Tag-Protector: An Effective and Dynamic Detection of Illegal Memory Accesses through Compile Time Code Instrumentation

Programming languages permitting immediate memory accesses through pointers often result in applications having memory-related errors, which may lead to unpredictable failures and security vulnerabilities. A lightweight solution is presented in this paper to tackle such illegal memory accesses dynamically in C/C++ based applications. We propose a new and effective method of instrumenting an application’s source code at compile time in order to detect illegal spatial and temporal memory accesses. It is based on creating tags to be coupled with each memory allocation and then placing additional tag checking instructions for each access made to the memory. The proposed solution is evaluated by instrumenting applications from the BugBench benchmark suite and publicly available benchmark software, run-time intrusion prevention evaluator (RIPE), detecting all the bugs successfully. The performance and memory overheads are further analyzed by instrumenting and executing real-world applications from various renowned benchmark suites. In addition, the proposed solution is also tested to analyze the performance overhead for multithreaded applications in multicore environments. Overall our technique can detect a wide range of memory bugs and attacks with reduced performance overhead and higher detection rate as compared to the similar existing countermeasures when tested under the same experimental setup.

Download Full-text

Automatic Vulnerability Detection in Embedded Devices and Firmware

ACM Computing Surveys ◽

10.1145/3432893 ◽

2021 ◽

Vol 54 (2) ◽

pp. 1-42

Author(s):

Abdullah Qasem ◽

Paria Shirani ◽

Mourad Debbabi ◽

Lingyu Wang ◽

Bernard Lebel ◽

...

Keyword(s):

Embedded Systems ◽

Symbolic Execution ◽

Vital Role ◽

Security And Privacy ◽

Embedded Devices ◽

Security Vulnerabilities ◽

Future Directions ◽

Hybrid Approaches ◽

Wide Range ◽

The Internet Of Things

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

Download Full-text

Dynamic game semantics

Mathematical Structures in Computer Science ◽

10.1017/s0960129520000250 ◽

2020 ◽

pp. 1-60

Author(s):

Norihiro Yamada ◽

Samson Abramsky

Keyword(s):

Programming Languages ◽

Functional Programming ◽

Operational Semantics ◽

Dynamic Game ◽

Standard Interpretation ◽

Functional Programming Languages ◽

Game Semantics ◽

Wide Range ◽

Cartesian Closed Categories ◽

Cartesian Closed

Abstract The present work achieves a mathematical, in particular syntax-independent, formulation of dynamics and intensionality of computation in terms of games and strategies. Specifically, we give game semantics of a higher-order programming language that distinguishes programmes with the same value yet different algorithms (or intensionality) and the hiding operation on strategies that precisely corresponds to the (small-step) operational semantics (or dynamics) of the language. Categorically, our games and strategies give rise to a cartesian closed bicategory, and our game semantics forms an instance of a bicategorical generalisation of the standard interpretation of functional programming languages in cartesian closed categories. This work is intended to be a step towards a mathematical foundation of intensional and dynamic aspects of logic and computation; it should be applicable to a wide range of logics and computations.

Download Full-text

3D Technology – Additive Manufacturing Applications and Prospects (Vol. 24, No. 9, Full Issue)

Asia-Pacific Biotech News ◽

10.1142/s0219030320001093 ◽

2020 ◽

Vol 24 (09) ◽

Keyword(s):

Additive Manufacturing ◽

3D Printing ◽

Environmental Impact ◽

Real World ◽

Vaccine Development ◽

Health Screening ◽

Wide Range ◽

The World ◽

Real World Applications ◽

Manufacturing Applications

For the month of September 2020, APBN dives into the world of 3D printing and its wide range of real-world applications. Keeping our focus on the topic of the year, the COVID-19 pandemic, we explore the environmental impact of the global outbreak as well as gain insight to the top 5 vaccine platforms used in vaccine development. Discover more about technological advancements and how it is assisting innovation in geriatric health screening.

Download Full-text

A modular module system

Journal of Functional Programming ◽

10.1017/s0956796800003683 ◽

2000 ◽

Vol 10 (3) ◽

pp. 269-303 ◽

Cited By ~ 35

Author(s):

XAVIER LEROY

Keyword(s):

Programming Languages ◽

Wide Range ◽

Simple Implementation ◽

Base Language ◽

Module System

A simple implementation of an SML-like module system is presented as a module parameterized by a base language and its type-checker. This implementation is useful both as a detailed tutorial on the Harper–Lillibridge–Leroy module system and its implementation, and as a constructive demonstration of the applicability of that module system to a wide range of programming languages.

