Amorphous procedure extraction

The procedure extraction problem is concerned with the meaning preserving formation of a procedure from a (not necessarily contiguous) selected set of statements. Previous approaches to the problem have used dependence analysis to identify the non-selected statements which must be 'promoted' (also selected) in order to preserve semantics. All previous approaches to the problem have been syntax preserving. This work shows that by allowing transformation of the program's syntax it is possible to extract both procedures and functions in an amorphous manner. That is, although the amorphous extraction process is meaning preserving it is not necessarily syntax preserving. The amorphous approach is advantageous in a variety of situations. These include when it is desirable to avoid promotion, when a value-returning function is to be extracted from a scattered set of assignments to a variable, and when side effects are present in the program from which the procedure is to be extracted

Amorphous procedure extraction

The procedure extraction problem is concerned with the meaning preserving formation of a procedure from a (not necessarily contiguous) selected set of statements. Previous approaches to the problem have used dependence analysis to identify the non-selected statements which must be 'promoted' (also selected) in order to preserve semantics. All previous approaches to the problem have been syntax preserving. This work shows that by allowing transformation of the program's syntax it is possible to extract both procedures and functions in an amorphous manner. That is, although the amorphous extraction process is meaning preserving it is not necessarily syntax preserving. The amorphous approach is advantageous in a variety of situations. These include when it is desirable to avoid promotion, when a value-returning function is to be extracted from a scattered set of assignments to a variable, and when side effects are present in the program from which the procedure is to be extracted

Understanding Program Slices

Program slicing is a useful analysis for aiding different software engineering activities. In the past decades, various notions of program slices have been evolved as well as a number of methods to compute them. By now program slicing has numerous applications in software maintenance, program comprehension, reverse engineering, program integration, and software testing. Usability of program slicing for real world programs depends on many factors such as precision, speed, and scalability, which have already been addressed in the literature. However, only a little attention has been brought to the practical demand: when the slices are large or difficult to understand, which often occur in the case of larger programs, how to give an explanation for the user why a particular element has been included in the resulting slice. This paper describes a reasoning method about elements of static program slices

An Analysis of the Current Program Slicing and Algorithmic Debugging Based Techniques

This thesis presents a classification of program slicing based techniques. The classification allows us to identify the differences between existing techniques, but it also allows us to predict new slicing techniques. The study identifies and compares the dimensions that influence current techniques.Silva Galiana, JF. (2008). An Analysis of the Current Program Slicing and Algorithmic Debugging Based Techniques. http://hdl.handle.net/10251/14300Archivo delegad

A Scalable and Accurate Hybrid Vulnerability Analysis Framework

As the Internet has become an integral part of our everyday life for activities such as e-mail, online-banking, shopping, entertainment, etc., vulnerabilities in Web software arguably have greater impact than vulnerabilities in other types of software. Vulnerabilities in Web applications may lead to serious issues such as disclosure of confidential data, integrity violation, denial of service, loss of commercial confidence/customer trust, and threats to the continuity of business operations. For companies these issues can result in significant financial losses. The most common and serious threats for Web applications include injection vulnerabilities, where malicious input can be “injected” into the program to alter its intended behavior or the one of another system. These vulnerabilities can cause serious damage to a system and its users. For example, an attacker could compromise the systems underlying the application or gain access to a database containing sensitive information. The goal of this thesis is to provide a scalable approach, based on symbolic execution and constraint solving, which aims to effectively find injection vulnerabilities in the server-side code of Java Web applications and which generates no or few false alarms, minimizes false negatives, overcomes the path explosion problem and enables the solving of complex constraints

Empirical assessment of the effort needed to attack programs protected with client/server code splitting

