Instrumentace Java programů, kontrakty pro paralelismus / Parametric Contracts for Concurrency in Java Programs

Žárský, Jan

January 2021

Contracts for concurrency describe required atomicity of method sequences in concurrent programs. This work proposes a dynamic analyzer to verify programs written in Java against contracts for concurrency. The analyzer was designed to detect violations of parametric contracts with spoilers. The proposed analyzer was implemented as an extension to the RoadRunner framework. Support for accessing the method arguments and return values was added to RoadRunner as a part of the solution. The analyzer was fully implemented and verified on a set of testing programs.

Translation and Transformation of Low Level Programs / Prevođenje i transformisanje programa niskog nivoa

Pracner Doni

17 April 2019

<p>This thesis presents an approach for working with low level source code that enables automatic restructuring and raising the abstraction level of the programs. This makes it easier to understand the logic of the program, which in turn reduces the development time.The process in this thesis was designed to be flexible and consists of several independent tools. This makes the process easy to adapt as needed, while at the same time the developed tools can be used for other processes. There are usually two basic steps. First is the translation to WSL language, which has a great number of semantic preserving program transformations. The second step are the transformations of the translated WSL. Two tools were developed for translation: one that works with a subset of x86 assembly, and another that works with MicroJava bytecode. The result of the translation is a low level program in WSL.The primary goal of this thesis was to fully automate the selection of the transformations. This enables users with no domain&nbsp; knowledge to efficiently use this process as needed. At the same time, the flexibility of the process enables experienced users to adapt it as needed or integrate it into other processes. The automation was achieved with a <em>hill climbing </em>algorithm.Experiments that were run on several types of input programs showed that the results can be excellent. The fitness function used was a built-in metric that gives the &ldquo;weight&rdquo; of structures in a program. On input samples that had original high level source codes, the end result metrics of the translated and transformed programs were comparable. On some samples the result was even better than the originals, on some others they were somewhat more complex. When comparing with low level original source code, the end results was always significantly improved.</p> / <p>U okviru ove teze se predstavlja pristup radu sa programima niskog nivoa koji omogućava automatsko restrukturiranje i podizanje na vi&scaron;e nivoe. Samim tim postaje mnogo lak&scaron;e razumeti logiku programa &scaron;to smanjuje vreme razvoja.Proces je dizajniran tako da bude fleksibilan i sastoji se od vi&scaron;e nezavisnih alata. Samim tim je lako menjati proces po potrebi, ali i upotrebiti razvijene alate u drugim procesima. Tipično se mogu razlikovati dva glavna koraka. Prvi je prevođenje u jezik WSL,za koji postoji veliki broj transformacija programa koje očuvavaju semantiku. Drugi su transformacije u samom WSL-u. Za potrebe prevođenja su razvijena dva alata, jedan koji radi sa podskupom x86 asemblera i drugi koji radi sa MikroJava bajtk&ocirc;dom. Rezultat prevođenja je program niskog nivoa u WSL jeziku.Primarni cilj ovog istraživanja je bila potpuna automatizacija odabira transformacija, tako da i korisnici bez iskustva u radu sa sistemom mogu efikasno da primene ovaj proces za svoje potrebe. Sa druge strane zbog fleksibilnosti procesa, iskusni korisnici mogu lakoda ga pro&scaron;ire ili da ga integri&scaron;u u neki drugi već postojeći&nbsp;&nbsp; proces.Automatizacija je&nbsp; postignuta pretraživanjem usponom (eng. hill climbing).Eksperimenti vr&scaron;eni na nekoliko tipova ulaznih programa niskog nivoa su pokazali da rezultati mogu biti&nbsp; izuzetni. Za funkciju pogodnosti je kori&scaron;ćena ugrađena metrika koja daje &ldquo;težinu&rdquo; struktura u programu. Kod ulaza za koje je originalni izvorni k&ocirc;d bio dostupan, krajnje metrike najboljih varijanti prevedenih i transformisanih programa su bile na sličnom nivou. Neki primeri su bolji od originala, dok su drugi bili ne&scaron;to kompleksniji. Rezultati su uvek pokazivali značajna unapređenja u odnosu na originalni k&ocirc;d niskog nivoa.</p>

