New AspectJ Pointcuts for Integer Overflow and Underflow Detection

ABSTRACT

Aspect-oriented Programming (AOP) appears to be a promising paradigm for software security hardening. Using AOP, security experts can be responsible for coding security properties, and developers can concentrate on the basic functionality of the program. AspectJ extends the Java programming language to implement crosscutting concerns modularly in general. In this paper, we have extended AspectJ with new pointcuts in order to detect integer overflows and underflows in Java. Integer overflows and underflows in Java occur silently without throwing an exception. A malicious user can exploit them to produce a security breach. Hence, we implement new pointcuts: addition, multiplication, and subtraction that allow to write advices around integer arithmetic operations to detect integer overflow and underflow and consequently prevent considerable number of security breaches.     

Forward chaining in HALO: An implementation strategy for history-based logic pointcuts

In aspect-oriented programming, pointcuts are formulated as conditions over the context of dynamic events in the execution of a program. Hybrid pointcut languages also allow this context to come from interactions between the pointcut language and the base program. While some pointcut languages only allow conditions on the current execution event, more recent proposals have demonstrated the need for expressing conditions over a history of join points. Such pointcut languages require means to balance the expressiveness of the language with the additional memory and runtime overhead caused by keeping a history of join point context data. In this paper, we introduce a logic-based pointcut language that allows interaction with the base program as well as pointcuts over a history of join points. We introduce forward chaining as an implementation model for this language, and discuss possible optimization strategies for the additional overhead.     

A secure framework exploiting content guided and automated algorithms for real time video searching

This paper presents an architecture that allows End Users, via the services of Search Engines, to search, in a secure and efficient way, the video content belonging to Content Providers. The search can be accomplished with any searching scheme that the Search Engines wish to provide, as long as certain security constraints are met. However we propose specific algorithms that demonstrate an efficient way to search video data without sacrificing security effectiveness of the system. The search is completed without the End Users or Search Engines needing to purchase the premium content beforehand, and without the Content Providers needing to purchase the search technology. The business motivation of this technique is to assist End Users to purchase content best suiting their requirements—they are offered search results only, not actual content. The objective is to face the problem caused by the current segregation between content ownership and video processing technology ownership. To face this segregation, we present an architecture that guarantees security of Content Provider’s data and Search Engine’s technology and we also present two innovative algorithms that make real time video searching a feasible process. Particularly these algorithms (a) organize video content into a graph based hierarchical structure and (b) perform content guided, non interactive and real time search by exploiting the graph based video structures. The proposed algorithms are incorporated in the presented architecture under the given security constraints. Experimental results and comparisons with conventional techniques are presented to demonstrate the outperformance of the proposed algorithms.

Dynamic adaptation of the squid Web cache with Arachne

The Arachne aspect-oriented programming system developers modularize changes to networking software with little perceptible performance overhead. Writing good software is often a challenge; writing adaptable software can be even more difficult. In legacy Web caches such as Squid, such adaptation interfaces are typically needed for functionalities that are applied across the legacy code, functionalities whose code is scattered and tangled in the Web cache code's files and functions. An AOP system's join point model defines the relevant basic execution events of a given base application. Pointcuts allow programmers to refer to all such events, at which a functionality of interest is applied across, or crosscuts, the base application. At the execution events matched by pointcuts, advice can be used to modify the base application's execution. Arachne features two basic kinds of join points: C function calls and read/write accesses to global variables and their local aliases.     

A distributed framework for demand-driven software vulnerability detection

Security testing aims at detecting program security flaws through a set of test cases and has become an active area of research. The challenge is how to efficiently produce test cases that are highly effective in detecting security flaws. This paper presents a novel distributed demand-driven security testing system to address this challenge. It leverages how end users use the software to increase the coverage of essential paths for security testing. The proposed system consists of many client sites and one testing site. The software under test is installed at each client site. Whenever a new path is about to be exercised by a user input, it will be sent to the testing site for security testing. At the testing site, symbolic execution is used to check any potential vulnerability on this new path. If a vulnerability is detected, a signature is automatically generated and updated to all client sites for protection. The benefits are as follows. First, it allows us to focus testing on essential paths, i.e., the paths that are actually being explored by users or attackers. Second, it stops an attacker from exploiting an unreported vulnerability at the client site. A prototype system has been implemented to evaluate the performance of the proposed system. The results show that it is both effective and efficient in practice.     

