Development of a static analysis tool to find securty vulnerabilities in java applications

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2010Includes bibliographical references (leaves: 57-60)Text in English Abstract: Turkish and Englishix, 77 leavesThe scope of this thesis is to enhance a static analysis tool in order to find security limitations in java applications. This will contribute to the removal of some of the existing limitations related with the lack of java source codes. The generally used tools for a static analysis are FindBugs, Jlint, PMD, ESC/Java2, Checkstyle. In this study, it is aimed to utilize PMD static analysis tool which already has been developed to find defects Possible bugs (empty try/catch/finally/switch statements), Dead code (unused local variables, parameters and private methods), Suboptimal code (wasteful String/StringBuffer usage), Overcomplicated expressions (unnecessary if statements for loops that could be while loops), Duplicate code (copied/pasted code means copied/pasted bugs). On the other hand, faults possible unexpected exception, length may be less than zero, division by zero, stream not closed on all paths and should be a static inner class cases were not implemented by PMD static analysis tool. PMD performs syntactic checks and dataflow analysis on program source code.In addition to some detection of clearly erroneous code, many of the .bugs. PMD looks for are stylistic conventions whose violation might be suspicious under some circumstances. For example, having a try statement with an empty catch block might indicate that the caught error is incorrectly discarded. Because PMD includes many detectors for bugs that depend on programming style, PMD includes support for selecting which detectors or groups of detectors should be run. While PMD.s main structure was conserved, boundary overflow vulnerability rules have been implemented to PMD

Equivalence Partitioning as a Basis for Dynamic Conditional Invariant Detection

Program invariants are statements asserting properties of programs at certain points. They can assist developers and testers in understanding the program, and can be used for automated formal verification of the program. However, despite their usefulness they are often omitted from code. Dynamic invariant detection is a technique that discovers program invariants by observing execution of the program. One type of invariants that presents challenge to this technique is conditional invariants, which are considered to be computationally infeasible to be computed exhaustively. We present a new approach to assist conditional invariants detection, by analysing test suites used to drive the execution of the programs for their use of equivalence partitioning – a very common testing technique – and inferring conditional invariants from this information. A prototype implementation, named Yacon, is developed to work in conjunction with a mature dynamic invariant detection tool Daikon. Given a set of splitting conditions, Daikon can use them to infer conditional invariants. Yacon attempts to recover partitioning information from a given test suite, producing splitting conditions as a result. We introduced two strategies to recover partitioning information, one based on the presence of boundary value analysis testing technique; the other based on invariants within the test suite itself. We evaluated the effectiveness of each recovery strategy and the approach as a whole, and found that our approach can help make Daikon perform significantly better. However, the two recovery strategies only work well in limited circumstances, suggesting possible improvement in finding more effective recovery strategies

Equivalence Partitioning as a Basis for Dynamic Conditional Invariant Detection

Program invariants are statements asserting properties of programs at certain points. They can assist developers and testers in understanding the program, and can be used for automated formal verification of the program. However, despite their usefulness they are often omitted from code. Dynamic invariant detection is a technique that discovers program invariants by observing execution of the program. One type of invariants that presents challenge to this technique is conditional invariants, which are considered to be computationally infeasible to be computed exhaustively. We present a new approach to assist conditional invariants detection, by analysing test suites used to drive the execution of the programs for their use of equivalence partitioning – a very common testing technique – and inferring conditional invariants from this information. A prototype implementation, named Yacon, is developed to work in conjunction with a mature dynamic invariant detection tool Daikon. Given a set of splitting conditions, Daikon can use them to infer conditional invariants. Yacon attempts to recover partitioning information from a given test suite, producing splitting conditions as a result. We introduced two strategies to recover partitioning information, one based on the presence of boundary value analysis testing technique; the other based on invariants within the test suite itself. We evaluated the effectiveness of each recovery strategy and the approach as a whole, and found that our approach can help make Daikon perform significantly better. However, the two recovery strategies only work well in limited circumstances, suggesting possible improvement in finding more effective recovery strategies

