A Screening Test for Disclosed Vulnerabilities in FOSS Components

Free and Open Source Software (FOSS) components are ubiquitous in both proprietary and open source applications. Each time a vulnerability is disclosed in a FOSS component, a software vendor using this an application must decide whether to update the FOSS component, patch the application itself, or just do nothing as the vulnerability is not applicable to the older version of the FOSS component used. This is particularly challenging for enterprise software vendors that consume thousands of FOSS components and offer more than a decade of support and security fixes for their applications. Moreover, customers expect vendors to react quickly on disclosed vulnerabilities—in case of widely discussed vulnerabilities such as Heartbleed, within hours. To address this challenge, we propose a screening test: a novel, automatic method based on thin slicing, for estimating quickly whether a given vulnerability is present in a consumed FOSS component by looking across its entire repository. We show that our screening test scales to large open source projects (e.g., Apache Tomcat, Spring Framework, Jenkins) that are routinely used by large software vendors, scanning thousands of commits and hundred thousands lines of code in a matter of minutes. Further, we provide insights on the empirical probability that, on the above mentioned projects, a potentially vulnerable component might not actually be vulnerable after all

Modelling, validating, and ranking of secure service compositions

This is the author accepted manuscript. The final version is available from the publisher via the DOI in this recordIn the world of large-scale applications, software as a service (SaaS) in general and use of microservices, in particular, is bringing service-oriented architectures to a new level: Systems in general and systems that interact with human users (eg, sociotechnical systems) in particular are built by composing microservices that are developed independently and operated by different parties. At the same time, SaaS applications are used more and more widely by enterprises as well as public services for providing critical services, including those processing security or privacy of relevant data. Therefore, providing secure and reliable service compositions is increasingly needed to ensure the success of SaaS solutions. Building such service compositions securely is still an unsolved problem. In this paper, we present a framework for modelling, validating, and ranking secure service compositions that integrate both automated services as well as services that interact with humans. As a unique feature, our approach for ranking services integrates validated properties (eg, based on the result of formally analysing the source code of a service implementation) as well as contractual properties that are part of the service level agreement and, thus, not necessarily ensured on a technical level

The sensitivity of satellite microwave observations to liquid water in the Antarctic snowpack

Surface melting on the Antarctic Ice Sheet has been monitored by satellite microwave radiometry for over 40 years. Despite this long perspective, our understanding of the microwave emission from wet snow is still limited, preventing the full exploitation of these observations to study supraglacial hydrology. Using the Snow Microwave Radiative Transfer (SMRT) model, this study investigates the sensitivity of microwave brightness temperature to snow liquid water content at frequencies from 1.4 to 37 GHz. We first determine the snowpack properties for eight selected coastal sites by retrieving profiles of density, grain size and ice layers from microwave observations when the snowpack is dry during wintertime. Second, a series of brightness temperature simulations is run with added water. The results show that (i) a small quantity of liquid water (≈0.5 kg m−2) can be detected, but the actual quantity cannot be retrieved out of the full range of possible water quantities; (ii) the detection of a buried wet layer is possible up to a maximum depth of 1 to 6 m depending on the frequency (6–37 GHz) and on the snow properties (grain size, density) at each site; (iii) surface ponds and water-saturated areas may prevent melt detection, but the current coverage of these waterbodies in the large satellite field of view is presently too small in Antarctica to have noticeable effects; and (iv) at 1.4 GHz, while the simulations are less reliable, we found a weaker sensitivity to liquid water and the maximal depth of detection is relatively shallow (&lt;10 m) compared to the typical radiation penetration depth in dry firn (≈1000 m) at this low frequency. These numerical results pave the way for the development of improved multi-frequency algorithms to detect melt intensity and the depth of liquid water below the surface in the Antarctic snowpack.</p

Simulation of the Microwave Emission of Multi-layered Snowpacks Using the Dense Media Radiative Transfer Theory: the DMRT-ML Model

