19,861 research outputs found
Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation
We present Anadroid, a static malware analysis framework for Android apps.
Anadroid exploits two techniques to soundly raise precision: (1) it uses a
pushdown system to precisely model dynamically dispatched interprocedural and
exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to
soundly approximate all possible interleavings of asynchronous entry points in
Android applications. (It also integrates static taint-flow analysis and least
permissions analysis to expand the class of malicious behaviors which it can
catch.) Anadroid provides rich user interface support for human analysts which
must ultimately rule on the "maliciousness" of a behavior.
To demonstrate the effectiveness of Anadroid's malware analysis, we had teams
of analysts analyze a challenge suite of 52 Android applications released as
part of the Auto- mated Program Analysis for Cybersecurity (APAC) DARPA
program. The first team analyzed the apps using a ver- sion of Anadroid that
uses traditional (finite-state-machine-based) control-flow-analysis found in
existing malware analysis tools; the second team analyzed the apps using a
version of Anadroid that uses our enhanced pushdown-based
control-flow-analysis. We measured machine analysis time, human analyst time,
and their accuracy in flagging malicious applications. With pushdown analysis,
we found statistically significant (p < 0.05) decreases in time: from 85
minutes per app to 35 minutes per app in human plus machine analysis time; and
statistically significant (p < 0.05) increases in accuracy with the
pushdown-driven analyzer: from 71% correct identification to 95% correct
identification.Comment: Appears in 3rd Annual ACM CCS workshop on Security and Privacy in
SmartPhones and Mobile Devices (SPSM'13), Berlin, Germany, 201
MeshRouter Primitives: Messages, Interest, and Interpreters
The MeshRouter architecture provides a general framework for interest-limited message ex-
changes among client processes. There are two general areas in which the MeshRouter im-
plementation depends on specics of the associated clients: i) the lowest level inter-processor
communications model and ii) the nature/content of exchanged messages and \interest". This
note describes the hierarchical object design (C++ sense) used to implement the basic Message
and Interest objects of the MeshRouter. Interfaces are dened in terms of abstract base classes,
and specific inherited objects appropriate for the RTI-s/JSAF application are presented as
concrete examples. The MeshRouter system includes a substantial memory management com-
ponent for efficient use of the basic Message objects. This system is summarized and plausible
near-term extensions are noted
Foam: A General-Purpose Cellular Monte Carlo Event Generator
A general purpose, self-adapting, Monte Carlo (MC) event generator
(simulator) is described. The high efficiency of the MC, that is small maximum
weight or variance of the MC weight is achieved by means of dividing the
integration domain into small cells. The cells can be -dimensional
simplices, hyperrectangles or Cartesian product of them. The grid of cells,
called ``foam'', is produced in the process of the binary split of the cells.
The choice of the next cell to be divided and the position/direction of the
division hyper-plane is driven by the algorithm which optimizes the ratio of
the maximum weight to the average weight or (optionally) the total variance.
The algorithm is able to deal, in principle, with an arbitrary pattern of the
singularities in the distribution. As any MC generator, it can also be used for
the MC integration. With the typical personal computer CPU, the program is able
to perform adaptive integration/simulation at relatively small number of
dimensions (). With the continuing progress in the CPU power, this
limit will get inevitably shifted to ever higher dimensions. {\tt Foam} is
aimed (and already tested) as a component in the MC event generators for the
high energy physics experiments. A few simple examples of the related
applications are presented. {\tt Foam} is written in fully object-oriented
style, in the C++ language. Two other versions with a slightly limited
functionality, are available in the Fortran77 language. The source codes are
available from http://jadach.home.cern.ch/jadach
Pruning, Pushdown Exception-Flow Analysis
Statically reasoning in the presence of exceptions and about the effects of
exceptions is challenging: exception-flows are mutually determined by
traditional control-flow and points-to analyses. We tackle the challenge of
analyzing exception-flows from two angles. First, from the angle of pruning
control-flows (both normal and exceptional), we derive a pushdown framework for
an object-oriented language with full-featured exceptions. Unlike traditional
analyses, it allows precise matching of throwers to catchers. Second, from the
angle of pruning points-to information, we generalize abstract garbage
collection to object-oriented programs and enhance it with liveness analysis.
