Clang and Coccinelle:synergising program analysis tools for CERT C Secure Coding Standard certification

Writing correct C programs is well-known to be hard, not least due to the many language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve on this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (in the current version) enumerates 118 rules and 182 recommendations with the aim of making C programs (more) secure. The large number of rules and recommendations makes automated tool support essential for certifying that a given system is in compliance with the standard. In this paper we report on ongoing work on integrating two state of the art analysis tools, Clang and Coccinelle, into a combined tool well suited for analysing and certifying C programs according to, e.g., the CERT C Secure Coding standard or the MISRA (the Motor Industry Software Reliability Assocation) C standard. We further argue that such a tool must be highly adaptable and customisable to each software project as well as to the certification rules required by a given standard. Clang is the C frontend for the LLVM compiler/virtual machine project which includes a comprehensive set of static analyses and code checkers. Coccinelle is a program transformation tool and bug-finder developed originally for the Linux kernel, but has been successfully used to find bugs in other Open Source projects such as WINE and OpenSSL

Modelling Social-Technical Attacks with Timed Automata

Attacks on a system often exploit vulnerabilities that arise from human behaviour or other human activity. Attacks of this type, so-called socio-technical attacks, cover everything from social engineering to insider attacks, and they can have a devastating impact on an unprepared organisation. In this paper we develop an approach towards modelling socio-technical systems in general and socio-technical attacks in particular, using timed automata and illustrate its application by a complex case study. Thanks to automated model checking and automata theory, we can automatically generate possible attacks in our model and perform analysis and simulation of both model and attack, revealing details about the specific interaction between attacker and victim. Using timed automata also allows for intuitive modelling of systems, in which quantities like time and cost can be easily added and analysed

The WCET Tool Challenge 2011

Following the successful WCET Tool Challenges in 2006 and 2008, the third event in this series was organized in 2011, again with support from the ARTIST DESIGN Network of Excellence. Following the practice established in the previous Challenges, the WCET Tool Challenge 2011 (WCC'11) defined two kinds of problems to be solved by the Challenge participants with their tools, WCET problems, which ask for bounds on the execution time, and flow-analysis problems, which ask for bounds on the number of times certain parts of the code can be executed. The benchmarks to be used in WCC'11 were debie1, PapaBench, and an industrial-strength application from the automotive domain provided by Daimler AG. Two default execution platforms were suggested to the participants, the ARM7 as "simple target'' and the MPC5553/5554 as a "complex target,'' but participants were free to use other platforms as well. Ten tools participated in WCC'11: aiT, Astr\'ee, Bound-T, FORTAS, METAMOC, OTAWA, SWEET, TimeWeaver, TuBound and WCA

Variations in accelerometry measured physical activity and sedentary time across Europe – harmonized analyses of 47,497 children and adolescents

Funder: Ministero delle Politiche Agricole Alimentari e Forestali; doi: http://dx.doi.org/10.13039/501100005401Funder: ZonMw; doi: http://dx.doi.org/10.13039/501100001826Funder: The Research Council of Norway, Division for Society and Health.Abstract: Background: Levels of physical activity and variation in physical activity and sedentary time by place and person in European children and adolescents are largely unknown. The objective of the study was to assess the variations in objectively measured physical activity and sedentary time in children and adolescents across Europe. Methods: Six databases were systematically searched to identify pan-European and national data sets on physical activity and sedentary time assessed by the same accelerometer in children (2 to 9.9 years) and adolescents (≥10 to 18 years). We harmonized individual-level data by reprocessing hip-worn raw accelerometer data files from 30 different studies conducted between 1997 and 2014, representing 47,497 individuals (2–18 years) from 18 different European countries. Results: Overall, a maximum of 29% (95% CI: 25, 33) of children and 29% (95% CI: 25, 32) of adolescents were categorized as sufficiently physically active. We observed substantial country- and region-specific differences in physical activity and sedentary time, with lower physical activity levels and prevalence estimates in Southern European countries. Boys were more active and less sedentary in all age-categories. The onset of age-related lowering or leveling-off of physical activity and increase in sedentary time seems to become apparent at around 6 to 7 years of age. Conclusions: Two third of European children and adolescents are not sufficiently active. Our findings suggest substantial gender-, country- and region-specific differences in physical activity. These results should encourage policymakers, governments, and local and national stakeholders to take action to facilitate an increase in the physical activity levels of young people across Europe