155,604 research outputs found
Recommended from our members
Static Analysis for Efficient Hybrid Information-Flow Control
Hybrid information-flow monitors use a combination of static analysis and dynamic mechanisms to provide precise strong information security guarantees. However, unlike purely static mechanisms for information security, hybrid information-flow monitors incur run-time overhead. We show how static analyses can be used to make hybrid information-flow monitors more efficient, in two ways. First, a simple static analysis can determine when it is sound for a monitor to stop tracking the security level of certain variables. This potentially reduces run-time overhead of the monitor, particularly in applications where sensitive (i.e., confidential or untrusted) data is infrequently introduced to the system. Second, we derive sufficient conditions for soundly incorporating a wide range of memory abstractions into information-flow monitors. This allows the selection of a memory abstraction that gives an appropriate tradeoff between efficiency and precision. It also facilitates the development of innovative and sound memory abstractions that use run-time security information maintained by the monitor. We present and prove our results by extending the information-flow monitor of Russo and Sabelfeld (2010). These results bring us closer to
efficient, sound, and precise enforcement of information security.Engineering and Applied Science
Heap Abstractions for Static Analysis
Heap data is potentially unbounded and seemingly arbitrary. As a consequence,
unlike stack and static memory, heap memory cannot be abstracted directly in
terms of a fixed set of source variable names appearing in the program being
analysed. This makes it an interesting topic of study and there is an abundance
of literature employing heap abstractions. Although most studies have addressed
similar concerns, their formulations and formalisms often seem dissimilar and
some times even unrelated. Thus, the insights gained in one description of heap
abstraction may not directly carry over to some other description. This survey
is a result of our quest for a unifying theme in the existing descriptions of
heap abstractions. In particular, our interest lies in the abstractions and not
in the algorithms that construct them.
In our search of a unified theme, we view a heap abstraction as consisting of
two features: a heap model to represent the heap memory and a summarization
technique for bounding the heap representation. We classify the models as
storeless, store based, and hybrid. We describe various summarization
techniques based on k-limiting, allocation sites, patterns, variables, other
generic instrumentation predicates, and higher-order logics. This approach
allows us to compare the insights of a large number of seemingly dissimilar
heap abstractions and also paves way for creating new abstractions by
mix-and-match of models and summarization techniques.Comment: 49 pages, 20 figure
Construction and analysis of causally dynamic hybrid bond graphs
Engineering systems are frequently abstracted to models with discontinuous behaviour (such as a switch or contact),
and a hybrid model is one which contains continuous and discontinuous behaviours. Bond graphs are an established
physical modelling method, but there are several methods for constructing switched or ‘hybrid’ bond graphs, developed
for either qualitative ‘structural’ analysis or efficient numerical simulation of engineering systems. This article proposes a
general hybrid bond graph suitable for both. The controlled junction is adopted as an intuitive way of modelling a discontinuity in the model structure. This element gives rise to ‘dynamic causality’ that is facilitated by a new bond graph notation. From this model, the junction structure and state equations are derived and compared to those obtained by
existing methods. The proposed model includes all possible modes of operation and can be represented by a single set
of equations. The controlled junctions manifest as Boolean variables in the matrices of coefficients. The method is more
compact and intuitive than existing methods and dispenses with the need to derive various modes of operation from a
given reference representation. Hence, a method has been developed, which can reach common usage and form a platform for further study
- …