2,067 research outputs found
Designing and recasting LHC analyses with MadAnalysis 5
We present an extension of the expert mode of the MadAnalysis 5 program
dedicated to the design or reinterpretation of high-energy physics collider
analyses. We detail the predefined classes, functions and methods available to
the user and emphasize the most recent developments. The latter include the
possible definition of multiple sub-analyses and a novel user-friendly
treatment for the selection criteria. We illustrate this approach by two
concrete examples: a CMS search for supersymmetric partners of the top quark
and a phenomenological analysis targeting hadronically decaying monotop
systems.Comment: 17 pages, 3 figures, 10 tables; version accepted by EPJ
The Meaning of Memory Safety
We give a rigorous characterization of what it means for a programming
language to be memory safe, capturing the intuition that memory safety supports
local reasoning about state. We formalize this principle in two ways. First, we
show how a small memory-safe language validates a noninterference property: a
program can neither affect nor be affected by unreachable parts of the state.
Second, we extend separation logic, a proof system for heap-manipulating
programs, with a memory-safe variant of its frame rule. The new rule is
stronger because it applies even when parts of the program are buggy or
malicious, but also weaker because it demands a stricter form of separation
between parts of the program state. We also consider a number of pragmatically
motivated variations on memory safety and the reasoning principles they
support. As an application of our characterization, we evaluate the security of
a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio
Automatic detection of safety and security vulnerabilities in open source software
Growing software quality requirements have raised the stakes on software safety and security. Building secure software focuses on techniques and methodologies of design and implementation in order to avoid exploitable vulnerabilities. Unfortunately, coding errors have become common with the inexorable growth tendency of software size and complexity. According to the US National Institute of Standards and Technology (NIST), these coding errors lead to vulnerabilities that cost the US economy $60 billion each year. Therefore, tracking security and safety errors is considered as a fundamental cornerstone to deliver software that are free from severe vulnerabilities. The main objective of this thesis is the elaboration of efficient, rigorous, and practical techniques for the safety and security evaluation of source code. To tackle safety errors related to the misuse of type and memory operations, we present a novel type and effect discipline that extends the standard C type system with safety annotations and static safety checks. We define an inter-procedural, flow-sensitive, and alias-sensitive inference algorithm that automatically propagates type annotations and applies safety checks to programs without programmers' interaction. Moreover, we present a dynamic semantics of our C core language that is compliant with the ANSI C standard. We prove the consistency of the static semantics with respect to the dynamic semantics. We show the soundness of our static analysis in detecting our targeted set of safety errors. To tackle system-specific security properties, we present a security verification framework that combines static analysis and model-checking. We base our approach on the GCC compiler and its GIMPLE representation of source code to extract model-checkable abstractions of programs. For the verification process, we use an off-the-shelf pushdown system model-checker, and turn it into a fully-fledged security verification framework. We also allow programmers to define a wide range of security properties using an automata-based specification approach. To demonstrate the efficiency and the scalability of our approach, we conduct extensive experiments and case studies on large scale open-source software to verify their compliance with a representative set of the CERT standard secure coding rules
Static Data Flow Analysis for Realtime Java Runtime Error Detection
International audienceThe strict and clear semantics of Java make it an ideal language for static analysis. Nevertheless, the use of programwide pointer analysis for proving the absence of Java runtime error conditions such as null pointer uses or illegal array indices is still not widespread. Current uses of program-wide pointer analysis focus on extracting information for optimisations in compilers. In this case, imprecise analysis results only in less agressive optimisation, which is often tolerable.Existing implementations of program-wide data flow analysis either lack the required accuracy to prove the absence of large enough numbers of certain errors or cause an explosion in analysis time and space requirements for non-trivial applications. Low accuracy leads to large numbers of “false positives”, i.e., code for which the analysis fails to prove that a certain error condition does not occur. An explosion in the analysis effort causes the analysis not to produce any useful results within reasonable time at all.The approach presented in this paper applies the analysis to create a correctness proof of safety-critical Java applications. This includes the absence of runtime errors (null pointer use, division by zero, etc.), the absence of potential deadlocks, the correctness of region-based memory management and the determination of resource constraints (heap and stack use)
A Survey of Symbolic Execution Techniques
Many security and software testing applications require checking whether
certain properties of a program hold for any possible usage scenario. For
instance, a tool for identifying software vulnerabilities may need to rule out
the existence of any backdoor to bypass a program's authentication. One
approach would be to test the program using different, possibly random inputs.
As the backdoor may only be hit for very specific program workloads, automated
exploration of the space of possible inputs is of the essence. Symbolic
execution provides an elegant solution to the problem, by systematically
exploring many possible execution paths at the same time without necessarily
requiring concrete inputs. Rather than taking on fully specified input values,
the technique abstractly represents them as symbols, resorting to constraint
solvers to construct actual instances that would cause property violations.
Symbolic execution has been incubated in dozens of tools developed over the
last four decades, leading to major practical breakthroughs in a number of
prominent software reliability applications. The goal of this survey is to
provide an overview of the main ideas, challenges, and solutions developed in
the area, distilling them for a broad audience.
The present survey has been accepted for publication at ACM Computing
Surveys. If you are considering citing this survey, we would appreciate if you
could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing
this survey, we would appreciate if you could use the following BibTeX entry:
http://goo.gl/Hf5Fv
Enforcing Programming Guidelines with Region Types and Effects
We present in this paper a new type and effect system for Java which can be
used to ensure adherence to guidelines for secure web programming. The system
is based on the region and effect system by Beringer, Grabowski, and Hofmann.
It improves upon it by being parametrized over an arbitrary guideline supplied
in the form of a finite monoid or automaton and a type annotation or mockup
code for external methods. Furthermore, we add a powerful type inference based
on precise interprocedural analysis and provide an implementation in the Soot
framework which has been tested on a number of benchmarks including large parts
of the Stanford SecuriBench.Comment: long version of APLAS'17 pape
- …