Towards Vulnerability Discovery Using Staged Program Analysis

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents multiple challenges not the least of which is understanding what makes a bug exploitable and conveying this information to the developer. In this paper, we present the design and implementation of a practical vulnerability assessment framework, called Melange. Melange performs data and control flow analysis to diagnose potential security bugs, and outputs well-formatted bug reports that help developers understand and fix security bugs. Based on the intuition that real-world vulnerabilities manifest themselves across multiple parts of a program, Melange performs both local and global analyses. To scale up to large programs, global analysis is demand-driven. Our prototype detects multiple vulnerability classes in C and C++ code including type confusion, and garbage memory reads. We have evaluated Melange extensively. Our case studies show that Melange scales up to large codebases such as Chromium, is easy-to-use, and most importantly, capable of discovering vulnerabilities in real-world code. Our findings indicate that static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 201

Maintenance Strategies to Reduce Downtime Due to Machine Positional Errors

Manufacturing strives to reduce waste and increase Overall Equipment Effectiveness (OEE). When managing machine tool maintenance a manufacturer must apply an appropriate decision technique in order to reveal hidden costs associated with production losses, reduce equipment downtime competently and similarly identify the machines’ performance. Total productive maintenance (TPM) is a maintenance program that involves concepts for maintaining plant and equipment effectively. OEE is a powerful metric of manufacturing performance incorporating measures of the utilisation, yield and efficiency of a given process, machine or manufacturing line. It supports TPM initiatives by accurately tracking progress towards achieving “perfect production.” This paper presents a review of maintenance management methodologies and their application to positional error calibration decision-making. The purpose of this review is to evaluate the contribution of maintenance strategies, in particular TPM, towards improving manufacturing performance, and how they could be applied to reduce downtime due to inaccuracy of the machine. This is to find a balance between predictive calibration, on-machine checking and lost production due to inaccuracy. This work redefines the role of maintenance management techniques and develops a framework to support the process of implementing a predictive calibration program as a prime method to supporting the change of philosophy for machine tool calibration decision making. Keywords—maintenance strategies, down time, OEE, TPM, decision making, predictive calibration

Fault-tolerant computer study

A set of building block circuits is described which can be used with commercially available microprocessors and memories to implement fault tolerant distributed computer systems. Each building block circuit is intended for VLSI implementation as a single chip. Several building blocks and associated processor and memory chips form a self checking computer module with self contained input output and interfaces to redundant communications buses. Fault tolerance is achieved by connecting self checking computer modules into a redundant network in which backup buses and computer modules are provided to circumvent failures. The requirements and design methodology which led to the definition of the building block circuits are discussed

Design of the software development and verification system (SWDVS) for shuttle NASA study task 35

An overview of the Software Development and Verification System (SWDVS) for the space shuttle is presented. The design considerations, goals, assumptions, and major features of the design are examined. A scenario that shows three persons involved in flight software development using the SWDVS in response to a program change request is developed. The SWDVS is described from the standpoint of different groups of people with different responsibilities in the shuttle program to show the functional requirements that influenced the SWDVS design. The software elements of the SWDVS that satisfy the requirements of the different groups are identified

Estimating the Indirect Effect of Sports Books on Other In-House Gaming Volumes

Using data from a repeater market hotel in Las Vegas, Nevada, the relationship between sports book and slot machine revenues is examined. Daily sports book write and daily slot handle are compared over a 250 day period. Though many industry leaders theorize that sports book gamblers also wager in slot banks, the results of this Autoregressive Integrated Moving Average (ARIMA) analysis fail to demonstrate a statistically significant relationship between sports book write and slot coin-in at the 0.05 alpha cutoff. This study advances literature currently available by establishing the lack of such a relationship and disputing the generally accepted assumption that sports books produce a substantial indirect contribution to slot revenues. While the sports book does generate a fairly constant direct profit for the casino, the absolute value of that profit is minimal and the results of the study show there is no indirect profit contribution from sports books to slot machines. Given these results, casino management may want to consider that a sports book is not an optimal use of casino floor space