Formal Verification for High Assurance Software: a Case Study Using the SPARK Auto-Active Verification Oolsett
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
SPLLIFT — Statically Analyzing Software Product Lines in Minutes Instead of Years
SPLLIFT — Statically Analyzing Software Product Lines in Minutes Instead of Years Eric Bodden1 Tarsis´ Toledoˆ 3 Marcio´ Ribeiro3;4 Claus Brabrand2 Paulo Borba3 Mira Mezini1 1 EC SPRIDE, Technische Universitat¨ Darmstadt, Darmstadt, Germany 2 IT University of Copenhagen, Copenhagen, Denmark 3 Federal University of Pernambuco, Recife, Brazil 4 Federal University of Alagoas, Maceio,´ Brazil [email protected], ftwt, [email protected], [email protected], [email protected], [email protected] Abstract A software product line (SPL) encodes a potentially large variety v o i d main () { of software products as variants of some common code base. Up i n t x = secret(); i n t y = 0; until now, re-using traditional static analyses for SPLs was virtu- # i f d e f F ally intractable, as it required programmers to generate and analyze x = 0; all products individually. In this work, however, we show how an # e n d i f important class of existing inter-procedural static analyses can be # i f d e f G transparently lifted to SPLs. Without requiring programmers to y = foo (x); LIFT # e n d i f v o i d main () { change a single line of code, our approach SPL automatically i n t x = secret(); converts any analysis formulated for traditional programs within the print (y); } i n t y = 0; popular IFDS framework for inter-procedural, finite, distributive, y = foo (x); subset problems to an SPL-aware analysis formulated in the IDE i n t foo ( i n t p) { print (y); framework, a well-known extension to IFDS. -
Eric Franklin Enslen
Eric Franklin Enslen email:[email protected]!403 Terra Drive phone:!(302) 827-ERIC (827-3742)!Newark, DE website:! www.cis.udel.edu/~enslen!19702 Education: Bachelor of Science in Computer and Information Sciences University of Delaware, Newark, DE!May 2011 Major GPA: 3.847/4.0 Academic Experience: CIS Study Abroad, London, UK!Summer 2008 Visited research labs at University College London, King"s College, and Brunel University, as well as IBM"s Hursley Park, and studied Software Testing and Tools for the Software Life Cycle Relevant Courses: Computer Ethics, Digital Intellectual Property, Computer Graphics, and Computational Photography Academic Honors: Alumni Enrichment Award, University of Delaware Alumni Association, Newark, DE!May 2009 Travel fund to present a first-author paper at the the 6th Working Conference on Mining Software Repositories (MSR), collocated with the 2009 International Conference on Software Engineering (ICSE) Hatem M. Khalil Memorial Award, College of Arts and Sciences, University of Delaware, Newark, DE!May 2009 Awarded to a CIS major in recognition of outstanding achievement in software engineering, selected by CIS faculty Deanʼs List, University of Delaware, Newark, DE!Fall 2007, Spring 2008, Fall 2008 and Fall 2009 Research Experience: Undergraduate Research, University of Delaware, Newark, DE!January 2009 - Present Developing, implementing, evaluating and documenting an algorithm to split Java identifiers into their component words in order to improve natural-language-based software maintenance tools. Co-advisors: Lori Pollock, K. Vijay-Shanker Research Publications: Eric Enslen, Emily Hill, Lori Pollock, K. Vijay-Shanker. “Mining Source Code to Automatically Split Identifiers for Software Analysis.” 6th Working Conference on Mining Software Repositories, May 2009. -
Eric A. Solla QUIKLOOK 3 SOFTWARE New Program Features
