11,659 research outputs found
Differentially Testing Soundness and Precision of Program Analyzers
In the last decades, numerous program analyzers have been developed both by
academia and industry. Despite their abundance however, there is currently no
systematic way of comparing the effectiveness of different analyzers on
arbitrary code. In this paper, we present the first automated technique for
differentially testing soundness and precision of program analyzers. We used
our technique to compare six mature, state-of-the art analyzers on tens of
thousands of automatically generated benchmarks. Our technique detected
soundness and precision issues in most analyzers, and we evaluated the
implications of these issues to both designers and users of program analyzers
Improving Strategies via SMT Solving
We consider the problem of computing numerical invariants of programs by
abstract interpretation. Our method eschews two traditional sources of
imprecision: (i) the use of widening operators for enforcing convergence within
a finite number of iterations (ii) the use of merge operations (often, convex
hulls) at the merge points of the control flow graph. It instead computes the
least inductive invariant expressible in the domain at a restricted set of
program points, and analyzes the rest of the code en bloc. We emphasize that we
compute this inductive invariant precisely. For that we extend the strategy
improvement algorithm of [Gawlitza and Seidl, 2007]. If we applied their method
directly, we would have to solve an exponentially sized system of abstract
semantic equations, resulting in memory exhaustion. Instead, we keep the system
implicit and discover strategy improvements using SAT modulo real linear
arithmetic (SMT). For evaluating strategies we use linear programming. Our
algorithm has low polynomial space complexity and performs for contrived
examples in the worst case exponentially many strategy improvement steps; this
is unsurprising, since we show that the associated abstract reachability
problem is Pi-p-2-complete
Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation
We present Anadroid, a static malware analysis framework for Android apps.
Anadroid exploits two techniques to soundly raise precision: (1) it uses a
pushdown system to precisely model dynamically dispatched interprocedural and
exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to
soundly approximate all possible interleavings of asynchronous entry points in
Android applications. (It also integrates static taint-flow analysis and least
permissions analysis to expand the class of malicious behaviors which it can
catch.) Anadroid provides rich user interface support for human analysts which
must ultimately rule on the "maliciousness" of a behavior.
To demonstrate the effectiveness of Anadroid's malware analysis, we had teams
of analysts analyze a challenge suite of 52 Android applications released as
part of the Auto- mated Program Analysis for Cybersecurity (APAC) DARPA
program. The first team analyzed the apps using a ver- sion of Anadroid that
uses traditional (finite-state-machine-based) control-flow-analysis found in
existing malware analysis tools; the second team analyzed the apps using a
version of Anadroid that uses our enhanced pushdown-based
control-flow-analysis. We measured machine analysis time, human analyst time,
and their accuracy in flagging malicious applications. With pushdown analysis,
we found statistically significant (p < 0.05) decreases in time: from 85
minutes per app to 35 minutes per app in human plus machine analysis time; and
statistically significant (p < 0.05) increases in accuracy with the
pushdown-driven analyzer: from 71% correct identification to 95% correct
identification.Comment: Appears in 3rd Annual ACM CCS workshop on Security and Privacy in
SmartPhones and Mobile Devices (SPSM'13), Berlin, Germany, 201
Towards Vulnerability Discovery Using Staged Program Analysis
Eliminating vulnerabilities from low-level code is vital for securing
software. Static analysis is a promising approach for discovering
vulnerabilities since it can provide developers early feedback on the code they
write. But, it presents multiple challenges not the least of which is
understanding what makes a bug exploitable and conveying this information to
the developer. In this paper, we present the design and implementation of a
practical vulnerability assessment framework, called Melange. Melange performs
data and control flow analysis to diagnose potential security bugs, and outputs
well-formatted bug reports that help developers understand and fix security
bugs. Based on the intuition that real-world vulnerabilities manifest
themselves across multiple parts of a program, Melange performs both local and
global analyses. To scale up to large programs, global analysis is
demand-driven. Our prototype detects multiple vulnerability classes in C and