DMRT-ML is a physically based numerical model designed to compute the thermal microwave emission of a given snowpack. Its main application is the simulation of brightness temperatures at frequencies in the range 1-200 GHz similar to those acquired routinely by spacebased microwave radiometers. The model is based on the Dense Media Radiative Transfer (DMRT) theory for the computation of the snow scattering and extinction coefficients and on the Discrete Ordinate Method (DISORT) to numerically solve the radiative transfer equation. The snowpack is modeled as a stack of multiple horizontal snow layers and an optional underlying interface representing the soil or the bottom ice. The model handles both dry and wet snow conditions. Such a general design allows the model to account for a wide range of snow conditions. Hitherto, the model has been used to simulate the thermal emission of the deep firn on ice sheets, shallow snowpacks overlying soil in Arctic and Alpine regions, and overlying ice on the large icesheet margins and glaciers. DMRT-ML has thus been validated in three very different conditions: Antarctica, Barnes Ice Cap (Canada) and Canadian tundra. It has been recently used in conjunction with inverse methods to retrieve snow grain size from remote sensing data. The model is written in Fortran90 and available to the snow remote sensing community as an open-source software. A convenient user interface is provided in Python

Model Transformation as Conservative Theory-Transformation

This is the final version. Available on open access from the Journal of Object Technology via the DOI in this recordModel transformations play a central role in model-driven software development. Hence, logical unsafe model transformation can result in erroneous systems. Still, most model transformations are written in languages that do not provide built-in safeness guarantees. We present a new technique to construct tool support for domain-specific languages (DSLs) inside the interactive theorem prover environment Isabelle. Our approach is based on modeling the DSL formally in higher-order logic (HOL), modeling the API of Isabelle inside it, and defining the transformation between these two. Reflection via the powerful code generators yields code that can be integrated as extension into Isabelle and its user interface. Moreover, we use code generation to produce tactic code which is bound to appropriate command-level syntax. Our approach ensures the logical safeness (conservativity) of the theorem prover extension and, thus, provides a certified tool for the DSL in all aspects: the deductive capacities of theorem prover, code generation, and IDE support. We demonstrate our approach by extending Isabelle/HOL with support for UML/OCL and, more generally, providing support for a formal object-oriented modeling method

Recent Developments in OCL and Textual Modelling

The panel session of the 16th OCL workshop featured a lightning talk session for discussing recent developments and open questions in the area of OCL and textual modelling. During this session, the OCL community discussed, stimulated through short presentations by OCL experts, tool support, potential future extensions, and suggested initiatives to make the textual modelling community even more successful. This collaborative paper, to which each OCL expert contributed one section, summarises the discussions as well as describes the recent developments and open questions presented in the lightning talks

Primitive-based payment systems for flexible value transfer in the personal router

Thesis (S.M.)--Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program, 2002.Includes bibliographical references (p. 149-154).This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.The Personal Router is a mobile communication device developed by the Advanced Network Architecture group at the MIT Laboratory for Computer Science. The Personal Router is able to select and negotiate connectivity with local providers for different kinds of services and interfaces. It needs payment procedures to support these services. As this device is designed to be used in many distinct unpredictable contexts, it cannot implement a single payment system. The complexity of existing payment systems has to be mapped into this new environment. A different payment system must be chosen each time, depending on many variables such as costs, environmental constraints, privacy, user and provider's needs and preferences. Privacy is a major issue for this device. In effect, getting wireless and mobile service everywhere will possibly leave an easily traceable trail; moreover, using this device supposes negotiating with many different untrusted providers and paying for the service. This can create huge potential threats for privacy and personal data management if this issue is not included in the early stage of the design. Legal requirements and user preferences and expectations for privacy in electronic transactions are therefore explored. Past attempts to enhance privacy in different environments are examined. Reasons why most of them have failed and some of them are struggling to stay alive are analyzed. New privacy threats faced by the Personal Router are considered. A new approach based on building blocks is made. Payment systems are split into primitive operations; each of them implements one step of a transaction. The combination of these building blocks replicates a payment protocol. The characteristics of a payment system can then be derived from the analysis of the implementation of each of these primitives. Users' preferences are defined by attributes. Payment systems can then be compared through their primitives and even slightly modified to be closer to users' ideal system by altering the primitives. The modular approach makes this easier. This framework is successfully tested on three major electronic payment systems. Several limitations of this approach and open issues related to the Personal Router are exposed.by Xavier F. Brucker.S.M