A planner-based approach to generate and analyze minimal attack graph

In the present scenario, even well administered networks are susceptible to sophisticated cyber attacks. Such attack combines vulnerabilities existing on different systems/services and are potentially more harmful than single point attacks. One of the methods for analyzing such security vulnerabilities in an enterprise network is the use of attack graph. It is a complete graph which gives a succinct representation of different attack scenarios, depicted by attack paths. An attack path is a logical succession of exploits, where each exploit in the series satisfies the preconditions for subsequent exploits and makes a causal relationship among them. Thus analysis of the attack graph may help in assessing network security from hackers’ perspective. One of the intrinsic problems with the generation and analysis of such a complete attack graph is its scalability. In this work, an approach based on Planner, a special purpose search algorithm from artificial intelligence domain, has been proposed for time-efficient, scalable representation of the attack graphs. Further, customized algorithms have been developed for automatic generation of attack paths (using Planner as a low-level module). The analysis shows that generation of attack graph using the customized algorithms can be done in polynomial time. A case study has also been presented to demonstrate the efficacy of the proposed methodology.     

A semantic approach to improving machine readability of a large-scale attack graph

Automation in cyber security can be achieved by using attack graphs. Attack graphs allow us to model possible paths that a potential attacker can use to intrude into a target network. In particular, graph representation is often used to increase visibility of information, but it is not effective when a large-scale attack graph is produced. However, it is inevitable that such a voluminous attack graph is generated by modeling a variety of data from an increasing number of network hosts. Therefore, we need more intelligent ways of inferring the knowledge required to harden network security from the attack graph, beyond getting information such as possible attack paths. Ontology technology enables a machine to understand information and makes it easier to infer knowledge based on relational facts from big data. Constructing ontology in the domain of attack graph generation is a prerequisite for increasing machine intelligence and implementing an automated process. In this paper, we propose a semantic approach to make a large-scale attack graph machine readable. The approach provides several benefits. First, users can obtain relational facts based on reasoning from a large-scale attack graph, and the semantics of an attack graph can provide intuition to users. In addition, intelligence-based security assessment can be possible using the obtained ontological structures. By improving the machine readability of an attack graph, our approach could lead to automated assessment of network security.

     

A framework of Voronoi diagram for planning multiple paths in free space

Most of the emphasis in path planning, a topic of much interest in several domains, has been on finding the optimal path or at most k optimal paths. However, in domains such as adversarial planning, one of the agents might deliberately take less optimal paths to confuse the opponent, and by the same token an agent, for inferring opponent's intent, has to consider all possible paths that the opponent might take. We introduce the notion of representative paths in free space (2D) and study the problem of computing all representative paths with different properties, such as all representative paths with at most L loops, among polygonal regions using a framework of Voronoi diagram. We prove three properties: (1) the upper and lower bounds to the number of simple paths in a Voronoi graph (2) given any path, a homotopic path can always be obtained from the Voronoi diagram of the regions and (3) all representative paths with a given property might not be always obtainable from the Voronoi graph even after searching the graph exhaustively and present an algorithm to work around this limitation. We also show how our findings can be applied for efficient entity re-identification, a problem involving a large number of dynamic entities and obstacles in the military domain.     

一种基于概念模型的切点定义方法

针对面向方面编程中存在的切点软化问题,提出一种可视化的切点定义方法,切点定义依据一种概念模型而不再依赖于基础程序的具体结构,实现了切点定义与基础程序的解耦,提高了切点鲁棒性。概念模型是对AspectJ切点表达式的可视化的抽象概括,通过扩展UML元模型实现,文中称之为切点模型。同时,扩展了Rational Rose,使其支持切点模型的建模,并实现了由切点模型自动生成方面框架代码。     

Nearest and reverse nearest neighbor queries for moving objects

With the continued proliferation of wireless communications and advances in positioning technologies, algorithms for efficiently answering queries about large populations of moving objects are gaining interest. This paper proposes algorithms for k nearest and reverse k nearest neighbor queries on the current and anticipated future positions of points moving continuously in the plane. The former type of query returns k objects nearest to a query object for each time point during a time interval, while the latter returns the objects that have a specified query object as one of their k closest neighbors, again for each time point during a time interval. In addition, algorithms for so-called persistent and continuous variants of these queries are provided. The algorithms are based on the indexing of object positions represented as linear functions of time. The results of empirical performance experiments are reported.     

