Refinement calculus: A basis for translation validation,debugging and certification

In this paper, we show how refinement calculus provides a basis for translation validation of optimized programs written in high level languages. Towards such a direction, we shall provide a generalized proof rule for establishing refinement of source and target programs for which one need not have to know the underlying program transformations. Our method is supported by a semi-automatic tool that uses a theorem prover for validating the verification conditions. We further show that the translation validation infrastructure provides an effective basis for deriving semantic debuggers and illustrate the development of a simple debugger for optimized programs using this approach using Prolog. A distinct advantage of semantic debugging is that it permits the user to change values at run-time only when the values are consistent with the underlying semantics.     

Adaptive and Reliable Paging to Remote Main Memory

Workstation clusters provide significant aggregate amounts of resources, including processing power and main memory. In this paper we explore the collective use of main memory in a workstation cluster to boost the performance of applications that require more memory than a single workstation can provide. We describe the design, simulation, implementation, and evaluation of a pager that uses main memory of remote workstations in a workstation cluster as a faster-than-disk paging device and provides reliability in case of single workstation failures and adaptivity in network and disk load variations. Our pager has been implemented as a block device driver linked to the Digital UNIX operating system, without any modifications to the kernel code. Using several test applications we measure the performance of remote memory paging over an Ethernet interconnection network and find it to be up to twice as fast as traditional disk paging. We also evaluate the performance of various reliability policies and demonstrate their feasibility even over low bandwith networks such as Ethernet. We conclude that the benefits of reliable remote memory paging in workstation clusters are significant today and are likely to increase in the near future.     

Instruction-level security analysis for information flow in stack-based assembly languages

We propose a method to analyze secure information flow in stack-based assembly languages, communicating with the external environment by means of input and output channels. The method computes for each instruction a security level for each memory variable and stack element. Instruction-level security analysis is flow-sensitive and hence is more precise than other analyses, such as standard security typing. Instruction-level security analysis is specified in the framework of abstract interpretation. We define concrete operational semantics which handles, in addition to execution aspects, the flow of information of the program. The basis of the approach is that each value is annotated by a security level and that the abstract domain is obtained from the concrete one by keeping the security levels and forgetting the actual values. Operand stack are abstracted as fixed-length stacks of security levels. An abstract state is a map from instructions to abstract machine configurations, where values are substituted by security levels. The abstract semantics consists of a set of abstract rules manipulating abstract states. The instruction-level security typing can be performed by an efficient fixpoint iteration algorithm, similar to that used by bytecode verification.     

利用段页式保护实现软件扩展

可扩展的软件体系结构和基于组件的软件开发方法要求安全、有效和易于实现的扩展机制支持同一地址空间的软件模块间的保护。文章提出了一种新的地址空间内的保护机制,它充分利用了i386体系结构的段页式硬件保护特征,能有效、透明地支持内核级和用户级的软件扩展。为了易于扩展软件模块的编程和扩展机制的实现,该机制用不同的方式支持用户级和内核级的软件扩展。     

基于WDK的过滤驱动反病毒技术研究

提出利用工作在内核态的文件系统过滤驱动,捕获用户应用程序发往目标文件系统驱动的磁盘操作请求,直接对文件内容与特征码库中的病毒特征码进行匹配,检查是否含有病毒,有效地防止硬盘文件被病毒感染,降低系统调用的层数,避免状态的切换,因而有极高的效率,可以进行实时动态扫描。     

SDriver: Location-specific signatures prevent SQL injection attacks

SQL injection attacks involve the construction of application input data that will result in the execution of malicious SQL statements. Many web applications are prone to SQL injection attacks. This paper proposes a novel methodology of preventing this kind of attacks by placing a secure database driver between the application and its underlying relational database management system. To detect an attack, the driver uses stripped-down SQL queries and stack traces to create SQL statement signatures that are then used to distinguish between injected and legitimate queries. The driver depends neither on the application nor on the RDBMS and can be easily retrofitted to any system. We have developed a tool, SDriver, that implements our technique and used it on several web applications with positive results.     

