Application of source code static analysis methods to ensure security of APCS

2021 ◽  
pp. 346-356
Author(s):  
Александр Викторович Кныш ◽  
Дмитрий Александрович Кобзев ◽  
Оксана Николаевна Давиденко ◽  
Сергей Анатольевич Детистов ◽  
Иван Александрович Шечев ◽  
...  
Keyword(s):  
Process Control ◽  
Static Analysis ◽  
Source Code ◽  
Research Work ◽  
Flow Analysis ◽  
Analysis Data ◽  
Control Flow ◽  
Analysis Methods ◽  
Automated Process

В условиях существующего многообразия автоматизированных систем управления технологическими процессами (АСУТП), возрастающих рисков компьютерных инцидентов, обусловленных развитием информационных технологий, неизменно актуальными являются вопросы повышения качества программного обеспечения (ПО) АСУТП. В настоящей статье на примере АСУТП организаций системы «Транснефть» представлена возможность использования методов статического анализа исходного кода ПО с целью обеспечения информационной безопасности АСУТП. Рассмотрены причины низкого качества ПО и подходы к его повышению. Проанализированы методы анализа исходного кода ПО (статический, динамический, интерактивный), сделан вывод о том, что наиболее перспективной является комбинация трех видов статического анализа: сигнатурного анализа, анализа потока управления, анализа потока данных. Указанная комбинация легла в основу методики выявления ошибок, потенциально опасных конструкций, логических бомб и неиспользуемых переменных в ПО АСУТП, разработанной в рамках научно-исследовательской работы «Создание системы анализа исходного кода программного обеспечения автоматизированных систем управления технологическими процессами». Основным достоинством созданной методики является ее инвариантность по отношению к языкам программирования и разновидностям дефектов. При этом общий алгоритм поиска дефектов остается неизменным: меняются только сигнатуры, правила выявления. With the existing variety of automated process control systems (APCS) and the increasing risks of computer incidents caused by the development of information technology, the issues of improving the quality of the APCS software are invariably topical. This article presents the possibility of using the software source code static analysis methods for ensuring the information security of the APCS using the example of Transneft system entities’ APCS. The reasons for the low quality of software and approaches to its improvement are considered. Methods of software source code analysis (static, dynamic, interactive) are analyzed, and it is concluded that the most promising is a combination of three types of static analysis: signature analysis, control flow analysis, data flow analysis. This combination serves as the basis for the methodology of detecting errors, potentially dangerous structures, logic bombs, and unused variables in the APCS software developed as part of the research work entitled “Creation of a System for Analyzing the Source Code of Automated Process Control System Software”. The main advantage of the created methodology is its invariance with respect to programming languages and types of defects. At the same time, the general defect searching algorithm remains unchanged: only signatures and detection rules are subject to change.

Structural Coverage Analysis Methods

2019 ◽  
pp. 36-63
Author(s):  
Parnasi Retasbhai Patel ◽  
Chintan M. Bhatt
Keyword(s):  
Execution Time ◽  
Source Code ◽  
Second Phase ◽  
Coverage Criteria ◽  
Analysis Methods ◽  
Coverage Analysis ◽  
Structural Coverage ◽  
Test Suit

Structural coverage analysis for any code is a very common approach to measure the quality of any test suit. Structural coverage determines which structure of the software or which portion is not exercised. This chapter describes two different phases to achieve structural coverage analysis using DO-178B/C standards. Statement coverage is the very basic coverage criteria which involves execution of all the executable statements in the source code at least once. Analysis of structural coverage can be done by capturing the amount of code that is covered by the airborne software. The first phase contains the instrumentation procedure which instruments the source code at execution time, and the second phase is generating a report that specifies which portion of source code is executed and which one is not in the form of a percentage.

