Part II Parsing and Disambiguation of Source Code

Total Page:16

File Type:pdf, Size:1020Kb

Part II Parsing and Disambiguation of Source Code See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/238758491 Analysis and Transformation of Source Code by Parsing and Rewriting Article · January 2005 CITATIONS READS 43 305 1 author: Jurgen Vinju Centrum Wiskunde & Informatica 145 PUBLICATIONS 1,926 CITATIONS SEE PROFILE Some of the authors of this publication are also working on these related projects: CROSSMINER: Developer-Centric Knowledge Mining from Large Open-Source Software Repositories View project ASF+SDF Meta-Environment View project All content following this page was uploaded by Jurgen Vinju on 10 January 2014. The user has requested enhancement of the downloaded file. Downloaded from UvA-DARE, the institutional repository of the University of Amsterdam (UvA) http://dare.uva.nl/document/17005 File ID 17005 SOURCE (OR PART OF THE FOLLOWING SOURCE): Type Dissertation Title Analysis and transformation of source code by parsing and rewriting Author J.J. Vinju Faculty Faculty of Science Year 2005 Pages 230 FULL BIBLIOGRAPHIC DETAILS: http://dare.uva.nl/record/165444 Copyright It is not permitted to download or to forward/distribute the text or part of it without the consent of the author(s) and/or copyright holder(s), other then for strictly personal, individual use. UvA-DARE is a service provided by the library of the University of Amsterdam (http://dare.uva.nl) Analysis and Transformation of Source Code by Parsing and Rewriting ACADEMISCH PROEFSCHRIFT ter verkrijging van de graad van doctor aan de Universiteit van Amsterdam op gezag van de Rector Magnificus prof. mr. P.F. van der Heijden ten overstaan van een door het college voor promoties ingestelde commissie, in het openbaar te verdedigen in de Aula der Universiteit op dinsdag 15 november 2005, te 10:00 uur door Jurgen Jordanus Vinju geboren te Ermelo Promotor: prof. dr. P. Klint Co-promotor: dr. M.G.J. van den Brand Faculteit: Natuurwetenschappen, Wiskunde en Informatica The work in this thesis has been carried out at Centrum voor Wiskunde en Informat- ica (CWI) in Amsterdam under the auspices of the research school IPA (Institute for Programming research and Algorithmics). Preface Before consuming this manuscript the reader should know that I owe gratitude to many people. First of all, it is a family accomplishment. I want to thank my mother, Annelies, for being so strong and for always motivating me to do what I like best. I thank my father, Fred, for always supporting me. My sister, Krista, is my soul mate. We are so much alike. The love of my live, Rebecca, has been my support and inspiration for the past six years. I would like to thank my best friends: Arjen Koppen, Bas Toeter, Coen Visser, Hugo Loomans, Mieke Schouten, Warner Salomons, and Winfried Holthuizen. You don't know how much of you is a part of me. My supervisors at CWI are Mark van den Brand and Paul Klint. Mark inspired me to study computer science in Amsterdam, and to start a PhD project at CWI. He sparked my interest in ASF+SDF already at the age of 17. Thank you for teaching me, caring for me, and for motivating me all these years. Paul is a great mentor and role model. I admire him for his insight in so many issues and for his endless enthusiasm for research. He is the most productive man I have ever seen. Thanks for your time teaching me. Many of my colleagues have become my friends. Thank you for the teamwork, for providing an inspiring work environment, and for the relaxing times we spent in bars and restaurants. They are in alphabetical order: Ali Mesbah, Anamaria Martins Mor- eira, Anderson Santana, Anthony Cleve, Arie van Deursen, Li Bixin, Chris Verhoef, David Deharbe,´ Diego Ordonez Camacho, Eelco Visser, Ernst-Jan Verhoeven, Gerald Stap, Gerco Ballintijn, Hayco de Jong, Jan Heering, Jan van Eijck, Jeroen Scheerder, Joost Visser, Jørgen Iversen, Steven Klusener, Leon Moonen, Magiel Bruntink, Martin Bravenboer, Merijn de Jonge, Niels