Týr: a dependent type system for spatial memory safety in LLVM
|
|
- Jonah Anderson
- 7 years ago
- Views:
Transcription
1 Týr: a dependent type system for spatial memory safety in LLVM Vítor De Araújo Álvaro Moreira (orientador) Rodrigo Machado (co-orientador) August 13, 2015 Vítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
2 igher-level languages are usually memory-safe A program cannot make an invalid access to memory Memory safety This usually has: Higher-level languages are usually memory-safe a static component A program cannot (e.g., make type an system invalid disallows access to memory invalid type casts) This usually has: a dynamic a static component (e.g., (e.g., run-time type system bounds disallows checking) invalid type casts) data carries a dynamic enough component metadata (e.g., with run-time it to bounds allow checking) e.g., array is data stored carriesas enough length metadata followed withby to elements allow runtime checking e.g., array is stored as length followed by elements int[] array int[] = new array int[] = new { 23, int[] 42, { 8123, }; 42, 81 }; array[1] = 13; (works) array[42] array[1] = 13; (throws = 13; exception) array[i] array[42] = 13; (may = 13; or may throws notexception throw exception) array[i] = 13; may or may not throw exception (dynamic check) 2/ Vítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
3 a dynamic component (e.g., run-time bounds checking) Memory data carries safety enough (or metadata lack thereof) with it to allow checking e.g., array is stored as length followed by elements In contrast, C data carries no metadata int[3] is just three contiguous integers in memory int array[] int[] = array { 23, = 42, new 81 int[] }; { 23, 42, 81 }; Language enforces no memory safety array[1] = 13; array[1] array[42] = 13; = 13; throws exception array[42] array[i] = 13; = (invalid 13; may memory may access; not throw may exception segfault, (dynamic check) array[i] = 13; may overwrite other program data) 2/16 Programmer has full control of data representation (no metadata) Programmer can decide when checks are needed However, very error-prone Source of bugs, security vulnerabilities (e.g., Heartbleed) Vítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
4 Recovering memory safety How can we recover memory safety in C programs? Traditional solution: add metadata to allow checking This has a number of drawbacks: It changes memory representation of objects requires recompilation of everything (external libraries, OS syscalls) C pointers can point to any part of an object No simple/cheap way to find metadata from an arbitrary pointer Pointers themselves must carry bounds, or separate data structure must be looked up Changes representation and/or is expensive But there is another way... ítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
5 Recovering memory safety A correct C program has no memory safety violations Programmer must keep track of array bounds, etc., manually Common idioms int sum(int *array, int len) struct data { int len; char *payload; }; Bounds information is already present in C programs But in an ad-hoc way that the compiler cannot check Solution: allow the programmer to formally express these relationships So that the compiler can validate their correct usage Vítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
6 Deputy Dependent type system for C Programmer adds annotations to pointers int sum(int * COUNT(len) array, int len) struct data { int len; char * COUNT(len) payload; }; Compiler now has enough information to check memory access Automatically insert checks to ensure correct usage Compiler employs the same metadata already present in the program Smaller memory overhead Inserted checks can often be proved redundant and optimized out for (i=0; i<len; i++) { assert(i>=0 && i<len); sum += array[i] } However, Deputy is based on CIL, which is C-only C++ suffers from the same problems Vítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
7 LLVM, Clang, Týr Our approach: Use LLVM instead of CIL LLVM is a language-agnostic framework for compilation, optimization code analysis and transformation in general designed around a typed assembly-like language (LLVM IR) Clang is a C/C++ compiler which emits LLVM IR We propose a dependent type system for LLVM IR, called Týr Support both C and C++ by targeting LLVM IR LLVM/Clang are actively developed, unlike CIL ítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
8 Týr-1 foo.c Clang foo.ll Týr-1 foo.ll + checks Annotation extractor foo.dep Compile C/C++ to Clang Check pointer foo.ll LLVM usage against provided annotations foo.ll Týr-2 + checks Insert run-timeopt checks + chk/opt Insert tracing information foo.ll* User diagnostics Vítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
