Metamorphic Code Generation from LLVM IR Bytecode

Metamorphic software changes its internal structure across generations with its functionality remaining unchanged. Metamorphism has been employed by malware writers as a means of evading signature detection and other advanced detection strate- gies. However, code morphing also has potential security benefits, since it increases the “genetic diversity” of software. In this research, we have created a metamorphic code generator within the LLVM compiler framework. LLVM is a three-phase compiler that supports multiple source languages and target architectures. It uses a common intermediate representation (IR) bytecode in its optimizer. Consequently, any supported high-level programming language can be transformed to this IR bytecode as part of the LLVM compila- tion process. Our metamorphic generator functions at the IR bytecode level, which provides many advantages over previously developed metamorphic generators. The morphing techniques that we employ include dead code insertion—where the dead code is actually executed within the morphed code—and subroutine permutation. We have tested the effectiveness of our code morphing using hidden Markov model analysis

Testing the use of grammar: Beyond grammatical accuracy

Udostępnienie publikacji Wydawnictwa Uniwersytetu Łódzkiego finansowane w ramach projektu „Doskonałość naukowa kluczem do doskonałości kształcenia”. Projekt realizowany jest ze środków Europejskiego Funduszu Społecznego w ramach Programu Operacyjnego Wiedza Edukacja Rozwój; nr umowy: POWER.03.05.00-00-Z092/17-00

Monitoring distributed systems with distributed polyLarva

polyLarva is a language-agnostic runtime verification tool, which converts a polyLarvaScript into a monitor for a given system. While an implementation for polyLarva exists, the language and its compilation have not been formalised. We therefore present a formal implementation-independent model which describes the behaviour of polyLarvaScript, comprising of the uLarvaScript grammar and of a set of operational semantics. This allows us to prove important properties, such as determinism, and also enables us to reason about ways of re-designing the tool in a more scalable way. We also present a collection of denotational mappings for uLarvaScript converting the constructs of our grammar into constructs of a formal actor-based model, thus providing an Actor semantics for uLarvaScript. We are also able to prove certain correctness properties of the denotational translation such as that the denoted Actors behave in a way which corresponds to the behaviour described by our implementation-independent model. We finally present distPolyLarva, a prototype implementation of the distributed polyLarva tool, which implements the new actor-based semantics over a language that can natively handle distribution and concurrency called Erlang.peer-reviewe

SAGA: A project to automate the management of software production systems

The project to automate the management of software production systems is described. The SAGA system is a software environment that is designed to support most of the software development activities that occur in a software lifecycle. The system can be configured to support specific software development applications using given programming languages, tools, and methodologies. Meta-tools are provided to ease configuration. Several major components of the SAGA system are completed to prototype form. The construction methods are described

A system design for human factors studies of speech-enabled Web browsing

This paper describes the design of a system which will subsequently be used as the basis of a range of empirical studies aimed at discovering how best to harness speech recognition capabilities in multimodal multimedia computing. Initial work focuses on speech-enabled browsing of the World Wide Web, which was never designed for such use. System design is complete, and is being evaluated via usability testing