Veerman, Pierre-Etienne Moreau, Pieter Olivier, Ralf Lammel,¨ Rob Economopoulos, Slinger Jansen, Taeke Kooiker, Tijs van der Storm, Tobias Kuipers, Tom Tourwe,´ Vania Marangozova. I would like to thank Claude Kirchner for allowing me to work an inspiring and productive three month period at INRIA-LORIA. Finally, I thank the members of my reading committee for reading the manuscript and providing valuable feedback: prof. dr. J.A. Bergstra, prof. dr. M. de Rijke, prof. dr. C.R. Jesshope, prof. dr. K.M. van Hee and prof. dr. J.R. Cordy. The CWI institute is a wonderful place to learn and produce computer science. v vi Contents Contents vii I Overview 1 1 Introduction 3 1.1 Computer aided software engineering . 3 1.1.1 Source code . 4 1.1.2 Source code analysis and transformation . 6 1.1.3 Translation distance . 6 1.1.4 Goals and requirements . 7 1.1.5 Mechanics . 8 1.1.6 Discussion: challenges in meta programming . 9 1.2 Technological background . 10 1.2.1 Generic language technology . 10 1.2.2 A meta-programming framework . 11 1.2.3 Historical perspective . 12 1.2.4 Goal . 13 1.3 Parsing . 14 1.3.1 Mechanics . 14 1.3.2 Formalism . 14 1.3.3 Technology . 15 1.3.4 Application to meta-programming . 16 1.4 Rewriting . 17 1.4.1 Mechanics . 17 1.4.2 Formalism . 18 1.4.3 Technology . 19 1.4.4 Application to meta-programming . 20 1.5 Related work . 23 1.6 Road-map and acknowledgments . 24 vii 2 Environments for Term Rewriting Engines for Free! 29 2.1 Introduction . 29 2.2 Architecture for an open environment . 31 2.3 Reusable components . 33 2.3.1 Generalized Parsing for a readable formalism . 33 2.3.2 Establishing the connection between parsing and rewriting . 34 2.3.3 Graphical User Interface . 35 2.4 A new environment in a few steps . 36 2.5 Instantiations of the Meta-Environment . 40 2.6 Conclusions . 41 II Parsing and disambiguation of source code 43 3 Disambiguation Filters for Scannerless Generalized LR Parsers 45 3.1 Introduction . 45 3.2 Scannerless Generalized Parsing . 46 3.2.1 Generalized Parsing . 46 3.2.2 Scannerless Parsing . 47 3.2.3 Combining Scannerless Parsing and Generalized Parsing . 48 3.3 Disambiguation Rules . 49 3.3.1 Follow Restrictions . 49 3.3.2 Reject Productions . 50 3.3.3 Priority and Associativity . 50 3.3.4 Preference Attributes . 51 3.4 Implementation Issues . 52 3.4.1 Follow Restrictions . 52 3.4.2 Reject Productions . 53 3.4.3 Priority and Associativity . 53 3.4.4 Preference Attributes . 54 3.5 Applications . 55 3.5.1 ASF+SDF Meta-Environment . 55 3.5.2 XT . 55 3.6 Benchmarks . 56 3.7 Discussion . 57 3.7.1 Generalized LR parsing versus backtracking parsers . 57 3.7.2 When to use scannerless parsing? . 57 3.8 Conclusions . 58 4 Semantics Driven Disambiguation 59 4.1 Introduction . 59 4.1.1 Examples . 60 4.1.2 Related work on filtering . 62 4.1.3 Filtering using term rewriting . 63 4.1.4 Plan of the chapter . 63 4.2 Parse Forest Representation . 64 viii 4.3 Extending Term Rewriting . 65 4.3.1 What is term rewriting? . 66 4.3.2 Rewriting parse trees . 68 4.3.3 Rewriting parse forests . 69 4.4 Practical Experiences . 70 4.5 Discussion . 72 4.6 Conclusions . 73 5 A Type-driven Approach to Concrete Meta Programming 75 5.1 Introduction . 75 5.1.1 Exploring the solution space . 77 5.1.2 Concrete meta programming systems . 79 5.1.3 Discussion . 83 5.2 Architecture . 84 5.2.1 Syntax transitions . 85 5.2.2 Disambiguation by type-checking . 87 5.3 Disambiguation filters . 88 5.3.1 Class 3. Ambiguity directly via syntax transitions . 88 5.3.2 Class 4. Object language and meta language overlap . 92 5.4 Experience . 94 5.5 Conclusion . 95 III Rewriting source code 97 6 Term Rewriting with Traversal Functions 99 6.1 Introduction . 99 6.1.1 Background . 99 6.1.2 Plan of the Paper . 100 6.1.3 Issues in Tree Traversal . 100 6.1.4 A Brief Recapitulation of Term Rewriting . 102 6.1.5 Why Traversal Functions in Term Rewriting? . 104 6.1.6 Extending Term Rewriting with Traversal Functions . 106 6.1.7 Related Work . 108 6.2 Traversal Functions in ASF+SDF . 111 6.2.1 Kinds of Traversal Functions . 112 6.2.2 Visiting Strategies . 113 6.2.3 Examples of Transformers . 114 6.2.4 Examples of Accumulators . 117 6.2.5 Examples of Accumulating Transformers . 118 6.3 Larger Examples . 119 6.3.1 Type-checking . 119 6.3.2 Inferring Variable Usage . 124 6.3.3 Examples of Accumulating Transformers . 124 6.4 Operational Semantics . 125 6.4.1 Extending Innermost . 126 ix 6.4.2 Transformer . 127 6.4.3 Accumulator . 127 6.4.4 Accumulating Transformer . 128 6.4.5 Discussion . 128 6.5 Implementation Issues . ..