9 Týr-2 Annotation extractor foo.dep foo.ll + checks LLVM opt foo.ll + chk/opt Týr-2 foo.ll* LLVM assembler User diagnostics Machine code Run the rest of the LLVM pipeline (optimizations) Look for checks which were found to be always false static error Remove tracing information and generate machine code Vítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
10 Type system Replaces LLVM IR pointer constructor (τ ) with two new types: Ptr τ, low-bound, high-bound : bounded pointer LocalVar τ : pointer to local variable in the stack Defines rules which ensure checks will be performed when a pointer is accessed: is this access valid? when metadata is modified: does this break any invariant? int f(int * COUNT(len) array, int len) { array[5] = 42; // is this within bounds? len = len + 1; // are these new bounds valid? } ítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
11 Current status Done Formal rules for typechecking and insertion of checks Initial work on building the LLVM module Next steps Implementation of the rules within LLVM module Experimental validation (performance, coverage) Proof of correctness of the type system Vítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
12 Related work Hardware-based approaches Watchdog (Nagarakatte et al.) (ISCAS 2012, CGO 2014) Uses hardware to speed up pointer bounds verification Automatic instrumentation of legacy code SoftBound (Nagarakatte et al.) (PLDI 2009) SAFECode (Dhurjati et al.) (PLDI 2006) CCured (Necula et al.) (TOPLAS 2005) Keep their own (possibly redundant) metadada Safe dialects of C Cyclone (Jim et al.) (USENIX 2002) Replaces unsafe C constructions with more well-behaved constructions ítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
13 Conclusion Approach based on dependent types Makes information already latent in C/C++ programs explicit Compiler can enforce invariants described the the programmer No change in data representation Allows partial/gradual migration Compatibility with external libraries Low overhead Reuse already existing information Compiler-inserted checks can be optimized ítor De Araújo Álvaro Moreira (orientador) Týr: Rodrigo a dependent Machado type (co-orientador) system for spatial memory safety in LLVM August 13, / 13
Dependent types and their application in memory-safe low-level programming
UNIVERSIDADE FEDERAL DO RIO GRANDE DO SUL INSTITUTO DE INFORMÁTICA PROGRAMA DE PÓS-GRADUAÇÃO EM COMPUTAÇÃO VÍTOR BUJÉS UBATUBA DE ARAÚJO Dependent types and their application in memory-safe low-level programming
More informationSemantic Analysis: Types and Type Checking
Semantic Analysis Semantic Analysis: Types and Type Checking CS 471 October 10, 2007 Source code Lexical Analysis tokens Syntactic Analysis AST Semantic Analysis AST Intermediate Code Gen lexical errors
More informationCompiling Object Oriented Languages. What is an Object-Oriented Programming Language? Implementation: Dynamic Binding
Compiling Object Oriented Languages What is an Object-Oriented Programming Language? Last time Dynamic compilation Today Introduction to compiling object oriented languages What are the issues? Objects
More informationMemory Safety for Low-Level Software/Hardware Interactions
Memory Safety for Low-Level Software/Hardware Interactions John Criswell University of Illinois criswell@uiuc.edu Nicolas Geoffray Université Pierre et Marie Curie INRIA/Regal nicolas.geoffray@lip6.fr
More informationCrash Course in Java
Crash Course in Java Based on notes from D. Hollinger Based in part on notes from J.J. Johns also: Java in a Nutshell Java Network Programming and Distributed Computing Netprog 2002 Java Intro 1 What is
More informationSecuring software by enforcing data-flow integrity
Securing software by enforcing data-flow integrity Manuel Costa Joint work with: Miguel Castro, Tim Harris Microsoft Research Cambridge University of Cambridge Software is vulnerable use of unsafe languages
More informationSAFECode: Enforcing Alias Analysis for Weakly Typed Languages
SAFECode: Enforcing Alias Analysis for Weakly Typed Languages Dinakar Dhurjati Sumant Kowshik Vikram Adve University of Illinois at Urbana-Champaign {dhurjati,kowshik,vadve}@cs.uiuc.edu Abstract Static
More informationCCured: Type-Safe Retrofitting of Legacy Software
pdfauthor CCured: Type-Safe Retrofitting of Legacy Software GEORGE C. NECULA, JEREMY CONDIT, MATTHEW HARREN, SCOTT McPEAK, and WESTLEY WEIMER University of California, Berkeley This paper describes CCured,
More informationEnforcing Security Policies. Rahul Gera
Enforcing Security Policies Rahul Gera Brief overview Security policies and Execution Monitoring. Policies that can be enforced using EM. An automata based formalism for specifying those security policies.
