Runtime Verification Of SQL Correctness Properties with YR-DB-RUNTIME-VERIF

Software correctness properties are essential to maintain quality by continuous and regressive inte- gration testing, as well as runtime monitoring the program after customer deployment. This paper presents an effective and lightweight C ++ program verification framework: YR_DB_RUNTIME_VERIF, to check SQL (Structure Query Language) [1] software correctness properties specified as temporal safety properties [2]. A temporal safety property specifies what behavior shall not occur, in a software, as sequence of program events. YR_DB_RUNTIME_VERIF allows specification of a SQL temporal safety property by means of a very small state diagram mealy machine [3]. In YR_DB_RUNTIME_VERIF, a spec- ification characterizes effects of program events (via SQL statements) on database table columns by means of set interface operations (∈, ∈), and, enable to check these characteristics hold or not at runtime. Integration testing is achieved for instance by expressing a state diagram that encompasses both Graphical User Interface (GUI) states and MySQL [4] databases queries that glue them. For example, a simple specification would encompass states between ’Department administration’ and ’Stock listing’ GUI interfaces, and transitions between them by means of MySQL databases oper- ations. YR_DB_RUNTIME_VERIF doesn’t generate false warnings; YR_DB_RUNTIME_VERIF specifications are not desirable (forbidden) specifications (fail traces). This paper focuses its examples on MySQL database specifications, labeled as states diagrams events, for the newly developed and FOSS (Free and Open Source Software) Enterprise Resource Planing Software YEROTH–ERP–3.0 [5].PROF. DR.-ING. DIPL.-INF. xavier noumbissi noundo

A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks

Android platform security is an active area of research where malware detection techniques continuously evolve to identify novel malware and improve the timely and accurate detection of existing malware. Adversaries are constantly in charge of employing innovative techniques to avoid or prolong malware detection effectively. Past studies have shown that malware detection systems are susceptible to evasion attacks where adversaries can successfully bypass the existing security defenses and deliver the malware to the target system without being detected. The evolution of escape-resistant systems is an open research problem. This paper presents a detailed taxonomy and evaluation of Android-based malware evasion techniques deployed to circumvent malware detection. The study characterizes such evasion techniques into two broad categories, polymorphism and metamorphism, and analyses techniques used for stealth malware detection based on the malware’s unique characteristics. Furthermore, the article also presents a qualitative and systematic comparison of evasion detection frameworks and their detection methodologies for Android-based malware. Finally, the survey discusses open-ended questions and potential future directions for continued research in mobile malware detection

Scalable collision detection for distributed virtual environments

PhD ThesisDistributed Virtual Environments (DVEs) provide a mechanism whereby dispersed users can interact with one-another within a shared \'irtual world. DVEs commonly allow users to interact with one-another in ways analogous to the real-world, e.g. mimicking Newtonian physics. A scalable DVE should enable large numbers of users to participate simultaneously, regardless of the In geographical location and hardware configurations of individual users. addition, these users should perceive a mutually-consistent virtual world in which each user perceives a consistent series of events in real-time. Collision detection and response is a fundamental requirement of most virtual environments and simulations. It is a computationally-expensive operation which must be perfonned at frequent intervals in all virtual environments which simulate the motion of solid objects. Collision detection has received large amounts of research interest and as a result a number of efficient collision detection algorithms have been proposed. However, these collision detection approaches are designed to detect collisions efficiently in simulations run on a single machine and are not capable of overcoming problems associated with scalability and consistency, which are of paramount importance in DVEs. This thesis presents a new collision detection approach, tenned distributed collision detection, which provides high-levels of scalability, consistency and responsiveness. This thesis presents the algorithms and theory which underpin the distributed collision detection approach and provides experimental results demonstrating its scalability and responsiveness

Efficient Precise Dynamic Data Race Detection For Cpu And Gpu

Data races are notorious bugs. They introduce non-determinism in programs behavior, complicate programs semantics, making it challenging to debug parallel programs. To make parallel programming easier, efficient data race detection has been a research topic in the last decades. However, existing data race detectors either sacrifice precision or incur high overhead, limiting their application to real-world applications and scenarios. This dissertation proposes approaches to improve the performance of dynamic data race detection without undermining precision, by identifying and removing metadata redundancy dynamically. This dissertation also explores ways to make it practical to detect data races dynamically for GPU programs, which has a disparate programming and execution model from CPU workloads. Further, this dissertation shows how the structured synchronization model in GPU programs can simplify the algorithm design of data race detection for GPU, and how the unique patterns in GPU workloads enable an efficient implementation of the algorithm, yielding a high-performance dynamic data race detector for GPU programs

A versatile data acquisition system for capturing electromagnetic emissions in VHF band