Assessing the User-Perceived Quality of Source Code Components Using Static Analysis Metrics

2018 ◽  
pp. 3-27 ◽  
Author(s):  
Valasia Dimaridou ◽  
Alexandros-Charalampos Kyprianidis ◽  
Michail Papamichail ◽  
Themistoklis Diamantopoulos ◽  
Andreas Symeonidis
Keyword(s):  
Static Analysis ◽  
Source Code ◽  
Perceived Quality

scholarly journals Preprocessing the Groundwater Quality data by LSR and QDR techniques

2019 ◽  
Vol 9 (2) ◽  
pp. 2636-2644
Keyword(s):  
Data Mining ◽  
Research Work ◽  
Analysis Data ◽  
Quality Data ◽  
Statistical Techniques ◽  
Missing Information ◽  
Conflicting Information ◽  
Numeric Information ◽  
Meaningful Data

Data mining is the process of identifying patterns and their relationships to solve problems through data analysis. Data mining is utilized to haul out working information from a colossal dataset of any crude information. Environmental mining is one of the wide areas to find impact on environment. Data mining encourages the usage of essential strategies and finds noteworthy information from gigantic measure of environmental information. Data preprocessing techniques are very essential in data mining, which uses various techniques to convert the raw data into a meaningful data to further research work. In this research work, Logical Similarity Replacement (LSR) and Quantity based Discrepancy Replacement (QDR) algorithms are proposed to ascertain the quality of groundwater. The numerical information are preprocessed by the statistical techniques Mean, Median methods and non-numeric information are preprocessed by the proposed LSR and QDR methods to satisfy the fragmented and conflicting information in the dataset. The conflicting and the missing information are corrected by the picked strategies for preprocessing. In the wake of applying these preprocessing systems connected in the dataset, the nature of the informational index is improved.

scholarly journals THE INFLUENCE OF THE CHARACTERISTICS VARIATIONS OF THE CONCENTRATING PLANT CONTROL OBJECT ON THE IDENTIFICATION RESULTS USING THE HAMMERSTEIN MODEL

2021 ◽  
Vol 13 (1) ◽  
pp. 94-102
Author(s):  
Olga PORKUIAN ◽  
◽  
Vladimir MORKUN ◽  
Natalia MORKUN ◽  
Irina GAPONENKO ◽  
...  
Keyword(s):  
Process Control ◽  
Control Systems ◽  
Iron Ore ◽  
Control Object ◽  
Hammerstein Model ◽  
Process Control Systems ◽  
Processing Plants ◽  
Automated Process ◽  
Plant Control

As a result of the identification based on the Hammerstein model of objects of the first stage of iron ore magnetic separation, the adequacy of the model is obtained. All results of the testing of the developed identification algorithms show that the subsystem of identification of the automated process control systems of processing plants based on the Hammerstein hybrid model allows to carry out satisfactory identification of objects and, as a consequence, to improve the quality of technological processes. The study of the influence of the coefficient of various typical links on the results of identification using orthogonal parallel and parallel-recursive Hammerstein models showed that these models allow considering the differences in the properties of identifiable objects adequately.

scholarly journals Static Worst-Case Execution Time Optimization using DPSO for ASIP Architecture

2018 ◽  
Vol 14 (25) ◽  
pp. 1-11
Author(s):  
Mood Venkanna ◽  
Rameshwar Rao
Keyword(s):  
Static Analysis ◽  
Flow Analysis ◽  
Energy Performance ◽  
Control Flow ◽  
Code Size ◽  
Worst Case ◽  
Instruction Sets ◽  
Low Level ◽  
Reconfigurable Fabric ◽  
High Level