More informationTrustworthy Software Systems
Trustworthy Software Systems Greg Morrisett Cutting Professor of Computer Science School of Engineering & Applied Sciences Harvard University Little about me Research & Teaching Compilers, Languages, Formal
More informationA Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation
PLDI 03 A Static Analyzer for Large Safety-Critical Software B. Blanchet, P. Cousot, R. Cousot, J. Feret L. Mauborgne, A. Miné, D. Monniaux,. Rival CNRS École normale supérieure École polytechnique Paris
More informationKnow or Go Practical Quest for Reliable Software
Know or Go Practical Quest for Reliable Software Dr.-Ing. Jörg Barrho Dr.-Ing. Ulrich Wünsche AVACS Project meeting 25.09.2014 2014 Rolls-Royce Power Systems AG The information in this document is the
More information1 Abstract Data Types Information Hiding
1 1 Abstract Data Types Information Hiding 1.1 Data Types Data types are an integral part of every programming language. ANSI-C has int, double and char to name just a few. Programmers are rarely content
More informationSecuring software by enforcing data-flow integrity
Securing software by enforcing data-flow integrity Miguel Castro Microsoft Research Manuel Costa Microsoft Research University of Cambridge Tim Harris Microsoft Research Abstract Software attacks often
More informationFully Automated Static Analysis of Fedora Packages
Fully Automated Static Analysis of Fedora Packages Red Hat Kamil Dudka August 9th, 2014 Abstract There are static analysis tools (such as Clang or Cppcheck) that are able to find bugs in Fedora packages
More informationLecture 11 Doubly Linked Lists & Array of Linked Lists. Doubly Linked Lists
Lecture 11 Doubly Linked Lists & Array of Linked Lists In this lecture Doubly linked lists Array of Linked Lists Creating an Array of Linked Lists Representing a Sparse Matrix Defining a Node for a Sparse
More informationCSE 373: Data Structure & Algorithms Lecture 25: Programming Languages. Nicki Dell Spring 2014
CSE 373: Data Structure & Algorithms Lecture 25: Programming Languages Nicki Dell Spring 2014 What is a Programming Language? A set of symbols and associated tools that translate (if necessary) collections
More informationEmbedded Programming in C/C++: Lesson-1: Programming Elements and Programming in C
Embedded Programming in C/C++: Lesson-1: Programming Elements and Programming in C 1 An essential part of any embedded system design Programming 2 Programming in Assembly or HLL Processor and memory-sensitive
More informationBypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction
More informationCCured: Type-Safe Retrofitting of Legacy Software
CCured: Type-Safe Retrofitting of Legacy Software GEORGE C. NECULA, JEREMY CONDIT, MATTHEW HARREN, SCOTT McPEAK, and WESTLEY WEIMER University of California, Berkeley This article describes CCured, a program
More informationLLVMLinux: Embracing the Dragon
LLVMLinux: Embracing the Dragon Presented by: Behan Webster ( lead) Presentation Date: 2014.08.22 Clang/LLVM LLVM is a Toolchain Toolkit (libraries from which compilers and related technologies can be
More informationImplementation Aspects of OO-Languages
1 Implementation Aspects of OO-Languages Allocation of space for data members: The space for data members is laid out the same way it is done for structures in C or other languages. Specifically: The data
More informationVisualizing Information Flow through C Programs
Visualizing Information Flow through C Programs Joe Hurd, Aaron Tomb and David Burke Galois, Inc. {joe,atomb,davidb}@galois.com Systems Software Verification Workshop 7 October 2010 Joe Hurd, Aaron Tomb
More informationMemory Allocation. Static Allocation. Dynamic Allocation. Memory Management. Dynamic Allocation. Dynamic Storage Allocation
