基于下推系统可达性分析的程序机密消去机制

针对程序语言信息流安全领域的现有机密消去策略,提出了一种基于下推系统可达性分析的程序信息流安全验证机制.将存储-匹配操作内嵌于对抽象模型的紧凑自合成结果中,使得对抽象结果中标错状态的可达性分析可以作为不同机密消去策略下程序安全性的验证机制.实例研究说明,该方法比基于类型系统的方法具有更高的精确性,且比已有的自动验证方法更为高效.     

基于原子混淆的通用侧信道漏洞修补方法

包含侧信道漏洞的代码在程序被执行时会表现出与输入有关的非功能性行为,攻击者利用微架构的侧信道攻击可获取这些行为,并通过分析行为与输入之间的关联模式恢复应用数据内容,达到窃取用户机密数据的目的。软件层的侧信道漏洞修补方法带给程序的性能损耗较低,并且因为无须修改硬件或系统,可实现快速修补和大范围部署,成为密码算法实现采用的主流策略。现有修补方案与程序的具体实现深度绑定,需要人工介入,存在实现难度大、不通用的问题。针对以上问题,提出了一种结合动态混淆技术和硬件原子事务特性的通用侧信道漏洞修补方法。所提方法向侧信道漏洞代码中插入动态混淆访存操作,以达到隐藏真实访存地址的目的,并将漏洞代码和混淆访存封装为硬件原子事务,保障被封装的代码在运行时连续执行而不被中断,避免攻击者利用细粒度的侧信道攻击区分真实的访存操作和混淆的访存操作。基于LLVM编译器实现了原型系统SC-Patcher,引入了包括安全跳板和原子事务聚合等在内的多种设计,提高了方法的安全性和实用性。安全与性能测试结果表明,使用所提方法完成侧信道漏洞修补的程序,在几乎未增加额外性能开销的同时,能够有效抵抗侧信道攻击,防范攻击者从漏洞处还原...     

命令式程序终止性验证方法综述

作为软件完全正确性的重要组成部分,程序终止性受到越来越多的关注。旨在跟踪国内外针对命令式程序的终止性验证方法,调研该领域的最新研究成果,同时提出解决该问题的建议性方法框架,对命令式程序终止性研究提供有意义的帮助。给出了程序终止性问题的定义,介绍了已有的数值程序、堆操作程序终止性验证方法,并分别进行了分析与对比。总结了当前研究中存在的难点与热点问题,给出了一种基于模型检验的C程序终止性验证框架,该框架可以作为研究命令式程序终止性的基本框架。     

基于CPA的抽象解释分析方法研究

安全关键领域中,如何保证软件安全性已经成为了一个广受关注的重要课题。确保程序中没有运行时错误,对于软件安全性的保证十分重要。基于抽象解释的静态分析方法对程序语义进行抽象,是验证运行时错误最合适的形式化方法之一。可配置程序分析（configurable program analysis,CPA）是一种适合多种静态分析方法的通用分析框架。本文使用CPA对抽象解释分析方法进行建模,给出了使用基于CPA的抽象解释方法验证程序中的运行时错误的验证流程,并用实例说明该验证方法的有效性。为程序中运行时错误的自动化分析和验证提供了一种可行方案。     

几种量子程序终止的有效验证

基于文献巨18口提出的量子程序验证方法,讨论了单量子比特系统上比特翻转、去极化、幅值阻尼、相位阻尼等 信道刻画的量子程序的验证,通过选取不同的可观测算子对程序终止的情况进行了详细的讨论。研究表明,由这些量 子信道所描述的量子程序的终止情况不仅依赖于输入态的选取,还依赖于可观测算子的选取。     

单分支线性约束循环程序的终止性分析

秩函数法是循环终止性分析的主要方法,秩函数的存在表明了循环程序是可终止的.针对单分支线性约束循环程序,提出一种方法对此类循环的终止性进行分析.基于增函数法向空间的计算,该方法将原程序空间上的秩函数计算问题归结为其子空间上的秩函数计算问题.实验结果表明,该方法能有效验证现有文献中大部分循环程序的终止性.     

