87,951 research outputs found
Promoting Component Reuse by Separating Transmission Policy from Implementation
In this paper we present a methodology and set of tools which assist the
construction of applications from components, by separating the issues of
transmission policy from component definition and implementation. This promotes
a greater degree of software reuse than is possible using traditional
middleware environments. Whilst component technologies are usually presented as
a mechanism for promoting reuse, reuse is often limited due to design choices
that permeate component implementation. The programmer has no direct control
over inter-address-space parameter passing semantics: it is fixed by the
distributed application's structure, based on the remote accessibility of the
components. Using traditional middleware tools and environments, the
application designer may be forced to use an unnatural encoding of application
level semantics since application parameter passing semantics are tightly
coupled with the component deployment topology. This paper describes how
inter-address-space parameter passing semantics may be decided independently of
component implementation. Transmission policy may be dynamically defined on a
per-class, per-method or per-parameter basis.Comment: Submitted to ICDCS 200
Computational Soundness for Dalvik Bytecode
Automatically analyzing information flow within Android applications that
rely on cryptographic operations with their computational security guarantees
imposes formidable challenges that existing approaches for understanding an
app's behavior struggle to meet. These approaches do not distinguish
cryptographic and non-cryptographic operations, and hence do not account for
cryptographic protections: f(m) is considered sensitive for a sensitive message
m irrespective of potential secrecy properties offered by a cryptographic
operation f. These approaches consequently provide a safe approximation of the
app's behavior, but they mistakenly classify a large fraction of apps as
potentially insecure and consequently yield overly pessimistic results.
In this paper, we show how cryptographic operations can be faithfully
included into existing approaches for automated app analysis. To this end, we
first show how cryptographic operations can be expressed as symbolic
abstractions within the comprehensive Dalvik bytecode language. These
abstractions are accessible to automated analysis, and they can be conveniently
added to existing app analysis tools using minor changes in their semantics.
Second, we show that our abstractions are faithful by providing the first
computational soundness result for Dalvik bytecode, i.e., the absence of
attacks against our symbolically abstracted program entails the absence of any
attacks against a suitable cryptographic program realization. We cast our
computational soundness result in the CoSP framework, which makes the result
modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape
(Co-)Inductive semantics for Constraint Handling Rules
In this paper, we address the problem of defining a fixpoint semantics for
Constraint Handling Rules (CHR) that captures the behavior of both
simplification and propagation rules in a sound and complete way with respect
to their declarative semantics. Firstly, we show that the logical reading of
states with respect to a set of simplification rules can be characterized by a
least fixpoint over the transition system generated by the abstract operational
semantics of CHR. Similarly, we demonstrate that the logical reading of states
with respect to a set of propagation rules can be characterized by a greatest
fixpoint. Then, in order to take advantage of both types of rules without
losing fixpoint characterization, we present an operational semantics with
persistent. We finally establish that this semantics can be characterized by
two nested fixpoints, and we show the resulting language is an elegant
framework to program using coinductive reasoning.Comment: 17 page
Abstract State Machines 1988-1998: Commented ASM Bibliography
An annotated bibliography of papers which deal with or use Abstract State
Machines (ASMs), as of January 1998.Comment: Also maintained as a BibTeX file at http://www.eecs.umich.edu/gasm
Combining Forward and Backward Abstract Interpretation of Horn Clauses
Alternation of forward and backward analyses is a standard technique in
abstract interpretation of programs, which is in particular useful when we wish
to prove unreachability of some undesired program states. The current
state-of-the-art technique for combining forward (bottom-up, in logic
programming terms) and backward (top-down) abstract interpretation of Horn
clauses is query-answer transformation. It transforms a system of Horn clauses,
such that standard forward analysis can propagate constraints both forward, and
backward from a goal. Query-answer transformation is effective, but has issues
that we wish to address. For that, we introduce a new backward collecting
semantics, which is suitable for alternating forward and backward abstract
interpretation of Horn clauses. We show how the alternation can be used to
prove unreachability of the goal and how every subsequent run of an analysis
yields a refined model of the system. Experimentally, we observe that combining
forward and backward analyses is important for analysing systems that encode
questions about reachability in C programs. In particular, the combination that
follows our new semantics improves the precision of our own abstract
interpreter, including when compared to a forward analysis of a
query-answer-transformed system.Comment: Francesco Ranzato. 24th International Static Analysis Symposium
(SAS), Aug 2017, New York City, United States. Springer, Static Analysi
- …