排序方式: 共有14条查询结果,搜索用时 31 毫秒
1.
In this paper, we present new pointcuts and primitives to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. The two proposed pointcuts allow to identify particular join points in a program's control-flow graph (CFG). The first one is the GAFlow, Closest Guaranteed Ancestor, which returns the closest ancestor join point to the pointcuts of interest that is on all their runtime paths. The second one is the GDFlow, Closest Guaranteed Descendant, which returns the closest child join point that can be reached by all paths starting from the pointcut of interest. The two proposed primitives are called ExportParameter and ImportParameter and are used to pass parameters between two pointcuts. They allow to analyze a program's call graph in order to determine how to change function signatures for passing the parameters associated with a given security hardening. We find these pointcuts and primitives to be necessary because they are needed to perform many security hardening practices and, to the best of our knowledge, none of the existing ones can provide their functionalities. Moreover, we show the viability and correctness of the proposed pointcuts and primitives by elaborating and implementing their algorithms and presenting the result of explanatory case studies. 相似文献
2.
Transactional dependencies play an important role in coordinating and executing the subtransactions in advanced transaction
processing models, such as, nested transactions and workflow transactions. Researchers have formalized the notion of transactional
dependencies and have shown how various advanced transaction models can be expressed using different kinds of dependencies.
Incorrect specification of dependencies can result in unpredictable behavior of the advanced transaction, which, in turn,
can lead to unavailability of resources and information integrity problems. In this work, we focus on how to correctly specify
dependencies in an advanced transaction. We enumerate the different kinds of dependencies that may be present in an advanced
transaction and classify them into two broad categories: event ordering and event enforcement dependencies. Different event
ordering and event enforcement dependencies in an advanced transaction often interact in subtle ways resulting in conflicts
and redundancies. We describe the different types of conflicts that can arise due to the presence of multiple dependencies
and describe how one can detect such conflicts. An advanced transaction may also contain redundant dependencies—these are
dependencies that can be logically derived from other dependencies. We show how such extraneous dependencies can be eliminated
to get an equivalent set of dependencies that has the same effect as the original set. Our dependency analysis is done in
the context of a generalized advanced transaction model that is capable of expressing different kinds of advanced transactions.
Recommended by: Amit Sheth 相似文献
3.
面对控制流劫持攻击的威胁,业界使用控制流完整性保护技术来保障进程的执行安全。传统的控制流完整性验证保护机制依赖于动态二进制改写技术,在分析、实施等过程中难度较大,且有可能带来二进制兼容的问题。通过研究近几年提出的上下文敏感的控制流保护技术PathArmor,分析了其检测进程控制流的时机。然后针对PathArmor只在进程做系统调用时才进行检测的机制,提出了改进的方法。该方法依据内核页错误中断处理机制,通过修改用户页面的保护属性主动触发可执行页面的执行错误;接着,修改页错误中断处理过程,钩挂do_page_fault以处理主动触发的执行错误。用户进程代码和数据的完整性得以保证的同时,得到了更多陷入内核接受检查的机会。在Nginx,bzip2,SQLite等典型应用环境下的实验结果表明,改进的方法能够明显增加系统安全分析的粒度,更好地保护程序的控制流。 相似文献
4.
Analysis on demand: Instantaneous soundness checking of industrial business process models 总被引:2,自引:0,他引:2
Dirk FahlandAuthor VitaeJana KoehlerAuthor Vitae Niels LohmannAuthor Vitae 《Data & Knowledge Engineering》2011,70(5):448-466
We report on a case study on control-flow analysis of business process models. We checked 735 industrial business process models from financial services, telecommunications, and other domains. We investigated these models for soundness (absence of deadlock and lack of synchronization) using three different approaches: the business process verification tool Woflan, the Petri net model checker LoLA, and a recently developed technique based on SESE decomposition. We evaluate the various techniques used by these approaches in terms of their ability of accelerating the check. Our results show that industrial business process models can be checked in a few milliseconds, which enables tight integration of modeling with control-flow analysis. We also briefly compare the diagnostic information delivered by the different approaches and report some first insights from industrial applications. 相似文献
5.
6.
7.
Inserting instrumentation code in a program is an effective technique for detecting, recording, and measuring many aspects of a program's performance. Instrumentation code can be added at any stage of the compilation process by specially-modified system tools such as a compiler or linker or by new tools from a measurement system. For several reasons, adding instrumentation code after the compilation process—by rewriting the executable file—presents fewer complications and leads to more complete measurements. This paper describes the difficulties in adding code to executable files that arose in developing the profiling and tracing tools qp and qpt. The techniques used by these tools to instrument programs on MIPS and SPARC processors are applicable in other instrumentation systems running on many processors and operating systems. In addition, many difficulties could have been avoided with minor changes to compilers and executable file formats. These changes would simplify this approach to measuring program performance and make it more generally useful. 相似文献
8.
9.
10.
This paper defines an algorithm for predicting worst-case and best-case execution times, and determining execution-time constraints of control-flow paths through real-time programs using their partial correctness semantics. The algorithm produces a linear approximation of path traversal conditions, worst-case and best-case execution times and strongest postconditions for timed paths in abstract real-time programs. Also shown are techniques for determining the set of control-flow paths with decidable worst-case and best-case execution times. The approach is based on a weakest liberal precondition semantics and relies on supremum and infimum calculations similar to standard computations from linear programming and Presburger arithmetic. The methodology is applicable to any executable language with a predicate transformer semantics and hence provides a verification basis for both high-level language and assembly code execution-time analysis. 相似文献