We then seamlessly weave the techniques into enhanced reachability computation,
yielding highly precise exception-flow analysis, without becoming intractable,
even for large applications. We evaluate our pruned, pushdown exception-flow
analysis, comparing it with an established analysis on large scale standard
Java benchmarks. The results show that our analysis significantly improves
analysis precision over traditional analysis within a reasonable analysis time.Comment: 14th IEEE International Working Conference on Source Code Analysis
and Manipulatio
Designing a programming-based approach for modelling scientific phenomena
We describe an iteratively designed sequence of activities involving the modelling of 1- dimensional collisions between moving objects based on programming in ToonTalk. Students aged 13-14 in two settings (London and Cyprus) investigated a number of collision situations, classified into six classes based on the relative velocities and masses of the colliding objects. We describe iterations of the system in which students engaged in a repeating cycle of activity for each collision class: prediction of object behaviour from given collision conditions, observation of a relevant video clip, building a model to represent the phenomena, testing, validating and refining their model, and publishing it – together with comments – on our web-based collaboration system, WebReports. Students were encouraged to consider the limitations of their current model, with the aim that they would eventually appreciate the benefit of constructing a general model that would work for all collision classes, rather than a different model for each class. We describe how our intention to engage students with the underlying concepts of conservation, closed systems and system states was instantiated in the activity design, and how the modelling activities afforded an alternative representational framework to traditional algebraic description
CUP: Comprehensive User-Space Protection for C/C++
Memory corruption vulnerabilities in C/C++ applications enable attackers to
execute code, change data, and leak information. Current memory sanitizers do
no provide comprehensive coverage of a program's data. In particular, existing
tools focus primarily on heap allocations with limited support for stack
allocations and globals. Additionally, existing tools focus on the main
executable with limited support for system libraries. Further, they suffer from
both false positives and false negatives.
We present Comprehensive User-Space Protection for C/C++, CUP, an LLVM
sanitizer that provides complete spatial and probabilistic temporal memory
safety for C/C++ program on 64-bit architectures (with a prototype
implementation for x86_64). CUP uses a hybrid metadata scheme that supports all
program data including globals, heap, or stack and maintains the ABI. Compared
to existing approaches with the NIST Juliet test suite, CUP reduces false
negatives by 10x (0.1%) compared to the state of the art LLVM sanitizers, and
produces no false positives. CUP instruments all user-space code, including
libc and other system libraries, removing them from the trusted code base
Universal Interface of TAUOLA Technical and Physics Documentation
Because of their narrow width, tau decays can be well separated from their
production process. Only spin degrees of freedom connect these two parts of the
physics process of interest for high energy collision experiments. In the
following, we present a Monte Carlo algorithm which is based on that property.
The interface supplements events generated by other programs, with tau decays.
Effects of spin, genuine weak corrections or of new physics may be taken into
account at the time when a tau decay is generated and written into an event
record.Comment: 1+44 pages, 17 eps figure
A generic multibody simulation
Described is a dynamic simulation package which can be configured for orbital test scenarios involving multiple bodies. The rotational and translational state integration methods are selectable for each individual body and may be changed during a run if necessary. Characteristics of the bodies are determined by assigning components consisting of mass properties, forces, and moments, which are the outputs of user-defined environmental models. Generic model implementation is facilitated by a transformation processor which performs coordinate frame inversions. Transformations are defined in the initialization file as part of the simulation configuration. The simulation package includes an initialization processor, which consists of a command line preprocessor, a general purpose grammar, and a syntax scanner. These permit specifications of the bodies, their interrelationships, and their initial states in a format that is not dependent on a particular test scenario
- …