Global ETD Search

731	ByteSTM: Java Software Transactional Memory at the Virtual Machine Level Mahmoud Mohamedin, Mohamed Ahmed 21 March 2012 (has links) As chip vendors are increasingly manufacturing a new generation of multi-processor chips called multicores, improving software performance requires exposing greater concurrency in software. Since code that must be run sequentially is often due to the need for synchronization, the synchronization abstraction has a significant effect on program performance. Lock-based synchronization — the most widely used synchronization method — suffers from programability, scalability, and composability challenges. Transactional memory (TM) is an emerging synchronization abstraction that promises to alleviate the difficulties with lock-based synchronization. With TM, code that read/write shared memory objects is organized as transactions, which speculatively execute. When two transactions conflict (e.g., read/write, write/write), one of them is aborted, while the other commits, yielding (the illusion of) atomicity. Aborted transactions are re-started, after rolling-back changes made to objects. In addition to a simple programming model, TM provides performance comparable to lock-based synchronization. Software transactional memory (STM) implements TM entirely in software, without any special hardware support, and is usually implemented as a library, or supported by a compiler or by a virtual machine. In this thesis, we present ByteSTM, a virtual machine-level Java STM implementation. ByteSTM implements two STM algorithms, TL2 and RingSTM, and transparently supports implicit transactions. Program bytecode is automatically modified to support transactions: memory load/store bytecode instructions automatically switch to transactional mode when a transaction starts, and switch back to normal mode when the transaction successfully commits. Being implemented at the VM-level, it accesses memory directly and uses absolute memory addresses to uniformly handle memory. Moreover, it avoids Java garbage collection (which has a negative impact on STM performance), by manually allocating and recycling memory for transactional metadata. ByteSTM uses field-based granularity, and uses the thread header to store transactional metadata, instead of the slower Java ThreadLocal abstraction. We conducted experimental studies comparing ByteSTM with other state-of-the-art Java STMs including Deuce, ObjectFabric, Multiverse, DSTM2, and JVSTM on a set of micro- benchmarks and macro-benchmarks. Our results reveal that, ByteSTM's transactional throughput improvement over competitors ranges from 20% to 75% on micro-benchmarks and from 36% to 100% on macro-benchmarks. / Master of Science Synchronization Virtual Machine Java Multiprocessor Concurrency Software Transactional Memory
732	Optimization Techniques for Algorithmic Debugging Insa Cabrera, David 01 September 2016 (has links) [EN] Nowadays, undetected programming bugs produce a waste of billions of dollars per year to private and public companies and institutions. In spite of this, no significant advances in the debugging area that help developers along the software development process have been achieved yet. In fact, the same debugging techniques that were used 20 years ago are still being used now. Along the time, some alternatives have appeared, but there still is a long way for them to be useful enough to get into the software development process. One of them is algorithmic debugging, which abstracts the information the user has to investigate to debug the program, allowing them to focus on what is happening instead of how it is happening. This abstraction comes at a price: the granularity level of the bugs that can be detected allows for isolating wrongly implemented functions, but which part of them contains the bug cannot be found out yet. This thesis focusses on improving algorithmic debugging in many aspects. Concretely, the main aims of this thesis are to reduce the time the user needs to detect a programming bug as well as to provide the user with more detailed information about where the bug is located. To achieve these goals, some techniques have been developed to start the debugging sessions as soon as possible, to reduce the number of questions the user is going to be asked about, and to augment the granularity level of those bugs that algorithmic debugging can detect, allowing the debugger in this way to keep looking for bugs even inside functions. As a result of this thesis, three completely new techniques have been defined, an already existent technique has been improved, and two new algorithmic debugging search strategies have been defined that improve the already existent ones. Besides these theoretical results, a fully functional algorithmic debugger has been implemented that contains and supports all these techniques and strategies. This debugger is written in Java, and it debugs Java code. The election of this language is justified because it is currently one of the most widely extended and used languages. Also because it contains an interesting combination of unsolved challenges for algorithmic debugging. To further increase its usability, the debugger has been later adapted as an Eclipse plugin, so it could be used by a wider number of users. These two debuggers are publicly available, so any interested person can access them and continue with the research if they wish so. / [ES] Hoy en día, los errores no detectados de programación suponen un gasto de miles de millones al año para las empresas e instituciones públicas y privadas. A pesar de esto, no ha habido ningún avance