Download Full-text

Online Thread and Data Mapping Using a Sharing-Aware Memory Management Unit

ACM Transactions on Modeling and Performance Evaluation of Computing Systems ◽

10.1145/3433687 ◽

2021 ◽

Vol 5 (4) ◽

pp. 1-28

Author(s):

Eduardo H. M. Cruz ◽

Matthias Diener ◽

Laércio L. Pilla ◽

Philippe O. A. Navaux

Keyword(s):

Energy Efficiency ◽

Memory Management ◽

Substantial Reduction ◽

Management Unit ◽

Memory Access ◽

Parallel Applications ◽

Data Mapping ◽

Wide Range ◽

Memory Accesses ◽

Level Parallelism

Current and future architectures rely on thread-level parallelism to sustain performance growth. These architectures have introduced a complex memory hierarchy, consisting of several cores organized hierarchically with multiple cache levels and NUMA nodes. These memory hierarchies can have an impact on the performance and energy efficiency of parallel applications as the importance of memory access locality is increased. In order to improve locality, the analysis of the memory access behavior of parallel applications is critical for mapping threads and data. Nevertheless, most previous work relies on indirect information about the memory accesses, or does not combine thread and data mapping, resulting in less accurate mappings. In this paper, we propose the Sharing-Aware Memory Management Unit (SAMMU), an extension to the memory management unit that allows it to detect the memory access behavior in hardware. With this information, the operating system can perform online mapping without any previous knowledge about the behavior of the application. In the evaluation with a wide range of parallel applications (NAS Parallel Benchmarks and PARSEC Benchmark Suite), performance was improved by up to 35.7% (10.0% on average) and energy efficiency was improved by up to 11.9% (4.1% on average). These improvements happened due to a substantial reduction of cache misses and interconnection traffic.

Download Full-text

A Survey on Spatio-temporal Data Analytics Systems

ACM Computing Surveys ◽

10.1145/3507904 ◽

2022 ◽

Author(s):

Md Mahbub Alam ◽

Luis Torgo ◽

Albert Bifet

Keyword(s):

Programming Languages ◽

Spatial Data ◽

Data Analytics ◽

Spatial Databases ◽

Location Based Services ◽

Temporal Data ◽

Wide Range ◽

Data Volume ◽

Spatio Temporal ◽

Gis Software

Due to the surge of spatio-temporal data volume, the popularity of location-based services and applications, and the importance of extracted knowledge from spatio-temporal data to solve a wide range of real-world problems, a plethora of research and development work has been done in the area of spatial and spatio-temporal data analytics in the past decade. The main goal of existing works was to develop algorithms and technologies to capture, store, manage, analyze, and visualize spatial or spatio-temporal data. The researchers have contributed either by adding spatio-temporal support with existing systems, by developing a new system from scratch, or by implementing algorithms for processing spatio-temporal data. The existing ecosystem of spatial and spatio-temporal data analytics systems can be categorized into three groups, (1) spatial databases (SQL and NoSQL), (2) big spatial data processing infrastructures, and (3) programming languages and GIS software. Since existing surveys mostly investigated infrastructures for processing big spatial data, this survey has explored the whole ecosystem of spatial and spatio-temporal analytics. This survey also portrays the importance and future of spatial and spatio-temporal data analytics.

Download Full-text

Investigation of Data Dependencies by Dynamic Analysis of Sapfor

Russian Digital Libraries Journal ◽

10.26907/1562-5419-2020-23-3-473-493 ◽

2020 ◽

Vol 23 (3) ◽

pp. 473-493

Author(s):

Nikita Andreevich Kataev ◽

Alexander Andreevich Smirnov ◽

Andrey Dmitrievich Zhukov

Keyword(s):

Dynamic Analysis ◽

Programming Languages ◽

Static Analysis ◽

Automatic Parallelization ◽

Parallel Execution ◽

Control Flow ◽

Analysis Tool ◽

Data Dependencies ◽

Program Parallelization ◽

Memory Accesses

The use of pointers and indirect memory accesses in the program, as well as the complex control flow are some of the main weaknesses of the static analysis of programs. The program properties investigated by this analysis are too conservative to accurately describe program behavior and hence they prevent parallel execution of the program. The application of dynamic analysis allows us to expand the capabilities of semi-automatic parallelization. In the SAPFOR system (System FOR Automated Parallelization), a dynamic analysis tool has been implemented, based on on the instrumentation of the LLVM representation of an analyzed program, which allows the system to explore programs in both C and Fortran programming languages. The capabilities of the static analysis implemented in SAPFOR are used to reduce the overhead program execution, while maintaining the completeness of the analysis. The use of static analysis allows to reduce the number of analyzed memory accesses and to ignore scalar variables, which can be explored in a static way. The developed tool was tested on performance tests from the NAS Parallel Benchmarks package for C and Fortran languages. The implementation of dynamic analysis, in addition to traditional types of data dependencies (flow, anit, output), allows us to determine privitizable variables and a possibility of pipeline execution of loops. Together with the capabilities of DVM and OpenMP these greatly facilitates program parallelization and simplify insertion of the appropriate compiler directives.