Seventh Annual QUIKLOOK Users Group Meeting August 14 & 15, 2013 Presented by: Eric A. Solla QUIKLOOK 3 SOFTWARE New Program Features Software Engineer Eric A. Solla QUIKLOOK II Software Windows Quiklook Configure Home Page Test Replay Acquire Monitor QUIKLOOK 3 Software Windows Multiple Use Quiklook Single Use Home Page Test Replay Acquire QUIKLOOK 3 Software Acquisition Screen QUIKLOOK 3 Software TEDS – Transducer Electronic Data Sheet IEEE Standard - IEEE P1451.4/2.0 • All Sensors will have a TEDS Chip • TEDS Chip may contain all - none of the configuration data. • When sensor is present Channel Values and Units Appear • Sensor Description is Shown • Green – All sensor data is on chip no further configuration is necessary • Red – Some configuration data is missing. Configuration should be reviewed • Black – Configuration has been reviewed • Dark Gray Box – Channel Inactive • Light Gray Box - Channel Active • Red Box – Channel is Over Ranging • Channel Name Shows for Active Channels • Channels without Sensors will Not be Acquired and will be Turned Off QUIKLOOK 3 Software Acquisition Screen QUIKLOOK 3 Software Battery Status • Run Time to Empty • Battery Status: • Voltage • Current • Charge • Capacity • Temperature QUIKLOOK 3 Software Acquisition Screen QUIKLOOK 3 Software Excitation Check • Each Channel has independent Excitation • Shorting out one channel will not effect the others • Only Channels with Excitation are Checked • Board Temperatures are shown • Excitation Voltage • Excitation Current QUIKLOOK 3 Software Acquisition Screen -
Confine: Automated System Call Policy Generation for Container
Confine: Automated System Call Policy Generation for Container Attack Surface Reduction Seyedhamed Ghavamnia Tapti Palit Azzedine Benameur Stony Brook University Stony Brook University Cloudhawk.io Michalis Polychronakis Stony Brook University Abstract The performance gains of containers, however, come to the Reducing the attack surface of the OS kernel is a promising expense of weaker isolation compared to VMs. Isolation be- defense-in-depth approach for mitigating the fragile isola- tween containers running on the same host is enforced purely in tion guarantees of container environments. In contrast to software by the underlying OS kernel. Therefore, adversaries hypervisor-based systems, malicious containers can exploit who have access to a container on a third-party host can exploit vulnerabilities in the underlying kernel to fully compromise kernel vulnerabilities to escalate their privileges and fully com- the host and all other containers running on it. Previous con- promise the host (and all the other containers running on it). tainer attack surface reduction efforts have relied on dynamic The trusted computing base in container environments analysis and training using realistic workloads to limit the essentially comprises the entire kernel, and thus all its set of system calls exposed to containers. These approaches, entry points become part of the attack surface exposed to however, do not capture exhaustively all the code that can potentially malicious containers. Despite the use of strict potentially be needed by future workloads or rare runtime software isolation mechanisms provided by the OS, such as conditions, and are thus not appropriate as a generic solution. capabilities [1] and namespaces [18], a malicious tenant can Aiming to provide a practical solution for the protection leverage kernel vulnerabilities to bypass them. -
Visual Studio 2010 Tools for Sharepoint Development
Visual Studio 2010 for SharePoint Open XML and Content Controls COLUMNS Toolbox Visual Studio 2010 Tools for User Interfaces, Podcasts, Object-Relational Mappings SharePoint Development and More Steve Fox page 44 Scott Mitchell page 9 CLR Inside Out Profi ling the .NET Garbage- Collected Heap Subramanian Ramaswamy & Vance Morrison page 13 Event Tracing Event Tracing for Windows Basic Instincts Collection and Array Initializers in Visual Basic 2010 Generating Documents from SharePoint Using Open XML Adrian Spotty Bowles page 20 Content Controls Data Points Eric White page 52 Data Validation with Silverlight 3 and the DataForm John Papa page 30 Cutting Edge Data Binding in ASP.NET AJAX 4.0 Dino Esposito page 36 Patterns in Practice Functional Programming Core Instrumentation Events in Windows 7, Part 2 for Everyday .NET Developers MSDN Magazine Dr. Insung Park & Alex Bendetov page 60 Jeremy Miller page 68 Service Station Building RESTful Clients THIS MONTH at msdn.microsoft.com/magazine: Jon Flanders page 76 CONTRACT-FIRST WEB SERVICES: Schema-Based Development Foundations with Windows Communication Foundation Routers in the Service Bus Christian Weyer & Buddihke de Silva Juval Lowy page 82 TEST RUN: Partial Anitrandom String Testing Concurrent Affairs James McCaffrey Four Ways to Use the Concurrency TEAM SYSTEM: Customizing Work Items Runtime in Your C++ Projects Rick Molloy page 90 OCTOBER Brian A. Randell USABILITY IN PRACTICE: Getting Inside Your Users’ Heads 2009 Charles B. Kreitzberg & Ambrose Little Vol 24 No 10 Vol OCTOBER 2009 VOL 24 NO 10 OCTOBER 2009 VOLUME 24 NUMBER 10 LUCINDA ROWLEY Director EDITORIAL: [email protected] HOWARD DIERKING Editor-in-Chief WEB SITE MICHAEL RICHTER Webmaster CONTRIBUTING EDITORS Don Box, Keith Brown, Dino Esposito, Juval Lowy, Dr. -