significativo en el área de la depuración que ayude a los desarrolladores durante la fase de desarrollo de software. De hecho, las mismas técnicas de depuración que se utilizaban hace 20 años se siguen utilizando ahora. A lo largo del tiempo, han surgido algunas alternativas, pero todavía queda un largo camino para que estas sean lo suficientemente útiles como para abrirse camino en el proceso de desarrollo de software. Una de ellas es la depuración algorítmica, la cual abstrae la información que el programador debe investigar para depurar el programa, permitiéndole de este modo centrarse en el qué está ocurriendo en vez de en el cómo. Esta abstracción tiene un coste: el nivel de granularidad de los errores que pueden detectarse nos permite como máximo aislar funciones mal implementadas, pero no averiguar qué parte de estas contiene el error. Esta tesis se centra en mejorar la depuración algorítmica en muchos aspectos. Concretamente, los principales objetivos de esta tesis son reducir el tiempo que el usuario necesita para detectar un error de programación así como proporcionar información más detallada de dónde se encuentra el error. Para conseguir estos objetivos, se han desarrollado técnicas para iniciar las sesiones de depuración lo antes posible, reducir el número de preguntas que se le van a realizar al usuario, y aumentar el nivel de granularidad de los errores que la depuración algorítmica puede detectar, permitiendo así seguir buscando el error incluso dentro de las funciones. Como resultado de esta tesis, se han definido tres técnicas completamente nuevas, se ha mejorado una técnica ya existente, y se han definido dos nuevas estrategias de depuración algorítmica que mejoran las previamente existentes. Además de los resultados teóricos, también se ha desarrollado un depurador algorítmico completamente funcional que contiene y respalda todas estas técnicas y estrategias. Este depurador está escrito en Java y depura código Java. La elección de este lenguaje se justifica debido a que es uno de los lenguajes más ampliamente extendidos y usados actualmente. También debido a que contiene una combinación interesante de retos todavía sin resolver para la depuración algorítmica. Para aumentar todavía más su usabilidad, el depurador ha sido posteriormente adaptado como un plugin de Eclipse, de tal manera que pudiese ser usado por un número más amplio de usuarios. Estos dos depuradores están públicamente disponibles para que cualquier persona interesada pueda acceder a ellos y continuar con la investigación si así lo deseara. / [CA] Hui en dia, els errors no detectats de programació suposen una despesa de milers de milions a l'any per a les empreses i institucions públiques i privades. Tot i això, no hi ha hagut cap avanç significatiu en l'àrea de la depuració que ajude als desenvolupadors durant la fase de desenvolupament de programari. De fet, les mateixes tècniques de depuració que s'utilitzaven fa 20 anys es continuen utilitzant ara. Al llarg del temps, han sorgit algunes alternatives, però encara queda un llarg camí perquè estes siguen prou útils com per a obrir-se camí en el procés de desenvolupament de programari. Una d'elles és la depuració algorítmica, la qual abstrau la informació que el programador ha d'investigar per a depurar el programa, permetent-li d'esta manera centrar-se en el què està ocorrent en compte de en el com. Esta abstracció té un cost: el nivell de granularitat dels errors que poden detectar-se ens permet com a màxim aïllar funcions mal implementades, però no esbrinar quina part d'estes conté l'error. Esta tesi es centra a millorar la depuració algorítmica en molts aspectes. Concretament, els principals objectius d'esta tesi són reduir el temps que l'usuari necessita per a detectar un error de programació així com proporcionar informació més detallada d'on es troba l'error. Per a aconseguir estos objectius, s'han desenvolupat tècniques per a iniciar les sessions de depuració com més prompte millor, reduir el nombre de preguntes que se li formularan a l'usuari, i augmentar el nivell de granularitat dels errors que la depuració algorítmica pot detectar, permetent així continuar buscant l'error inclús dins de les funcions. Com resultat d'esta tesi, s'han definit tres tècniques completament noves, s'ha millorat una tècnica ja existent, i s'han definit dos noves estratègies de depuració algorítmica que milloren les prèviament existents. A més dels resultats teòrics, també s'ha desenvolupat un depurador algorítmic completament funcional que conté i protegix totes estes tècniques i estratègies. Este depurador està escrit en Java i depura codi Java. L'elecció d'este llenguatge es justifica pel fet que és un dels llenguatges més àmpliament estesos i usats actualment. També pel fet que conté una combinació interessant de reptes encara sense resoldre per a la depuració algorítmica. Per a augmentar encara més la seua usabilitat, el depurador ha sigut posteriorment adaptat com un plugin d'Eclipse, de tal manera que poguera ser usat per un nombre més ampli d'usuaris. Estos dos depuradors estan públicament disponibles perquè qualsevol persona interessada puga accedir a ells i continuar amb la investigació si així ho desitjara. / Insa Cabrera, D. (2016). Optimization Techniques for Algorithmic Debugging [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/68506 / Premios Extraordinarios de tesis doctorales Depuración Depuración Algorítmica Java Técnicas Estrategias LENGUAJES Y SISTEMAS INFORMATICOS
