167,448 research outputs found
Compositional Vulnerability Detection with Insecurity Separation Logic
Memory-safety issues and information leakage are known to be depressingly
common. We consider the compositional static detection of these kinds of
vulnerabilities in first-order C-like programs. Existing methods often treat
one type of vulnerability (e.g. memory-safety) but not the other (e.g.
information leakage). Indeed the latter are hyper-safety violations, making
them more challenging to detect than the former. Existing leakage detection
methods like Relational Symbolic Execution treat only non-interactive programs,
avoiding the challenges raised by nondeterminism for reasoning about
information leakage. Their implementations also do not treat non-trivial
leakage policies like value-dependent classification, which are becoming
increasingly common. Finally, being whole-program analyses they cannot be
applied compositionally -- to deduce the presence of vulnerabilities in a
program by analysing each of its parts -- thereby ruling out the possibility of
incremental analysis.
In this paper we remedy these shortcomings by presenting Insecurity
Separation Logic (InsecSL), an under-approximate relational program logic for
soundly detecting information leakage and memory-safety issues in interactive
programs. We show how InsecSL can be soundly automated by bi-abduction based
symbolic execution. Based on this, we design and implement a top-down,
contextual, compositional, inter-procedural analysis for vulnerability
detection. We implement our approach in a proof-of-concept tool, Underflow, for
analysing C programs, which we demonstrate by applying it to various case
studies
Technical Requirements Analysis and Control Systems (TRACS) Initial Operating Capability (IOC) documentation
The Technical Requirements Analysis and Control Systems (TRACS) software package is described. TRACS offers supplemental tools for the analysis, control, and interchange of project requirements. This package provides the fundamental capability to analyze and control requirements, serves a focal point for project requirements, and integrates a system that supports efficient and consistent operations. TRACS uses relational data base technology (ORACLE) in a stand alone or in a distributed environment that can be used to coordinate the activities required to support a project through its entire life cycle. TRACS uses a set of keyword and mouse driven screens (HyperCard) which imposes adherence through a controlled user interface. The user interface provides an interactive capability to interrogate the data base and to display or print project requirement information. TRACS has a limited report capability, but can be extended with PostScript conventions
Graph4Med: a web application and a graph database for visualizing and analyzing medical databases
Background: Medical databases normally contain large amounts of data in a variety of forms. Although they grant significant insights into diagnosis and treatment, implementing data exploration into current medical databases is challenging since these are often based on a relational schema and cannot be used to easily extract information for cohort analysis and visualization. As a consequence, valuable information regarding cohort distribution or patient similarity may be missed. With the rapid advancement of biomedical technologies, new forms of data from methods such as Next Generation Sequencing (NGS) or chromosome microarray (array CGH) are constantly being generated; hence it can be expected that the amount and complexity of medical data will rise and bring relational database systems to a limit. Description: We present Graph4Med, a web application that relies on a graph database obtained by transforming a relational database. Graph4Med provides a straightforward visualization and analysis of a selected patient cohort. Our use case is a database of pediatric Acute Lymphoblastic Leukemia (ALL). Along routine patientsâ health records it also contains results of latest technologies such as NGS data. We developed a suitable graph data schema to convert the relational data into a graph data structure and store it in Neo4j. We used NeoDash to build a dashboard for querying and displaying patientsâ cohort analysis. This way our tool (1) quickly displays the overview of patientsâ cohort information such as distributions of gender, age, mutations (fusions), diagnosis; (2) provides mutation (fusion) based similarity search and display in a maneuverable graph; (3) generates an interactive graph of any selected patient and facilitates the identification of interesting patterns among patients. Conclusion: We demonstrate the feasibility and advantages of a graph database for storing and querying medical databases. Our dashboard allows a fast and interactive analysis and visualization of complex medical data. It is especially useful for patients similarity search based on mutations (fusions), of which vast amounts of data have been generated by NGS in recent years. It can discover relationships and patterns in patients cohorts that are normally hard to grasp. Expanding Graph4Med to more medical databases will bring novel insights into diagnostic and research
TULIP 4
Tulip is an information visualization framework dedicated to the analysis and visualization of relational data. Based on more than 15 years of research and development, Tulip is built on a suite of tools and techniques , that can be used to address a large variety of domain-specific problems. With Tulip, we aim to provide Python and/or C++ developers a complete library, supporting the design of interactive information visualization applications for relational data, that can be customized to address a wide range of visualization problems. In its current iteration, Tulip enables the development of algorithms, visual encodings, interaction techniques, data models, and domain-specific visualizations. This development pipeline makes the framework efficient for creating research prototypes as well as developing end-user applications. The recent addition of a complete Python programming layer wraps up Tulip as an ideal tool for fast prototyping and treatment automation, allowing to focus on problem solving, and as a great system for teaching purposes at all education levels
A Dual-Engine for Early Analysis of Critical Systems
This paper presents a framework for modeling, simulating, and checking
properties of critical systems based on the Alloy language -- a declarative,
first-order, relational logic with a built-in transitive closure operator. The
paper introduces a new dual-analysis engine that is capable of providing both
counterexamples and proofs. Counterexamples are found fully automatically using
an SMT solver, which provides a better support for numerical expressions than
the existing Alloy Analyzer. Proofs, however, cannot always be found
automatically since the Alloy language is undecidable. Our engine offers an
economical approach by first trying to prove properties using a
fully-automatic, SMT-based analysis, and switches to an interactive theorem
prover only if the first attempt fails. This paper also reports on applying our
framework to Microsoft's COM standard and the mark-and-sweep garbage collection
algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI),
Berlin 201
Semantic Storage: Overview and Assessment
The Semantic Web has a great deal of momentum behind it. The promise of a âbetter webâ, where information is given well defined meaning and computers are better able to work with it has captured the imagination of a significant number of people, particularly in academia. Language standards such as RDF and OWL have appeared with remarkable speed, and development continues apace. To back up this development, there is a requirement for âsemantic databasesâ, where this data can be conveniently stored, operated upon, and retrieved. These already exist in the form of triple stores, but do not yet fulfil all the requirements that may be made of them, particularly in the area of performing inference using OWL. This paper analyses the current stores along with forthcoming technology, and finds that it is unlikely that a combination of speed, scalability, and complex inferencing will be practical in the immediate future. It concludes by suggesting alternative development routes
Relational Symbolic Execution
Symbolic execution is a classical program analysis technique used to show
that programs satisfy or violate given specifications. In this work we
generalize symbolic execution to support program analysis for relational
specifications in the form of relational properties - these are properties
about two runs of two programs on related inputs, or about two executions of a
single program on related inputs. Relational properties are useful to formalize
notions in security and privacy, and to reason about program optimizations. We
design a relational symbolic execution engine, named RelSym which supports
interactive refutation, as well as proving of relational properties for
programs written in a language with arrays and for-like loops
- âŠ