Dynamic Assignment of Scoped Memory Regions in the Translation of Java to Real-Time Java

Advances in middleware, operating systems, and popular, general-purpose languages have brought the ideal of reasonably-bound execution time closer to developers who need such assurances for real-time and embedded systems applications. Extensions to the Java libraries and virtual machine have been proposed in a real-time Java standard, which provides for specification of release times, execution costs, and deadlines for a restricted class of threads. To use such features, the programmer is required to use unwieldy code constructs to create region-like areas of storage, associate them with execution scopes, and allocate objects from them. Further, the developer must ensure that they do not violate strict inter-region reference rules. Unfortunately, it is difficult to determine manually how to map object instantiations to execution scopes. Moreover, if ordinary Java code is modified to effect instantiations in scopes, the resulting code is difficult to read, maintain, and reuse. We present a dynamic approach to determining proper placement of objects within scope-bounded regions, and we employ a procedure that utilizes aspect-oriented programming to instrument the original program, realizing the program’s scoped memory concerns in a modular fashion. Using this approach, Java programs can be converted into region-aware Java programs automatically

Polymorphic Type Inference for the JNI

We present a multi-lingual type inference system for checking type safety of programs that use the Java Native Interface (JNI). The JNI uses specially-formatted strings to represent class and field names as well as method signatures, and so our type system tracks the flow of string constants through the program. Our system embeds string variables in types, and as those variables are resolved to string constants during inference they are replaced with the structured types the constants represent. This restricted form of dependent types allows us to directly assign type signatures to each of the more than 200 functions in the JNI. Moreover, it allows us to infer types for user-defined functions that are parameterized by Java type strings, which we have found to be common practice. Our inference system allows such functions to be treated polymorphically by using instantiation constraints, solved with semi-unification, at function calls. Finally, we have implemented our system and applied it to a small set of benchmarks. Although semi-unification is undecidable, we found our system to be scalable and effective in practice. We discovered 155 errors 36 cases of suspicious programming practices in our benchmarks

The Search for the Laws of Automatic Random Testing

Can one estimate the number of remaining faults in a software system? A credible estimation technique would be immensely useful to project managers as well as customers. It would also be of theoretical interest, as a general law of software engineering. We investigate possible answers in the context of automated random testing, a method that is increasingly accepted as an effective way to discover faults. Our experimental results, derived from best-fit analysis of a variety of mathematical functions, based on a large number of automated tests of library code equipped with automated oracles in the form of contracts, suggest a poly-logarithmic law. Although further confirmation remains necessary on different code bases and testing techniques, we argue that understanding the laws of testing may bring significant benefits for estimating the number of detectable faults and comparing different projects and practices.Comment: 20 page

I-JVM: a Java Virtual Machine for Component Isolation in OSGi

The OSGi framework is a Java-based, centralized, component oriented platform. It is being widely adopted as an execution environment for the development of extensible applications. However, current Java Virtual Machines are unable to isolate components from each other. For instance, a malicious component can freeze the complete platform by allocating too much memory or alter the behavior of other components by modifying shared variables. This paper presents I-JVM, a Java Virtual Machine that provides a lightweight approach to isolation while preserving compatibility with legacy OSGi applications. Our evaluation of I-JVM shows that it solves the 8 known OSGi vulnerabilities that are due to the Java Virtual Machine. Overall, the overhead of I-JVM compared to the JVM on which it is based is below 20%

RAFDA: A Policy-Aware Middleware Supporting the Flexible Separation of Application Logic from Distribution

Middleware technologies often limit the way in which object classes may be used in distributed applications due to the fixed distribution policies that they impose. These policies permeate applications developed using existing middleware systems and force an unnatural encoding of application level semantics. For example, the application programmer has no direct control over inter-address-space parameter passing semantics. Semantics are fixed by the distribution topology of the application, which is dictated early in the design cycle. This creates applications that are brittle with respect to changes in distribution. This paper explores technology that provides control over the extent to which inter-address-space communication is exposed to programmers, in order to aid the creation, maintenance and evolution of distributed applications. The described system permits arbitrary objects in an application to be dynamically exposed for remote access, allowing applications to be written without concern for distribution. Programmers can conceal or expose the distributed nature of applications as required, permitting object placement and distribution boundaries to be decided late in the design cycle and even dynamically. Inter-address-space parameter passing semantics may also be decided independently of object implementation and at varying times in the design cycle, again possibly as late as run-time. Furthermore, transmission policy may be defined on a per-class, per-method or per-parameter basis, maximizing plasticity. This flexibility is of utility in the development of new distributed applications, and the creation of management and monitoring infrastructures for existing applications.Comment: Submitted to EuroSys 200