Détection de vulnérabilités appliquée à la vérification de code intermédiaire de Java Card / Vulnerability detection into Java Card bytecode verifier

Savary, Aymerick

30 June 2016

La vérification de la résistance aux attaques des implémentations embarquées des vérifieurs de code intermédiaire Java Card est une tâche complexe. Les méthodes actuelles n'étant pas suffisamment efficaces, seule la génération de tests manuelle est possible. Pour automatiser ce processus, nous proposons une méthode appelée VTG (Vulnerability Test Generation, génération de tests de vulnérabilité). En se basant sur une représentation formelle des comportements fonctionnels du système sous test, un ensemble de tests d'intrusions est généré. Cette méthode s'inspire des techniques de mutation et de test à base de modèle. Dans un premier temps, le modèle est muté selon des règles que nous avons définies afin de représenter les potentielles attaques. Les tests sont ensuite extraits à partir des modèles mutants. Deux modèles Event-B ont été proposés. Le premier représente les contraintes structurelles des fichiers d'application Java Card. Le VTG permet en quelques secondes de générer des centaines de tests abstraits. Le second modèle est composé de 66 événements permettant de représenter 61 instructions Java Card. La mutation est effectuée en quelques secondes. L'extraction des tests permet de générer 223 tests en 45 min. Chaque test permet de vérifier une précondition ou une combinaison de préconditions d'une instruction. Cette méthode nous a permis de tester différents mécanismes d'implémentations de vérifieur de code intermédiaire Java Card. Bien que développée pour notre cas d'étude, la méthode proposée est générique et a été appliquée à d'autres cas d'études. / Verification of the resistance of attacks against embedded implementations of the Java Card bytecode verifiers is a complex task. Current methods are not sufficient, only the generation of manual testing is possible. To automate this process, we propose a method called VTG (Vulnerability Test Generation). Based on a formal representation of the functional behavior of the system under test, a set of intrusion test is generated. This method is based on techniques of mutation and model-based testing. Initially, the model is transferred according to rules that we have defined to represent potential attacks. The tests are then extracted from the mutant models. Two Event-B models have been proposed. The first represents the structural constraints of the Java Card application files. The VTG allows in seconds to generate hundreds of abstract tests. The second model is composed of 66 events to represent 61 Java Card instructions. The mutation is effected in a few seconds. Extraction tests to generate 223 test 45 min. Each test checks a precondition or a combination of preconditions of a statement. This method allowed us to test different implementations of mechanisms through Java Card bytecode verifier. Although developed for our case study, the proposed method is generic and has been applied to other case studies.