An aspect-oriented approach for the systematic security hardening of code

In this paper, we present an aspect-oriented approach for the systematic security hardening of source code. It aims at allowing developers to perform software security hardening by providing an abstraction over the actions required to improve the security of the program. This is done by giving them the capabilities to specify high-level security hardening plans that leverage a priori defined security hardening patterns. These patterns describe the required steps and actions to harden security code, including detailed information on how and where to inject the security code. We show the viability and relevance of our approach by: (1) elaborating security hardening patterns and plans to common security hardening practices, (2) realizing these patterns by implementing them into aspect-oriented languages, (3) applying them to secure applications, (4) testing the hardened applications. Furthermore, we discuss, in this paper, our insights on the appropriateness, strengths and limitations of the aspect-oriented paradigm for security hardening.     

An approach to emulating separable graphs

A technique foremulating multicomputer interconnection networks that are based onseparable graphs (graphs having bounded degree and sublinear multicolor recursive bisectors) is presented. Efficient emulations among interconnection networks are necessary for porting programs designed for one network to another.Emulations are formalized asgraph embeddings, where the nodes (processors) of theguest graph (emulated network) are assigned to nodes of thehost graph (emulator), while the edges (communication links) of the guest are routed via paths in the host. The communication slowdown in an emulation depens on thedilation (length of the longest routing path) and thecongestion (number of paths that contend for a host edge) of the embedding. Theexpansion of the embedding (the ratio of the sizes of the host to guest) determines the inefficiency of processor utilization. Cell trees are introduced as interconnection networks whose special communication properties enable them to serve as intermediate devices in these emulations. Nodes in cell trees are organized into equinumerous parts calledcells; the cells are labeled by nodes of a complete binary tree. Communication in cell trees is restricted to two specific and distinct primitives:cell communication is confined within cells, whiletransfer communication occurs between adjacent cells. Rather than solved directly, the emulation problem for the original guest-host pair is decomposed into two independent parts: emulating the guest by the cell tree, and emulating the cell tree by the host.In emulations of separable graphs by cell trees, the node assignment that ensures small dilation is derived from the separator-based decomposition of guest graphs. The congestion-free edge routing is achieved by coordinatingglobal andlocal phases, which are based on two characteristic cell-tree communication primitives.The technique is instantiated by emulating cell trees on specific host graphs. Withshuffle-like hypercube-derivative networks as hosts new constant-expansion emulations are obtained that have both dilation and congestion logarithmic in the size of the multicolor bisector of guest graphs. These emulations are the first such to have optimal (up to constants)congestion; they provide the firstoptimal algorithm for emulating arbitrary separable graphs on shuffle-like networks. The application of the technique tohypercubes as hosts also produces optimal emulations that differ from those previously known by having smaller expansion constants.This research was supported in part by NSF Grants CCR-88-12567 and CCR-90-13184, and by the University of Massachusetts Graduate School Fellowship for the academic year 1991-92. A preliminary version of this paper was presented at the 3rd ACM Symposium on Parallel Algorithms and Architectures, July 22–24, 1991, in Hilton Head, South Carolina, USA.     

Easy intruder deduction problems with homomorphisms

We present complexity results for the verification of security protocols. Since the perfect cryptography assumption is unrealistic for cryptographic primitives with visible algebraic properties, we extend the classical Dolev-Yao model by permitting the intruder to exploit these properties. More precisely, we are interested in theories such as Exclusive or and Abelian groups in combination with the homomorphism axiom. We show that the intruder deduction problem is in PTIME in both cases, improving the EXPTIME complexity results of Lafourcade, Lugiez and Treinen.     

Spatial Data Mining: Database Primitives, Algorithms and Efficient DBMS Support

Spatial data mining algorithms heavily depend on the efficient processing of neighborhood relations since the neighbors of many objects have to be investigated in a single run of a typical algorithm. Therefore, providing general concepts for neighborhood relations as well as an efficient implementation of these concepts will allow a tight integration of spatial data mining algorithms with a spatial database management system. This will speed up both, the development and the execution of spatial data mining algorithms. In this paper, we define neighborhood graphs and paths and a small set of database primitives for their manipulation. We show that typical spatial data mining algorithms are well supported by the proposed basic operations. For finding significant spatial patterns, only certain classes of paths “leading away” from a starting object are relevant. We discuss filters allowing only such neighborhood paths which will significantly reduce the search space for spatial data mining algorithms. Furthermore, we introduce neighborhood indices to speed up the processing of our database primitives. We implemented the database primitives on top of a commercial spatial database management system. The effectiveness and efficiency of the proposed approach was evaluated by using an analytical cost model and an extensive experimental study on a geographic database.     