Recommended publications
  • Generic Traversal Over Typed Source Code Representations
    i i “main” — 2002/12/19 — 13:02 — page iii — #1 i i Generic Traversal over Typed Source Code Representations i i i i i i “main” — 2002/12/19 — 13:02 — page iv — #2 i i The work reported in this thesis has been carried out at the Center for Mathematics and Computer Science (CWI) in Amsterdam under the auspices of the research school IPA (Institute for Programming research and Algorithmics). i i i i i i “main” — 2002/12/19 — 13:02 — page iii — #3 i i Generic Traversal over Typed Source Code Representations ACADEMISCH PROEFSCHRIFT ter verkrijging van de graad van doctor aan de Universiteit van Amsterdam op gezag van de Rector Magnificus prof. mr. P. F. van der Heijden ten overstaan van een door het college voor promoties ingestelde commissie, in het openbaar te verdedigen in de Aula der Universiteit op vrijdag 14 februari 2003, te 10.00 uur door Johannes Michiel Willem Visser geboren te Middelburg, Nederland i i i i i i “main” — 2002/12/19 — 13:02 — page iv — #4 i i Promotor: prof. dr P. Klint Co-promotor: Dr.-Ing. R. Lammel¨ Faculteit: Faculteit der Natuurwetenschappen, Wiskunde en Informatica Faculteit der Natuurwetenschappen, Wiskunde en Informatica Universiteit van Amsterdam Kruislaan 403 1098 SJ Amsterdam i i i i i i “main” — 2002/12/19 — 13:02 — page v — #5 i i Preface Environment is of decisive importance to the success or failure of a starting re- searcher. To get into a productive research and publication mode, one is helped tremendously by the challenges and examples that others set before him.
    [Show full text]
  • Powerterm Interconnect Series of Products
    PowerTerm® Series Terminal Emulator User's Guide ii PowerTerm Series User’s Guide Important Notice This guide is subject to the following conditions and restrictions: • This User’s Guide provides documentation for the PowerTerm Interconnect series of products. Your specific PowerTerm product might include only a portion of the features documented in this Guide. • The proprietary information belonging to Ericom® Software Ltd. is supplied solely for the purpose of assisting explicitly and properly authorized users of PowerTerm®. • No part of its contents may be used for any other purpose, disclosed to any person or firm, or reproduced by any means, electronic and mechanical, without the express prior written permission of Ericom® Software Ltd. • The text and graphics are for the purpose of illustration and reference only. The specifications on which they are based are subject to change without notice. • The software described in this document is furnished under a license agreement. The software may be used or copied only in accordance with the terms of that agreement. • Information in this document is subject to change without notice. Corporate and individual names and data used in examples herein are fictitious unless otherwise noted. Copyright 2002 Ericom® Software Ltd. Ericom® and PowerTerm® are registered trademarks of Ericom® Software Ltd., which may be registered in certain jurisdictions. Other company and brand, product and service names are trademarks or registered trademarks of their respective holders. iii Table of Contents About This Guide This guide assumes that you are familiar with the operation of the terminal you intend to emulate. The PowerTerm User's Guide is comprised of the following chapters: Chapter 1, Introduction to PowerTerm, presents PowerTerm and describes its main features.
