Hybrid Session Verification through Endpoint API Generation

© Springer-Verlag Berlin Heidelberg 2016.This paper proposes a new hybrid session verification methodology for applying session types directly to mainstream languages, based on generating protocol-specific endpoint APIs from multiparty session types. The API generation promotes static type checking of the behavioural aspect of the source protocol by mapping the state space of an endpoint in the protocol to a family of channel types in the target language. This is supplemented by very light run-time checks in the generated API that enforce a linear usage discipline on instances of the channel types. The resulting hybrid verification guarantees the absence of protocol violation errors during the execution of the session. We implement our methodology for Java as an extension to the Scribble framework, and use it to specify and implement compliant clients and servers for real-world protocols such as HTTP and SMTP

Compositional Reasoning for Explicit Resource Management in Channel-Based Concurrency

We define a pi-calculus variant with a costed semantics where channels are treated as resources that must explicitly be allocated before they are used and can be deallocated when no longer required. We use a substructural type system tracking permission transfer to construct coinductive proof techniques for comparing behaviour and resource usage efficiency of concurrent processes. We establish full abstraction results between our coinductive definitions and a contextual behavioural preorder describing a notion of process efficiency w.r.t. its management of resources. We also justify these definitions and respective proof techniques through numerous examples and a case study comparing two concurrent implementations of an extensible buffer.Comment: 51 pages, 7 figure

Hybrid session veri cation through endpoint API generation

This paper proposes a new hybrid session veri cation method- ology for applying session types directly to mainstream languages, based on generating protocol-speci c endpoint APIs from multiparty session types. The API generation promotes static type checking of the be- havioural aspect of the source protocol by mapping the state space of an endpoint in the protocol to a family of channel types in the tar- get language. This is supplemented by very light run-time checks in the generated API that enforce a linear usage discipline on instances of the channel types. The resulting hybrid veri cation guarantees the absence of protocol violation errors during the execution of the session. We have implemented our methodology for Java as an extension to the Scrib- ble framework, and used it to implement compliant clients and servers for real-world protocols such as HTTP and SMTP. The API genera- tion methodology additionally provides a platform for applying further features from session type theory: our implementation supports choice subtyping through branch interface generation, and safe permutation of I/O actions and a ne inputs through input future generation

Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

Method for Statically Checking an Object-oriented Computer Program Module

A method for statically checking an object-oriented computer program module includes the step of identifying objects within a computer program module, at least one of the objects having a plurality of references thereto, possibly from multiple clients. A discipline of permissions is imposed on the objects identified within the computer program module. The permissions enable tracking, from among a discrete set of changeable states, a subset of states each object might be in. A determination is made regarding whether the imposed permissions are violated by a potential reference to any of the identified objects. The results of the determination are output to a user

Improving Quality of Software with Foreign Function Interfaces using Static Analysis

A Foreign Function Interface (FFI) is a mechanism that allows software written in one host programming language to directly use another foreign programming language by invoking function calls across language boundaries. Today\u27s software development often utilizes FFIs to reuse software components. Examples of such systems are the Java Development Kit (JDK), Android mobile OS, and Python packages in the Fedora LINUX operating systems. The use of FFIs, however, requires extreme care and can introduce undesired side effects that degrade software quality. In this thesis, we aim to improve several quality aspects of software composed of FFIs by applying static analysis. The thesis investigates several particular characteristics of FFIs and studies software bugs caused by the misuse of FFIs. We choose two FFIs, the Java Native Interface (JNI) and the Python/C interface, as the main subjects of this dissertation. To reduce software security vulnerabilities introduced by the JNI, we first propose definitions of new patterns of bugs caused by the improper exception handlings between Java and C. We then present the design and implement a bug finding system to uncover these bugs. To ensure software safety and reliability in multithreaded environment, we present a novel and efficient system that ensures atomicity in the JNI. Finally, to improve software performance and reliability, we design and develop a framework for finding errors in memory management in programs written with the Python/C interface. The framework is built by applying affine abstraction and affine analysis of reference-counts of Python objects. This dissertation offers a comprehensive study of FFIs and software composed of FFIs. The research findings make several contributions to the studies of static analysis and to the improvement of software quality

LEE: Light‐Weight Energy‐Efficient encryption algorithm for sensor networks

Data confidentiality in wireless sensor networks is mainly achieved by RC5 and Skipjack encryption algorithms. However, both algorithms have their weaknesses, for example RC5 supports variable-bit rotations, which are computationally expensive operations and Skipjack uses a key length of 80-bits, which is subject to brute force attack. In this paper we introduce a light-weight energy- fficient encryption-algorithm (LEE) for tiny embedded devices, such as sensor network nodes. We present experimental results of LEE under real sensor nodes operating in TinyOS. We also discuss the secrecy of our algorithm by presenting a security analysis of various tests and cryptanalytic attacks

Beyond Homographies: Exploration and Analysis of Image Warping for Projection in a Dome

The goal of this project is to provide multiple approaches for warping a flat image tofit the curvature of a geodesic dome, to be presented as an immersive, Augmented Reality (AR) environment. This project looks to develop an algorithmic method of warping any image to fit perspective distortion for a dome-like surface. Despite fairly common usage in planetarium methods and other such shows, there is very little documented method that would allow for the warping of images to fit a curved projection surface. The methods will be explored include using Processing, OpenCV, and fisheye image filters. In addition to the paper, this research will also produce an online library of documents and resources for preforming these warps