1,069 research outputs found
Verifying Temporal Regular Properties of Abstractions of Term Rewriting Systems
The tree automaton completion is an algorithm used for proving safety
properties of systems that can be modeled by a term rewriting system. This
representation and verification technique works well for proving properties of
infinite systems like cryptographic protocols or more recently on Java Bytecode
programs. This algorithm computes a tree automaton which represents a (regular)
over approximation of the set of reachable terms by rewriting initial terms.
This approach is limited by the lack of information about rewriting relation
between terms. Actually, terms in relation by rewriting are in the same
equivalence class: there are recognized by the same state in the tree
automaton.
Our objective is to produce an automaton embedding an abstraction of the
rewriting relation sufficient to prove temporal properties of the term
rewriting system.
We propose to extend the algorithm to produce an automaton having more
equivalence classes to distinguish a term or a subterm from its successors
w.r.t. rewriting. While ground transitions are used to recognize equivalence
classes of terms, epsilon-transitions represent the rewriting relation between
terms. From the completed automaton, it is possible to automatically build a
Kripke structure abstracting the rewriting sequence. States of the Kripke
structure are states of the tree automaton and the transition relation is given
by the set of epsilon-transitions. States of the Kripke structure are labelled
by the set of terms recognized using ground transitions. On this Kripke
structure, we define the Regular Linear Temporal Logic (R-LTL) for expressing
properties. Such properties can then be checked using standard model checking
algorithms. The only difference between LTL and R-LTL is that predicates are
replaced by regular sets of acceptable terms
The Transitivity of Trust Problem in the Interaction of Android Applications
Mobile phones have developed into complex platforms with large numbers of
installed applications and a wide range of sensitive data. Application security
policies limit the permissions of each installed application. As applications
may interact, restricting single applications may create a false sense of
security for the end users while data may still leave the mobile phone through
other applications. Instead, the information flow needs to be policed for the
composite system of applications in a transparent and usable manner. In this
paper, we propose to employ static analysis based on the software architecture
and focused data flow analysis to scalably detect information flows between
components. Specifically, we aim to reveal transitivity of trust problems in
multi-component mobile platforms. We demonstrate the feasibility of our
approach with Android applications, although the generalization of the analysis
to similar composition-based architectures, such as Service-oriented
Architecture, can also be explored in the future
Translate One, Analyze Many: Leveraging the Microsoft Intermediate Language and Source Code Transformation for Model Checking
AbstractIn this paper we present a source transformation-based framework to support model checking of source code written with languages belonging to Microsoft's .NET platform. The framework includes a set of source transformation rules to guide the transformation, tools to support assertion checking, as well as a tool for the automation of deadlock detection. The framework results in both executable and formally verifiable artifacts. We provide details of the tools in the framework, and evaluate the framework on a few small case studies
Exploiting Model Checking for Mobile Botnet Detection
Android malware is increasing from the point of view of the complexity and the harmful actions. As a matter fact, malware writers are developing sophisticated techniques to infect mobile devices very closed to their counterpart for personal computers. One of these threats is represented by the possibility to control the infected devices from the attacker i.e., the so-called botnet. In this paper a method able to identify botnet in Android environment through model checking is proposed. Starting from the malicious payload definition, the proposed method is able to detect and to localize the code related to the malicious botnet. We experiment real-world botnet based Android malware, obtaining encouraging results
On the generation and analysis of program transformations
This thesis discusses the idea of using domain specific languages for program transformation, and the application, implementation and analysis of one such domain specific
language that combines rewrite rules for transformation and uses temporal logic to express its side conditions. We have conducted three investigations.
- An efficient implementation is described that is able to generate compiler optimizations from temporal logic specifications. Its description is accompanied by an
empirical study of its performance.
- We extend the fundamental ideas of this language to source code in order to write
bug fixing transformations. Example transformations are given that fix common
bugs within Java programs. The adaptations to the transformation language are
described and a sample implementation which can apply these transformations is
provided.
- We describe an approach to the formal analysis of compiler optimizations that
proves that the optimizations do not change the semantics of the program that
they are optimizing. Some example proofs are included.
The result of these combined investigations is greater than the sum of their parts.
By demonstrating that a declarative language may be efficiently applied and formally reasoned about satisfies both theoretical and practical concerns, whilst our extension
towards bug fixing shows more varied uses are possible
Monitoring method call sequences using annotations
In this paper we introduce JMSeq, a Java-based tool for monitoring sequences of method calls. JMSeq provides a simple but expressive language to specify the observables of a Java program in terms of sequences of possibly nested method calls. Similar to many monitoring-oriented environments, verification in JMSeq is done at run-time; unlike all other approaches based on aspect-oriented programming, JMSeq uses code annotation rather than instrumentation, and therefore is suitable for component-based software verification
On the Security of Software Systems and Services
This work investigates new methods for facing the security issues and threats arising from the composition of software. This task has been carried out through the formal modelling of both the software composition scenarios and the security properties, i.e., policies, to be guaranteed.
Our research moves across three different modalities of software composition which are of main interest for some of the most sensitive aspects of the modern information society. They are mobile applications, trust-based composition and service orchestration.
Mobile applications are programs designed for being deployable on remote platforms. Basically, they are the main channel for the distribution and commercialisation of software for mobile devices, e.g., smart phones and tablets. Here we study the security threats that affect the application providers and the hosting platforms. In particular, we present a programming framework for the development of applications with a static and dynamic security support. Also, we implemented an enforcement mechanism for applying fine-grained security controls on the execution of possibly malicious applications.
In addition to security, trust represents a pragmatic and intuitive way for managing the interactions among systems. Currently, trust is one of the main factors that human beings keep into account when deciding whether to accept a transaction or not. In our work we investigate the possibility of defining a fully integrated environment for security policies and trust including a runtime monitor.
Finally, Service-Oriented Computing (SOC) is the leading technology for business applications distributed over a network. The security issues related to the service networks are many and multi-faceted. We mainly deal with the static verification of secure composition plans of web services. Moreover, we introduce the synthesis
of dynamic security checks for protecting the services against illegal invocations
A Retrospective Look at the Monitoring and Checking (MaC) Framework
The Monitoring and Checking (MaC) project gave rise to a framework for runtime monitoring with respect to formally specified properties, which later came to be known as runtime verification. The project also built a pioneering runtime verification tool, Java-MaC, that was an instantiation of the approach to check properties of Java programs. In this retrospective, we discuss decisions made in the design of the framework and summarize lessons learned in the course of the project
Recommended from our members
Towards an aspect weaving BPEL engine
This position paper proposes the use of dynamic aspects and
the visitor design pattern to obtain a highly configurable and
extensible BPEL engine. Using these two techniques, the
core of this infrastructural software can be customised to
meet new requirements and add features such as debugging,
execution monitoring, or changing to another Web Service
selection policy. Additionally, it can easily be extended to
cope with customer-specific BPEL extensions. We propose
the use of dynamic aspects not only on the engine itself
but also on the workflow in order to tackle the problems of
Web Service hot deployment and hot fixes to long running
processes. In this way, composing aWeb Service "on-the-fly"
means weaving its choreography interface into the workflow
- …