Dynamic Storage Allocation CS 44 Operating Systems Fall 5 Presented By Vibha Prasad Memory Allocation Static Allocation (fixed in size) Sometimes we create data structures that are fixed and don t need
More informationTransparent Monitoring of a Process Self in a Virtual Environment
Transparent Monitoring of a Process Self in a Virtual Environment PhD Lunchtime Seminar Università di Pisa 24 Giugno 2008 Outline Background Process Self Attacks Against the Self Dynamic and Static Analysis
More informationEfficient Type and Memory Safety for Tiny Embedded Systems
Efficient Type and Memory Safety for Tiny Embedded Systems John Regehr Nathan Cooprider Will Archer Eric Eide University of Utah, School of Computing {regehr, coop, warcher, eeide}@cs.utah.edu Abstract
More informationSome Anti-Worm Efforts at Microsoft. Acknowledgements
Some Anti-Worm Efforts at Microsoft Helen J. Wang System and Networking Research Group Microsoft Research Oct 29, 2004 1 Acknowledgements Matt Braverman, Opher Dubrovsky, John Dunagan, Louis Lafreniere,
More informationSoftware Testing & Analysis (F22ST3): Static Analysis Techniques 2. Andrew Ireland
Software Testing & Analysis (F22ST3) Static Analysis Techniques Andrew Ireland School of Mathematical and Computer Science Heriot-Watt University Edinburgh Software Testing & Analysis (F22ST3): Static
More informationChapter 5 Names, Bindings, Type Checking, and Scopes
Chapter 5 Names, Bindings, Type Checking, and Scopes Chapter 5 Topics Introduction Names Variables The Concept of Binding Type Checking Strong Typing Scope Scope and Lifetime Referencing Environments Named
More informationCS 111 Classes I 1. Software Organization View to this point:
CS 111 Classes I 1 Software Organization View to this point: Data Objects and primitive types Primitive types operators (+, /,,*, %). int, float, double, char, boolean Memory location holds the data Objects
More informationMemory Safety Without Garbage Collection for Embedded Applications
Memory Safety Without Garbage Collection for Embedded Applications DINAKAR DHURJATI, SUMANT KOWSHIK, VIKRAM ADVE, and CHRIS LATTNER University of Illinois at Urbana-Champaign Traditional approaches to
More informationCyclone: A Type-Safe Dialect of C
Cyclone: A Type-Safe Dialect of C Dan Grossman Michael Hicks Trevor Jim Greg Morrisett If any bug has achieved celebrity status, it is the buffer overflow. It made front-page news as early as 1987, as
More informationrecursion, O(n), linked lists 6/14
recursion, O(n), linked lists 6/14 recursion reducing the amount of data to process and processing a smaller amount of data example: process one item in a list, recursively process the rest of the list
More informationCode-Pointer Integrity
Code-Pointer Integrity Volodymyr Kuznetsov, École Polytechnique Fédérale de Lausanne (EPFL); László Szekeres, Stony Brook University; Mathias Payer, Purdue University; George Candea, École Polytechnique
More informationVirtual Machine Learning: Thinking Like a Computer Architect
Virtual Machine Learning: Thinking Like a Computer Architect Michael Hind IBM T.J. Watson Research Center March 21, 2005 CGO 05 Keynote 2005 IBM Corporation What is this talk about? Virtual Machines? 2
More informationWiggins/Redstone: An On-line Program Specializer
Wiggins/Redstone: An On-line Program Specializer Dean Deaver Rick Gorton Norm Rubin {dean.deaver,rick.gorton,norm.rubin}@compaq.com Hot Chips 11 Wiggins/Redstone 1 W/R is a Software System That: u Makes
More informationSources: On the Web: Slides will be available on:
C programming Introduction The basics of algorithms Structure of a C code, compilation step Constant, variable type, variable scope Expression and operators: assignment, arithmetic operators, comparison,