C++ code including type confusion, and garbage memory reads. We have evaluated
Melange extensively. Our case studies show that Melange scales up to large
codebases such as Chromium, is easy-to-use, and most importantly, capable of
discovering vulnerabilities in real-world code. Our findings indicate that
static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference
on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA),
July 201
Development of accident prediction model by using artificial neural network (ANN)
Statistical or crash prediction model have frequently been used in highway
safety studies. They can be used in identify major contributing factors or establish
relationship between crashes and explanatory accident variables. The
measurements to prevent accident are from the speed reduction, widening the
roads, speed enforcement, or construct the road divider, or other else. Therefore,
the purpose of this study is to develop an accident prediction model at federal road
FT 050 Batu Pahat to Kluang. The study process involves the identification of
accident blackspot locations, establishment of general patterns of accident, analysis
of the factors involved, site studies, and development of accident prediction model
using Artificial Neural Network (ANN) applied software which named
NeuroShell2. The significant of the variables that are selected from these accident
factors are checked to ensure the developed model can give a good prediction
results. The performance of neural network is evaluated by using the Mean
Absolute Percentage Error (MAPE). The study result showed that the best neural
network for accident prediction model at federal road FT 050 is 4-10-1 with 0.1
learning rate and 0.2 momentum rate. This network model contains the lowest
value of MAPE and highest value of linear correlation, r which is 0.8986. This
study has established the accident point weightage as the rank of the blackspot
section by kilometer along the FT 050 road (km 1 – km 103). Several main
accident factors also have been determined along this road, and after all the data
gained, it has successfully analyzed by using artificial neural network
Pembangunan dan penilaian modul berbantukan komputer bagi subjek pemasaran : Politeknik Port Dickson
Kajian ini bertujuan membangunkan Modul Berbantukan Komputer (MBK) bagi
subjek Pemasaran. MBK ini dibangunkan dengan menggunakan pensian AutoPlay
Media dan Flash MX. Sampel kajian ini terdiri daripada 30 orang pelajar Diploma
Pemasaran di Politeknik Port Dickson. Data dikumpulkan melalui kaedah soal
selidik dan dianalisis berdasarkan kekerpan, peratusan dan skor min dengan
menggunakan perisian Statistical Package For Social Sciene (SPSS) versi 11.0.
Dapatan kajian menunjukkan penilaian terhadap pembagunan MBK di dalam proses
P&P adalah tinggi. Ini bermakna MBK ini sesuai digunakan di Politeknik Port
Dickson di dalam proses P&P
Preventing SQL Injection through Automatic Query Sanitization with ASSIST
Web applications are becoming an essential part of our everyday lives. Many
of our activities are dependent on the functionality and security of these
applications. As the scale of these applications grows, injection
vulnerabilities such as SQL injection are major security challenges for
developers today. This paper presents the technique of automatic query
sanitization to automatically remove SQL injection vulnerabilities in code. In
our technique, a combination of static analysis and program transformation are
used to automatically instrument web applications with sanitization code. We
have implemented this technique in a tool named ASSIST (Automatic and Static
SQL Injection Sanitization Tool) for protecting Java-based web applications.
Our experimental evaluation showed that our technique is effective against SQL
injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
A Static Analyzer for Large Safety-Critical Software
We show that abstract interpretation-based static program analysis can be
made efficient and precise enough to formally verify a class of properties for
a family of large programs with few or no false alarms. This is achieved by
refinement of a general purpose static analyzer and later adaptation to
particular programs of the family by the end-user through parametrization. This
is applied to the proof of soundness of data manipulation operations at the
machine level for periodic synchronous safety critical embedded software. The
main novelties are the design principle of static analyzers by refinement and
adaptation through parametrization, the symbolic manipulation of expressions to
improve the precision of abstract transfer functions, the octagon, ellipsoid,
and decision tree abstract domains, all with sound handling of rounding errors
in floating point computations, widening strategies (with thresholds, delayed)
and the automatic determination of the parameters (parametrized packing)
- …