332 research outputs found

    Towards A Verified Complex Protocol Stack in a Production Kernel: Methodology and Demonstration

    Get PDF
    Any useful computer system performs communication and any communication must be parsed before it is computed upon. Given their importance, one might expect parsers to receive a significant share of attention from the security community. This is, however, not the case: bugs in parsers continue to account for a surprising portion of reported and exploited vulnerabilities. In this thesis, I propose a methodology for supporting the development of software that depends on parsers---such as anything connected to the Internet---to safely support any reasonably designed protocol: data structures to describe protocol messages; validation routines that check that data received from the wire conforms to the rules of the protocol; systems that allow a defender to inject arbitrary, crafted input so as to explore the effectiveness of the parser; and systems that allow for the observation of the parser code while it is being explored. Then, I describe principled method of producing parsers that automatically generates the myriad parser-related software from a description of the protocol. This has many significant benefits: it makes implementing parsers simpler, easier, and faster; it reduces the trusted computing base to the description of the protocol and the program that compiles the description to runnable code; and it allows for easier formal verification of the generated code. I demonstrate the merits of the proposed methodology by creating a description of the USB protocol using a domain-specific language (DSL) embedded in Haskell and integrating it with the FreeBSD operating system. Using the industry-standard umap test-suite, I measure the performance and efficacy of the generated parser. I show that it is stable, that it is effective at protecting a system from both accidentally and maliciously malformed input, and that it does not incur unreasonable overhead

    PORTING OF FREERTOS ON A PYTHON VIRTUAL MACHINE FOR EMBEDDED AND IOT DEVICES

    Get PDF
    The fourth industrial revolution, The Industry 4.0, puts emphasis on the need of “Smart” and “Connected” objects through the use of services provided by Internet of Things, cyber-physical systems and cloud computing to optimize the cost, development time and remote connectivity. Development of highly scalable and flexible IoT applications is the need of time. These solutions require connectivity, less development time, time-to-market and at the same time offers a high performance and great reliability. Zerynth, a small company, provides its full stack for IoT solutions. Zerynth Virtual Machine is the core component among other components in stack which allow the programmers to code in python or hybrid C/Python coding with multithreaded Real Time OS with negligible memory footprint. The Python layer, Application Layer, is totally agnostic of underlying RTOS and hardware abstraction layer. This layered software architecture of Zerynth VM makes it totally compatible with new Industry 4.0 standard. The Hardware abstraction layer, VHAL, abstracts the hardware features of supported MCU and its peripherals while RTOS layer, VOSAL, uses the features of underlying Real Time OS. Zerynth VM can be ported with different Real Time OS and various hardware platforms depending upon the application’s cost, features and other relevant parameters. Configuring Kinetis MCU (MK64FN1M0VDC12) with existing VM became the first objective of my thesis. This configuration covers from scratch the clock, boot loading and peripheral support. Since previous version of Zerynth VM had a support of only Chibi2 OS which has certain dependency on the hardware layer underneath so this became another objective to separate the Chibi2 OS from VHAL layer for total independence. Finally, Porting of FreeRTOS on Zerynth VM with Hexiwear MCU as target board could a make a room for another RTOS hence enhancing the features and support of currently available VM. This thesis report describes all porting steps, procedures and testing methodologies starting from configuring a new hardware platform Hexiwear to FreeRTOS porting on Zerynth V

    Automatic Software Repair: a Bibliography

    Get PDF
    This article presents a survey on automatic software repair. Automatic software repair consists of automatically finding a solution to software bugs without human intervention. This article considers all kinds of repairs. First, it discusses behavioral repair where test suites, contracts, models, and crashing inputs are taken as oracle. Second, it discusses state repair, also known as runtime repair or runtime recovery, with techniques such as checkpoint and restart, reconfiguration, and invariant restoration. The uniqueness of this article is that it spans the research communities that contribute to this body of knowledge: software engineering, dependability, operating systems, programming languages, and security. It provides a novel and structured overview of the diversity of bug oracles and repair operators used in the literature

    On the Helpfulness of Answering Developer Questions on Discord with Similar Conversations and Posts from the Past

    Full text link
    A big part of software developers’ time is spent finding answers to their coding-task-related questions. To answer their questions, developers usually perform web searches, ask questions on Q&A websites, or, more recently, in chat communities. Yet, many of these questions have frequently already been answered in previous chat conversations or other online communities. Automatically identifying and then suggesting these previous answers to the askers could, thus, save time and effort. In an empirical analysis, we first explored the frequency of repeating questions on the Discord chat platform and assessed our approach to identify them automatically. The approach was then evaluated with real-world developers in a field experiment, through which we received 142 ratings on the helpfulness of the suggestions we provided to help answer 277 questions that developers posted in four Discord communities. We further collected qualitative feedback through 53 surveys and 10 follow-up interviews. We found that the suggestions were considered helpful in 40% of the cases, that suggesting Stack Overflow posts is more often considered helpful than past Discord conversations, and that developers have difficulties describing their problems as search queries and, thus, prefer describing them as natural language questions in online communities

    Making High-Performance Robots Safe and Easy to Use for an Introduction to Computing

    Full text link
    Robots are a popular platform for introducing computing and artificial intelligence to novice programmers. However, programming state-of-the-art robots is very challenging, and requires knowledge of concurrency, operation safety, and software engineering skills, which can take years to teach. In this paper, we present an approach to introducing computing that allows students to safely and easily program high-performance robots. We develop a platform for students to program RoboCup Small Size League robots using JavaScript. The platform 1) ensures physical safety at several levels of abstraction, 2) allows students to program robots using the JavaScript in the browser, without the need to install software, and 3) presents a simplified JavaScript semantics that shields students from confusing language features. We discuss our experience running a week-long workshop using this platform, and analyze over 3,000 student-written program revisions to provide empirical evidence that our approach does help students.Comment: 8 pages, 7 figures, 4 table

    Proceedings of The Rust-Edu Workshop

    Get PDF
    The 2022 Rust-Edu Workshop was an experiment. We wanted to gather together as many thought leaders we could attract in the area of Rust education, with an emphasis on academic-facing ideas. We hoped that productive discussions and future collaborations would result. Given the quick preparation and the difficulties of an international remote event, I am very happy to report a grand success. We had more than 27 participants from timezones around the globe. We had eight talks, four refereed papers and statements from 15 participants. Everyone seemed to have a good time, and I can say that I learned a ton. These proceedings are loosely organized: they represent a mere compilation of the excellent submitted work. I hope you’ll find this material as pleasant and useful as I have. Bart Massey 30 August 202
    • …
    corecore