More informationIntroduction to Automated Testing
Introduction to Automated Testing What is Software testing? Examination of a software unit, several integrated software units or an entire software package by running it. execution based on test cases
More informationTachyon: a Meta-circular Optimizing JavaScript Virtual Machine
Tachyon: a Meta-circular Optimizing JavaScript Virtual Machine Maxime Chevalier-Boisvert Erick Lavoie Marc Feeley Bruno Dufour {chevalma, lavoeric, feeley, dufour}@iro.umontreal.ca DIRO - Université de
More informationEmbedded Systems. Review of ANSI C Topics. A Review of ANSI C and Considerations for Embedded C Programming. Basic features of C
Embedded Systems A Review of ANSI C and Considerations for Embedded C Programming Dr. Jeff Jackson Lecture 2-1 Review of ANSI C Topics Basic features of C C fundamentals Basic data types Expressions Selection
More informationStatic Checking of C Programs for Vulnerabilities. Aaron Brown
Static Checking of C Programs for Vulnerabilities Aaron Brown Problems 300% increase in reported software vulnerabilities SetUID programs Run with full access to the system Required to gain access to certain
More information2) Write in detail the issues in the design of code generator.
COMPUTER SCIENCE AND ENGINEERING VI SEM CSE Principles of Compiler Design Unit-IV Question and answers UNIT IV CODE GENERATION 9 Issues in the design of code generator The target machine Runtime Storage
More informationI Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich
I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application
More informationEMSCRIPTEN - COMPILING LLVM BITCODE TO JAVASCRIPT (?!)
EMSCRIPTEN - COMPILING LLVM BITCODE TO JAVASCRIPT (?!) ALON ZAKAI (MOZILLA) @kripken JavaScript..? At the LLVM developer's conference..? Everything compiles into LLVM bitcode The web is everywhere, and
More informationDesign: Metadata Cache Logging
Dana Robinson HDF5 THG 2014-02-24 Document Version 4 As an aid for debugging, the existing ad-hoc metadata cache logging functionality will be made more robust. The improvements will include changes to
More informationA Test Suite for Basic CWE Effectiveness. Paul E. Black. paul.black@nist.gov. http://samate.nist.gov/
A Test Suite for Basic CWE Effectiveness Paul E. Black paul.black@nist.gov http://samate.nist.gov/ Static Analysis Tool Exposition (SATE V) News l We choose test cases by end of May l Tool output uploaded
More informationA Brief Introduction to Static Analysis
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes
More informationType Casting Verification: Stopping an Emerging Attack Vector
Type Casting Verification: Stopping an Emerging Attack Vector Byoungyoung Lee, Chengyu Song, Taesoo Kim, and Wenke Lee, Georgia Institute of Technology https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/lee
More informationChapter 12. Paging an Virtual Memory Systems
Chapter 12 Paging an Virtual Memory Systems Paging & Virtual Memory Virtual Memory - giving the illusion of more physical memory than there really is (via demand paging) Pure Paging - The total program
More informationA Memory Model for Static Analysis of C Programs
A Memory Model for Static Analysis of C Programs Zhongxing Xu 1, Ted Kremenek 2, and Jian Zhang 1 1 State Key Laboratory of Computer Science Institute of Software Chinese Academy of Sciences xzx@ios.ac.cn
More informationStatic detection of C++ vtable escape vulnerabilities in binary code
Static detection of C++ vtable escape vulnerabilities in binary code David Dewey Jonathon Giffin School of Computer Science Georgia Institute of Technology ddewey, giffin@gatech.edu Common problem in C++
More informationTo Java SE 8, and Beyond (Plan B)