Emerging Topics in Textual Modelling

This is the final version. Available on open access via the link in this recordOCL 2019: Object Constraint Language and Textual Modeling 2019. 19th International Workshop in OCL and Textual Modeling (OCL 2019) co-located with IEEE/ACM 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS 2019), 16 September 2019, Munich, GermanyThe 19th edition of the OCL workshop featured a lightning talk session where authors were invited to present their recent work and open questions related to textual modeling in general and OCL in particular. These 5 minute presentations triggered fruitful discussions within the OCL community on the usage of textual modeling, model validation, and specific technical points of the OCL specification. This community paper provides an overview of the presented contributions (one per section), as well as a summary of the questions and discussions they have triggered during the session

Disruption of termite gut-microbiota and its prolonged fitness consequences

Author Posting. © The Author(s), 2011. This is the author's version of the work. It is posted here by permission of American Society for Microbiology for personal use, not for redistribution. The definitive version was published in Applied and Environmental Microbiology 77 (2011): 4303-4312, doi:10.1128/AEM.01886-10.The disruption of host-symbiont interactions through the use of antibiotics can help elucidate microbial functions that go beyond short-term nutritional value. Termite gut symbionts have been studied extensively, but little is known about their impact on the termite’s reproductive output. Here we describe the effect that the antibiotic rifampin has not only on the gut microbial diversity, but also on the longevity, fecundity, and weight of two termite species - Zootermopsis angusticollis and Reticulitermes flavipes. We report three key findings: (i) the antibiotic rifampin, when fed to primary reproductives during the incipient stages of colony foundation, causes a permanent reduction in the diversity of gut bacteria, and a transitory effect on the density of the protozoan community, (ii) rifampin treatment reduces oviposition rates of queens, translating into delayed colony growth and ultimately reduced colony fitness and (iii) the initial dosages of rifampin on reproduction and colony fitness had severe longterm fitness effects on Z. angusticollis survivorship and colony size. Taken together, our findings demonstrate that the antibiotic-induced perturbation of the microbial community associates with prolonged reductions in longevity and fecundity. A causal relationship between these changes in the gut microbial population structures and fitness is suggested by the acquisition of opportunistic pathogens and incompetence of the termites to restore a pre-treatment, native microbiota. Our results indicate that antibiotic treatment significantly alters the termite’s microbiota, reproduction, colony establishment and ultimately, colony growth and development. We discuss the implications for antimicrobials as a new application to the control of termite pest species.This research was funded by the Louis Stokes Minority Program which supported Jessica Dumas, NSF CAREER award DEB 0447316 to Rosengaus RB, and NSF IOS-0852344 and NAI NNA04CC04A to Bordenstein SR

Formalizing (web) standards: an application of test and proof

Most popular technologies are based on informal or semiformal standards that lack a rigid formal semantics. Typical examples include web technologies such as the DOM or HTML, which are defined by the Web Hypertext Application Technology Working Group (WHATWG) and the World Wide Web Consortium (W3C). While there might be API specifications and test cases meant to assert the compliance of a certain implementation, the actual standard is rarely accompanied by a formal model that would lend itself for, e.g., verifying the security or safety properties of real systems. Even when such a formalization of a standard exists, two important questions arise: first, to what extend does the formal model comply to the standard and, second, to what extend does the implementation comply to the formal model and the assumptions made during the verification? In this paper, we present an approach that brings all three involved artifacts - the (semi-)formal standard, the formalization of the standard, and the implementations - closer together by combining verification, symbolic execution, and specification based testing