Cost Recurrences for DML Programs

A cost recurrence describes an upper bound for the running time of a program in terms of the size of its input. Finding cost recurrences is a frequent intermediate step in complexity analysis, and this step requires an abstraction from data to data size. In this article, we use information contained in dependent types to achieve such an abstraction: Dependent ML (DML), a conservative extension of ML, provides dependent types that can be used to associate data with size information, thus describing a possible abstraction. We systematically extract cost recurrences from first-order DML programs, guiding the abstraction from data to data size with information contained in DML type derivations

The Second Futamura Projection for Type-Directed Partial Evaluation

A generating extension of a program specializes the program with respect to part of the input. Applying a partial evaluator to the program trivially yields a generating extension, but specializing the partial evaluator with respect to the program often yields a more efficient one. This specialization can be carried out by the partial evaluator itself; in this case, the process is known as the second Futamura projection. We derive an ML implementation of the second Futamura projection for Type-Directed Partial Evaluation (TDPE). Due to the differences between `traditional', syntax-directed partial evaluation and TDPE, this derivation involves several conceptual and technical steps. These include a suitable formulation of the second Futamura projection and techniques for making TDPE amenable to self-application. In the context of the second Futamura projection, we also compare and relate TDPE with conventional offline partial evaluation.We demonstrate our technique with several examples, includingcompiler generation for Tiny, a prototypical imperative language

The Second Futamura Projection for Type-Directed Partial Evaluation

A generating extension of a program specializes it with respect tosome specified part of the input. A generating extension of a programcan be formed trivially by applying a partial evaluator to the program;the second Futamura projection describes the automatic generationof non-trivial generating extensions by applying a partial evaluator toitself with respect to the programs.We derive an ML implementation of the second Futamura projection for Type-Directed Partial Evaluation (TDPE). Due to the differences between `traditional', syntax-directed partial evaluation andTDPE, this derivation involves several conceptual and technical steps.These include a suitable formulation of the second Futamura projection and techniques for making TDPE amenable to self-application. Inthe context of the second Futamura projection, we also compare andrelate TDPE with conventional offline partial evaluation.We demonstrate our technique with several examples, includingcompiler generation for Tiny, a prototypical imperative language

A Unifying Approach to Goal-Directed Evaluation

Goal-directed evaluation, as embodied in Icon and Snobol, is built on the notions of backtracking and of generating successive results, and therefore it has always been something of a challenge to specify and implement. In this article, we address this challenge using computational monads and partial evaluation. We consider a subset of Icon and we specify it with a monadic semantics and a list monad. We then consider a spectrum of monads that also fit the bill, and we relate them to each other. For example, we derive a continuation monad as a Church encoding of the list monad. The resulting semantics coincides with Gudeman's continuation semantics of Icon. We then compile Icon programs by specializing their interpreter (i.e., by using the first Futamura projection), using type-directed partial evaluation. Through various back ends, including a run-time code generator, we generate ML code, C code, and OCaml byte code. Binding-time analysis and partial evaluation of the continuation-based interpreter automatically give rise to C programs that coincide with the result of Proebsting's optimized compiler

Partial Evaluation of Pattern Matching in Strings, revisited

Specializing string matchers is a canonical example of partial evaluation. A naive implementation of a string matcher repeatedly matches apattern against every substring of the data string; this operation shouldintuitively benefit from specializing the matcher with respect to the pattern. In practice, however, producing an efficient implementation by performing this specialization using standard partial-evaluation techniqueshas been found to require non-trivial binding-time improvements. Starting with a naive matcher, we thus present a derivation of a binding-timeimproved string matcher. We prove its correctness and show that specialization with respect to a pattern yields a matcher with code size linearin the length of the pattern and running time linear in the length of itsinput. We then consider several variants of matchers that specialize well,amongst them the first such matcher presented in the literature, and wedemonstrate how variants can be derived from each other systematically

Better Safe Than Sorry! Automated Identification of Functionality-Breaking Security-Configuration Rules

Insecure default values in software settings can be exploited by attackers to compromise the system that runs the software. As a countermeasure, there exist security-configuration guides specifying in detail which values are secure. However, most administrators still refrain from hardening existing systems because the system functionality is feared to deteriorate if secure settings are applied. To foster the application of security-configuration guides, it is necessary to identify those rules that would restrict the functionality. This article presents our approach to use combinatorial testing to find problematic combinations of rules and machine learning techniques to identify the problematic rules within these combinations. The administrators can then apply only the unproblematic rules and, therefore, increase the system's security without the risk of disrupting its functionality. To demonstrate the usefulness of our approach, we applied it to real-world problems drawn from discussions with administrators at Siemens and found the problematic rules in these cases. We hope that this approach and its open-source implementation motivate more administrators to harden their systems and, thus, increase their systems' general security.Comment: Peer-reviewed version accepted for publication at the 4th ACM/IEEE International Conference on Automation of Software Test (AST 2023), May 15--16, 2023, Melbourne, A

