An automated wrapper-based approach to the design of dependable software

The design of dependable software systems invariably comprises two main activities: (i) the design of dependability mechanisms, and (ii) the location of dependability mechanisms. It has been shown that these activities are intrinsically difficult. In this paper we propose an automated wrapper-based methodology to circumvent the problems associated with the design and location of dependability mechanisms. To achieve this we replicate important variables so that they can be used as part of standard, efficient dependability mechanisms. These well-understood mechanisms are then deployed in all relevant locations. To validate the proposed methodology we apply it to three complex software systems, evaluating the dependability enhancement and execution overhead in each case. The results generated demonstrate that the system failure rate of a wrapped software system can be several orders of magnitude lower than that of an unwrapped equivalent

Practical Fine-grained Privilege Separation in Multithreaded Applications

An inherent security limitation with the classic multithreaded programming model is that all the threads share the same address space and, therefore, are implicitly assumed to be mutually trusted. This assumption, however, does not take into consideration of many modern multithreaded applications that involve multiple principals which do not fully trust each other. It remains challenging to retrofit the classic multithreaded programming model so that the security and privilege separation in multi-principal applications can be resolved. This paper proposes ARBITER, a run-time system and a set of security primitives, aimed at fine-grained and data-centric privilege separation in multithreaded applications. While enforcing effective isolation among principals, ARBITER still allows flexible sharing and communication between threads so that the multithreaded programming paradigm can be preserved. To realize controlled sharing in a fine-grained manner, we created a novel abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS support. Programmers express security policies by labeling data and principals via ARBITER's API following a unified model. We ported a widely-used, in-memory database application (memcached) to ARBITER system, changing only around 100 LOC. Experiments indicate that only an average runtime overhead of 5.6% is induced to this security enhanced version of application

Doktrin pengasingan kuasa : falsafah, praktis dan kerelatifan di Malaysia

Penulisan ini membincangkan tentang doktrin pengasingan kuasa berdasarkan kerangka teori institusionalisme. Doktrin ini dipraktiskan dalam trias politica atau politik tiga serangkai iaitu badan legislatif, eksekutif dan kehakiman. Falsafah dan praktis doktrin pengasingan kuasa ini adalah ditekankan bagi sesebuah negara bercorak demokrasi untuk mempamerkan wujudnya pengasingan kuasa serta autonomi bidangan di antara ketigatiga badan kerajaan. Hal ini penting untuk disoroti kerana Malaysia tidak terkecuali daripada mengamalkan sistem demokrasi dan pada masa yang sama mempraktiskan doktrin pengasingan kuasa dalam kerajaan federalisme berlapisnya sebagai satu pegangan fundamental. Akauntabiliti untuk menzahirkan doktrin pengasingan kuasa ini merupakan perkara yang penting memandangkan ia telah dimaktubkan dalam Perlembagaan Persekutuan

Securing state reconstruction under sensor and actuator attacks: Theory and design

This paper discusses the problem of reconstructing the state of a linear time invariant system when some of its actuators and sensors are compromised by an adversarial agent. In the model considered in this paper, the adversarial agent attacks an input (output) by manipulating its value arbitrarily, i.e., we impose no constraints (statistical or otherwise) on how control commands (sensor measurements) are changed by the adversary other than a bound on the number of attacked actuators and sensors In the first part of this paper, we introduce the notion of sparse strong observability and we show that is a necessary and sufficient condition for correctly reconstructing the state despite the considered attacks. In the second half of this work, we propose an observer to harness the complexity of this intrinsically combinatorial problem, by leveraging satisfiability modulo theory solving. Numerical simulations illustrate the effectiveness and scalability of our observer

Flight deck engine advisor

The focus of this project is on alerting pilots to impending events in such a way as to provide the additional time required for the crew to make critical decisions concerning non-normal operations. The project addresses pilots' need for support in diagnosis and trend monitoring of faults as they affect decisions that must be made within the context of the current flight. Monitoring and diagnostic modules developed under the NASA Faultfinder program were restructured and enhanced using input data from an engine model and real engine fault data. Fault scenarios were prepared to support knowledge base development activities on the MONITAUR and DRAPhyS modules of Faultfinder. An analysis of the information requirements for fault management was included in each scenario. A conceptual framework was developed for systematic evaluation of the impact of context variables on pilot action alternatives as a function of event/fault combinations

Adjacent Graph Based Vulnerability Assessment for Electrical Networks Considering Fault Adjacent Relationships Among Branches

Security issues related to vulnerability assessment in electrical networks are necessary for operators to identify the critical branches. At present, using complex network theory to assess the structural vulnerability of the electrical network is a popular method. However, the complex network theory cannot be comprehensively applicable to the operational vulnerability assessment of the electrical network because the network operation is closely dependent on the physical rules not only on the topological structure. To overcome the problem, an adjacent graph (AG) considering the topological, physical, and operational features of the electrical network is constructed to replace the original network. Through the AG, a branch importance index that considers both the importance of a branch and the fault adjacent relationships among branches is constructed to evaluate the electrical network vulnerability. The IEEE 118-bus system and the French grid are employed to validate the effectiveness of the proposed method.National Natural Science Foundation of China under Grant U1734202National Key Research and Development Plan of China under Grant 2017YFB1200802-12National Natural Science Foundation of China under Grant 51877181National Natural Science Foundation of China under Grant 61703345Chinese Academy of Sciences, under Grant 2018-2019-0