7,657 research outputs found
Linux kernel compaction through cold code swapping
There is a growing trend to use general-purpose operating systems like Linux in embedded systems. Previous research focused on using compaction and specialization techniques to adapt a general-purpose OS to the memory-constrained environment, presented by most, embedded systems. However, there is still room for improvement: it has been shown that even after application of the aforementioned techniques more than 50% of the kernel code remains unexecuted under normal system operation. We introduce a new technique that reduces the Linux kernel code memory footprint, through on-demand code loading of infrequently executed code, for systems that support virtual memory. In this paper, we describe our general approach, and we study code placement algorithms to minimize the performance impact of the code loading. A code, size reduction of 68% is achieved, with a 2.2% execution speedup of the system-mode execution time, for a case study based on the MediaBench II benchmark suite
On the Feasibility of Malware Authorship Attribution
There are many occasions in which the security community is interested to
discover the authorship of malware binaries, either for digital forensics
analysis of malware corpora or for thwarting live threats of malware invasion.
Such a discovery of authorship might be possible due to stylistic features
inherent to software codes written by human programmers. Existing studies of
authorship attribution of general purpose software mainly focus on source code,
which is typically based on the style of programs and environment. However,
those features critically depend on the availability of the program source
code, which is usually not the case when dealing with malware binaries. Such
program binaries often do not retain many semantic or stylistic features due to
the compilation process. Therefore, authorship attribution in the domain of
malware binaries based on features and styles that will survive the compilation
process is challenging. This paper provides the state of the art in this
literature. Further, we analyze the features involved in those techniques. By
using a case study, we identify features that can survive the compilation
process. Finally, we analyze existing works on binary authorship attribution
and study their applicability to real malware binaries.Comment: FPS 201
Investigating Strategies to Support Reverse-Engineering of Interactive Systems
Most software applications today provide a graphical user interface (GUI), which facilitates the use of the software by offering graphical and visual elements to the users. The correctness of the user interface is fundamental to the correct implementation of the overall software. Using reverse engineering tools and methods is one of the most efficient ways to understand a system, and to assess its functionality and usability. However, traditional reverse engineering methods are not well suited to interactive elements of a system. This research examines and analyzes reverse engineering techniques of interactive systems written in the Java programming language, with the aim of creating a set of models of the entire system namely, Presentation Models (PModels) and Presentation Interaction Models (PIMs), which are very effective in describing structural and functional behavioral features of the interactive system. This study will also highlight some of the problems that exist in this domain and investigate several possibilities for improving the process
Automatically generating complex test cases from simple ones
While source code expresses and implements design considerations for software system, test cases capture and represent the domain knowledge of software developer, her assumptions on the implicit and explicit interaction protocols in the system, and the expected behavior of different modules of the system in normal and exceptional conditions. Moreover, test cases capture information about the environment and the data the system operates on. As such, together with the system source code, test cases integrate important system and domain knowledge. Besides being an important project artifact, test cases embody up to the half the overall software development cost and effort. Software projects produce many test cases of different kind and granularity to thoroughly check the system functionality, aiming to prevent, detect, and remove different types of faults. Simple test cases exercise small parts of the system aiming to detect faults in single modules. More complex integration and system test cases exercise larger parts of the system aiming to detect problems in module interactions and verify the functionality of the system as a whole. Not surprisingly, the test case complexity comes at a cost -- developing complex test cases is a laborious and expensive task that is hard to automate. Our intuition is that important information that is naturally present in test cases can be reused to reduce the effort in generation of new test cases. This thesis develops this intuition and investigates the phenomenon of information reuse among test cases. We first empirically investigated many test cases from real software projects and demonstrated that test cases of different granularity indeed share code fragments and build upon each other. Then we proposed an approach for automatically generating complex test cases by extracting and exploiting information in existing simple ones. In particular, our approach automatically generates integration test cases from unit ones. We implemented our approach in a prototype to evaluate its ability to generate new and useful test cases for real software systems. Our studies show that test cases generated with our approach reveal new interaction faults even in well tested applications. We evaluated the effectiveness of our approach by comparing it with the state of the art test generation techniques. The evaluation results show that our approach is effective, it finds relevant faults differently from other approaches that tend to find different and usually less relevant faults
Experiences In Migrating An Industrial Application To Aspects
Aspect-Oriented Software Development (AOSD) is a paradigm aiming to solve
problems of object-oriented programming (OOP). With normal OOP itâs often
unlikely to accomplish fine system modularity due to crosscutting concerns being
scattered and tangled throughout the system. AOSD resolves this problem by its
capability to crosscut the regular code and as a consequence transfer the crosscutting
concerns to a single model called aspect. This thesis describes an experiment on
industrial application wherein the effectiveness of aspect-oriented techniques is
explained in migration the OOP application into aspects. The experiment goals at
first to identify the crosscutting concerns in source code of the industrial application
and transform these concerns to a functionally equivalent aspect-oriented version. In
addition to presenting experiences gained through the experiment, the thesis aims to
provide practical guidance of aspect solutions in a real application
Industrial-Strength Documentation for ACL2
The ACL2 theorem prover is a complex system. Its libraries are vast.
Industrial verification efforts may extend this base with hundreds of thousands
of lines of additional modeling tools, specifications, and proof scripts. High
quality documentation is vital for teams that are working together on projects
of this scale. We have developed XDOC, a flexible, scalable documentation tool
for ACL2 that can incorporate the documentation for ACL2 itself, the Community
Books, and an organization's internal formal verification projects, and which
has many features that help to keep the resulting manuals up to date. Using
this tool, we have produced a comprehensive, publicly available ACL2+Books
Manual that brings better documentation to all ACL2 users. We have also
developed an extended manual for use within Centaur Technology that extends the
public manual to cover Centaur's internal books. We expect that other
organizations using ACL2 will wish to develop similarly extended manuals.Comment: In Proceedings ACL2 2014, arXiv:1406.123
- âŠ