Querying XML data streams from wireless sensor networks: an evaluation of query engines

As the deployment of wireless sensor networks increase and their application domain widens, the opportunity for effective use of XML filtering and streaming query engines is ever more present. XML filtering engines aim to provide efficient real-time querying of streaming XML encoded data. This paper provides a detailed analysis of several such engines, focusing on the technology involved, their capabilities, their support for XPath and their performance. Our experimental evaluation identifies which filtering engine is best suited to process a given query based on its properties. Such metrics are important in establishing the best approach to filtering XML streams on-the-fly

Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation

We present Anadroid, a static malware analysis framework for Android apps. Anadroid exploits two techniques to soundly raise precision: (1) it uses a pushdown system to precisely model dynamically dispatched interprocedural and exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to soundly approximate all possible interleavings of asynchronous entry points in Android applications. (It also integrates static taint-flow analysis and least permissions analysis to expand the class of malicious behaviors which it can catch.) Anadroid provides rich user interface support for human analysts which must ultimately rule on the "maliciousness" of a behavior. To demonstrate the effectiveness of Anadroid's malware analysis, we had teams of analysts analyze a challenge suite of 52 Android applications released as part of the Auto- mated Program Analysis for Cybersecurity (APAC) DARPA program. The first team analyzed the apps using a ver- sion of Anadroid that uses traditional (finite-state-machine-based) control-flow-analysis found in existing malware analysis tools; the second team analyzed the apps using a version of Anadroid that uses our enhanced pushdown-based control-flow-analysis. We measured machine analysis time, human analyst time, and their accuracy in flagging malicious applications. With pushdown analysis, we found statistically significant (p < 0.05) decreases in time: from 85 minutes per app to 35 minutes per app in human plus machine analysis time; and statistically significant (p < 0.05) increases in accuracy with the pushdown-driven analyzer: from 71% correct identification to 95% correct identification.Comment: Appears in 3rd Annual ACM CCS workshop on Security and Privacy in SmartPhones and Mobile Devices (SPSM'13), Berlin, Germany, 201

Correct-by-Construction Approach for Self-Evolvable Robots

The paper presents a new formal way of modeling and designing reconfigurable robots, in which case the robots are allowed to reconfigure not only structurally but also functionally. We call such kind of robots "self-evolvable", which have the potential to be more flexible to be used in a wider range of tasks, in a wider range of environments, and with a wider range of users. To accommodate such a concept, i.e., allowing a self-evovable robot to be configured and reconfigured, we present a series of formal constructs, e.g., structural reconfigurable grammar and functional reconfigurable grammar. Furthermore, we present a correct-by-construction strategy, which, given the description of a workspace, the formula specifying a task, and a set of available modules, is capable of constructing during the design phase a robot that is guaranteed to perform the task satisfactorily. We use a planar multi-link manipulator as an example throughout the paper to demonstrate the proposed modeling and designing procedures.Comment: The paper has 17 pages and 4 figure

Turing machines with access to history

AbstractWe study remembering Turing machines, that is Turing machines with the capability to access freely the history of their computations. These devices can detect in one step via the oracle mechanism whether the storage tapes have exactly the same contents at the moment of inquiry as at some past moment in the computation. The s(n)-space-bounded remembering Turing machines are shown to be able to recognize exactly the languages in the time-complexity class determined by bounds exponential in s(n). This is proved for deterministic, non-deterministic, and alternating Turing machines

Security Applications of Formal Language Theory

We present an approach to improving the security of complex, composed systems based on formal language theory, and show how this approach leads to advances in input validation, security modeling, attack surface reduction, and ultimately, software design and programming methodology. We cite examples based on real-world security flaws in common protocols representing different classes of protocol complexity. We also introduce a formalization of an exploit development technique, the parse tree differential attack, made possible by our conception of the role of formal grammars in security. These insights make possible future advances in software auditing techniques applicable to static and dynamic binary analysis, fuzzing, and general reverse-engineering and exploit development. Our work provides a foundation for verifying critical implementation components with considerably less burden to developers than is offered by the current state of the art. It additionally offers a rich basis for further exploration in the areas of offensive analysis and, conversely, automated defense tools and techniques. This report is divided into two parts. In Part I we address the formalisms and their applications; in Part II we discuss the general implications and recommendations for protocol and software design that follow from our formal analysis

A Combination of Automata and Grammars

V této práci byly zavedeny a studovány nové systémy formálních modelů, zvané stavově synchronizované automatové systémy stupně n . Výpočet je v těchto prezentovaných systémech řízen pomocí slov patřících do konečného řídícího jazyka, kde každé slovo z tohoto jazyka je složeno ze stavů komponent systému. Dále byla v této práci studována výpočetní síla zavedených systémů. Praktické použití zavedených systémů bylo demonstrováno na příkladu z oblasti překladu přirozených jazyků a dále na příkladu z oblasti paralelního překladu.In this work, a new systems of formal models, called state-synchronized automata systems of degree n , were introduced and studied. The computation in presented automata systems is controlled by words from finite control language, where every word from control language is a sequence of states. Furthermore were studied the computational power of these systems. The practical use of introduced systems was demonstrated on example of natural language translation and on example of parallel compiling.