11-12-13 To Java SE 8, and Beyond (Plan B) Francisco Morero Peyrona EMEA Java Community Leader 8 9...2012 2020? Priorities for the Java Platforms Grow Developer Base Grow Adoption
More informationThe Software Model Checker BLAST: Applications to Software Engineering
International Journal on Software Tools Technology Transfer manuscript No. (will be inserted by the editor) Dirk Beyer Thomas A. Henzinger Ranjit Jhala Rupak Majumdar The Software Model Checker BLAST:
More informationThe programming language C. sws1 1
The programming language C sws1 1 The programming language C invented by Dennis Ritchie in early 1970s who used it to write the first Hello World program C was used to write UNIX Standardised as K&C (Kernighan
More informationOracle Solaris Studio Code Analyzer
Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access
More informationRun-Time Type Checking for Binary Programs
Run-Time Type Checking for Binary Programs Michael Burrows 1, Stephen N. Freund 2, and Janet L. Wiener 3 1 Microsoft Corporation, 1065 La Avenida, Mountain View, CA 94043 2 Department of Computer Science,
More informationSoK: Eternal War in Memory
SoK: Eternal War in Memory László Szekeres, Mathias Payer, Tao Wei, Dawn Song Stony Brook University University of California, Berkeley Peking University Abstract Memory corruption bugs in software written
More informationThe software model checker BLAST
Int J Softw Tools Technol Transfer (2007) 9:505 525 DOI 10.1007/s10009-007-0044-z SPECIAL SECTION FASE 04/05 The software model checker BLAST Applications to software engineering Dirk Beyer Thomas A. Henzinger
More informationThe AVR Microcontroller and C Compiler Co-Design Dr. Gaute Myklebust ATMEL Corporation ATMEL Development Center, Trondheim, Norway
The AVR Microcontroller and C Compiler Co-Design Dr. Gaute Myklebust ATMEL Corporation ATMEL Development Center, Trondheim, Norway Abstract High Level Languages (HLLs) are rapidly becoming the standard
More informationJava Interview Questions and Answers
1. What is the most important feature of Java? Java is a platform independent language. 2. What do you mean by platform independence? Platform independence means that we can write and compile the java
More informationSoftware Engineering Techniques
Software Engineering Techniques Low level design issues for programming-in-the-large. Software Quality Design by contract Pre- and post conditions Class invariants Ten do Ten do nots Another type of summary
More informationSoftware in safety critical systems
Software in safety critical systems Software safety requirements Software safety integrity Budapest University of Technology and Economics Department of Measurement and Information Systems Definitions
More informationTowards practical reactive security audit using extended static checkers 1
Towards practical reactive security audit using extended static checkers 1 Julien Vanegue 1 Shuvendu K. Lahiri 2 1 Bloomberg LP, New York 2 Microsoft Research, Redmond May 20, 2013 1 The work was conducted
More informationSecurity Certification of Third- Parties Applications
Security Certification of Third- Parties Applications Stanislav Dashevskyi dashevskyi@fbk.eu Advisors: Fabio Massacci, Antonino Sabetta Agenda Introduction Third-party code in web applications Third-party
More informationApplying Clang Static Analyzer to Linux Kernel
Applying Clang Static Analyzer to Linux Kernel 2012/6/7 FUJITSU COMPUTER TECHNOLOGIES LIMITED Hiroo MATSUMOTO 管 理 番 号 1154ka1 Copyright 2012 FUJITSU COMPUTER TECHNOLOGIES LIMITED Abstract Now there are
More informationCharacteristics of Java (Optional) Y. Daniel Liang Supplement for Introduction to Java Programming
Characteristics of Java (Optional) Y. Daniel Liang Supplement for Introduction to Java Programming Java has become enormously popular. Java s rapid rise and wide acceptance can be traced to its design