Comparative Studies of 10 Programming Languages Within 10 Diverse Criteria
Department of Computer Science and Software Engineering Comparative Studies of 10 Programming Languages within 10 Diverse Criteria Jiang Li Sleiman Rabah Concordia University Concordia University Montreal, Quebec, Concordia Montreal, Quebec, Concordia [email protected] [email protected] Mingzhi Liu Yuanwei Lai Concordia University Concordia University Montreal, Quebec, Concordia Montreal, Quebec, Concordia [email protected] [email protected] COMP 6411 - A Comparative studies of programming languages 1/139 Sleiman Rabah, Jiang Li, Mingzhi Liu, Yuanwei Lai This page was intentionally left blank COMP 6411 - A Comparative studies of programming languages 2/139 Sleiman Rabah, Jiang Li, Mingzhi Liu, Yuanwei Lai Abstract There are many programming languages in the world today.Each language has their advantage and disavantage. In this paper, we will discuss ten programming languages: C++, C#, Java, Groovy, JavaScript, PHP, Schalar, Scheme, Haskell and AspectJ. We summarize and compare these ten languages on ten different criterion. For example, Default more secure programming practices, Web applications development, OO-based abstraction and etc. At the end, we will give our conclusion that which languages are suitable and which are not for using in some cases. We will also provide evidence and our analysis on why some language are better than other or have advantages over the other on some criterion. 1 Introduction Since there are hundreds of programming languages existing nowadays, it is impossible and inefficient -
Operating System Support for Run-Time Security with a Trusted Execution Environment
Operating System Support for Run-Time Security with a Trusted Execution Environment - Usage Control and Trusted Storage for Linux-based Systems - by Javier Gonz´alez Ph.D Thesis IT University of Copenhagen Advisor: Philippe Bonnet Submitted: January 31, 2015 Last Revision: May 30, 2015 ITU DS-nummer: D-2015-107 ISSN: 1602-3536 ISBN: 978-87-7949-302-5 1 Contents Preface8 1 Introduction 10 1.1 Context....................................... 10 1.2 Problem....................................... 12 1.3 Approach...................................... 14 1.4 Contribution.................................... 15 1.5 Thesis Structure.................................. 16 I State of the Art 18 2 Trusted Execution Environments 20 2.1 Smart Cards.................................... 21 2.1.1 Secure Element............................... 23 2.2 Trusted Platform Module (TPM)......................... 23 2.3 Intel Security Extensions.............................. 26 2.3.1 Intel TXT.................................. 26 2.3.2 Intel SGX.................................. 27 2.4 ARM TrustZone.................................. 29 2.5 Other Techniques.................................. 32 2.5.1 Hardware Replication........................... 32 2.5.2 Hardware Virtualization.......................... 33 2.5.3 Only Software............................... 33 2.6 Discussion...................................... 33 3 Run-Time Security 36 3.1 Access and Usage Control............................. 36 3.2 Data Protection................................... 39 3.3 Reference -
The Breadth and Depth of Early Learning Standards