基于抽象解释的非函数依赖不变量的检测方法

不变量的检测是提高软件质量的一种有效方法.针对传统静态检测方法可能带来无效的不变量、缺失不变量等缺陷,文中提出一种以抽象解释理论为基础的非函数依赖不变量的静态检测方法.首先利用词法语法分析得到抽象语法树,然后将抽象语法树转化成抽象域图,接着对抽象域图进行抽象执行得到程序中可执行的路径,最后依据定义的非函数依赖不变量表现形式对可执行路径分析得到程序中潜在的非函数依赖不变量.同时通过一个 C 程序为例对该方法进行验证说明     

基于抽象解释的服务间消息的数据约减

面向服务软件中服务间消息的变量值可能存在无穷域的情况,从而导致模型检测时产生状态空间爆炸问题。为了使终止性验证在实践上可行,需要约减模型状态空间的大小,使得计算时间和空间需求合理。为此,基于抽象解释的区间抽象理论扩展了经典区间抽象域方法,并在统一的区间抽象域方法上借助异常控制流图对变量进行区间分析,在此基础上逆向分析得到服务间消息的变量区间集。变量区间上任意值相对于终止性验证是等价性,因此从每一个变量区间集中选取一个代表值,可组成服务间消息变量的约减值,从而为异常处理的终止性验证提供了约减的初始配置,有效避免了状态空间爆炸。     

列存储系统面向列的连接顺序优化研究

连接操作是影响列存储数据查询效率的重要操作之一,对于列存储系统中的连接操作优化,以往的研究工作大多专注于对数据组织结构的优化以及辅助物理结构的建立上,极少涉及逻辑层特别是早期的连接策略优化.为此,根据列存储数据的特点和分析型查询需求的特征,提出了一种新的列存储连接优化方法.该方法采用提早优化的策略,使用“事实表下推”的优化规则,并在多事实表查询条件下引入浓密树进行连接顺序决策,以较小的时空复杂度获得“最优”的连接执行顺序.使用代价估计模型对提出的连接策略优化方法进行了理论验证.同时,在大规模数据仓库基准数据集SSB上通过实验验证了提旱优化机制及下推规则的有效性.     

基于抽象解释理论的循环边界计算方法

在实时系统的应用中常常需要对系统的执行时间,尤其是最坏执行时间进行分析。而程序中的循环结构的迭代次数对程序执行时间的分析结果具有重要的影响。程序的循环边界分析目的在于给出较为接近程序真实运行情况下的循环结构迭代的上界和下界。提出了一种基于抽象解释理论的程序循环边界计算方法,该方法对原有的循环边界分析方法进行了改进。首先在程序切片阶段对原程序建立程序依赖图,并提出了对程序依赖图的约简方法。由约简后的依赖关系可以对变量的取值进行约束,得到更小的取值范围,因此基于该方法的循环边界分析结果更加接近程序的实际执行边界,对获取精确的程序执行时间具有重要意义。     

基于加权下推系统优化可达性分析的Java安全信息流研究

信息流安全的形式化以无干扰性为标准属性.针对目前字节码级的信息流安全分析均未基于对程序无干扰性的语义表示,提出了一种基于语义的无干扰性自动验证方法.为适应语言特性和应用环境的限制,将基本自合成扩展为低安全级记录自合成,以支持对标错状态的可达性分析,保证标错状态不可达时对应字节码程序满足无干扰性.在此基础上为提高实际验证效率提出了3种模型优化方法.实验说明方法的可用性、效率、可扩展性及模型优化的实际效果.     

A noninterference monitoring and replay mechanism for real-timesoftware testing and debugging

A noninterference monitoring and replay mechanism using the recorded execution history of a program to control the replay of the program behavior and guarantee the reproduction of its errors is presented. Based on this approach, a noninterference monitoring architecture has been developed to collect the program execution data of a target real-time software system without affecting its execution. A replay mechanism designed to control the reproduction of the program behavior as well as the examination of the states of the target system and its behavior is presented. The monitoring system has been implemented using a Motorola 68000 computer in a Unix system environment. An example is used to illustrate how the mechanism detects timing errors of real-time software systems     

基于上下文定界的Fork/Join并行性的并发程序可达性分析

随着多核技术日益发展,并发程序通过引入Fork/Join并行性,将任务分解为更细粒度的子任务并行执行,从而充分利用多核处理器提供的计算性能。并发执行线程之间的交错可能产生隐匿的程序设计错误,因此有必要对此类并发程序的正确性进行分析。上下文定界分析方法是一种检测并发程序中隐匿错误的高效方法,计算线程有限次上下文切换内的可达状态,确定错误状态是否可达。针对Fork/Join并行性的并发程序的可达性分析思想如下:首先,动态并发程序被建模为可模拟线程Fork/Join操作的动态并发下推系统P;然后从P中提取模拟其k-定界执行的并发下推系统Pk。现有的上下文定界可达算法可解决提取后的并发下推系统的k-定界可达性问题。     

Characterizations and extensions of pushdown translations

A device called a pushdown assembler has been recently introduced and has been shown capable of defining exactly the syntax directed translations (SDT's). The output operation of the pushdown assembler can be extended in a natural way to obtain a more powerful device called a type B pushdown assembler (or B-machine). A B-machine can define SDT's more simply and directly than the original pushdown assembler. B-machines can also define many interesting translations which are not SDT's. In this paper the B-machine is defined and compared with the original pushdown assembler. The properties of B-machine translations are investigated and it is shown that, as with SDT's, there exists a natural infinite hierarchy of B-machine translations.     