Download Full-text

Vulnerability Assessment and Penetration Testing Approach Towards Cloud-Based Application and Related Services

International Journal of Scientific Research in Science Engineering and Technology ◽

10.32628/ijsrset218346 ◽

2021 ◽

pp. 395-403

Author(s):

Anjani Tiwari ◽

Prof. Jatin Patel ◽

Dr. Priyanka Sharma

Keyword(s):

Cloud Computing ◽

Storage System ◽

Computer Software ◽

Cloud Services ◽

Security Vulnerabilities ◽

Related Services ◽

Computing Platform ◽

Business Applications ◽

Wide Range ◽

Online Storage

Cloud solutions provide a powerful computing platform that enables individuals and Cloud users to perform a wide range of tasks, such as using an online storage system, implementing business applications, developing customized computer software, and establishing a realistic network environment. The number of people using cloud services has increased dramatically in recent years, and a massive amount of data has been stored in cloud computing environments. As a result, data breaches in cloud services are increasing year after year as a result of hackers who are constantly attempting to exploit cloud architecture's security vulnerabilities. In this paper, we investigate and analyse real-world cloud attacks in order to demonstrate the techniques used by hackers against cloud computing systems and how to prevent such malicious activities.

Download Full-text

Analysis of Vulnerabilities in IoT and Its Solutions

Managing Resources for Futuristic Wireless Networks - Advances in Wireless Technologies and Telecommunication ◽

10.4018/978-1-5225-9493-2.ch007 ◽

2021 ◽

pp. 157-177

Author(s):

Puspanjali Mallik

Keyword(s):

Security And Privacy ◽

Heterogeneous Structure ◽

Privacy Concern ◽

Security Vulnerabilities ◽

Smart Vehicles ◽

Security Issues ◽

Smart Healthcare ◽

Wide Range ◽

Main Motive ◽

Iot Devices

The internet of things (IoT) fulfils abundant demands of present society by facilitating the services of cutting-edge technology in terms of smart home, smart healthcare, smart city, smart vehicles, and many more, which enables present day objects in our environment to have network communication and the capability to exchange data. These wide range of applications are collected, computed, and provided by thousands of IoT elements placed in open spaces. The highly interconnected heterogeneous structure faces new types of challenges from a security and privacy concern. Previously, security platforms were not so capable of handling these complex platforms due to different communication stacks and protocols. It seems to be of the utmost importance to keep concern about security issues relating to several attacks and vulnerabilities. The main motive of this chapter is to analyze the broad overview of security vulnerabilities and its counteractions. Generally, it discusses the major security techniques and protocols adopted by the IoT and analyzes the attacks against IoT devices.

Download Full-text

What more than a hundred project groups reveal about teaching visualization

Journal of Visualization ◽

10.1007/s12650-020-00659-6 ◽

2020 ◽

Vol 23 (5) ◽

pp. 895-911 ◽

Cited By ~ 1

Author(s):

Michael Burch ◽

Elisabeth Melby

Keyword(s):

Programming Languages ◽

Information Visualization ◽

Teaching Strategies ◽

Data Science ◽

Major Goal ◽

Wide Range ◽

Project Groups ◽

Small Project ◽

Programming Skills ◽

The Given

Abstract The growing number of students can be a challenge for teaching visualization lectures, supervision, evaluation, and grading. Moreover, designing visualization courses by matching the different experiences and skills of the students is a major goal in order to find a common solvable task for all of them. Particularly, the given task is important to follow a common project goal, to collaborate in small project groups, but also to further experience, learn, or extend programming skills. In this article, we survey our experiences from teaching 116 student project groups of 6 bachelor courses on information visualization with varying topics. Moreover, two teaching strategies were tried: 2 courses were held without lectures and assignments but with weekly scrum sessions (further denoted by TS1) and 4 courses were guided by weekly lectures and assignments (further denoted by TS2). A total number of 687 students took part in all of these 6 courses. Managing the ever growing number of students in computer and data science is a big challenge in these days, i.e., the students typically apply a design-based active learning scenario while being supported by weekly lectures, assignments, or scrum sessions. As a major outcome, we identified a regular supervision either by lectures and assignments or by regular scrum sessions as important due to the fact that the students were relatively unexperienced bachelor students with a wide range of programming skills, but nearly no visualization background. In this article, we explain different subsequent stages to successfully handle the upcoming problems and describe how much supervision was involved in the development of the visualization project. The project task description is given in a way that it has a minimal number of requirements but can be extended in many directions while most of the decisions are up to the students like programming languages, visualization approaches, or interaction techniques. Finally, we discuss the benefits and drawbacks of both teaching strategies. Graphic abstract

Download Full-text