Introduction: The application of specific instructions significantly improves energy, performance, and code size of configurable processors. The design of these instructions is performed by the conversion of patterns related to application-specific operations into effective complex instructions. This research was presented at the icitkm Conference, University of Delhi, India in 2017.Methods: Static analysis was a prominent research method during late the 1980’s. However, end-to-end measurements consist of a standard approach in industrial settings. Both static analysis tools perform at a high-level in order to determine the program structure, which works on source code, or is executable in a disassembled binary. It is possible to work at a low-level if the real hardware timing information for the executable task has the desired features.Results: We experimented, tested and evaluated using a H.264 encoder application that uses nine cis, covering most of the computation intensive kernels. Multimedia applications are frequently subject to hard real time constraints in the field of computer vision. The H.264 encoder consists of complicated control flow with more number of decisions and nested loops. The parameters evaluated were different numbers of A partitions (300 slices on a Xilinx Virtex 7each), reconfiguration bandwidths, as well as relations of cpu frequency and fabric frequency fCPU/ffabric. ffabric remains constant at 100MHz, and we selected a multiplicity of its values for fCPU that resemble realistic units. Note that while we anticipate the wcet in seconds (wcetcycles/ f CPU) to be lower (better) with higher fCPU, the wcet cycles increase (at a constant ffabric) because hardware cis perform less computations on the reconfigurable fabric within one cpu cycle.Conclusions: The method is similar to tree hybridization and path-based methods which are less precise, and to the global ipet method, which is more precise. Optimization is evaluated with the Discrete Particle Swarm Optimization (dpso) algorithm for wcet. For several real-world applications involving embedded processors, the proposed technique develops improved instruction sets in comparison to native instruction sets.Originality: For wcet estimation, flow analysis, low-level analysis and calculation phases of the program need to be considered. Flow analysis phase or the high-level of analysis helps to extract the program’s dynamic behavior that gives information on functions being called, number of loop iteration, dependencies among if-statements, etc. This is due to the fact that the analysis is unaware of the execution path corresponding to the longest execution time.Limitations: This path is executed within a kernel iteration that relies upon the nature of mb, either i-mb or p-mb, determined by the motion estimation kernel, that is, its’ input depends on the i-mb and p-mb paths ,which also contain separate cis leading to the instability of the worst-case path, that is, adding more partitions to the current worst-case path can result in the other path becoming the worst case. The pipeline stalls for the reconfiguration delay and continues when entering the kernel once the reconfiguration process finishes.

scholarly journals Automatic migration from synchronous to asynchronous JavaScript APIs

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-27
Author(s):  
Satyajit Gokhale ◽  
Alexi Turcotte ◽  
Frank Tip
Keyword(s):  
Static Analysis ◽  
Source Code ◽  
Empirical Evaluation ◽  
Control Flow ◽  
Behavioral Changes ◽  
Call Graph ◽  
Sequential Control ◽  
Application Programming ◽  
Programming Interfaces ◽  
Higher Order Functions

The JavaScript ecosystem provides equivalent synchronous and asynchronous Application Programming Interfaces (APIs) for many commonly used I/O operations. Synchronous APIs involve straightforward sequential control flow that makes them easy to use and understand, but their "blocking" behavior may result in poor responsiveness or performance. Asynchronous APIs impose a higher syntactic burden that relies on callbacks, promises, and higher-order functions. On the other hand, their nonblocking behavior enables applications to scale better and remain responsive while I/O requests are being processed. While it is generally understood that asynchronous APIs have better performance characteristics, many applications still rely on synchronous APIs. In this paper, we present a refactoring technique for assisting programmers with the migration from synchronous to asynchronous APIs. The technique relies on static analysis to determine where calls to synchronous API functions can be replaced with their asynchronous counterparts, relying on JavaScript's async/await feature to minimize disruption to the source code. Since the static analysis is potentially unsound, the proposed refactorings are presented as suggestions that must be reviewed and confirmed by the programmer. The technique was implemented in a tool named Desynchronizer. In an empirical evaluation on 12 subject applications containing 316 synchronous API calls, Desynchronizer identified 256 of these as candidates for refactoring. Of these candidates, 244 were transformed successfully, and only 12 resulted in behavioral changes. Further inspection of these cases revealed that the majority of these issues can be attributed to unsoundness in the call graph.