    [Show full text]
  • Database Management Systems Ebooks for All Edition (
    Database Management Systems eBooks For All Edition (www.ebooks-for-all.com) PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Sun, 20 Oct 2013 01:48:50 UTC Contents Articles Database 1 Database model 16 Database normalization 23 Database storage structures 31 Distributed database 33 Federated database system 36 Referential integrity 40 Relational algebra 41 Relational calculus 53 Relational database 53 Relational database management system 57 Relational model 59 Object-relational database 69 Transaction processing 72 Concepts 76 ACID 76 Create, read, update and delete 79 Null (SQL) 80 Candidate key 96 Foreign key 98 Unique key 102 Superkey 105 Surrogate key 107 Armstrong's axioms 111 Objects 113 Relation (database) 113 Table (database) 115 Column (database) 116 Row (database) 117 View (SQL) 118 Database transaction 120 Transaction log 123 Database trigger 124 Database index 130 Stored procedure 135 Cursor (databases) 138 Partition (database) 143 Components 145 Concurrency control 145 Data dictionary 152 Java Database Connectivity 154 XQuery API for Java 157 ODBC 163 Query language 169 Query optimization 170 Query plan 173 Functions 175 Database administration and automation 175 Replication (computing) 177 Database Products 183 Comparison of object database management systems 183 Comparison of object-relational database management systems 185 List of relational database management systems 187 Comparison of relational database management systems 190 Document-oriented database 213 Graph database 217 NoSQL 226 NewSQL 232 References Article Sources and Contributors 234 Image Sources, Licenses and Contributors 240 Article Licenses License 241 Database 1 Database A database is an organized collection of data.
    [Show full text]
  • Pulse Secure Virtual Traffic Manager: Trafficscript Guide Supporting Pulse Secure Virtual Traffic Manager 18.2
    Pulse Secure Virtual Traffic Manager: TrafficScript Guide Supporting Pulse Secure Virtual Traffic Manager 18.2 Product Release 18.2 Published 1 August, 2018 Document Version 1.0 Pulse Secure Virtual Traffic Manager: TrafficScript Guide 2 © 2018 Pulse Secure, LLC. Pulse Secure Virtual Traffic Manager: TrafficScript Guide Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 www.pulsesecure.net © 2018 by Pulse Secure, LLC. All rights reserved. Pulse Secure and the Pulse Secure logo are trademarks of Pulse Secure, LLC in the United States. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Pulse Secure, LLC assumes no responsibility for any inaccuracies in this document. Pulse Secure, LLC reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Pulse Secure Virtual Traffic Manager: TrafficScript Guide The information in this document is current as of the date on the title page. END USER LICENSE AGREEMENT The Pulse Secure product that is the subject of this technical documentation consists of (or is intended for use with) Pulse Secure software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.pulsesecure.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. © 2018 Pulse Secure, LLC. Pulse Secure Virtual Traffic Manager: TrafficScript Guide 4 © 2018 Pulse Secure, LLC. Pulse Secure Virtual Traffic Manager: TrafficScript Guide Contents PREFACE . 1 DOCUMENT CONVENTIONS . 1 TEXT FORMATTING CONVENTIONS . 1 COMMAND SYNTAX CONVENTIONS .
