Extracting Protocol Format as State Machine via Controlled Static Loop Analysis

Reverse engineering of protocol message formats is critical for many security applications. Mainstream techniques use dynamic analysis and inherit its low-coverage problem -- the inferred message formats only reflect the features of their inputs. To achieve high coverage, we choose to use static analysis to infer message formats from the implementation of protocol parsers. In this work, we focus on a class of extremely challenging protocols whose formats are described via constraint-enhanced regular expressions and parsed using finite-state machines. Such state machines are often implemented as complicated parsing loops, which are inherently difficult to analyze via conventional static analysis. Our new technique extracts a state machine by regarding each loop iteration as a state and the dependency between loop iterations as state transitions. To achieve high, i.e., path-sensitive, precision but avoid path explosion, the analysis is controlled to merge as many paths as possible based on carefully-designed rules. The evaluation results show that we can infer a state machine and, thus, the message formats, in five minutes with over 90% precision and recall, far better than state of the art. We also applied the state machines to enhance protocol fuzzers, which are improved by 20% to 230% in terms of coverage and detect ten more zero-days compared to baselines

Mira: A Framework for Static Performance Analysis

The performance model of an application can pro- vide understanding about its runtime behavior on particular hardware. Such information can be analyzed by developers for performance tuning. However, model building and analyzing is frequently ignored during software development until perfor- mance problems arise because they require significant expertise and can involve many time-consuming application runs. In this paper, we propose a fast, accurate, flexible and user-friendly tool, Mira, for generating performance models by applying static program analysis, targeting scientific applications running on supercomputers. We parse both the source code and binary to estimate performance attributes with better accuracy than considering just source or just binary code. Because our analysis is static, the target program does not need to be executed on the target architecture, which enables users to perform analysis on available machines instead of conducting expensive exper- iments on potentially expensive resources. Moreover, statically generated models enable performance prediction on non-existent or unavailable architectures. In addition to flexibility, because model generation time is significantly reduced compared to dynamic analysis approaches, our method is suitable for rapid application performance analysis and improvement. We present several scientific application validation results to demonstrate the current capabilities of our approach on small benchmarks and a mini application

A Model for Induction Motors with Non-Uniform Air-Gap

Equations to calculate inductances of induction motors, considering non-uniform air-gap, are proposed. The analyzed air-gap variations are static and dynamic eccentricity and stator slots. The equations for inductance calculation, obtained from the modified winding functions and the energy stored in the air-gap, allow considering the effect of rotor bar skewing. Experimental results that validate the proposed method are presented.Fil: Bossio, Guillermo Rubén. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de Río Cuarto. Facultad de Ingeniería. Grupo de Electrónica Aplicada; ArgentinaFil: de Angelo, Cristian Hernan. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de Río Cuarto. Facultad de Ingeniería. Grupo de Electrónica Aplicada; ArgentinaFil: Solsona, Jorge Alberto. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Bahía Blanca. Instituto de Investigaciones en Ingeniería Eléctrica "Alfredo Desages". Universidad Nacional del Sur. Departamento de Ingeniería Eléctrica y de Computadoras. Instituto de Investigaciones en Ingeniería Eléctrica "Alfredo Desages"; ArgentinaFil: Garcia, Guillermo. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Universidad Nacional de Río Cuarto. Facultad de Ingeniería. Grupo de Electrónica Aplicada; ArgentinaFil: Valla, Maria Ines. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - La Plata. Instituto de Investigaciones en Electrónica, Control y Procesamiento de Señales. Universidad Nacional de La Plata. Instituto de Investigaciones en Electrónica, Control y Procesamiento de Señales; Argentin

C-FLAT: Control-FLow ATtestation for Embedded Systems Software

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device (prover). Most existing approaches are static in nature and only check whether benign software is initially loaded on the prover. However, they are vulnerable to run-time attacks that hijack the application's control or data flow, e.g., via return-oriented programming or data-oriented exploits. As a concrete step towards more comprehensive run-time remote attestation, we present the design and implementation of Control- FLow ATtestation (C-FLAT) that enables remote attestation of an application's control-flow path, without requiring the source code. We describe a full prototype implementation of C-FLAT on Raspberry Pi using its ARM TrustZone hardware security extensions. We evaluate C-FLAT's performance using a real-world embedded (cyber-physical) application, and demonstrate its efficacy against control-flow hijacking attacks.Comment: Extended version of article to appear in CCS '16 Proceedings of the 23rd ACM Conference on Computer and Communications Securit

rDLB: A Novel Approach for Robust Dynamic Load Balancing of Scientific Applications with Parallel Independent Tasks

