Statistical inference of static analysis rules

Various apparatus and methods are disclosed for identifying errors in program code. Respective numbers of observances of at least one correctness rule by different code instances that relate to the at least one correctness rule are counted in the program code. Each code instance has an associated counted number of observances of the correctness rule by the code instance. Also counted are respective numbers of violations of the correctness rule by different code instances that relate to the correctness rule. Each code instance has an associated counted number of violations of the correctness rule by the code instance. A respective likelihood of the validity is determined for each code instance as a function of the counted number of observances and counted number of violations. The likelihood of validity indicates a relative likelihood that a related code instance is required to observe the correctness rule. The violations may be output in order of the likelihood of validity of a violated correctness rule

The exokernel operating system architecture

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999.Includes bibliographical references (p. 115-120).This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.On traditional operating systems only trusted software such as privileged servers or the kernel can manage resources. This thesis proposes a new approach, the exokernel architecture, which makes resource management unprivileged but safe by separating management from protection: an exokernel protects resources, while untrusted application-level software manages them. As a result, in an exokernel system, untrusted software (e.g., library operating systems) can implement abstractions such as virtual memory, file systems, and networking. Themain thrusts of this thesis are: (1) how to build an exokernel system; (2) whether it is possible to build a real one; and (3) whether doing so is a good idea. Our results, drawn from two exokernel systems [25, 48], show that the approach yields dramatic benefits. For example, Xok, an exokernel, runs a web server an order of magnitude faster than the closest equivalent on the same hardware, common unaltered Unix applications up to three times faster, and improves global system performance up to a factor of five. The thesis also discusses some of the new techniques we have used to remove the overhead of protection. Themost unusual technique, untrusted deterministic functions, enables an exokernel to verify that applications correctly track the resources they own, eliminating the need for it to do so. Additionally, the thesis reflects on the subtle issues in using downloaded code for extensibility and the sometimes painful lessons learned in building three exokernel-based systems.by Dawson R. Engler.Ph.D

The design and implementation of a prototype exokernel operating system

Thesis (M.S.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1996.Includes bibliographical references (p. 99-106).by Dawson R. Engler.M.S

Model checking system software with CMC

Complex systems have errors that involve mishandled cor-ner cases in intricate sequences of events. Conventional test-ing techniques usually miss these errors. In recent years, formal verification techniques such as [5] have gained pop-ularity in checking a property in all possible behaviors of a system. However, such techniques involve generating an ab-stract model of the system. Such an abstraction process is unreliable, difficult and miss a lot of implementation errors. CMC is a framework for model checking a broad class of software written in the C programming language. CMC runs the software implementation directly without deriving an ab-stract model of the code. We used CMC to model check an existing implementation of AODV (Ad Hoc On Demand Dis-tance Vector) routing protocol and found a total of bugs in two implementations [7],[6] of the protocol. One of them is a bug in the actual specification of the AODV protocol [3]. We also used CMC on the IP Fragmentation module in the Linux TCP/IPv4 stack and verified its correctness for up to fragments per packet.

Decentralizing UNIX abstractions in the exokernel architecture

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1997.Includes bibliographical references (p. 49-51).by Héctor Manuel Briceño Pulido.M.Eng

Cosmic rays from Galactic pulsars

We calculate energy spectra and mass composition of cosmic rays accelerated by the galactic population of pulsars during their radio and gamma-ray phase. Several models proposed for the distribution of the initial parameters of the galactic pulsar population are considered. The best description of the observed cosmic ray spectrum and mass composition between 10^15 eV and 10^18 eV is obtained for the model B of Lorimer et al. (1993) in which the logs of initial pulsar periods and surface magnetic fields are given by the Gaussian distributions with the average values of log P[ms] = 2.6 and log B[G] = 12.3, respectively.Comment: 10 pages, 4 figures, A&A accepte

The MINESTRONE Architecture Combining Static and Dynamic Analysis Techniques for Software Security

We present MINESTRONE, a novel architecture that integrates static analysis, dynamic confinement, and code diversification techniques to enable the identification, mitigation and containment of a large class of software vulnerabilities in third-party software. Our initial focus is on software written in C and C++; however, many of our techniques are equally applicable to binary-only environments (but are not always as efficient or as effective) and for vulnerabilities that are not specific to these languages. Our system seeks to enable the immediate deployment of new software {e.g., a new release of an open-source project) and the protection of already deployed (legacy) software by transparently inserting extensive security instrumentation, while leveraging concurrent program analysis, potentially aided by runtime data gleaned from profiling actual use of the software, to gradually reduce the performance cost of the instrumentation by allowing selective removal or refinement. Artificial diversification techniques are used both as confinement mechanisms and for fault-tolerance purposes. To minimize the performance impact, we are leveraging multi-core hardware or (when unavailable) remote servers that enable quick identification of likely compromise. To cover the widest possible range of systems, we require no specific hardware or operating system features, although we intend to take advantage of such features where available to improve both runtime performance and vulnerability coverage

Canada-Africa Relations in Changing Core-Periphery Dynamics: A Chance to "Come Back" Differently

The Department of Foreign Affairs Canada sees the dynamism at play across the African continent as calling out for Canadian engagement. Africa in the twenty-first century is no longer the continent emerging from colonial rule; it seeks new forms of relationships with international partners. The African Development Bank, for instance, has identified five priorities for inclusive growth on the continent. The challenges are huge, as is the potential for transformative change. But the conditions for international collaboration in achieving these goals have changed; African leaders are seeking new forms of associations and teamwork. Canada has an opportunity to "come back" differently if it can look beyond its narrow mining interests and become an active partner working with public authorities in need of new and bold international partnerships. Unfortunately, Trudeau's "Canada is back" campaign does not look set to change the status quo. And, in a world where the political economic power is moving east, African countries do not have much reason to listen to Canada

Cosmic Rays from the Knee to the Highest Energies

This review summarizes recent developments in the understanding of high-energy cosmic rays. It focuses on galactic and presumably extragalactic particles in the energy range from the knee (10^15 eV) up to the highest energies observed (>10^20 eV). Emphasis is put on observational results, their interpretation, and the global picture of cosmic rays that has emerged during the last decade.Comment: Invited review, submitted to Progress in Particle and Nuclear Physic

Search for Charged Higgs Bosons at LEP

A search for pair-produced charged Higgs bosons is performed with the L3 detector at LEP using data collected at centre-of-mass energies between 189 and 209GeV, corresponding to an integrated luminosity of 629.4/pb. Decays into a charm and a strange quark or into a tau lepton and its neutrino are considered. No significant excess is observed and lower limits on the mass of the charged Higgs boson are derived at the 95% confidence level. They vary from 76.5 to 82.7GeV, as a function of the H->tv branching ratio