Distributed quantum programming

In this paper we explore the structure and applicability of the Distributed Measurement Calculus (DMC), an assembly language for distributed measurement-based quantum computations. We describe the formal language’s syntax and semantics, both operational and denotational, and state several properties that are crucial to the practical usability of our language, such as equivalence of our semantics, as well as compositionality and context-freeness of DMC programs. We show how to put these properties to use by constructing a composite program that implements distributed controlled operations, in the knowledge that the semantics of this program does not change under the various composition operations. Our formal model is the basis of a quantum virtual machine construction for distributed quantum computations, which we elaborate upon in the latter part of this work. This virtual machine embodies the formal semantics of DMC such that programming execution no longer needs to be analysed by hand. Far from a literal translation, it requires a substantial concretisation of the formal model at the level of data structures, naming conventions and abstraction mechanisms. At the same time we provide automatisation techniques for program specification where possible to obtain an expressive and user-friendly programming environment.     

基于Ajax 和PHP 数据分页的实现

Web系统经常会遇到大量的数据分页显示问题,传统的分页技术在提取数据时用户等待时间较长,利用Ajax技术结合PHP语言开发的Web系统在实现大量数据分页显示时,不需重载整个页面,通过更新局部数据即可,这样不但减少了用户等待时间,而且提高了查询效率。下面结合实例谈谈数据的动态分页显示的实现问题。     

Verifying a signature architecture: a comparative case study

We report on a case study in applying different formal methods to model and verify an architecture for administrating digital signatures. The architecture comprises several concurrently executing systems that authenticate users and generate and store digital signatures by passing security relevant data through a tightly controlled interface. The architecture is interesting from a formal-methods perspective as it involves complex operations on data as well as process coordination and hence is a candidate for both data-oriented and process-oriented formal methods. We have built and verified two models of the signature architecture using two representative formal methods. In the first, we specify a data model of the architecture in Z that we extend to a trace model and interactively verify by theorem proving. In the second, we model the architecture as a system of communicating processes that we verify by finite-state model checking. We provide a detailed comparison of these two different approaches to formalization (infinite state with rich data types versus finite state) and verification (theorem proving versus model checking). Contrary to common belief, our case study suggests that Z is well suited for temporal reasoning about process models with complex operations on data. Moreover, our comparison highlights the advantages of proving theorems about such models and provides evidence that, in the hands of an experienced user, theorem proving may be neither substantially more time-consuming nor more complex than model checking.     

基于AES算法的磁盘加密设计与实现

设计了一种纯软件的磁盘加密系统,系统利用Windows驱动开发技术,采用AES（高级加密标准：Advanced EncryptionStandard）算法作为磁盘加密算法,在不需要添加额外硬件设备的情况下,实现对磁盘内部数据加密和解密,有效地保护了磁盘的敏感信息。     

VHDL事件驱动模拟核心库

论述了一个为构造编译型VHDL模拟系统而设计的模拟核心库，它采用事件驱动的模拟算法进行元件调度，使其适用于同步电路和异步电路的模拟，采用多值延迟模型，可同时完成功能验证和时序验证工作；采用多数据类型表示形式，适用于从系统行为级，寄存器传输级到逻辑门级的设计模拟验证工作，模拟核心库使用标准C＋＋语言设计，采用面向对象编程思想构造核心库的结构，并使用C＋＋虚接口为被模拟供简单的建模接口，通过实验证明此模拟核心库具有简单，正确，高效，可扩充和平台通用等优点，适合于编译型模拟系统的构造。     

网络负载分流器的实现技术

网络风载分流器的实现技术,解决了如何正确的捕获用户提出的应用请求并将之分流给真实的应用服务器,如何在系统核心内部动态地对所分流的服务器进行正确的管,本文描述了使用的Linux系统下通过添加核心模块和使用虚拟设备驱动的管理方法来设计实现系统。     

A versatile architecture for long-term monitoring of single-event transient durations

We present design and analysis of an on-chip measurement infrastructure, which facilitates long-term monitoring of single-event transient durations in digital VLSI circuits exposed to uncontrollable radiation. Unlike the known oscilloscope-based methods, our approach is all-digital: SET durations are measured by the SET-gated counting of pulses generated by a high-frequency ring oscillator, and stored in an up/down-counter array organized in a ring. We carefully elaborate a comprehensive concept for making our infrastructure SEU tolerant, with the main challenge being to attain a sufficiently high probability of recording useful hits in the target before exhausting the SEU tolerance of the infrastructure. Our key contribution here concerns the protection of the counter array: Rather than resorting to radiation hardening or explicit triple modular redundancy (TMR), we save area by using a novel redundant duplex counter architecture: For a small number of recorded SETs, our architecture implicitly implements TMR, albeit in a way that degrades gracefully for larger numbers of recorded SETs. Besides standard functional and timing verification, we use Spice-based SET injection for verifying the effectiveness of our SEU-tolerant architecture, and some cross section-based probabilistic analysis for confirming that our measurement infrastructure based on it indeed achieves its purpose.     

