Operational and abstract semantics of the query language G-Log

The amount and variety of data available electronically have dramatically increased in the led decade; however, data and documents are stored in different ways and do notusual# show their internal structure. In order to take ful advantage of thetopolk9dQ# structure ofdigital documents, andparticulIII web sites, theirhierarchical organizationshouliz explizatio introducing a notion of querysimil; to the one usedin database systems. A good approach, in that respect, is the one provided bygraphical querylrydM#99; original; designed to model object bases and lndd proposed for semistructured data, la, G-Log. The aim of this paper is to providesuitabl graph-basedsemantics to thislisd;BI# supporting both data structure variabil#I andtopol#Ik;M similpol#I between queries and document structures. A suite ofoperational semantics basedon the notion ofbisimulQM#I is introduced both at theconcr--h level (instances) andat theabstru( level (schemata), giving rise to a semantic framework that benefits from the cross-fertil9;dl of tool originalM designed in quite different research areas (databases, concurrency,loncur static analysis)

L'esperienza di Ca' Foscari nel controllo antiplagio delle tesi di laurea

Nell'intervento verrà illustrato il processo di gestione online delle tesi di laurea a Ca' Foscari, che dal 2011 prevede il controllo antiplagio mediante l'utilizzo del software Compilatio. Verranno presentati i dati sinora raccolti relativi all'utilizzo di tale sistema e le principali problematiche riscontrate

Information leakage detection in boundary ambients

Abstract A variant of Mobile Ambient Calculus is introduced, called Boundary Ambient, to model multilevel security policies. Ambients that may guarantee to properly protect their content are explicitly identified as boundaries: a boundary can be seen as a resource access manager for confidential data. In this setting, we define a notion of non-interference which captures the absence of any (both direct and indirect) information leakage. Then, we guarantee non-interference by extending a control flow analysis that computes an over approximation of all ambients and capabilities that may be affected by the actual values of high level data

Static analysis for dummies: experiencing LiSA

Semantics-based static analysis requires a significant theoretical background before being able to design and implement a new analysis. Unfortunately, the development of even a toy static analyzer from scratch requires to implement an infrastructure (parser, control flow graphs representation, fixpoint algorithms, etc.) that is too demanding for bachelor and master students in computer science. This approach difficulty can condition the acquisition of skills on software verification which are of major importance for the design of secure systems. In this paper, we show how LiSA (Library for Static Analysis) can play a role in that respect. LiSA implements the basic infrastructure that allows a non-expert user to develop even simple analyses (e.g., dataflow and numerical non-relational domains) focusing only on the design of the appropriate representation of the property of interest and of the sound approximation of the program statements

Reducing Multiple Occurrences of Meta-Mark Selection in Relational Data Watermarking

Contrary to multimedia data watermarking approaches, it is not recommended that relational data watermarking techniques consider sequential selection for marks in the watermark and embedding locations in the protected digital asset. Indeed, considering the database relations' elements, i.e., tuples and attributes, when watermarking techniques are based on sequential processes, watermark detection can be easily compromised by performing subset reverse order attacks. As a result, attackers can obtain owner evidence-free high-quality data since no data modifications for mark removing are required for the malicious operation to succeed. A standard solution to this problem has been pseudo-random selection, which often leads to choosing the same marks multiple times, and ignoring others, thus compromising the embedding of the entire watermark. This work proposes an engine that contributes to controlling marks' recurrent selection, allowing marks excluded by previous approaches to be considered and detected with 100% accuracy. The experiments performed show a dramatic improvement of the embedded watermark quality when the proposed engine is included in watermarking techniques' architecture. They also provide evidence that this proposal leads to higher resilience against common malicious operations such as subset and superset attacks

Sentence Embedding Models for Similarity Detection of Software Requirements

Semantic similarity detection mainly relies on the availability of laboriously curated ontologies, as well as of supervised and unsupervised neural embedding models. In this paper, we present two domain-specific sentence embedding models trained on a natural language requirements dataset in order to derive sentence embeddings specific to the software requirements engineering domain. We use cosine-similarity measures in both these models. The result of the experimental evaluation confirm that the proposed models enhance the performance of textual semantic similarity measures over existing state-of-the-art neural sentence embedding models: we reach an accuracy of 88.35%—which improves by about 10% on existing benchmarks.Semantic similarity detection mainly relies on the availability of laboriously curated ontologies, as well as of supervised and unsupervised neural embedding models. In this paper, we present two domain-specific sentence embedding models trained on a natural language requirements dataset in order to derive sentence embeddings specific to the software requirements engineering domain. We use cosine-similarity measures in both these models. The result of the experimental evaluation confirm that the proposed models enhance the performance of textual semantic similarity measures over existing state-of-the-art neural sentence embedding models: we reach an accuracy of 88.35%—which improves by about 10% on existing benchmarks

Abstract program slicing on dependence condition graph

Abstract Many slicing techniques have been proposed based on the traditional Program Dependence Graph (PDG) representation. In traditional PDGs, the notion of dependency between statements is based on syntactic presence of a variable in the definition of another variable or on a conditional expression. Mastroeni and Zanardini first introduced the notion of semanticsbased data dependency, both at concrete and abstract domains, that helps in converting the traditional syntactic PDGs into more refined semanticsbased (abstract) PDGs by disregarding some false dependences from them. As a result, the slicing techniques based on these semantics-based (abstract) PDGs result into more precise slices. In this paper, we strictly improve this approach by (i) introducing the notion of semantic relevancy of statements, and (ii) combining it with conditional dependency. This allows us to transform syntactic PDGs into semantics-based (abstract) Dependence Condition Graphs (DCGs) that enable to identify the conditions for dependences between program points

Cross-Programming Language Taint Analysis for the IoT Ecosystem

The Internet of Things (IoT) is a key component for the next disruptive technologies. However, IoT merges together several diverse software layers: embedded, enterprise, and cloud programs interact with each other. In addition, security and privacy vulnerabilities of IoT software might be particularly dangerous due to the pervasiveness and physical nature of these systems. During the last decades, static analysis, and in particular taint analysis, has been widely applied to detect software vulnerabilities. Unfortunately, these analyses assume that software is entirely written in a single programming language, and they are not immediately suitable to detect IoT vulnerabilities where many different software components, written in different programming languages, interact. This paper discusses how to leverage existing static taint analyses to a cross-programming language scenario

Static analysis for discovering IoT vulnerabilities

The Open Web Application Security Project (OWASP), released the \u201cOWASP Top 10 Internet of Things 2018\u201d list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia\u2019s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies

Blockchain transaction analysis using dominant sets

Blockchain is an emerging backbone technology behind different crypto-currencies. It can also be used for other purposes and areas. There are different scalability issues associated with blockchain. It is important to know the in depth structure of blockchain by identifying common behaviors of the transactions and the effect of these behaviors on the nodes of the network. Dominant set approach can categorize the blockchain transactions into different clusters without mentioning number of clusters in advance. The experimental evaluation of blockchain transactions shows better clustering accuracy of dominant set approach than existing method of central clustering approach