Noninterference in a predicative polymorphic calculus for access control

Polymorphic programming languages have been adapted for constructing distributed access control systems, where a program represents a proof of eligibility according to a given policy. As a security requirement, it is typically stated that the programs of such languages should satisfy noninterference. However, this property has not been defined and proven semantically. In this paper, we first propose a semantics based on Henkin models for a predicative polymorphic access control language based on lambda-calculus. A formal semantic definition of noninterference is then proposed through logical relations. We prove a type soundness theorem which states that any well-typed program of our language meets the noninterference property defined in this paper. In this way, it is guaranteed that access requests from an entity do not interfere with those from unrelated or more trusted entities.     

Exploring optimization and caching for efficient collection operations

Many large programs operate on collection types. Extensive libraries are available in many programming languages, such as the C++ Standard Template Library, which make programming with collections convenient. Extending programming languages to provide collection queries as first class constructs in the language would not only allow programmers to write queries explicitly in their programs but it would also allow compilers to leverage the wealth of experience available from the database domain to optimize such queries. This paper describes an approach to reduce the run time of programs involving explicit collection queries by performing run time query optimization that is effective for single runs of a program. In addition, it also leverages a cache to store previously computed results. The proposed approach relies on histograms built from the data at run time to estimate the selectivity of joins and predicates in order to construct query plans. Information from earlier executions of the same query during run time is leveraged during the construction of the query plans, even when the data has changed between these executions. An effective cache policy is also determined for caching the results of join (sub) queries. The cache is maintained incrementally, when the underlying collections change, and use of the cache space is optimized by a cache replacement policy. Our approach has been implemented within the Java Query Language (JQL) framework using AspectJ. Our approach demonstrated that its run time query optimization in integration with caching sub query result significantly improves the run time of programs with explicit queries over equivalent programs performing collection operations by iterating over those collections. This paper evaluates our approach using synthetic as well as real world Robocode programs by comparing it to JQL as a benchmark. Experimental results show that our approach performs better than the JQL approach with respect to the program run time.     

Decision problems for pushdown threads

Threads as contained in a thread algebra emerge from the behavioral abstraction from programs in an appropriate program algebra. Threads may make use of services such as stacks, and a thread using a single stack is called a pushdown thread. Equivalence of pushdown threads is shown decidable whereas pushdown thread inclusion is undecidable. This is again an example of a borderline crossing where the equivalence problem is decidable, whereas the inclusion problem is not.     

Ontological and Algebra-Algorithmic Tools for Automated Design of Parallel Programs for Cloud Platforms

An approach to the automated development of programs is proposed on the basis of ontological facilities and algebra-algorithmic tools for program design and synthesis. The approach is illustrated by examples of developing a parallel weather forecasting program and also a software application destined to run the developed program on a cloud computing platform.     

AOP中方面冲突自动检测方法研究

为了解决面向方面编程中的方面冲突问题,在分析现有解决方法的基础上,提出了一种基于契约式设计的方面冲突自动检测方案。根据设计文档使用JML给方面和基础程序标注契约,利用契约转换程序生成契约检查程序,契约检查程序与面向方面的应用程序一起编译,生成包含契约检查的目标文件,从而在程序执行时,自动检测出方面与基础程序间的冲突以及方面与方面间冲突。该方案不破坏现有的应用程序,且无需重新设计编译器。通过一个实例表明该方案的可行性。     

The mathematical construction of a program

This paper is an exercise in program construction using Mathematics as a tool. The program which we undertake the construction of is a General Purpose Proof Checker. It is ‘general purpose’ in that it may take as input the axiomatization of a formal theory together with a proof written with this theory. As output it delivers a result which tells us whether the proof is correct or not.In order to test the generality of the proposed approach, we use the Proof Checker to check proofs written within theories such as Propositional Calculus and Predicate Calculus and Set Theory.