196 research outputs found
Operational and abstract semantics of the query language G-Log
The amount and variety of data available electronically have dramatically increased in the led decade; however, data and documents are stored in different ways and do notusual# show their internal structure. In order to take ful advantage of thetopolk9dQ# structure ofdigital documents, andparticulIII web sites, theirhierarchical organizationshouliz explizatio introducing a notion of querysimil; to the one usedin database systems. A good approach, in that respect, is the one provided bygraphical querylrydM#99; original; designed to model object bases and lndd proposed for semistructured data, la, G-Log. The aim of this paper is to providesuitabl graph-basedsemantics to thislisd;BI# supporting both data structure variabil#I andtopol#Ik;M similpol#I between queries and document structures. A suite ofoperational semantics basedon the notion ofbisimulQM#I is introduced both at theconcr--h level (instances) andat theabstru( level (schemata), giving rise to a semantic framework that benefits from the cross-fertil9;dl of tool originalM designed in quite different research areas (databases, concurrency,loncur static analysis)
L'esperienza di Ca' Foscari nel controllo antiplagio delle tesi di laurea
Nell'intervento verrĂ illustrato il processo di gestione online delle tesi di laurea a Ca' Foscari, che dal 2011 prevede il controllo antiplagio mediante l'utilizzo del software Compilatio. Verranno presentati i dati sinora raccolti relativi all'utilizzo di tale sistema e le principali problematiche riscontrate
Information leakage detection in boundary ambients
Abstract A variant of Mobile Ambient Calculus is introduced, called Boundary Ambient, to model multilevel security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, we define a notion of non-interference which captures the absence of any (both direct and indirect) information leakage. Then, we guarantee non-interference by extending a control flow analysis that computes an over approximation of all ambients and capabilities that may be affected by the actual values of high level data
Static analysis for dummies: experiencing LiSA
Semantics-based static analysis requires a significant theoretical background before being able to design and implement a new analysis. Unfortunately, the development of even a toy static analyzer from scratch requires to implement an infrastructure (parser, control flow graphs representation, fixpoint algorithms, etc.) that is too demanding for bachelor and master students in computer science. This approach difficulty can condition the acquisition of skills on software verification which are of major importance for the design of secure systems. In this paper, we show how LiSA (Library for Static Analysis) can play a role in that respect. LiSA implements the basic infrastructure that allows a non-expert user to develop even simple analyses (e.g., dataflow and numerical non-relational domains) focusing only on the design of the appropriate representation of the property of interest and of the sound approximation of the program statements
Reducing Multiple Occurrences of Meta-Mark Selection in Relational Data Watermarking
Contrary to multimedia data watermarking approaches, it is not recommended that relational data watermarking techniques consider sequential selection for marks in the watermark and embedding locations in the protected digital asset. Indeed, considering the database relations' elements, i.e., tuples and attributes, when watermarking techniques are based on sequential processes, watermark detection can be easily compromised by performing subset reverse order attacks. As a result, attackers can obtain owner evidence-free high-quality data since no data modifications for mark removing are required for the malicious operation to succeed. A standard solution to this problem has been pseudo-random selection, which often leads to choosing the same marks multiple times, and ignoring others, thus compromising the embedding of the entire watermark. This work proposes an engine that contributes to controlling marks' recurrent selection, allowing marks excluded by previous approaches to be considered and detected with 100% accuracy. The experiments performed show a dramatic improvement of the embedded watermark quality when the proposed engine is included in watermarking techniques' architecture. They also provide evidence that this proposal leads to higher resilience against common malicious operations such as subset and superset attacks
Sentence Embedding Models for Similarity Detection of Software Requirements
Semantic similarity detection mainly relies on the availability of laboriously curated ontologies, as well as of supervised and unsupervised neural embedding models. In this paper, we present two domain-specific sentence embedding models trained on a natural language requirements dataset in order to derive sentence embeddings specific to the software requirements engineering domain. We use cosine-similarity measures in both these models. The result of the experimental evaluation confirm that the proposed models enhance the performance of textual semantic similarity measures over existing state-of-the-art neural sentence embedding models: we reach an accuracy of 88.35%—which improves by about 10% on existing benchmarks.Semantic similarity detection mainly relies on the availability of laboriously curated ontologies, as well as of supervised and unsupervised neural embedding models. In this paper, we present two domain-specific sentence embedding models trained on a natural language requirements dataset in order to derive sentence embeddings specific to the software requirements engineering domain. We use cosine-similarity measures in both these models. The result of the experimental evaluation confirm that the proposed models enhance the performance of textual semantic similarity measures over existing state-of-the-art neural sentence embedding models: we reach an accuracy of 88.35%—which improves by about 10% on existing benchmarks
Abstract program slicing on dependence condition graph
Abstract Many slicing techniques have been proposed based on the traditional Program Dependence Graph (PDG) representation. In traditional PDGs, the notion of dependency between statements is based on syntactic presence of a variable in the definition of another variable or on a conditional expression. Mastroeni and Zanardini first introduced the notion of semanticsbased data dependency, both at concrete and abstract domains, that helps in converting the traditional syntactic PDGs into more refined semanticsbased (abstract) PDGs by disregarding some false dependences from them. As a result, the slicing techniques based on these semantics-based (abstract) PDGs result into more precise slices. In this paper, we strictly improve this approach by (i) introducing the notion of semantic relevancy of statements, and (ii) combining it with conditional dependency. This allows us to transform syntactic PDGs into semantics-based (abstract) Dependence Condition Graphs (DCGs) that enable to identify the conditions for dependences between program points
Cross-Programming Language Taint Analysis for the IoT Ecosystem
The Internet of Things (IoT) is a key component for the next disruptive technologies. However, IoT merges together several diverse software layers: embedded, enterprise, and cloud programs interact with each other. In addition, security and privacy vulnerabilities of IoT software might be particularly dangerous due to the pervasiveness and physical nature of these systems. During the last decades, static analysis, and in particular taint analysis, has been widely applied to detect software vulnerabilities. Unfortunately, these analyses assume that software is entirely written in a single programming language, and they are not immediately suitable to detect IoT vulnerabilities where many different software components, written in different programming languages, interact. This paper discusses how to leverage existing static taint analyses to a cross-programming language scenario
Static analysis for discovering IoT vulnerabilities
The Open Web Application Security Project (OWASP), released the \u201cOWASP Top 10 Internet of Things 2018\u201d list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia\u2019s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies
- …