Towards Vulnerability Discovery Using Staged Program Analysis

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents multiple challenges not the least of which is understanding what makes a bug exploitable and conveying this information to the developer. In this paper, we present the design and implementation of a practical vulnerability assessment framework, called Melange. Melange performs data and control flow analysis to diagnose potential security bugs, and outputs well-formatted bug reports that help developers understand and fix security bugs. Based on the intuition that real-world vulnerabilities manifest themselves across multiple parts of a program, Melange performs both local and global analyses. To scale up to large programs, global analysis is demand-driven. Our prototype detects multiple vulnerability classes in C and C++ code including type confusion, and garbage memory reads. We have evaluated Melange extensively. Our case studies show that Melange scales up to large codebases such as Chromium, is easy-to-use, and most importantly, capable of discovering vulnerabilities in real-world code. Our findings indicate that static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), July 201

Measuring Distance and Properties of the Milky Way's Central Supermassive Black Hole with Stellar Orbits

We report new precision measurements of the properties of our Galaxy's supermassive black hole. Based on astrometric (1995-2007) and radial velocity (2000-2007) measurements from the W. M. Keck 10-meter telescopes, a fully unconstrained Keplerian orbit for the short period star S0-2 provides values for Ro of 8.0+-0.6 kpc, M_bh of 4.1+-0.6x10^6 Mo, and the black hole's radial velocity, which is consistent with zero with 30 km/s uncertainty. If the black hole is assumed to be at rest with respect to the Galaxy, we can further constrain the fit and obtain Ro = 8.4+-0.4 kpc and M_bh = 4.5+-0.4x10^6 Mo. More complex models constrain the extended dark mass distribution to be less than 3-4x10^5 Mo within 0.01 pc, ~100x higher than predictions from stellar and stellar remnant models. For all models, we identify transient astrometric shifts from source confusion and the assumptions regarding the black hole's radial motion as previously unrecognized limitations on orbital accuracy and the usefulness of fainter stars. Future astrometric and RV observations will remedy these effects. Our estimates of Ro and the Galaxy's local rotation speed, which it is derived from combining Ro with the apparent proper motion of Sgr A*, (theta0 = 229+-18 km/s), are compatible with measurements made using other methods. The increased black hole mass found in this study, compared to that determined using projected mass estimators, implies a longer period for the innermost stable orbit, longer resonant relaxation timescales for stars in the vicinity of the black hole and a better agreement with the M_bh-sigma relation.Comment: ApJ, accepted (26 pages, 16 figures, 7 tables

The First Measurement of Spectral Lines in a Short-Period Star Bound to the Galaxy's Central Black Hole: A Paradox of Youth

We have obtained the first detection of spectral absorption lines in one of the high-velocity stars in the vicinity of the Galaxy's central supermassive black hole. Both Brgamma (2.1661 micron) and He I (2.1126 micron) are seen in absorption in S0-2 with equivalent widths (2.8+-0.3 Ang & 1.7+-0.4 Ang) and an inferred stellar rotational velocity (220+-40 km/s) that are consistent with that of an O8-B0 dwarf, which suggests that it is a massive (~15 Msun), young (<10 Myr) main sequence star. This presents a major challenge to star formation theories, given the strong tidal forces that prevail over all distances reached by S0-2 in its current orbit (130 - 1900 AU) and the difficulty in migrating this star inward during its lifetime from further out where tidal forces should no longer preclude star formation. The radial velocity measurements (-510+-40 km/s) and our reported proper motions for S0-2 strongly constrain its orbit, providing a direct measure of the black hole mass of 4.1(+-0.6)x10^6(Ro/8kpc)^3 Msun. The Keplerian orbit parameters have uncertainities that are reduced by a factor of 2-3 compared to previously reported values and include, for the first time, an independent solution for the dynamical center; this location, while consistent with the nominal infrared position of Sgr A*, is localized to a factor of 5 more precisely (+-2 milli-arcsec). Furthermore, the ambiguity in the inclination of the orbit is resolved with the addition of the radial velocity measurement, indicating that the star is behind the black hole at the time of closest approach and counter-revolving against the Galaxy. With further radial velocity measurements in the next few years, the orbit of S0-2 will provide the most robust estimate of the distance to the Galactic Center.Comment: 14 pages, Latex, Accepted for Publication in ApJ Letter

The Accelerations of Stars Orbiting the Milky Way's Central Black Hole

Recent measurements, of the velocities of stars near the center of the Milky Way have provided the strongest evidence for the presence of a supermassive black hole in a galaxy, but the observational uncertainties poorly constrain many of the properties of the black hole. Determining the accelerations of stars in their orbits around the center provides much more precise information about the position and mass of the black hole. Here we report measurements of the accelerations for three stars located ~0.005 pc from the central radio source Sgr A*; these accelerations are comparable to those experienced by the Earth as it orbits the Sun. These data increase the inferred minimum mass density in the central region of the Galaxy by an order of magnitude relative to previous results and localized the dark mass to within 0.05 +- 0.04 arcsec of the nominal position of Sgr A*. In addition, the orbital period of one of the observed stars could be as short as 15 years, allowing us the opportunity in the near future to observe an entire period.Comment: To appear in September 21 2000 issue of Natur