March 2005 INSIDE THE CONTENT: THE BREADTH AND DEPTH OF EARLY LEARNING STANDARDS By Catherine Scott-Little Sharon Lynn Kagan Victoria Stebbins Frelow Inside the Content: The Breadth and Depth of Early Learning Standards By Catherine Scott-Little, Ph.D. Human Development and Family Studies SERVE University of North Carolina at Greensboro Sharon Lynn Kagan, Ed.D. Victoria Stebbins Frelow Teachers College Columbia University In Association with the School of Education University of North Carolina at Greensboro 2005 Edited by Donna Nalley, Ph.D., SERVE Publications Director Karen DeMeester, Ph.D., SERVE Publications Cover Design by Shelley Call, SERVE Graphic Designer Research and production of this document were supported by the Institute of Education Sciences, U.S. Department of Education, through the Regional Educational Laboratory at SERVE (under contract no. ED-01-CO-0015). The findings and opinions expressed do not necessarily reflect the position or policies of IES or the U.S. Department of Education. Acknowledgments We would like to thank a number of persons who were instrumental to our efforts to bring this work to fruition. Rosemarie Andrews, Sarah Boeving, Amanda Weisner, and Jennifer Kunzman’s assistance in development of the document was invaluable. We would also like to thank Victoria Seitz for her insightful assistance with data analysis for the report. We especially would like to thank the early childhood specialists in state departments of education who participated in the interviews for Phase 1 of this study and have continued to provide us with updated standards documents and insights on early learning standards. We are grateful to each of the informants for their interest in this study and their tireless dedication to their work on behalf of families and children. -
BUSA 423: Business Analytics Programming COURSE SYLLABUS: Fall 2019 (01E 83133)
BUSA 423: Business Analytics Programming COURSE SYLLABUS: Fall 2019 (01E 83133) Instructor: Dr. Zaki Malik Email Address: [email protected] Please use emails to ask me questions, and use BUSA-423 in the subject line of the email. This is the fastest way to reach me. Meets: THURS 6:15 pm - 8:55 pm Location: BA258 Office Hours: WED: 4 PM – 5 PM. THUR: 3 PM – 5 PM. Please send me an email to make appointments for other times. COURSE INFORMATION Required Textbook Python Crash Course: A Hands-On, Project-Based Introduction to Programming by Eric Matthews ISBN-10: 1593276036 OR ISBN-13: 978-1593276034 COURSE DESCRIPTION This course is designed to introduce business analytics programming in Python to students. Students will learn programming foundations, application development in Python, and how to integrate Python applications with business operations in this class. COURSE OBJECTIVES Upon successfully completing this course, students will be able to “do something useful with Python”. Identify/characterize/define a problem Design a program to solve the problem Create executable code Read most Python code Write basic tests GRADING Labs (A Maximum of 50 Points) A number of labs will be given during the semester (almost every class). The labs will be handed out in-class and are usually due at the end of the class (or at the end of the day – instructor discretion). The purpose of the labs is student learning, rather than student testing. Projects (A Maximum of 50 Points) 2 projects will be given during the semester. You can get a maximum of 20 points for the first project, and 30 for the next. -
Ebook Download Learning the Vi and Vim Editors
LEARNING THE VI AND VIM EDITORS PDF, EPUB, EBOOK Arnold Robbins,Elbert Hannah,Linda Lamb | 494 pages | 29 Jul 2008 | O'Reilly Media, Inc, USA | 9780596529833 | English | Sebastopol, United States Learning the vi and Vim Editors PDF Book Help us improve. Jul 27, James rated it it was amazing Shelves: reference , general-science-math-technology , computers. Understanding few simple, yet highly unintuitive, commands can make you functional when reading and manipulate files like INIs, Logs, etc. View Product. It's the shell that unlocks the real potential of Unix. The appendices are exceptionally helpful. Want to Read saving…. He loves connecting Unix to anything and once wrote a stream editor program to automate JCL edits for mainframe monthly configurations by streaming mainframeJCL to a stream editor on an RJE connected Unix box. Aug 23, Eric rated it really liked it. Takes you through several editors vi, ex, Darrell, other clones. This is probably the most complete VIM book on the market, which can be used both as cover-to-cover read or as a reference. No trivia or