Sécurité

Java Card

Vérification de code intermédiaire

Test d'intrusion

Mutation de spécification

Test à base de modèle

Event-B

ProB

Security

Java Card

Bytecode Verifier

Penetration Testing

Specification Mutation

Model-Based Testing

Event-B

ProB

005.8

Targeted Client Synthesis for Detecting Concurrency Bugs

Samak, Malavika

January 2016

Detecting concurrency bugs can be challenging due to the intricacies associated with their manifestation. These intricacies correspond to identifying the methods that need to be invoked concurrently, the inputs passed to these methods and the interleaving of the threads that cause the erroneous behavior. Neither fuzzing-based testing techniques nor over-approximate static analyses are well positioned to detect subtle concurrency defects while retaining high accuracy alongside satisfactory coverage. While dynamic analysis techniques have been proposed to overcome some of the challenges in detecting concurrency bugs, we observe that their success is critically dependent on the availability of effective multithreaded clients. Without a priori knowledge of the defects, manually constructing defect-revealing multithreaded clients is non-trivial. In this thesis, we design an approach to address the problem of automatically generate clients for detecting concurrency bugs in multithreaded libraries. The key insight underlying our design is that a subset of the properties observed when the defects manifest in a concur-rent execution can also be observed in a sequential execution. The input to our approach is a library implementation and a sequential testsuite, and the output is a set of multithreaded clients that can be used to reveal defects in the input library implementation. Dynamic defect detectors can execute the clients and analyze the resulting traces to report various kinds of defects including deadlocks, data races and atomicity violations. Furthermore, the clients can also be used by testing frameworks to report assertion violations. We propose two variants of our design – (a) path-agnostic client generation, and (b) path-aware client generation. The path-agnostic client generation process helps in detection of potential bugs present in the paths executed by the input sequential testsuite. It does not attempt to explore newer paths by satisfying path conditions either by modifying the input or by scheduling the threads appropriately. The generated clients are used to expose deadlocks, data races and atomicity violations. Our analysis analyzes the execution traces obtained from executing the input sequential clients and produces a concurrent client program that drives shared objects via library methods calls to states conducive for triggering deadlocks, data races or atomicity violations. For path-aware client generation, our approach explores newer paths that are not covered by the input sequential testsuite to generate clients. For this purpose, we design a directed, iterative and scalable engine that combines the strengths of static and dynamic analysis to help synthesize both multithreaded clients and schedules that violate complex correctness conditions expressed by the developer. Apart from the library implementation and the sequential testsuite as input, this engine also accepts a specification of correctness as input. Then, it iteratively refines each client from the input sequential testsuite to generate an ex-ecution that can break the input specification. Each step of the iterative process includes statically identifying sub-goals towards the goal of failing the specification, generating a plan toward meeting these goals, and merging of the paths traversed dynamically with the plan computed statically via constraint solving to generate a new client. The engine reports full reproduction scenarios, guaranteed to be true, for the bugs it finds. We have implemented prototypes that incorporate the aforementioned ideas and validated them by applying them on 29 well-tested concurrent classes from popular Java libraries, including the latest version of JDK. We are able to automatically generate clients that helped expose more than 300 concurrency bugs including deadlocks, data races, atomicity violations and assertion violations. We reported many previously unknown bugs to the developers of these libraries resulting in either fixes to the code or changes to the documentation pertaining to the thread-safe behavior of the relevant classes. On average, the time taken to analyze a class and generate clients for it is less than two minutes. We believe that the demonstrated effectiveness of our prototypes in helping expose deep bugs in popular Java libraries makes the design, proposed in this thesis, a vital cog in the future development and deployment of dynamic concurrency bug detectors.

Concurrency Bugs

Dynamic Analysis

Program Synthesis

Deadlock Detection

Bytecode Instrumentation

Targeted Client Synthesis

Dynamic Deadlock Detection

Multithreaded Client Synthesis

Atomicity Violations

Shared Memory

Dynamic Concurrency Bug Detectors

Racy Tests

Bug Detection

Computer Science

Blockchain Technology : a new domain for Cyber Forensics

Rasool, Muhammad Ahsan, Muhammad Shafiq, Hafiz

January 2018

Traditional database with no prior security measures is becoming challenging in the era of data technology. Database storage on a central location with single point of failure and vulnerable to cyber attacks is getting exposed to big risk of being hacked with the evolution of powerful machines and modern hacking techniques. Since its commencement, the BlockChain technology has shown a promising performance for application buildup in diversed fields of life from cryptocurrency to smart contracts and decentralized applications. Although multiple studies on privacy, data confidentiality and security issues of BlockChain are performed but a systematic examination is still needs attention. In this thesis work we conduct a systematic study about the vulnerabilities of BlockChain system and review the security enhancement solutions that may point to a good future direction for further research into the area of BlockChain technology and its applications. Smart contracts are self-executable objects hosted on the 2nd generation blockchain like Ethereum, carry billions of SEK worth of cryptocoins and cannot be updated once deployed. Smart contracts are generally considered secure objects but the systematic analysis of technology and source code exposes a new class of vulnerabilities which are more likely an ethical aspect of programming than the software coding errors. Besides the literature review we empower our results with a static code analysis especially with the perspective of cyber forensics.

Blockchain

Bitcoin

Ethereum

Ethereum Virtual Machine

Smart Contracts

vulnerabilities

Securify

Remix IDE

Solidity

Locked Funds

Initial Coin Offering

cryptocurrency

attacks

bytecode analysis

wallet

Public Key

Untested Code

Elektroteknik och elektronik

Other Engineering and Technologies

Annan teknik

Computer Systems

Datorsystem