Static Analysis of Workpiece - Fixture Layout System for Drilling Operation Using RSM and ACA

2014 ◽  
Vol 984-985 ◽  
pp. 438-443
Author(s):  
M. Vasundara ◽  
K.P. Padmanaban
Keyword(s):  
Static Analysis ◽  
Degrees Of Freedom ◽  
Ant Colony Algorithm ◽  
Research Work ◽  
Layout Design ◽  
Machining Accuracy ◽  
Drilling Operation ◽  
Fixture Layout ◽  
Fixture System

Fixture layout design is crucial to ensure machining accuracy and sustained quality of manufacture. The machining accuracy can be improved by minimizing the workpiece deformation through proper positioning of the workpiece. Fixtures are employed to minimise the degrees of freedom of a workpiece during machining of objects where the positioning of fixture elements is crucial in minimizing the workpiece deformation. The main purpose of this research work is to perform static analysis on workpiece-fixture system involving drilling operation. Finite element method (FEM) has been used to model the workpiece-fixture system and determine the workpiece deformation. The positions of the locators and clamps are predicted using response surface methodology and the fixture optimized parameters are obtained by ant colony algorithm (ACA).

scholarly journals Relevant issues of fuel supply paths modernization at Ekibastuz GRES-1 n.a. B. Nurzhanov by introduction of automated process control systems

2019 ◽  
Vol 124 ◽  
pp. 05053
Author(s):  
G.M. Safiullina ◽  
N.V. Bogdanova ◽  
D.R. Gilyazov
Keyword(s):  
Process Control ◽  
Control Systems ◽  
Process Control System ◽  
Technological Parameters ◽  
Relevant Issue ◽  
Fuel Supply ◽  
Level Of Automation ◽  
Process Control Systems ◽  
Automated Process

Modern requirements for the quality of technological processes and the level of automation of complex facilities have raised an extremely relevant issue of the process control system modernization at Ekibastuz GRES-1 n.a. B. Nurzhanov. In order to ensure the required level of technological parameters, the modernization of fuel supply paths was carried out by KER-Engineering LBC. As a result, the performance of Ekibastuz GRES-1 was significantly improved.

scholarly journals Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption

2021 ◽  
Vol 12 (1) ◽  
Author(s):  
Marco Autili ◽  
Ivano Malavolta ◽  
Alexander Perucci ◽  
Gian Luca Scoccia ◽  
Roberto Verdecchia
Keyword(s):  
Static Analysis ◽  
Mobile Apps ◽  
Flow Analysis ◽  
Selection Procedure ◽  
Control Flow ◽  
Primary Study ◽  
Systematic Mapping Study ◽  
Time Behavior ◽  
Mobile Platforms ◽  
Industrial Adoption

AbstractMobile platforms are rapidly and continuously changing, with support for new sensors, APIs, and programming abstractions. Static analysis is gaining a growing interest, allowing developers to predict properties about the run-time behavior of mobile apps without executing them. Over the years, literally hundreds of static analysis techniques have been proposed, ranging from structural and control-flow analysis to state-based analysis.In this paper, we present a systematic mapping study aimed at identifying, evaluating and classifying characteristics, trends and potential for industrial adoption of existing research in static analysis of mobile apps. Starting from over 12,000 potentially relevant studies, we applied a rigorous selection procedure resulting in 261 primary studies along a time span of 9 years. We analyzed each primary study according to a rigorously-defined classification framework. The results of this study give a solid foundation for assessing existing and future approaches for static analysis of mobile apps, especially in terms of their industrial adoptability.Researchers and practitioners can use the results of this study to (i) identify existing research/technical gaps to target, (ii) understand how approaches developed in academia can be successfully transferred to industry, and (iii) better position their (past and future) approaches for static analysis of mobile apps.

scholarly journals Towards Modeling the User-perceived Quality of Source Code using Static Analysis Metrics

2017 ◽  
Author(s):  
Valasia Dimaridou ◽  
Alexandros-Charalampos Kyprianidis ◽  
Michail Papamichail ◽  
Themistoklis Diamantopoulos ◽  
Andreas Symeonidis
Keyword(s):  
Static Analysis ◽  
Source Code ◽  
Perceived Quality
Sign in / Sign up

Export Citation Format

Share Document