    [Show full text]
  • Middleware Lifecycle Management Administrator's Guide
    Oracle® Enterprise Manager Middleware Lifecycle Management Administrator's Guide 13c Release 5 F37167-01 April 2021 Oracle Enterprise Manager Middleware Lifecycle Management Administrator's Guide, 13c Release 5 F37167-01 Copyright © 2015, 2021, Oracle and/or its affiliates. Primary Author: Oracle Corporation Contributors: Enterprise Manager Cloud Control Lifecycle Management Development Teams, Quality Assurance Teams, Customer Support Teams, and Product Management Teams. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations.
    [Show full text]
  • Business Process Model and Notation (BPMN), Version
    Date : January 2011 Business Process Model and Notation (BPMN) Version 2.0 OMG Document Number: formal/2011-01-03 Standard document URL: http://www.omg.org/spec/BPMN/2.0 Associated Schema Files: dtc/2010-05-04 -- http://www.omg.org/spec/BPMN/20100501 XMI: BPMN20.cmof BPMNDI.cmof DC.cmof DI.cmof XSD: BPMN20.xsd BPMNDI.xsd DC.xsd DI.xsd Semantic.xsd XSLT: BPMN20-FromXMI.xslt BPMN20-ToXMI.xslt dtc/2010-05-15 -- http://www.omg.org/spec/BPMN/20100502 Infrastructure.cmof Semantic.cmof Copyright © 2010, Axway Copyright © 2010, BizAgi Copyright © 2010, Bruce Silver Associates Copyright © 2010, IDS Scheer Copyright © 2010, IBM Corp. Copyright © 2010, MEGA International Copyright © 2010, Model Driven Solutions Copyright © 2010, Object Management Group Copyright © 2010, Oracle Copyright © 2010, SAP AG Copyright © 2010, Software AG Copyright © 2010, TIBCO Software Copyright © 2010, Unisys USE OF SPECIFICATION - TERMS, CONDITIONS & NOTICES The material in this document details an Object Management Group specification in accordance with the terms, conditions and notices set forth below. This document does not represent a commitment to implement any portion of this specification in any company's products. The information contained in this document is subject to change without notice. LICENSES The companies listed above have granted to the Object Management Group, Inc. (OMG) a nonexclusive, royalty-free, paid up, worldwide license to copy and distribute this document and to modify this document and distribute copies of the modified version. Each of the copyright holders listed above has agreed that no person shall be deemed to have infringed the copyright in the included material of any such copyright holder by reason of having used the specification set forth herein or having conformed any computer software to the specification.
    [Show full text]
  • File Integrity Checking
    File Integrity Checking A thesis submitted in fulfilment of the requirements of the degree MASTERS IN SCIENCE (Computer Science) of Rhodes University by Yusuf Moosa Motara December 2005 Abstract This thesis looks at file execution as an attack vector that leads to the execution of unauthorized code. File integrity checking is examined as a means of removing this attack vector, and the design, implementation, and evaluation of a best-of-breed fi le integrity checker for the Linux operating system is undertaken. 'life conclude that the resultant file integrity checker does succeed in removing file execution as an attack vector, does so at a computational cost that is negligible, and displays innovative and useful features that are not currently found in any other Linux file integrity checker. Keywords: integrity checking, signed binaries, fil e integrity, filesystem monitor, safe execution, whitelisting, trojan detection Acknowledgements ~ ~, o )1. '0)1 ~I 0 ~ ~ ~ M In the name of God, the Compassionate, the Merciful We begin with the name of Allah, Lord of all Creation, He who knows all that is secret or open. All knowledge contained within this document that is true and useful is due to the guidance and grace of Allah, and all that is false or misleading is due to my own feeble understanding. We ask for the help of Allah in all that we do , for He is the most beneficent, the most merciful. The supervisor of this thesis has been Barry V Irwin, whose suggestions have been most appreciated and useful. This thesis would not be of the quality that it is without his assistance.