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.This research investigates the occurrence of EM emissions from compressed rock and assesses their value as precursors to earthquakes. It is understood that electromagnetic emissions are accompanied by crack generation in the Earth's crust, and effort has been targeted on the analysis of electromagnetic signals preceding seismic events. There is a need for a robust Data Acquisition System for the reliable collection of such signals. The design and deployment of a novel system form part of this research. The EM data collected by the Data Acquisition System is subsequently analysed and correlations are made with natural phenomena. The design of the Data Acquisition System is presented and meets a specification which includes accuracy, robustness, power consumption, remote configurability achieved by the development of a novel architecture for flash memories which significantly increases the live span of these devices. The measuring of electromagnetic emissions should be performed by reliable systems, using devices that fully correspond to the specifications set by the needs of this research. This type of systems is not fully covered by existing commercial devices. These prototype VHF field stations (ground base - electromagnetic variation monitors in VHF band) are located around the Hellenic Are. This region is one of the most seismically active regions in western Eurasia due to subduction of the oceanic African lithosphere beneath the Eurasian plate. After approximately two years of electromagnetic VHF data collection, the final stage of this project took place. In this stage, possible correlation between naturally occurring electromagnetic emissions in VHF band and seismic events within a predefined radius around the observation location is investigated. Supplementary, effects of alternative electromagnetic sources, such as solar activity, is considered. Whilst EM emissions from compressed rocks can be demonstrated in the laboratory, it was found from a two-year evaluation that no reliable correlation with earthquake events could be established. However, significant patterns of activity were detected in EM spectrum and it was shown that these correlate strongly with other naturally occurring phenomena such as solar flares. The Data Acquisition System as developed in this thesis has related applications in long term and remote sensing operations including meteorology, environmental analysis and surveillance.Funding was obtained from the National Foundation of Scholarships (I. K. Y.), and co-funded by the European Social Fund and National Resources - (EPEAEK II) ARXIMIDIS

Bit-Flip Aware Data Structures for Phase Change Memory

Big, non-volatile, byte-addressable, low-cost, and fast non-volatile memories like Phase Change Memory are appearing in the marketplace. They have the capability to unify both memory and storage and allow us to rethink the present memory hierarchy. An important draw-back to Phase Change Memory is limited write-endurance. In addition, Phase Change Memory shares with other Non-Volatile Random Access Memories an asym- metry in the energy costs of writes and reads. Best use of Non-Volatile Random Access Memories limits the number of times a Non-Volatile Random Access Memory cell changes contents, called a bit-flip. While the future of main memory is still unknown, we should already start to create data structures for them in order to shape the future era. This thesis investigates the creation of bit-flip aware data structures.The thesis first considers general ways in which a data structure can save bit- flips by smart overwrites and by using the exclusive-or of pointers. It then shows how a simple content dependent encoding can reduce bit-flips for web corpora. It then shows how to build hash based dictionary structures for Linear Hashing and Spiral Storage. Finally, the thesis presents Gray counters, close to bit-flip optimal counters that even enable age- based wear leveling with counters managed by the Non-Volatile Random Access Memories themselves instead of by the Operating Systems

Overcoming the Intuition Wall: Measurement and Analysis in Computer Architecture

These are exciting times for computer architecture research. Today there is significant demand to improve the performance and energy-efficiency of emerging, transformative applications which are being hammered out by the hundreds for new computing platforms and usage models. This booming growth of applications and the variety of programming languages used to create them is challenging our ability as architects to rapidly and rigorously characterize these applications. Concurrently, hardware has become more complex with the emergence of accelerators, multicore systems, and heterogeneity caused by further divergence between processor market segments. No one architect can now understand all the complexities of many systems and reason about the full impact of changes or new applications. To that end, this dissertation presents four case studies in quantitative methods. Each case study attacks a different application and proposes a new measurement or analytical technique. In each case study we find at least one surprising or unintuitive result which would likely not have been found without the application of our method

Automated Testing and Bug Reproduction of Android Apps

The large demand of mobile devices creates significant concerns about the quality of mobile applications (apps). The corresponding increase in app complexity has made app testing and maintenance activities more challenging. During app development phase, developers need to test the app in order to guarantee its quality before releasing it to the market. During the deployment phase, developers heavily rely on bug reports to reproduce failures reported by users. Because of the rapid releasing cycle of apps and limited human resources, it is difficult for developers to manually construct test cases for testing the apps or diagnose failures from a large number of bug reports. However, existing automated test case generation techniques are ineffective in exploring most effective events that can quickly improve code coverage and fault detection capability. In addition, none of existing techniques can reproduce failures directly from bug reports. This dissertation provides a framework that employs artifact intelligence (AI) techniques to improve testing and debugging of mobile apps. Specifically, the testing approach employs a Q-network that learns a behavior model from a set of existing apps and the learned model can be used to explore and generate tests for new apps. The framework is able to capture the fine-grained details of GUI events (e.g., visiting times of events, text on the widgets) and use them as features that are fed into a deep neural network, which acts as the agent to guide the app exploration. The debugging approach focuses on automatically reproducing crashes from bug reports for mobile apps. The approach uses a combination of natural language processing (NLP), deep learning, and dynamic GUI exploration to synthesize event sequences with the goal of reproducing the reported crash

Dynamic Symbolic Execution for Enhanced Intermediate Representation of Data Flow Space Applications

Verifying the safety and security requirements of embedded software requires a code analysis. Many software systems are developed based on software development libraries; therefore, code specifications are known at compiling time. Hence, many source-code analyses will be excluded, and low-level intermediate representations (LLIRs) of the analyzed binaries are preferred. Improving the expressiveness of the LLIR and enhancing it with more information from the binaries will improve the tightness of the applied analyses. This work is interested in developing a lifterthat lifts binaries into an enhanced LLIR and can resolve indirect jumps. LLVM is used as the LLIR. Our proposed lifter, which we call DEL (Dynamic symbolic Execution Lifter), combines both static and dynamic symbolic execution and strives to fully recover the analyzed program’s control flow. DEL consists of an API to translate ARMv7-M assembly instructions into static single assignment LLVM instructions, an LLIR to Z3 expressions parser, a memory model, a register model, and a specialized condition flags handler. This work used a case study based on a software development library for onboard data-handling applications developed at the German Aerospace Center (DLR), which is called the Tasking Framework. DEL demonstrated high accuracy of around 93% in resolving indirect jumps in our case study