29 research outputs found
The Meaning of Memory Safety
We give a rigorous characterization of what it means for a programming
language to be memory safe, capturing the intuition that memory safety supports
local reasoning about state. We formalize this principle in two ways. First, we
show how a small memory-safe language validates a noninterference property: a
program can neither affect nor be affected by unreachable parts of the state.
Second, we extend separation logic, a proof system for heap-manipulating
programs, with a memory-safe variant of its frame rule. The new rule is
stronger because it applies even when parts of the program are buggy or
malicious, but also weaker because it demands a stricter form of separation
between parts of the program state. We also consider a number of pragmatically
motivated variations on memory safety and the reasoning principles they
support. As an application of our characterization, we evaluate the security of
a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio
Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution
Instruction-set randomization (ISR) obfuscates the "language" understood by a system to protect against code-injection attacks by presenting an ever-changing target. ISR was originally motivated by code injection through buffer overflow vulnerabilities. However, Stuxnet demonstrated that attackers can exploit other vectors to place malicious binaries into a victim’s filesystem and successfully launch them, bypassing most mechanisms proposed to counter buffer overflows. We propose the holistic adoption of ISR across the software stack, preventing the execution of unauthorized binaries and scripts regardless of their origin. Our approach requires that programs be randomized with different keys during a user-controlled installation, effectively combining the benefits of code whitelisting/signing and runtime program integrity. We discuss how an ISR-enabled environment for binaries can be implemented with little overhead in hardware, and show that higher-overhead software only alternatives are possible. We use Perl and SQL to demonstrate the application of ISR in scripting environments with negligible overhead
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
Symbolic Computation via Program Transformation
Symbolic computation is an important approach in automated program analysis.
Most state-of-the-art tools perform symbolic computation as interpreters and
directly maintain symbolic data. In this paper, we show that it is feasible,
and in fact practical, to use a compiler-based strategy instead. Using compiler
tooling, we propose and implement a transformation which takes a standard
program and outputs a program that performs semantically equivalent, but
partially symbolic, computation. The transformed program maintains symbolic
values internally and operates directly on them hence the program can be
processed by a tool without support for symbolic manipulation.
The main motivation for the transformation is in symbolic verification, but
there are many other possible use-cases, including test generation and concolic
testing. Moreover using the transformation simplifies tools, since the symbolic
computation is handled by the program directly. We have implemented the
transformation at the level of LLVM bitcode. The paper includes an experimental
evaluation, based on an explicit-state software model checker as a verification
backend
Mechanized semantics for the Clight subset of the C language
This article presents the formal semantics of a large subset of the C
language called Clight. Clight includes pointer arithmetic, "struct" and
"union" types, C loops and structured "switch" statements. Clight is the source
language of the CompCert verified compiler. The formal semantics of Clight is a
big-step operational semantics that observes both terminating and diverging
executions and produces traces of input/output events. The formal semantics of
Clight is mechanized using the Coq proof assistant. In addition to the
semantics of Clight, this article describes its integration in the CompCert
verified compiler and several ways by which the semantics was validated.Comment: Journal of Automated Reasoning (2009
Different Factors Affecting Human ANP Amyloid Aggregation and Their Implications in Congestive Heart Failure
Atrial Natriuretic Peptide (ANP)-containing amyloid is frequently found in the elderly heart. No data exist regarding ANP aggregation process and its link to pathologies. Our aims were: i) to experimentally prove the presumptive association of Congestive Heart Failure (CHF) and Isolated Atrial Amyloidosis (IAA); ii) to characterize ANP aggregation, thereby elucidating IAA implication in the CHF pathogenesis.A significant prevalence (85\%) of IAA was immunohistochemically proven ex vivo in biopsies from CHF patients. We investigated in vitro (using Congo Red, Thioflavin T, SDS-PAGE, transmission electron microscopy, infrared spectroscopy) ANP fibrillogenesis, starting from α-ANP as well as the ability of dimeric β-ANP to promote amyloid formation. Different conditions were adopted, including those reproducing β-ANP prevalence in CHF. Our results defined the uncommon rapidity of α-ANP self-assembly at acidic pH supporting the hypothesis that such aggregates constitute the onset of a fibrillization process subsequently proceeding at physiological pH. Interestingly, CHF-like conditions induced the production of the most stable and time-resistant ANP fibrils suggesting that CHF affected people may be prone to develop IAA.We established a link between IAA and CHF by ex vivo examination and assessed that β-ANP is, in vitro, the seed of ANP fibrils. Our results indicate that β-ANP plays a crucial role in ANP amyloid deposition under physiopathological CHF conditions. Overall, our findings indicate that early IAA-related ANP deposition may occur in CHF and suggest that these latter patients should be monitored for the development of cardiac amyloidosis
A survey of security issue in multi-agent systems
Multi-agent systems have attracted the attention of researchers because of agents' automatic, pro-active, and dynamic problem solving behaviors. Consequently, there has been a rapid development in agent technology which has enabled us to provide or receive useful and convenient services in a variety of areas such as banking, transportation, e-business, and healthcare. In many of these services, it is, however, necessary that security is guaranteed. Unless we guarantee the security services based on agent-based systems, these services will face significant deployment problems. In this paper, we survey existing work related to security in multi-agent systems, especially focused on access control and trust/reputation, and then present our analyses. We also present existing problems and discuss future research challenges. © Springer Science+Business Media B.V 2011
Stopping injection attacks with code and structured data
Injection attacks top the lists of the most harmful software vulnerabilities. Injection vulnerabilities are both commonplace and easy to exploit, which makes development of injection protection schemes important. In this article, we show how injection attacks can be practically eliminated through the use of structured data paired with cryptographic verification codes upon transmission.peerReviewe