    [Show full text]
  • Testing Tools Interview Questions and Answers Guide
    Testing Tools Interview Questions And Answers Guide. Global Guideline. https://www.globalguideline.com/ Testing Tools Interview Questions And Answers Global Guideline . COM Testing Tools Job Interview Preparation Guide. Question # 1 Explain ANDROID? Answer:- Kind of Tool Automated GUI Client Testing Tool (freeware) Organization Smith House http://www.smith-house.org/open.html Software Description Android is an open-source GUI testing tool that can observe and record your interactions with a graphical user interface, creating a script that can repeat the session to any desired level of accuracy. The user can specify test points where the designated window is to be checked to see if it differs from the "canonical" test run originally recorded, signalling a test failure if this is the case. It can also be used to write GUI automation scripts. Platforms Record mode requires Expect. Playback or scripting will work on any Posix-compliant system with a working port of Tcl/Tk. Read More Answers. Question # 2 Explain Seapine Software? Answer:- Seapine's software development and testing tools streamline your development process, saving you significant time and money. Enjoy feature-rich tools that are flexible enough to work in any software development environment. With Seapine integrated tools, every step in the development process feeds critical information into the next step, letting you focus on developing high quality software in less time. Seapine Website http://www.seapine.com/ Seapine Software Software Test Tools QA Wizard - Incorporating a user friendly interface with integrated data and a robust scripting engine. It adapts easily to new and evolving technologies and can be mastered in a short period of time.
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 171 Cookbook: defaultwindowsinteractivecookbook.jbs Time: 19:57:04 Date: 22/07/2021 Version: 33.0.0 White Diamond Table of Contents Table of Contents 2 Windows Analysis Report http://oouutlook.asussa.club/tempfile/239132446c/postscript.php 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Analysis Advice 4 Process Tree 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Jbx Signature Overview 5 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 8 Public 8 Private 8 General Information 8 Simulations 9 Behavior and APIs 9 Created / dropped Files 9 Static File Info 40 No static file info 40 Network Behavior 40 Network Port Distribution 40 TCP Packets 40 UDP Packets 40 DNS Queries 40 DNS Answers 40 HTTP Request Dependency Graph 41 HTTP Packets 41 Code Manipulations 42 Statistics 42 Behavior 42 System Behavior 42 Analysis Process: chrome.exe PID: 8056 Parent PID: 2168 42 General 42 File Activities 42 Registry Activities 42 Analysis Process: chrome.exe PID: 4372 Parent PID: 8056 43 General 43 Copyright Joe Security LLC 2021 Page 2 of 43 File Activities 43 Disassembly 43 Code Analysis 43 Copyright Joe Security LLC 2021 Page 3 of 43 Windows Analysis Report http://oouutlook.asussa.club/…tempfile/239132446c/postscript.php Overview General Information Detection Signatures Classification Sample URL: oouutlook.asussa.clu No high impact signatures.
    [Show full text]
  • IT18 Evasion: Bypassing IDS/IPS Systems HTTP Evasion: Bypassing IDS/IPS Systems
    IT18 Evasion: Bypassing IDS/IPS Systems HTTP Evasion: Bypassing IDS/IPS Systems IT18 Ryan C. Barnett, Breach Security Tuesday – 10:45 am ©If appropriate, Insert your organization’s copyright information Introduction: Ryan Barnett Background as web server administrator. Web application security specialist (WASC and the SANS Institute). ModSecurity Community Manager. – www.modsecurity.org Author of Preventing Web Attacks with Apache (Addison/Wesley, 2006). ©If appropriate, Insert your organization’s copyright information Issue #1: Visibility Secure Socket Layer SSL / HTTP - Request Provides encrypted tunnels from the client to the web server. This encryption will hide the layer 7 packet payload from IDS/IPS. – SSL-enabled hosts are therefore targeted by attackers. Question – Is your IDS/IPS decrypting SSL traffic? ©If appropriate, Insert your organization’s copyright information HTTP vs. HTTPS Session ©If appropriate, Insert your organization’s copyright information HTTP vs. HTTPS Session ©If appropriate, Insert your organization’s copyright information Issue #2: Detection vs. Blocking Block but don’t alert (silent drop) Alert but don’t block (IDS) Silent drops are often used for performance reasons. – This, however, allows an attacker to go unnoticed during their attacks. Evading detection has actually decreased due to the rise in anonymity – Attackers loop through multiple systems – This lessens the likelihood of the attack being traced back to their true location Overt attacks obscure stealth attacks ©If appropriate, Insert your organization’s copyright information Issue #3: Wide Protocol Focus IDS/IPS look at many protocols and not just HTTP. It is the old “A mile wide and an inch deep” saying when it comes to depth of signature coverage for each protocol.
