framework we developed an interactive kernel debugger, named HyperDbg. As HyperDbg can be used to monitor any critical system component, it is suitable to analyze even malicious programs that include kernel-level modules. Despite all the progress anti-malware technologies can make, perfect malware detection remains an undecidable problem. When it is not possible to prevent a malicious threat from infecting a system, post-infection remediation remains the only viable possibility. However, if the machine has already been compromised, the execution of the remediation tool could be tampered by the malware that is running on the system. To address this problem we present Conqueror, a software-based attestation scheme for tamper-proof code execution on untrusted legacy systems. Besides providing load-time attestation of a piece of code, Conqueror also ensures run-time integrity. Conqueror constitutes a valid alternative to trusted computing platforms, for systems lacking specialized hardware for attestation. We implemented a prototype, specific for the Intel x86 architecture, and evaluated the proposed scheme. Our evaluation showed that, compared to competitors, Conqueror is resistant to both static and dynamic attacks. We believe Conqueror and our transparent dynamic analysis framework constitute important building blocks for creating new security applications. To demonstrate this claim, we leverage the aforementioned solutions to realize HyperSleuth, an infrastructure to securely perform live forensic analysis of potentially compromised production systems. HyperSleuth provides a trusted execution environment that guarantees an attacker controlling the system cannot interfere with the analysis and cannot tamper with the results. The framework can be installed as the system runs, without a reboot and without loosing any volatile data. Moreover, the analysis can be periodically and safely interrupted to resume normal execution of the system. On top of HyperSleuth we implemented three forensic analysis tools: a lazy physical memory dumper, a lie detector, and a system call tracer. The experimental evaluation we conducted demonstrated that even time consuming analyses, such as the dump of the content of the physical memory, can be securely performed without interrupting the services offered by the system

Symbolic Execution for Advanced Program Reasoning

Ph.DDOCTOR OF PHILOSOPH

Conception de traces et applications (vers une méta-théorie des traces).

Méta Théorie des traces et applications Manuscrit. Etat au 5/2/2010 Il s'agit de la première version dans laquelle tous les exemples ont été mis en cohérence avec le texte.Ce document est une synthèse en évolution constante de quelques travaux et réflexions conduits après 2004 (la fin du projet OADymPPaC) et concernant une méthodologie de constructions de traces. Par "trace" nous entendons toute suite discrète non bornée d'événements constitués chacun d'un ensemble d'attributs et susceptibles de rendre compte en partie du comportement d'un système ou phénomène observé. Ce que nous voulons étudier ici est le processus par lequel une trace est finalement conçue. Le développement de traces pour un processus ou une famille de processus repose sur un cycle d'observations et d'analyses qui conduit progressivement à identifier les concepts éventuellement mesurables et utiles à une analyse. Cette analyse permettra éventuellement elle-même de trouver de nouveaux concepts utiles à la compréhension du phénomène observé, qui, à leur tour, pourront amener à introduire de nouveaux concepts mesurables et de nouveaux attributs dans la trace. L'identification des concepts est liée à une activité de modélisation et d'abstraction, et leur transcription dans une trace relève de la recherche de leur représentation sous une forme aisément transmissible, mais aussi utilisable pour les analyses. Ce que nous attendons d'une telle étude, outre bien sûr une meilleure compréhension de la manière dont sont construites les traces, c'est une méthode rigoureuse de développement de traces susceptible de s'appuyer sur des outils. Un résultat intéressant, par exemple, peut -être un langage de prototypage de trace indépendant des processus observés. Au stade où en est cette étude l'auteur n'a pu conduire que des expérimentations dans le domaine des solveurs de contraintes. L'observation par des traces du comportement parfois inattendu d'un solveur, où chaque contrainte peut-être vue comme un agent agissant sur un domaine, a mis en évidence l'intérêt potentiel d'une approche méthodologique. On a pu montrer en particulier comment il était possible d'améliorer la réalisation de traceurs grâce à cette approche tant au plan de la conception que de l'implantation. De manière générale on retrouve le concept de trace dans de nombreux champs d'études allant du génie logiciel aux traces mémorielles dans le système nerveux, en passant par l'apprentissage en environnement médié

