Safety, Security, and Semantic Aspects of Equation-Based Object-Oriented Languages and Environments

Broman, David

January 2007

<p>During the last two decades, the interest for computer aided modeling and simulation of complex physical systems has witnessed a significant growth. The recent possibility to create acausal models, using components from different domains (e.g., electrical, mechanical, and hydraulic) enables new opportunities. Modelica is one of the most prominent equation-based object-oriented (EOO) languages that support such capabilities, including the ability to simulate both continuous- and discrete-time models, as well as mixed hybrid models. However, there are still many remaining challenges when it comes to language safety and simulation security. The problem area concerns detecting modeling errors at an early stage, so that faults can be isolated and resolved. Furthermore, to give guarantees for the absence of faults in models, the need for precise language specifications is vital, both regarding type systems and dynamic semantics.</p><p>This thesis includes five papers related to these topics. The first paper describes the informal concept of types in the Modelica language, and proposes a new concrete syntax for more precise type definitions. The second paper provides a new approach for detecting over- and under-constrained systems of equations in EOO languages, based on a concept called structural constraint delta. That approach makes use of type checking and a type inference algorithm. The third paper outlines a strategy for using abstract syntax as a middle-way between a formal and informal language specification. The fourth paper suggests and evaluates an approach for secure distributed co-simulation over wide area networks. The final paper outlines a new formal operational semantics for describing physical connections, which is based on the untyped lambda calculus. A kernel language is defined, in which real physical models are constructed and simulated.</p> / Report code: LIU-TEK-LIC-2007:46. On the day of the defence date the status of article IV was: In Progress; The status of article V was: Manuscript.

Modeling

Simulation

Equation-Based

Object-Oriented

Modelica

Type System

Semantics

Language Safety

Secure Simulation

Computer science

Datavetenskap

Safety, Security, and Semantic Aspects of Equation-Based Object-Oriented Languages and Environments

Broman, David

January 2007

During the last two decades, the interest for computer aided modeling and simulation of complex physical systems has witnessed a significant growth. The recent possibility to create acausal models, using components from different domains (e.g., electrical, mechanical, and hydraulic) enables new opportunities. Modelica is one of the most prominent equation-based object-oriented (EOO) languages that support such capabilities, including the ability to simulate both continuous- and discrete-time models, as well as mixed hybrid models. However, there are still many remaining challenges when it comes to language safety and simulation security. The problem area concerns detecting modeling errors at an early stage, so that faults can be isolated and resolved. Furthermore, to give guarantees for the absence of faults in models, the need for precise language specifications is vital, both regarding type systems and dynamic semantics. This thesis includes five papers related to these topics. The first paper describes the informal concept of types in the Modelica language, and proposes a new concrete syntax for more precise type definitions. The second paper provides a new approach for detecting over- and under-constrained systems of equations in EOO languages, based on a concept called structural constraint delta. That approach makes use of type checking and a type inference algorithm. The third paper outlines a strategy for using abstract syntax as a middle-way between a formal and informal language specification. The fourth paper suggests and evaluates an approach for secure distributed co-simulation over wide area networks. The final paper outlines a new formal operational semantics for describing physical connections, which is based on the untyped lambda calculus. A kernel language is defined, in which real physical models are constructed and simulated. / <p>Report code: LIU-TEK-LIC-2007:46. On the day of the defence date the status of article IV was: In Progress; The status of article V was: Manuscript.</p>

Modeling

Simulation

Equation-Based

Object-Oriented

Modelica

Type System

Semantics

Language Safety

Secure Simulation

Computer Sciences

Datavetenskap (datalogi)

Um sistema para análise e detecção de ataques ao navegador Web / A system for analysis and detection of browser attacks

Afonso, Vitor Monte, 1987-

10 June 2011

Orientador: Paulo Lício de Geus / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-10-08T19:16:40Z (GMT). No. of bitstreams: 1 Afonso_VitorMonte_M.pdf: 1149302 bytes, checksum: 7db349dd13a346a3b3e7175d2f7eeaae (MD5) Previous issue date: 2011 / Resumo: Páginas Web com conteúdo malicioso são uma das grandes ameaças à segurança de sistemas atualmente. Elas são a principal forma utilizada por atacantes para instalar programas maliciosos (malware) no sistema operacional dos usuários. Para desenvolver mecanismos de proteção contra essas páginas, elas precisam ser estudadas e entendidas profundamente. Existem diversos sistemas de análise que são capazes de analisar páginas Web, prover informações sobre elas e classificá-las como maliciosas ou benignas. Entretanto, estes sistemas possuem diversas limitações em relação ao tipo de código que pode ser analisado e aos tipos de ataque que podem ser detectados. Para suprir tal deficiência nos sistemas de análise de páginas Web maliciosas foi desenvolvido um sistema, chamado de BroAD (Browser Attacks Detection), que faz a análise destas páginas de forma dinâmica, monitorando tanto as chamadas de sistemas realizadas pelo navegador enquanto as processa, quanto as ações realizadas pelo código JavaScript contido na página. A detecção dos comportamentos maliciosos é feita em quatro etapas, utilizando técnicas de aprendizado de máquina e assinaturas. Estas etapas incluem a detecção de shellcodes, a detecção de anomalias no comportamento do JavaScript e a análise de chamadas de sistema e assinaturas de código JavaScript. Foram realizados testes que demonstram que o sistema desenvolvido possui taxas de detecção superiores aos sistemas do estado-da-arte de análise de páginas Web maliciosas e ainda provê mais informações a respeito delas, levando a um entendimento melhor das amostras. Além disso, são apresentados códigos que podem detectar e evadir facilmente a análise de parte desses sistemas usados na comparação, demonstrando a fragilidade deles / Abstract: Malicious Web applications are a significant threat to computer security today. They are the main way through which attackers manage to install malware on end-user systems. In order to develop protection mechanisms to these threats, the attacks themselves need to be deeply studied and understood. Several analysis systems exist to analyze Web pages, provide information about them and classify them as malicious or benign. However, these systems are limited regarding the type of attacks that can be detected and the programming languages that can be analyzed. In order to fill this gap, a system, called BroAD (Browser Attacks Detection), that is capable of analyzing malicious Web pages, was developed. It monitors both system calls and JavaScript actions and the detection of the malicious behavior is performed in four steps, by the use of machine learning techniques and signatures. These steps include the detection of shellcodes, the anomaly detection of the JavaScript behavior and the analysis of system calls and JavaScript signatures. The results of the performed tests show that the developed system has better detection rates than the state-of-the-art systems in malicious Web pages analysis and also provides more information about these pages, giving a better understanding about their behavior. Besides, codes that can be used to easily detect and evade the analysis of part of those systems are presented, showing their fragility / Mestrado / Ciência da Computação / Mestre em Ciência da Computação

Crime por computador - Investigações

Sistemas de segurança

Computer crimes - Investigation

Computer security