A generic framework for context-sensitive analysis of modular programs

Context-sensitive analysis provides information which is potentially more accurate than that provided by context-free analysis. Such information can then be applied in order to validate/debug the program and/or to specialize the program obtaining important improvements. Unfortunately, context-sensitive analysis of modular programs poses important theoretical and practical problems. One solution, used in several proposals, is to resort to context-free analysis. Other proposals do address context-sensitive analysis, but are only applicable when the description domain used satisfies rather restrictive properties. In this paper, we argüe that a general framework for context-sensitive analysis of modular programs, Le., one that allows using all the domains which have proved useful in practice in the non-modular setting, is indeed feasible and very useful. Driven by our experience in the design and implementation of analysis and specialization techniques in the context of CiaoPP, the Ciao system preprocessor, in this paper we discuss a number of design goals for context-sensitive analysis of modular programs as well as the problems which arise in trying to meet these goals. We also provide a high-level description of a framework for analysis of modular programs which does substantially meet these objectives. This framework is generic in that it can be instantiated in different ways in order to adapt to different contexts. Finally, the behavior of the different instantiations w.r.t. the design goals that motivate our work is also discussed

Discovering Application-Level Insider Attacks Using Symbolic Execution

Coordinated Science Laboratory was formerly known as Control Systems LaboratoryNational Science Foundation / 727 NSF CNS 05-5166

Model based analysis of insider threats

In order to detect malicious insider attacks it is important to model and analyse infrastructures and policies of organisations and the insiders acting within them. We extend formal approaches that allow modelling such scenarios by quantitative aspects to enable a precise analysis of security designs. Our framework enables evaluating the risks of an insider attack to happen quantitatively. The framework first identifies an insider’s intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking. We provide prototype tool support using Matlab for Bayesian networks and PRISM for the analysis of Markov decision processes, and validate the framework with case studies

All terrain vehicle (ATV) accidents in Germany : a medical and technical analysis

Although ATV accidents account for numerous deaths in the US and Australia, the role in traffic accidents and hospital admissions in Germany is unknown. At a level I trauma centre, hospital and crash charts were analysed for medical and technical parameters of ATV accidents. ATV drivers were 0.1% of emergency trauma patients. The mean total hospital stayrnwas 15 days; there were 1.5 stays per patients with 2.0 surgical procedures needed. One patient died, only two recovered fully. 14 cases of ATV accidents out of 18990 (0.1%) were documented within 10 years. The mean impact velocity was 35 km/h. Car collisions were predominant. The upper extremity was the predominant injured region (AIS 0.7), Mean maximum AIS was 1.4. ATV accidents in Germany are rare but pose high risk for severe injuries. Possible reasons are low active and passive security, limited experience and risky driving behaviour. Preventive measures are discussed.r

Spine injuries in motor vehicle accidents - an analysis of 18353 traffic accidents between 1985 and 2004 with special consideration of injuries of the thoracolumbar spine in relation to injury mechanisms

This study aims to analyze spine injuries in motor vehicle accidents. Between 1985 and 2004 the Hannover accident research unit documented 18353 accidents. We identified 161 front passengers (0.53%) with cervical spine injuries, 84 (0.28%) with thoracic and 95 (0.31%) with lumbar injuries. Technical and medical data was reviewed. Patients" records were retrieved. X-rays were evaluated and fractures were classified according to the Magerl classification. 68% and 57% of thoracic and lumbar fractures occurred in accidents with multiple impacts. Delta-v was 50, 40 and 40 kph in passengers with cervical, thoracic and lumbar spine, resp. Passengers with spinal fractures frequently showed numerous concomitant injuries, e.g. additional vertebral fractures. The influence of seat belts and airbags is discussed. Patient work-up has to include a thorough investigation for additional injuries

Privacy Penetration Testing: How to Establish Trust in Your Cloud Provider

© Springer Science+Business Media B.V. 2012. In the age of cloud computing, IT infrastructure becomes virtualised and takes the form of services. This virtualisation results in an increasing de-perimeterisation, where the location of data and computation is irrelevant from a user's point of view. This irrelevance means that private and institutional users no longer have a concept of where their data is stored, and whether they can trust in cloud providers to protect their data. In this chapter, we investigate methods for increasing customers’ trust into cloud providers, and suggest a public penetration-testing agency as an essential component in a trustworthy cloud infrastructure