Reflection-Aware Static Analysis of Android Apps

We demonstrate the benefits of DroidRA, a tool for taming reflection in Android apps. DroidRA first statically extracts reflection-related object values from a given Android app. Then, it leverages the extracted values to boost the app in a way that reflective calls are no longer a challenge for existing static analyzers. This is achieved through a bytecode instrumentation approach, where reflective calls are supplemented with explicit traditional Java method calls which can be followed by state-of-the-art analyzers which do not handle reflection. Instrumented apps can thus be completely analyzed by existing static analyzers, which are no longer required to be modified to support reflection-aware analysis. The video demo of DroidRA can be found at https://youtu.be/-HW0V68aAW

Code transplantation for adversarial malware

In the nefarious fight against attackers, a wide range of smart algorithms have been introduced, in order to block and even prevent new families of malware before their appearance. Machine learning, for instance, recently gained a lot of attention thanks to its ability to use generalization to possibly detect never-before-seen attacks or variants of a known one. During the past years, a lot of works have tested the strength of machine learning in the cybersecurity field, exploring its potentialities and weaknesses. In particular, various studies highlighted its robustness against adversarial attacks, proposing strategies to mitigate them . Unfortunately, all these findings have focused in testing their own discoveries just operating on the dataset at feature layer space, which is the virtual data representation space, without testing the current feasibility of the attack at the problem space level, modifying the current adversarial sample . For this reason, in this dissertation, we will introduce PRISM, a framework for executing an adversarial attack operating at the problem space level. Even if this framework focuses only on Android applications, the whole methodology can be generalized on other platforms, like Windows, Mac or Linux executable files. The main idea is to successfully evade a classifier by transplanting chunks of code, taken from a set of goodware to a given malware. Exactly as in medicine, we have a donor who donates organs and receivers who receive them, in this case, goodware applications are our donors, the organs are the needed code and the receiver is the targeted malware. In the following work we will discuss about concepts related to a wide variety of topics, ranging from machine learning, due to the target classifier, to static analysis, due to the possible countermeasures considered, to program analysis, due to the extraction techniques adopter, ending in mobile application, because the target operating system is Android

Integration of static analysis results with ProGuard optimizer for Android applications

Στην εποχή της ευρείας χρήσης των κινητών συσκευών, η ανάγκη για ελαφρύτερες και ταχύτερες εφαρμογές εξακολουθεί να υπάρχει, με σκοπό την καλύτερη αξιοποίηση των πόρων του συστήματος. Προκειμένου να επιτευχθεί αυτό, έχουν αναπτυχθεί διάφορα ερ- γαλεία για τη βελτιστοποίηση των εφαρμογών όσο το δυνατόν περισσότερο, μέσω της ανάλυσης προγραμμάτων. Στην περίπτωση των Android εφαρμογών, το κύριο εργαλείο που χρησιμοποιείται είναι ο βελτιστοποιητής ProGuard. Με βάση είτε κάποια προεπιλεγ- μένα αρχεία ρυθμίσεων, είτε κάποια που ορίζονται από τον προγραμματιστή, το ProGuard εκτελεί βελτιστοποιήσεις σε επίπεδο bytecode. Οι προεπιλεγμένες ρυθμίσεις, είναι αρκετά απλές και συντηρητικές, με αποτέλεσμα να χάνονται κάποιες ευκαιρίες για περαιτέρω βελτιστοποιήσεις. Επιπλέον, πολλές εφαρμογές συχνά εμπεριέχουν κώδικα βιβλιοθηκών, ή κάνουν χρήση δυναμικών χαρακτηριστικών της γλώσσας, όπως η ανάκλαση, για τα οποία πιθανώς χρειάζονται περαιτέρω ρυθμίσεις, απο τον προγραμματιστή. Παρουσιάζουμε μια προσπάθεια αυτοματοποίησης της παραγωγής των ρυθμίσεων του ProGuard, χρησιμοποιώντας το Doop: ένα framework στατικής ανάλυσης προγραμμάτων Java. Συμπεριλαμβάνουμε μια πειραματική σύγκριση των διαφόρων ρυθμίσεων που πα- ράγονται από το Doop, έναντι των προτεινόμενων προεπιλεγμένων ρυθμίσεων.In the era of the widespread usage of mobile devices, the requirement for more lightweight and faster applications continues to exist, aiming for better system resources utilization. In order to achieve this, many tools have been developed for optimizing applications as much as possible, with the aid of program analysis. In the case of Android applications, the main tool used is the ProGuard optimizer. Given configuration files, either default or defined by the programmer, ProGuard performs optimizations at the bytecode level. The default configurations are quite simple and conservative, thus leading to missing chances for further optimizations. Moreover, many applications usually come with library code, or use dynamic language features, such as reflection, for which further configuration may be required by the developer. We present an attempt to automate the generation of ProGuard configurations, using Doop framework: a Java static analysis framework. We include an experimental evaluation of the various configurations produced by the Doop framework, against the default suggested configurations