Footprints in Local Reasoning

Local reasoning about programs exploits the natural local behaviour common in programs by focussing on the footprint - that part of the resource accessed by the program. We address the problem of formally characterising and analysing the footprint notion for abstract local functions introduced by Calcagno, O Hearn and Yang. With our definition, we prove that the footprints are the only essential elements required for a complete specification of a local function. We formalise the notion of small specifications in local reasoning and show that for well-founded resource models, a smallest specification always exists that only includes the footprints, and also present results for the non-well-founded case. Finally, we use this theory of footprints to investigate the conditions under which the footprints correspond to the smallest safe states. We present a new model of RAM in which, unlike the standard model, the footprints of every program correspond to the smallest safe states, and we also identify a general condition on the primitive commands of a programming language which guarantees this property for arbitrary models.Comment: LMCS 2009 (FOSSACS 2008 special issue

Forensically-Sound Analysis of Security Risks of using Local Password Managers

Password managers have been developed to address the human challenges associated with password security, i.e., to solve usability issues in a secure way. They offer, e.g., features to create strong passwords, to manage the increasing number of passwords a typical user has, and to auto-fill passwords, sparing users the hassle of not only remembering but also typing them. Previous studies have focused mainly on the security analysis of cloud-based and browser-based password managers; security of local password managers remains mostly under-explored. This paper takes a forensic approach and reports on a case study of three popular local password managers: KeePass (v2.28), Password Safe (v3.35.1) and RoboForm (v7.9.12). Results revealed that either the master password or the content of the password database could be found unencrypted in Temp folders, Page files or Recycle bin, even after the applications had been closed. Therefore, an attacker or malware with temporary access to the computer on which the password managers were running may be able to steal sensitive information, even though these password managers are meant to keep the databases encrypted and protected at all times

Linearizability with Ownership Transfer

Linearizability is a commonly accepted notion of correctness for libraries of concurrent algorithms. Unfortunately, it assumes a complete isolation between a library and its client, with interactions limited to passing values of a given data type. This is inappropriate for common programming languages, where libraries and their clients can communicate via the heap, transferring the ownership of data structures, and can even run in a shared address space without any memory protection. In this paper, we present the first definition of linearizability that lifts this limitation and establish an Abstraction Theorem: while proving a property of a client of a concurrent library, we can soundly replace the library by its abstract implementation related to the original one by our generalisation of linearizability. This allows abstracting from the details of the library implementation while reasoning about the client. We also prove that linearizability with ownership transfer can be derived from the classical one if the library does not access some of data structures transferred to it by the client

Ram Essential

The underlying causes of food insecurity are complex and often intertwined with related issues that affect a student’s ability to meet even basic needs, such as housing, employment and health care, forcing them to choose between their well-being and their education. The latest Hunger in America report finds that about 10 percent of Feed America’s 46.5 million adult clients are college students. That equates to 2 million full-time college students. “Of those surveyed by the emergency food services network, roughly 30.5 percent of students reported that they were forced to choose between food and educational expenses at some point over the last year.”1 In response, colleges and universities, including VCU, have sprung into action, and the number of campus food pantries at higher educational institutions has risen from a handful in 2009 to more than 500 in 2017.2 But changing food insecurity to food security goes beyond providing just food. It involves a comprehensive approach to providing resources that address the causes and results of being food insecure. Ram Essentials is a holistic approach to addressing basic needs insecurity among VCU students by asking the question, What is essential for our students to be successful? The project focuses on raising the awareness of all existing VCU resources and disseminating them widely through a single user-friendly portal to enhance students’ experience, academic achievement and physical and mental well-being