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Testing and Source Code Auditing Secure Software Programming 2 Overview
More informationPython, C++ and SWIG
Robin Dunn Software Craftsman O Reilly Open Source Convention July 21 25, 2008 Slides available at http://wxpython.org/oscon2008/ Python & C++ Comparisons Each is a general purpose programming language,
More informationRestraining Execution Environments
Restraining Execution Environments Segurança em Sistemas Informáticos André Gonçalves Contents Overview Java Virtual Machine: Overview The Basic Parts Security Sandbox Mechanisms Sandbox Memory Native
More informationApplications of formal verification for secure Cloud environments at CEA LIST
Applications of formal verification for secure Cloud environments at CEA LIST Nikolai Kosmatov joint work with A.Blanchard, F.Bobot, M.Lemerre,... SEC2, Lille, June 30 th, 2015 N. Kosmatov (CEA LIST) Formal
More informationLecture 22: C Programming 4 Embedded Systems
Lecture 22: C Programming 4 Embedded Systems Today s Goals Basic C programming process Variables and constants in C Pointers to access addresses Using a High Level Language High-level languages More human
More informationSoftware Vulnerabilities
Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in
More informationSecurity types to the rescue
Security types to the rescue p. 1 Security types to the rescue David Wagner and Rob Johnson {daw,rtjohnso}@cs.berkeley.edu University of California, Berkeley Security types to the rescue p. 2 Problem statement
More informationlanguage 1 (source) compiler language 2 (target) Figure 1: Compiling a program
CS 2112 Lecture 27 Interpreters, compilers, and the Java Virtual Machine 1 May 2012 Lecturer: Andrew Myers 1 Interpreters vs. compilers There are two strategies for obtaining runnable code from a program
More informationChapter 3: Operating-System Structures. System Components Operating System Services System Calls System Programs System Structure Virtual Machines
Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines Operating System Concepts 3.1 Common System Components
More informationDesign by Contract beyond class modelling
Design by Contract beyond class modelling Introduction Design by Contract (DbC) or Programming by Contract is an approach to designing software. It says that designers should define precise and verifiable
More informationStorage Classes CS 110B - Rule Storage Classes Page 18-1 \handouts\storclas
CS 110B - Rule Storage Classes Page 18-1 Attributes are distinctive features of a variable. Data type, int or double for example, is an attribute. Storage class is another attribute. There are four storage
More informationHow to simplify software development with high level programming languages? Pierre-Alexandre Voye - ontologiae@gmail.com
How to simplify software development with high level programming languages? Pierre-Alexandre Voye - ontologiae@gmail.com Projects structures - Both in proprietary and open source project, steps are the
More informationInput/Output Subsystem in Singularity Operating System
University of Warsaw Faculty of Mathematics, Computer Science and Mechanics Marek Dzikiewicz Student no. 234040 Input/Output Subsystem in Singularity Operating System Master s Thesis in COMPUTER SCIENCE
More informationQUIRE: : Lightweight Provenance for Smart Phone Operating Systems
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome
More informationIKOS: A Framework for Static Analysis based on Abstract Interpretation (Tool Paper)
IKOS: A Framework for Static Analysis based on Abstract Interpretation (Tool Paper) Guillaume Brat, Jorge A. Navas, Nija Shi, and Arnaud Venet NASA Ames Research Center, Moffett Field, CA 94035 Abstract.