Scientific applications often contain large and computationally intensive parallel loops. Dynamic loop self scheduling (DLS) is used to achieve a balanced load execution of such applications on high performance computing (HPC) systems. Large HPC systems are vulnerable to processors or node failures and perturbations in the availability of resources. Most self-scheduling approaches do not consider fault-tolerant scheduling or depend on failure or perturbation detection and react by rescheduling failed tasks. In this work, a robust dynamic load balancing (rDLB) approach is proposed for the robust self scheduling of independent tasks. The proposed approach is proactive and does not depend on failure or perturbation detection. The theoretical analysis of the proposed approach shows that it is linearly scalable and its cost decrease quadratically by increasing the system size. rDLB is integrated into an MPI DLS library to evaluate its performance experimentally with two computationally intensive scientific applications. Results show that rDLB enables the tolerance of up to (P minus one) processor failures, where P is the number of processors executing an application. In the presence of perturbations, rDLB boosted the robustness of DLS techniques up to 30 times and decreased application execution time up to 7 times compared to their counterparts without rDLB

A dynamics-driven approach to precision machines design for micro-manufacturing and its implementation perspectives

Precision machines are essential elements in fabricating high quality micro products or micro features and directly affect the machining accuracy, repeatability and efficiency. There are a number of literatures on the design of industrial machine elements and a couple of precision machines commercially available. However, few researchers have systematically addressed the design of precision machines from the dynamics point of view. In this paper, the design issues of precision machines are presented with particular emphasis on the dynamics aspects as the major factors affecting the performance of the precision machines and machining processes. This paper begins with a brief review of the design principles of precision machines with emphasis on machining dynamics. Then design processes of precision machines are discussed, and followed by a practical modelling and simulation approaches. Two case studies are provided including the design and analysis of a fast tool servo system and a 5-axis bench-top micro-milling machine respectively. The design and analysis used in the two case studies are formulated based on the design methodology and guidelines

Symbolic and analytic techniques for resource analysis of Java bytecode

Recent work in resource analysis has translated the idea of amortised resource analysis to imperative languages using a program logic that allows mixing of assertions about heap shapes, in the tradition of separation logic, and assertions about consumable resources. Separately, polyhedral methods have been used to calculate bounds on numbers of iterations in loop-based programs. We are attempting to combine these ideas to deal with Java programs involving both data structures and loops, focusing on the bytecode level rather than on source code

Using shared-data localization to reduce the cost of inspector-execution in unified-parallel-C programs

Programs written in the Unified Parallel C (UPC) language can access any location of the entire local and remote address space via read/write operations. However, UPC programs that contain fine-grained shared accesses can exhibit performance degradation. One solution is to use the inspector-executor technique to coalesce fine-grained shared accesses to larger remote access operations. A straightforward implementation of the inspector executor transformation results in excessive instrumentation that hinders performance.; This paper addresses this issue and introduces various techniques that aim at reducing the generated instrumentation code: a shared-data localization transformation based on Constant-Stride Linear Memory Descriptors (CSLMADs) [S. Aarseth, Gravitational N-Body Simulations: Tools and Algorithms, Cambridge Monographs on Mathematical Physics, Cambridge University Press, 2003.], the inlining of data locality checks and the usage of an index vector to aggregate the data. Finally, the paper introduces a lightweight loop code motion transformation to privatize shared scalars that were propagated through the loop body.; A performance evaluation, using up to 2048 cores of a POWER 775, explores the impact of each optimization and characterizes the overheads of UPC programs. It also shows that the presented optimizations increase performance of UPC programs up to 1.8 x their UPC hand-optimized counterpart for applications with regular accesses and up to 6.3 x for applications with irregular accesses.Peer ReviewedPostprint (author's final draft