Conception de traces, et applications, vers une méta-théorie des traces (Towards a Meta-Thoery of traces)

By "trace" we mean any sequence of discrete events, each consisting of a set of attributes that may reflect in part the behavior of a system or observed phenomenon. What we want to study here is the process by which a trace (and its tracer) is finally designed. Traces development of a process or a family of processes is based on a serie of observations and analysis that led gradually to identify any measurable concepts and useful analysis. This analysis will eventually itself help to find new concepts for understanding the phenomenon, which, in turn, may lead to the introduction of new concepts and new measurable attributes in the trace. The identification of concepts is related to an activity of modeling and abstracting, and their transcription in a trace is seeking a representation in an easily transmissible form, also usable for analysis. What we expect from such a study, in addition, of course, of a better understanding of how the traces are built, is a rigorous methodology for developing traces based on reliable tools. An interesting result, for example, could be a domain independent prototyping language for generic trace construction. At this stage, only experimentations in the field of constraints solvers have been realized. The observation of traces showing unexpected behavior of solvers, where each constraint can be seen as an agent acting on a domain, has highlighted the potential of such a methodological approach. It was shown in particular how it was possible to improve the development of tracers using this approach for design as for implementation aspects as well. The concept of trace is used in many fields of studies, ranging from software engineering to neuronal trace, through mediated learning environment. One of the goal of this study is to facilitate, by a systematized approach of traces, a possible cross-fertilization between fields as diverse as software engineering, data analysis, education, medicine and philosophy

Development and Application of Fluxomics Tools for Analyzing Metabolisms in Non-Model Microorganisms

Decoding microbial metabolism is of great importance in revealing the mechanisms governing the physiology of microbes and rewiring the cellular functions in metabolic engineering. Complementing the genomics, transcriptomics, proteinomics and metabolomics analysis of microbial metabolism, fluxomics tools can measure and simulate the in vivo enzymatic reactions as direct readouts of microbial metabolism. This dissertation develops and applies broad-scope tools in metabolic flux analysis to investigate metabolic insights of non-model environmental microorganisms. 13C-based pathway analysis has been applied to analyze specific carbon metabolic routes by tracing and analyzing isotopomer labeling patterns of different metabolites after growing cells with 13C-labeled substrates. Novel pathways, including Re-type citrate synthase in tricarboxylic acid cycle and citramalate pathways as an alternate route for isoleucine biosynthesis, have been identified in Thermoanaerobacter X514 and other environmental microorganisms. Via the same approach, the utilizations of diverse carbon/nitrogen substrates and productions of hydrogen during mixotrophic metabolism in Cyanothece 51142 have been characterized, and the medium for a slow-growing bacterium, Dehalococcoides ethenogenes 195, has been optimized. In addition, 13C-based metabolic flux analysis has been developed to quantitatively profile flux distributions in central metabolisms in a green sulfur bacterium, Chlorobaculum tepidum, and thermophilic ethanol-producing Thermoanaerobacter X514. The impact of isotope discrimination on 13C-based metabolic flux analysis has also been estimated. A constraint-based flux analysis approach was newly developed to integrate the bioprocess model into genome-scale flux balance analysis to decipher the dynamic metabolisms of Shewanella oneidensis MR-1. The sub-optimal metabolism and the time-dependent metabolic fluxes were profiled in a genome-scale metabolic network. A web-based platform was constructed for high-throughput metabolic model drafting to bridge the gap between fast-paced genome-sequencing and slow-paced metabolic model reconstruction. The platform provides over 1,000 sequenced genomes for model drafting and diverse customized tools for model reconstruction. The in silico simulation of flux distributions in both metabolic steady state and dynamic state can be achieved via flux balance analysis and dynamic flux balance analysis embedded in this platform. Cutting-edge fluxomics tools for functional characterization and metabolic prediction continue to be developed in the future. Broad-scope systems biology tools with integration of transcriptomics, proteinomics and fluxomics can reveal cell-wide regulations and speed up the metabolic engineering of non-model microorganisms for diverse bioenergy and environmental applications