quizzes yet. I'm just saying. Author Recent Posts. Vim, however, is not a text formatting program; rather, it is a sophisticated text editor primarily used to write code, short notes, and input to a text formatting system. Latest posts by Sagar Khillar see all. Accessible to vim newbies and easy to navigate. Because I was reading on an ebook, the other egregious problem was a huge chunk of the book devoted to vile, kyle, elvis, and other weird vi-clones, none of which r Definitely showing its age; the first third of the book exclusively discusses vi not vim , to the extent that a lot of it becomes superceded by the rest of the book. -
Practical Considerations of Open Source Delivery Eric Lyness Microtel, LLC NASA GSFC Planetary Environments Laboratory, Code
Practical Considerations of Open Source Delivery Eric Lyness Microtel, LLC NASA GSFC Planetary Environments Laboratory, code 699 Software Lead for Mars Organic Molecule Analyzer The days are long gone when one developer wrote an application that provided the data processing for a project. Code is now developed on many platforms, in many languages and often by scientists and engineers, not just professional programmers. This paper discusses the practical difficulties with delivering the software to support a typical research project. The most difficult task for projects delivering source code to an open source repository might be simply defining what is meant by “source code.” Projects frequently rely on fragile, ad hoc collections of code in many forms from many sources that have been used and modified over many years by an array of developers with different skills and preferences. Deliveries of the typical jumble of software products supporting research projects to a public archive would be of limited value and very limited lifetime. Conglomerations A single project could rely on code existing as: 1. Small scripts in Python or Perl along with some Bash scripts. 2. Applications in C++. 3. Web-based java script applications 4. Code in commercial languages such as LabVIEW, Matlab, IDL, Igor or numerous others. 5. Code embedded in spreadsheets using Visual Basic for Applications or formulas. This devolution of code into different languages is an inevitable result of laboratory work. It’s caused by two things: First the typical data flow of a research project and second the heritage code of the organization. Whatever the cause, the myriad code used by a project will result in havoc to deliver to an open source archive. -
Master Thesis
Charles University in Prague Faculty of Mathematics and Physics MASTER THESIS Petr Koupý Graphics Stack for HelenOS Department of Distributed and Dependable Systems Supervisor of the master thesis: Mgr. Martin Děcký Study programme: Informatics Specialization: Software Systems Prague 2013 I would like to thank my supervisor, Martin Děcký, not only for giving me an idea on how to approach this thesis but also for his suggestions, numerous pieces of advice and significant help with code integration. Next, I would like to express my gratitude to all members of Hele- nOS developer community for their swift feedback and for making HelenOS such a good plat- form for works like this. Finally, I am very grateful to my parents and close family members for supporting me during my studies. I declare that I carried out this master thesis independently, and only with the cited sources, literature and other professional sources. I understand that my work relates to the rights and obligations under the Act No. 121/2000 Coll., the Copyright Act, as amended, in particular the fact that the Charles University in Pra- gue has the right to conclude a license agreement on the use of this work as a school work pursuant to Section 60 paragraph 1 of the Copyright Act. In Prague, March 27, 2013 Petr Koupý Název práce: Graphics Stack for HelenOS Autor: Petr Koupý Katedra / Ústav: Katedra distribuovaných a spolehlivých systémů Vedoucí diplomové práce: Mgr. Martin Děcký Abstrakt: HelenOS je experimentální operační systém založený na mikro-jádrové a multi- serverové architektuře. Před započetím této práce již HelenOS obsahoval početnou množinu moderně navržených subsystémů zajišťujících různé úkoly v rámci systému.