184,222 research outputs found
A Historical Perspective on Runtime Assertion Checking in Software Development
This report presents initial results in the area of software testing and analysis produced as part of the Software Engineering Impact Project. The report describes the historical development of runtime assertion checking, including a description of the origins of and significant features associated with assertion checking mechanisms, and initial findings about current industrial use. A future report will provide a more comprehensive assessment of development practice, for which we invite readers of this report to contribute information
Shai: Enforcing Data-Specific Policies with Near-Zero Runtime Overhead
Data retrieval systems such as online search engines and online social
networks must comply with the privacy policies of personal and selectively
shared data items, regulatory policies regarding data retention and censorship,
and the provider's own policies regarding data use. Enforcing these policies is
difficult and error-prone. Systematic techniques to enforce policies are either
limited to type-based policies that apply uniformly to all data of the same
type, or incur significant runtime overhead.
This paper presents Shai, the first system that systematically enforces
data-specific policies with near-zero overhead in the common case. Shai's key
idea is to push as many policy checks as possible to an offline, ahead-of-time
analysis phase, often relying on predicted values of runtime parameters such as
the state of access control lists or connected users' attributes. Runtime
interception is used sparingly, only to verify these predictions and to make
any remaining policy checks. Our prototype implementation relies on efficient,
modern OS primitives for sandboxing and isolation. We present the design of
Shai and quantify its overheads on an experimental data indexing and search
pipeline based on the popular search engine Apache Lucene
CUP: Comprehensive User-Space Protection for C/C++
Memory corruption vulnerabilities in C/C++ applications enable attackers to
execute code, change data, and leak information. Current memory sanitizers do
no provide comprehensive coverage of a program's data. In particular, existing
tools focus primarily on heap allocations with limited support for stack
allocations and globals. Additionally, existing tools focus on the main
executable with limited support for system libraries. Further, they suffer from
both false positives and false negatives.
We present Comprehensive User-Space Protection for C/C++, CUP, an LLVM
sanitizer that provides complete spatial and probabilistic temporal memory
safety for C/C++ program on 64-bit architectures (with a prototype
implementation for x86_64). CUP uses a hybrid metadata scheme that supports all
program data including globals, heap, or stack and maintains the ABI. Compared
to existing approaches with the NIST Juliet test suite, CUP reduces false
negatives by 10x (0.1%) compared to the state of the art LLVM sanitizers, and
produces no false positives. CUP instruments all user-space code, including
libc and other system libraries, removing them from the trusted code base
A Dual-Engine for Early Analysis of Critical Systems
This paper presents a framework for modeling, simulating, and checking
properties of critical systems based on the Alloy language -- a declarative,
first-order, relational logic with a built-in transitive closure operator. The
paper introduces a new dual-analysis engine that is capable of providing both
counterexamples and proofs. Counterexamples are found fully automatically using
an SMT solver, which provides a better support for numerical expressions than
the existing Alloy Analyzer. Proofs, however, cannot always be found
automatically since the Alloy language is undecidable. Our engine offers an
economical approach by first trying to prove properties using a
fully-automatic, SMT-based analysis, and switches to an interactive theorem
prover only if the first attempt fails. This paper also reports on applying our
framework to Microsoft's COM standard and the mark-and-sweep garbage collection
algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI),
Berlin 201
- …