22,344 research outputs found
Recommended from our members
Integrity static analysis of COTS/SOUP
This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme
SmartTrack: Efficient Predictive Race Detection
Widely used data race detectors, including the state-of-the-art FastTrack
algorithm, incur performance costs that are acceptable for regular in-house
testing, but miss races detectable from the analyzed execution. Predictive
analyses detect more data races in an analyzed execution than FastTrack
detects, but at significantly higher performance cost.
This paper presents SmartTrack, an algorithm that optimizes predictive race
detection analyses, including two analyses from prior work and a new analysis
introduced in this paper. SmartTrack's algorithm incorporates two main
optimizations: (1) epoch and ownership optimizations from prior work, applied
to predictive analysis for the first time; and (2) novel conflicting critical
section optimizations introduced by this paper. Our evaluation shows that
SmartTrack achieves performance competitive with FastTrack-a qualitative
improvement in the state of the art for data race detection.Comment: Extended arXiv version of PLDI 2020 paper (adds Appendices A-E) #228
SmartTrack: Efficient Predictive Race Detectio
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Integrated testing and verification system for research flight software design document
The NASA Langley Research Center is developing the MUST (Multipurpose User-oriented Software Technology) program to cut the cost of producing research flight software through a system of software support tools. The HAL/S language is the primary subject of the design. Boeing Computer Services Company (BCS) has designed an integrated verification and testing capability as part of MUST. Documentation, verification and test options are provided with special attention on real time, multiprocessing issues. The needs of the entire software production cycle have been considered, with effective management and reduced lifecycle costs as foremost goals. Capabilities have been included in the design for static detection of data flow anomalies involving communicating concurrent processes. Some types of ill formed process synchronization and deadlock also are detected statically
- …