Automated Identification of Security-Relevant Configuration Settings Using NLP

To secure computer infrastructure, we need to configure all security-relevant settings. We need security experts to identify security-relevant settings, but this process is time-consuming and expensive. Our proposed solution uses state-of-the-art natural language processing to classify settings as security-relevant based on their description. Our evaluation shows that our trained classifiers do not perform well enough to replace the human security experts but can help them classify the settings. By publishing our labeled data sets and the code of our trained model, we want to help security experts analyze configuration settings and enable further research in this area.Comment: Peer-reviewed version accepted for publication in the Industry Showcase track at the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE '22), October 10--14, 2022, Rochester, MI, US

Hardening with Scapolite: a DevOps-based Approach for Improved Authoring and Testing of Security-Configuration Guides in Large-Scale Organizations

Security Hardening is the process of configuring IT systems to ensure the security of the systems' components and data they process or store. In many cases, so-called security-configuration guides are used as a basis for security hardening. These guides describe secure configuration settings for components such as operating systems and standard applications. Rigorous testing of security-configuration guides and automated mechanisms for their implementation and validation are necessary since erroneous implementations or checks of hardening guides may severely impact systems' security and functionality. At Siemens, centrally maintained security-configuration guides carry machine-readable information specifying both the implementation and validation of each required configuration step. The guides are maintained within git repositories; automated pipelines generate the artifacts for implementation and checking, e.g., PowerShell scripts for Windows, and carry out testing of these artifacts on AWS images. This paper describes our experiences with our DevOps-inspired approach for authoring, maintaining, and testing security-configuration guides. We want to share these experiences to help other organizations with their security hardening and, thus, increase their systems' security.Comment: We submitted this article as a full-length paper. Unfortunately, the CODASPY Program Committee decided that our paper can only be accepted in the tool track. Thus, the published version only consists of 6 page

Evaluating cloud deployment scenarios based on security and privacy requirements

Migrating organisational services, data and application on the Cloud is an important strategic decision for organisations due to the large number of benefits introduced by the usage of cloud computing, such as cost reduction and on demand resources. Despite, however, of the many benefits, there are challenges and risks for cloud adaption related to (amongst others) data leakage, insecure APIs, and shared technology vulnerabilities. These challenges need to be understood and analysed in the context of an organisation relevant cloud computing deployment models. Although, the literature provides a large number of references to works that consider cloud computing security issues, no work has been provided, to our knowledge, which supports the elicitation of security and privacy requirements and the selection of an appropriate cloud deployment model based on such requirements. This work contributes towards this gap. In particular, we propose a requirements engineering framework to support the elicitation of security and privacy requirements and the selection of an appropriate deployment model based on the elicited requirements. Our framework provides a modelling language that builds on concepts from requirements, security, privacy and cloud engineering and a systematic process. We use a real case study, based on the Greek National Gazette, to demonstrate the applicability of our work

Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts

Cloud computing is without a doubt one of the most significant innovations presented in the global technological map. This new generation of technology has the potential to positively change our lives since on the one hand it provides capabilities that make our digital lives much easier, than before, while on the other hand it assists developers in creating services that can be disseminated easier and faster, than before, and with significantly less cost. However, one of the major research challenges for the successful deployment of cloud services is a clear understanding of security and privacy issues on a cloud environment, since the cloud architecture has dissimilarities comparing to the traditional distributed systems. Such differences might introduce new threats and require different treatment of security and privacy issues. Nevertheless, current security and privacy requirements engineering techniques and methodologies have not been developed with cloud computing in mind and fail to capture the unique characteristics of such domain. It is therefore important to understand security and privacy within the context of cloud computing and identify relevant security and privacy properties and threats that will support techniques and methodologies aimed to analyze and design secure cloud based systems. The contribution of this paper to the literature is two-fold. Firstly, it provides a clear linkage between a set of critical cloud computing areas with security and privacy threats and properties. Secondly, it introduces a number of requirements for analysis and design methodologies to consider for security and privacy concerns in the cloud