The <Emphasis Type="Italic">k</Emphasis>-Nearest Neighbour Join: Turbo Charging the KDD Process

The similarity join has become an important database primitive for supporting similarity searches and data mining. A similarity join combines two sets of complex objects such that the result contains all pairs of similar objects. Two types of the similarity join are well-known, the distance range join, in which the user defines a distance threshold for the join, and the closest pair query or k-distance join, which retrieves the k most similar pairs. In this paper, we propose an important, third similarity join operation called the k-nearest neighbour join, which combines each point of one point set with its k nearest neighbours in the other set. We discover that many standard algorithms of Knowledge Discovery in Databases (KDD) such as k-means and k-medoid clustering, nearest neighbour classification, data cleansing, postprocessing of sampling-based data mining, etc. can be implemented on top of the k-nn join operation to achieve performance improvements without affecting the quality of the result of these algorithms. We propose a new algorithm to compute the k-nearest neighbour join using the multipage index (MuX), a specialised index structure for the similarity join. To reduce both CPU and I/O costs, we develop optimal loading and processing strategies.     

Fujisaki–Okamoto hybrid encryption revisited

At Crypto’99, Fujisaki and Okamoto [11] presented a generic transformation from weak secure asymmetric and symmetric schemes into an IND-CCA hybrid encryption scheme in the Random Oracle Model, which has been extensively used in several cryptographic scenarios. The work we present here forms part of the careful revision of the provable security techniques initiated by Shoup in [25] insofar as we find some ambiguities in the proof of this generic conversion, which can lead to false claims. Consequently, the original conversion is modified and the class of asymmetric primitives that can be used is shortened. Furthermore, the concept of easily verifiable primitive is formalized, showing its connection with the gap problems introduced in [18]. Using these ideas, a completely new security proof for the modified transformation is given, which is phrased using currently widely accepted techniques. The reduction thereby obtained turns out to be tight, enhancing the concrete security claimed in the original work for the easily verifiable primitives. For the remaining primitives, the concrete security is improved at the cost of stronger assumptions. Finally, the resistance of the new conversion against reject timing attacks is addressed.     

Responding to Computer Crime: A Security Practitioner's Guide

ABSTRACT

In this paper, we present an aspect-oriented approach and propose a high-level language called SHL (Security Hardening Language) for the systematic security hardening of software. The primary contribution of this proposition is providing the software architects with the capabilities to perform security hardening by applying well-defined solutions and without the need to have expertise in the security solution domain. At the same time, the security hardening is applied in an organized and systematic way in order not to alter the original functionalities of the software. This is done by providing an abstraction over the actions required to improve the security of a program and adopting aspect-oriented programming to build and develop the solutions. SHL allows the developers to describe and specify the security hardening plans and patterns needed to harden systematically security into open source software. It is a minimalist language built on top of the current aspect-oriented technologies that are based on advice-poincut model and can also be used in conjunction with them. We explore the viability and relevance of our proposition by applying it into several security hardening case studies and presenting their experimental results.     

切换到高一层路网最近四个点的最短路算法

针对基于大规模图的最短路问题求解速度慢的问题,提出了一个基于路网等级的求最短路的快速近似算法。该算法首先求出高一层路网到起点的4个最近点和到终点的4个最近点及最短路径,由高一层路网形成的子图T再加上这8个最短路径形成图T',在T'上求起点到终点的最短路。这种设计使得该算法适合在超大规模图上求解,理论上也证明了精度可控,同时预处理数据也是可行的,从而使两点间最短路的求解速度大大提高。在纽约公路网上的测试结果说明了该算法的有效性和合理性。     

Redux: A Dynamic Dataflow Tracer

Redux is a tool that generates dynamic dataflow graphs. It generates these graphs by tracing a program's execution and recording every value-producing operation that takes place, building up a complete computational history of every value produced. For that execution, by considering the parts of the graph reachable from system call inputs, we can choose to see only the dataflow that affects the outside world. Redux works with program binaries, and thus is not restricted to programs written in any particular language.We explain how Redux works, and show how dynamic dataflow graphs give the essence of a program's computation. We show how Redux can be used for debugging and program slicing, and consider a range of other possible uses.     

An axiomatic definition of synchronization primitives

Summary The semantics of a pair of synchronization primitives is characterized by three fundamental axioms: boundedness, progress, and fairness. The class of primitives fulfilling the three axioms is semantically defined. Unbuffered communication primitives, the symmetrical P and V operations, and the usual P and V operations are proved to be the three instances of this class. The definitions obtained are used to prove a series of basic theorems on mutual exclusion, producer-consumer coupling, deadlock, and linear and circular arrangements of communicating buffer-processes. An implementation of P and V operations fulfilling the axioms is proposed.