    [Show full text]
  • Visvesvaraya Technological University a Project Report
    VISVESVARAYA TECHNOLOGICAL UNIVERSITY “Jnana Sangama”, Belagavi – 590 018 A PROJECT REPORT ON “Environment Setup for various Programming Languages” Submitted in partial fulfillment for the award of the degree of BACHELOR OF ENGINEERING IN COMPUTER SCIENCE AND ENGINEERING BY RAHUL.S (1NH12CS741) ANURAG (1NH12CS708) Under the guidance of Ms. T.KARTHIKAYINI (Assistant Professor, Dept. of CSE, NHCE) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING NEW HORIZON COLLEGE OF ENGINEERING (ISO-9001:2000 certified, Accredited by NAAC ‘A’ , Permanently affiliated to VTU) Outer Ring Road,Panathur Post, Near Marathalli, Bangalore – 560103 NEW HORIZON COLLEGE OF ENGINEERING (ISO-9001:2000 certified, Accredited by NAAC ‘A’ Permanently affiliated to VTU) Outer Ring Road, Panathur Post, Near Marathalli, Bangalore-560 103 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CERTIFICATE Certified that the project work entitled “ENVIRONMENT SETUP FOR VARIOUS PROGRAMMING LANGAUGES” carried out by RAHUL.S (1NH12CS741) & ANURAG (1NH12CS708) bonafide students of NEW HORIZON COLLEGE OF ENGINEERING in partial fulfillment for the award of Bachelor Of Engineering/Bachelor Of Technology in Computer Science and Engineering of the Visvesvaraya Technological University, Belgaum during the year 2015-2016. It is certified that all corrections/suggestions indicated for Internal Assessment have been incorporated in the report deposited in the department library. The project report has been approved as it satisfies the academic requirements in respect of Project work prescribed for the said Degree. Name & Signature of Guide Name & Signature of HOD Signature of Principal (Ms.T.Karthikayini ) (Dr. Prashanth C.S.R.) (Dr. Manjunatha) External Viva Name of Examiner Signature with date 1. 2. ACKNOWLEDGEMENT The satisfaction and euphoria that accompany the successful completion of any task would be, but impossible without the mention of the people who made it possible, whose constant guidance and encouragement crowned our efforts with success.
    [Show full text]
  • Lightweight Structure in Text
    Lightweight Structure in Text Robert C. Miller May 2002 CMU-CS-02-134 CMU-HCII-02-103 School of Computer Science Computer Science Department Carnegie Mellon University Pittsburgh, PA Thesis Committee: Brad A. Myers, Co-chair David Garlan, Co-chair James H. Morris Brian Kernighan, Princeton University Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy Copyright c 2002 Robert C. Miller This research was sponsored by the National Science Foundation under grant no. IRI-9319969 and grant no. IIS- 0117658, the Army Research Office (ARO) under National Defense Science and Engineering Grant no. DAAH04-95- 1-0552, the Defense Advanced Research Project Agency (DARPA) - US Army under contract no. DAAD1799C0061, DARPA - Navy under contract no. N66001-94-C-6037, N66001-96-C-8506, and the USENIX Association. The views and conclusions contained herein are those of the author and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of any sponsoring party or the U.S. Government. Keywords: text processing, structured text, pattern matching, regular expressions, grammars, web automation, repetitive text editing, machine learning, programming-by-demonstration, simul- taneous editing, outlier finding, LAPIS Abstract Pattern matching is heavily used for searching, filtering, and transforming text, but existing pattern languages offer few opportunities for reuse. Lightweight structure is a new approach that solves the reuse problem. Lightweight structure has three parts: a model of text structure as contiguous segments of text, or regions; an extensible library of structure abstractions (e.g., HTML elements, Java expressions, or English sentences) that can be implemented by any kind of pattern or parser; and a region algebra for composing and reusing structure abstractions.
    [Show full text]