Context. Code hardening is meant to fight malicious tampering with sensitive code executed on client hosts. Code splitting is a hardening technique that moves selected chunks of code from client to server. Although widely adopted, the effective benefits of code splitting are not fully understood and thoroughly assessed. Objective. The objective of this work is to compare non protected code vs. code splitting protected code, considering two levels of the chunk size parameter, in order to assess the effectiveness of the protection - in terms of both attack time and success rate - and to understand the attack strategy and process used to overcome the protection. Method. We conducted an experiment with master students performing attack tasks on a small application hardened with different levels of protection. Students carried out their task working at the source code level. Results. We observed a statistically significant effect of code splitting on the attack success rate that, on the average, was reduced from 89% with unprotected clear code to 52% with the most effective protection. The protection variant that moved some small-sized code chunks turned out to be more effective than the alternative moving fewer but larger chunks. Different strategies were identified yielding different success rates. Moreover, we discovered that successful attacks exhibited different process w.r.t. failed ones.Conclusions We found empirical evidence of the effect of code splitting, assessed the relative magnitude, and evaluated the influence of the chunk size parameter. Moreover, we extracted the process used to overcome such obfuscation technique

Designing a Task Assessment Tool for Ease and Risk within the Domestic Environment

Activities of Daily Living (ADL) and Instrumental Activities of Daily Living (IADL) enable people to continue to live independently, as far as possible. Slowing down a person’s decline or utilising equipment to maintain independence is a growing area of research. However, how we carry out daily tasks within the home can accelerate this decline. To date, little or no consideration has been given to quantifying load and the risk level associated with the performance of daily tasks within the home environment. This study evaluates and quantifies load and the risk level associated with the performance of domestic tasks which could be responsible for a person’s change in behaviour in the later stages of life. In order to understand the IADL tasks, an initial survey was used to gather different people’s perceptions about these tasks, and then to discover the hardest sub-task within the selected tasks. An observational study used existing ergonomic assessment methods to evaluate the postural load, and revealed that existing ergonomic tools are not enough on their own as they did not identify other risks which are associated with the performance of daily tasks. Finally, a task assessment tool for ease and risk (AER) was developed to evaluate and quantify the risk associated with the performance of daily tasks. AER is useful in the detection of early warnings (pre-event) for healthy individuals as well as for those undergoing rehabilitation, as it can easily identify the tasks that are hardest to perform. The tool is based on three risk parameters: (1) psychological perception of the tasks, (2) adopted postures and (3) manual handling. It is capable of assessing the risk level associated with individual tasks while simultaneously assessing the domestic load over a period of time. The novelty of this work is to propose a self-assessment tool which provides the knowledge about a person’s own risk associated with the performance of domestic tasks. The initial development of AER consisted of two phases: (1) development of AER and (2) evaluation of user trials, based on (a) ease of use of AER record sheet and (b) validity study. The AER trials overall used 20 healthy able-bodied participants and both trials were performed in the home environment. AER consists of a booklet and record sheets and specifically covers instrumental activities of daily living (IADL)[1] tasks but can also be extended to cover all tasks performed in the home environment. In the ease of use trial, the feedback questionnaire confirmed that AER is easy to use, free from ambiguity, applicable to almost all the tasks performed in the home environment and almost all participants agreed that AER does not require training for assessment. In the validity trials, the AER predicted risk level is measured in relation to perceived discomfort and it was found that AER has high sensitivity (78%), specificity (74%) and predictive (73% positive and 80% negative) values which revealed that AER is a sensitive and useful tool for identifying risk and perceived discomfort in performing daily tasks. It also concluded that the participants’ self-assessed (IADL) exposure scores were reasonably similar as compared to the researcher’s assessment and revealed that regular use of AER will help to obtain more accurate and reliable results. AER is able to assess the risk level associated with a single task and can also assess the general behaviour or domestic load over a period of time. AER is also helpful for identifying those tasks which required more caution when performed and which are responsible for someone’s change in behaviour in later life. Moreover, it is believed that AER may play a vital role in the development of comprehensive and proactive strategies for the detection of problems related to the home environment and for managing them effectively before it can affect a person’s quality of life