Supporting concurrent ontology development: Framework, algorithms and tool

We propose a novel approach to facilitate the concurrent development of ontologies by different groups of experts. Our approach adapts Concurrent Versioning, a successful paradigm in software development, to allow several developers to make changes concurrently to an ontology. Conflict detection and resolution are based on novel techniques that take into account the structure and semantics of the ontology versions to be reconciled by using precisely-defined notions of structural and semantic differences between ontologies and by extending state-of-the-art ontology debugging and repair techniques. We also present ContentCVS, a system that implements our approach, and a preliminary empirical evaluation which suggests that our approach is both computationally feasible and useful in practice.     

基于文件系统过滤驱动的安全增强型加密系统技术研究

应用层加密系统在实际的应用中一般要求用户在访问文件前手动进行加解密操作,有些系统中文件正常使用时必须以明文形式存储在磁盘上.基于文件系统驱动的加密文件系统减少了用户的参与操作,同时保证了磁盘上文件处于加密状态,但是其在设计与实现上较为复杂.针对上述方法存在的问题,本文采用Windows NT内核操作系统的驱动框架,基于文件系统过滤驱动技术实现对数据进行透明加解密.通过这种方法不仅解决了应用层加密系统存在的不足,与加密文件系统相比开发实现较简单灵活.另外使用智能卡作为加解密密钥的存储容器,进一步增强整个系统的安全性.     

虚拟存储技术在容灾系统中的应用

基于对虚拟存储技术及其在容灾系统中应用现状的分析,设计一个适用于容灾系统的虚拟文件系统。该系统基于Windows平台,通过在Windows存储栈的层次式结构中添加过滤驱动层来实现上层文件系统与下层卷管理器的隔离。在过滤驱动层中,结合虚拟内存的映射原理和容灾系统的应用需求,实现适用于容灾系统的虚拟存储映射机制。     

All about activity injection: Threats,semantics, detection,and defense

Android supports seamless user experience by maintaining activities from different applications (apps) in the same activity stack. Although such close inter-app communication is essential in the Android framework, the powerful inter-app communication contains vulnerabilities that can inject malicious activities into a victim app's activity stack to hijack user interaction flows. In this article, we demonstrate activity injection attacks with a simple malware, and formally specify the activity activation mechanism using operational semantics. Based on the operational semantics, we develop a static analysis tool, which analyzes Android apps to detect activity injection attacks. Our tool is fast enough to analyze real-world Android apps in 6 seconds on average, and our experiments found that 1761 apps out of 129,756 real-world Android apps inject their activities into other apps' tasks. Moreover, we propose a defense mechanism, dubbed signature-based activity access control (SAAC), which completely prohibits activity injection attacks. The defense mechanism is general enough to keep the current Android multitasking features intact, and it is simple enough to be independent of the complex activity activation semantics, which does not increase activity activation time noticeably. With the extension of the formal semantics for SAAC, we prove that SAAC correctly mitigates activity injection attacks without any false alarms.     

Proving Fairness and Implementation Correctness of a Microkernel Scheduler

We report on the formal proof of a microkernel’s key property, namely that its multi-priority process scheduler guarantees progress, i.e., strong fairness. The proof architecture links a layer of behavioral reasoning over system-trace sets with a concrete, fairly realistic implementation written in C. Our microkernel provides an infrastructure for memory virtualization, for communication with hardware devices, for processes (represented as a sequence of assembly instructions, which are executed concurrently over an underlying, formally defined processor), and for inter-process communication (IPC) via synchronous message passing. The kernel establishes process switches according to IPCs and timer-events; the scheduling of process switches, however, follows a hierarchy of priorities, favoring, e.g., system processes over application processes over maintenance processes. Besides the quite substantial models developed in Isabelle/HOL and the formal clarification of their relationship, we provide a detailed analysis what formal requirements a microkernel imposes on the key ingredients (hardware, timers, machine-dependent code) in order to establish the correct operation of the overall system. On the methodological side, we show how early modeling with foresight to the later verification has substantially helped our project.     

Windows下的数据报截取驱动程序的设计与实现

首先分析了UNIX下的BPF结构，据此设计和实现了Windows下的数据报截取驱动程序，将它用于Ad Hoc网络的路由协议仿真，并采用Java的JNI机制实现了在UNIX和Windows下通用的一组网络工具。