More informationStatic Code Analysis Procedures in the Development Cycle
Static Code Analysis Procedures in the Development Cycle Tools, Technology, and Process in Engineering at Microsoft Mooly Beeri Microsoft Haifa R&D Center Agenda Static code analysis tools PREfix and PREfast
More informationCarlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu. Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu
Continuous Monitoring using MultiCores Carlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu Motivation Intrusion detection Intruder gets
More informationChapter 7 Memory Management
Operating Systems: Internals and Design Principles Chapter 7 Memory Management Eighth Edition William Stallings Frame Page Segment A fixed-length block of main memory. A fixed-length block of data that
More informationDynamic Buffer Overflow Detection
Dynamic Buffer Overflow Detection Michael Zhivich MIT Lincoln Laboratory 244 Wood Street Lexington, MA 02420 mzhivich@ll.mit.edu Tim Leek MIT Lincoln Laboratory 244 Wood Street Lexington, MA 02420 tleek@ll.mit.edu
More informationImplementing Security Via Modern Programming Languages
Implementing Security Via Modern Programming Languages Abstract Security topics in all areas are a pressing need for Computer Science instructors. This paper provides a survey of security features in modern
More informationC# and Other Languages
C# and Other Languages Rob Miles Department of Computer Science Why do we have lots of Programming Languages? Different developer audiences Different application areas/target platforms Graphics, AI, List
More informationLecture 10: Dynamic Memory Allocation 1: Into the jaws of malloc()
CS61: Systems Programming and Machine Organization Harvard University, Fall 2009 Lecture 10: Dynamic Memory Allocation 1: Into the jaws of malloc() Prof. Matt Welsh October 6, 2009 Topics for today Dynamic
More informationObject-Oriented Design Lecture 4 CSU 370 Fall 2007 (Pucella) Tuesday, Sep 18, 2007
Object-Oriented Design Lecture 4 CSU 370 Fall 2007 (Pucella) Tuesday, Sep 18, 2007 The Java Type System By now, you have seen a fair amount of Java. Time to study in more depth the foundations of the language,
More informationCompiled Code Verification Survey and Prospects
Compiled Code Verification Survey and Prospects Amitabha Sanyal Department of Computer Science & Engineering IIT Bombay (Copyright c 2004 Amitabha Sanyal) Acknowledgements Achyut Jagtap Aditya Kanade Abhijat
More informationDarshan Institute of Engineering & Technology PL_SQL
Explain the advantages of PL/SQL. Advantages of PL/SQL Block structure: PL/SQL consist of block of code, which can be nested within each other. Each block forms a unit of a task or a logical module. PL/SQL
More informationStatic Analysis for Software Verification. Leon Moonen
Static Analysis for Software Verification Leon Moonen Today s topics Software inspection it s relation to testing benefits and drawbacks Static (program) analysis potential benefits limitations and their
More informationRTI Monitoring Library Getting Started Guide
RTI Monitoring Library Getting Started Guide Version 5.1.0 2011-2013 Real-Time Innovations, Inc. All rights reserved. Printed in U.S.A. First printing. December 2013. Trademarks Real-Time Innovations,
More informationIBM SDK, Java Technology Edition Version 1. IBM JVM messages IBM
IBM SDK, Java Technology Edition Version 1 IBM JVM messages IBM IBM SDK, Java Technology Edition Version 1 IBM JVM messages IBM Note Before you use this information and the product it supports, read the
More informationTOOL EVALUATION REPORT: FORTIFY
TOOL EVALUATION REPORT: FORTIFY Derek D Souza, Yoon Phil Kim, Tim Kral, Tejas Ranade, Somesh Sasalatti ABOUT THE TOOL Background The tool that we have evaluated is the Fortify Source Code Analyzer (Fortify
More informationChapter 15 Operating System Security
Operating Systems: Internals and Design Principles Chapter 15 Operating System Security Eighth Edition By William Stallings System Access Threats System access threats fall into two general categories:
More informationMoving from CS 61A Scheme to CS 61B Java
Moving from CS 61A Scheme to CS 61B Java Introduction Java is an object-oriented language. This document describes some of the differences between object-oriented programming in Scheme (which we hope you
More informationKeil C51 Cross Compiler
Keil C51 Cross Compiler ANSI C Compiler Generates fast compact code for the 8051 and it s derivatives Advantages of C over Assembler Do not need to know the microcontroller instruction set Register allocation
More informationIntroduction to Embedded Systems. Software Update Problem
Introduction to Embedded Systems CS/ECE 6780/5780 Al Davis logistics minor Today s topics: more software development issues 1 CS 5780 Software Update Problem Lab machines work let us know if they don t
More informationUnified Architectural Support for Soft-Error Protection or Software Bug Detection
Unified Architectural Support for Soft-Error Protection or Software Bug Detection Martin Dimitrov and Huiyang Zhou School of Electrical Engineering and Computer Science Motivation It is a great challenge
More information