Molecular genetics of chicken egg quality

Faultless quality in eggs is important in all production steps, from chicken to packaging, transportation, storage, and finally to the consumer. The egg industry (specifically transportation and packing) is interested in robustness, the consumer in safety and taste, and the chicken itself in the reproductive performance of the egg. High quality is commercially profitable, and egg quality is currently one of the key traits in breeding goals. In conventional breeding schemes, the more traits that are included in a selection index, the slower the rate of genetic progress for all the traits will be. The unveiling of the genes underlying the traits, and subsequent utilization of this genomic information in practical breeding, would enhance the selection progress, especially with traits of low inheritance, genderconfined traits, or traits which are difficult to assess. In this study, two experimental mapping populations were used to identify quantitative trait loci (QTL) of egg quality traits. A whole genome scan was conducted in both populations with different sets of microsatellite markers. Phenotypic observations of albumen quality, internal inclusions, egg taint, egg shell quality traits, and production traits during the entire production period were collected. To study the presence of QTL, a multiple marker linear regression was used. Polymorphisms found in candidate genes were used as SNP (single nucleotide polymorphism) markers to refine the map position of QTL by linkage and association. Furthermore, independent commercial egg layer lines were utilized to confirm some of the associations. Albumen quality, the incidence of internal inclusions, and egg taint were first mapped with the whole genome scan and fine-mapped with subsequent analyses. In albumen quality, two distinct QTL areas were found on chromosome 2. Vimentin, a gene maintaining the mechanical integrity of the cells, was studied as a candidate gene. Neither sequencing nor subsequent analysis using SNP within the gene in the QTL analysis suggested that variation in this gene could explain the effect on albumen thinning. The same mapping approach was used to study the incidence of internal inclusions, specifically, blood and meat spots. Linkage analysis revealed one genome-wide significant region on chromosome Z. Fine-mapping exposed that the QTL overlapped with a tight junction protein gene ZO-2, and a microsatellite marker inside the gene. Sequencing of a fragment of the gene revealed several SNPs. Two novel SNPs were found to be located in a miRNA (gga-mir-1556) within the ZO-2. MicroRNA-SNP and an exonic synonymous SNP were genotyped in the populations and showed significant association to blood and meat spots. A good congruence between the experimental population and commercial breeds was achieved both in QTL locations and in association results. As a conclusion, ZO-2 and gga-mir-1556 remained candidates for having a role in susceptibility to blood and meat spot defects across populations. This is the first report of QTL affecting blood and meat spot frequency in chicken eggs, albeit the effect explained only 2 % of the phenotypic variance. Fishy taint is a disorder, which is a characteristic of brown layer lines. Marker-trait association analyses of pooled samples indicated that egg-taint and the FMO3 gene map to chicken chromosome 8 and that the variation found by sequencing in the chicken FMO3 gene was associated with the TMA content of the egg. The missense mutation in the FMO3 changes an evolutionary, highly conserved amino acid within the FMO-characteristic motif (FATGY). In conclusion, several QTL regions affecting egg quality traits were successfully detected. Some of the QTL findings, such as albumen quality, remained at the level of wide chromosomal regions. For some QTL, a putative causative gene was indicated: miRNA gga-mir-1556 and/or its host gene ZO-2 might have a role in susceptibility to blood and meat spot defects across populations. Nonetheless, fishy taint in chicken eggs was found to be caused with a substitution within a conserved motif of the FMO3 gene. This variation has been used in a breeding program to eliminate fishy-taint defects from commercial egg layer lines. Objective The objective of this thesis was to map loci affecting economically important egg quality traits in chickens and to increase knowledge of the molecular genetics of these complex traits. The aim was to find markers linked to the egg quality traits, and finally unravel the variation in the genes underlying the phenotypic variation of internal egg quality. QTL mapping methodology was used to identify chromosomal regions affecting various production and egg quality traits (I, III, IV). Three internal egg quality traits were selected for fine-mapping (II, III, IV). Some of the results were verified in independent mapping populations and present-day commercial lines (III, IV). The ultimate objective was to find markers to be applied in commercial selection programs

Repetition between stakeholder (user) and system requirements

Stakeholder requirements (also known as user requirements) are defined at an early stage of a software project to describe the problem(s) to be solved. At a later stage, abstract solutions to those problems are prescribed in system requirements. The quality of these requirements has long been linked to the quality of the software system and its development or procurement process. However, little is known about the quality defect of redundancy between these two sets of requirements. Previous literature is anecdotal rather than exploratory, and so this paper empirically investigates its occurrence and consequences with a case study from a UK defense contractor. We report on a survey of sixteen consultants to understand their perception of the problem, and on an analysis of real-world software requirements documents using natural language processing techniques. We found that three quarters of the consultants had seen repetition in at least half of their projects. Additionally, we found that on average, a third of the requirement pairs’ (comprised of a system and its related stakeholder requirement) description fields were repeated such that one requirement in the pair added only trivial information. That is, solutions were described twice while their respective problems were not described, which ultimately lead to suboptimal decisions later in the development process, as well as reduced motivation to read the requirements set. Furthermore, the requirement fields considered to be secondary to the primary “description” field, such as the “rationale” or “fit criterion” fields, had considerably more repetition within UR–SysR pairs. Finally, given that the UR–SysR repetition phenomena received most of its discussion in the literature over a decade ago, it is interesting that the survey participants did not consider its occurrence to have declined since then. We provide recommendations on preventing the defect, and describe the freely available tool developed to automatically detect its occurrence and alleviate its consequences

Comparative performance of selected variability detection techniques in photometric time series

Photometric measurements are prone to systematic errors presenting a challenge to low-amplitude variability detection. In search for a general-purpose variability detection technique able to recover a broad range of variability types including currently unknown ones, we test 18 statistical characteristics quantifying scatter and/or correlation between brightness measurements. We compare their performance in identifying variable objects in seven time series data sets obtained with telescopes ranging in size from a telephoto lens to 1m-class and probing variability on time-scales from minutes to decades. The test data sets together include lightcurves of 127539 objects, among them 1251 variable stars of various types and represent a range of observing conditions often found in ground-based variability surveys. The real data are complemented by simulations. We propose a combination of two indices that together recover a broad range of variability types from photometric data characterized by a wide variety of sampling patterns, photometric accuracies, and percentages of outlier measurements. The first index is the interquartile range (IQR) of magnitude measurements, sensitive to variability irrespective of a time-scale and resistant to outliers. It can be complemented by the ratio of the lightcurve variance to the mean square successive difference, 1/h, which is efficient in detecting variability on time-scales longer than the typical time interval between observations. Variable objects have larger 1/h and/or IQR values than non-variable objects of similar brightness. Another approach to variability detection is to combine many variability indices using principal component analysis. We present 124 previously unknown variable stars found in the test data.Comment: 29 pages, 8 figures, 7 tables; accepted to MNRAS; for additional plots, see http://scan.sai.msu.ru/~kirx/var_idx_paper