733	Symphony: A Java-based Composition and Manipulation Framework for Distributed Legacy Resources Shah, Ashish Bimalkumar II 08 April 1998 (has links) A problem solving environment (PSE) provides all computational facilities necessary for solving a target class of problems efficiently. PSEs are used primarily for domain-specific problem-solving in science and engineering and aim to ease the burden of advanced scientific computing. Scientific problem solving, however, often involves the use of legacy resources which are difficult to modify or port, and may be distributed on different machines. Existing PSEs provide little support for solving such problems in a generic framework. This thesis investigates the design of a platform-independent system that enables problem solving using legacy resources without having to modify legacy code. It presents Symphony, an open and extensible Java-based framework for composition and manipulation of distributed legacy resources. Symphony allows users to compose visually a collection of programs and data by specifying data-flow relationships among them and provides a client/server framework for transparently executing the composed application. Additionally, the framework is web-aware and helps integrate web-based resources with legacy resources. It also enables programmers to provide a graphical interface to legacy applications and to write visualization components. Symphony uses Sun Microsystems' JavaBeans component architecture for providing components that represent legacy resources. These components can be customized and composed in any standard JavaBeans builder tool. Executable components communicate with a server, implemented using Java Remote Method Invocation mechanism, for executing remote legacy applications. Symphony enables extensibility by providing abstract components which can be extended by implementing simple interfaces. Beans implemented from the abstract beans can act as data producers, consumers or filters. / Master of Science Problem Solving Environments Java Beans Distributed Legacy Resources
734	Design and evaluation of an internet-based circuit design package used in an undergraduate engineering circuit course Zhang, Qiong 01 April 2000 (has links) No description available. Java (Computer program language) Electrical and Computer Engineering Engineering Systems and Communications
735	Evaluation and improvement of an internet based circuit design package Raihan, Syed Mamun 01 April 2001 (has links) No description available. Java (Computer program language) Electrical and Computer Engineering Engineering
736	Connecting resource constrained devices to a Jini network Kotha, Sanjeev Kumar Reddy 01 January 2003 (has links) No description available. Engineering
737	SQL Injection Vulnerabilities in Open-Source Projects Brehmer, Aron, Teräs, Mina January 2024 (has links) SQL injection attacks have been a problem since the early 2000s. Even though the issue is well known today, SQL injection vulnerabilities remain to be one of the most common security flaws. Our study looks at open source-projects written in Java and Python to examine the current state of SQL injection vulnerabilities. We take a deeper look into the vulnerabilities' code patterns and discuss suitable prevention methods.The open-source projects were mined from Github. The projects that contained a connection to a relational database were further analyzed with static analysis to find vulnerabilities. A subset of projects was picked out for deeper analysis of the source code. Among 167,644 Java projects that met the selection criteria, 24,416 were identified to have a connection to a relational database. The corresponding figures for Python were 294,637 and 20,994. Notably, concatenation is more prevalent in Java, whereas prepared statements are favored in Python. Additionally, the analysis revealed that the Python projects tended to have more recent updates and a higher number of contributors compared to the Java projects. Moreover, projects employing both prepared statements and concatenation were observed to be larger in size compared to those using only one of these methods or relying on hardcoded queries. With legacy projects and concatenation being more common in Java, it is suggested that Python projects better follow best practices when it comes to SQL injection. Although indications were found that the overall knowledge of SQL injection has increased since 2019, the use of identifier concatenation still is prevalent. Open-Source SQL Injection Java and Python Software Engineering Programvaruteknik
738	Inférence de certificats pour la vérification statique des programmes Java Menif, Emna 18 April 2018 (has links) La Sécurité des Systèmes d'Information est l'un des défis les plus urgents des différents organismes de la société actuelle. Le problème de sécurité a émergé du progrès technologique rapide qui pousse à l'utilisation des \emph{Systèmes d'Information}. L'un de ces progrès est l'utilisation de code mobile. En effet, pour protéger ses informations critiques d'une éventuelle menace d'un code mobile, un organisme doit chercher des solutions de plus en plus élaborées. Une des approches émergeantes pour aborder ce problème est la compilation certifiée. Il s'agit d'une approche statique, basée sur le langage et génère en plus du code objet, un certificat constitué des informations relatives aux aspects de sécurité d'un programme. En plus des avantages de l'analyse statique, cette approche fait coopérer le producteur du code et son consommateur. De plus, ce dernier n'a plus à faire confiance au producteur. Dans cette thèse nous avons appliqué cette approche au langage Java afin de vérifier statiquement la sécurité. En effet, Java couvre une gamme de périphériques, d'ordinateurs et de réseaux grâce à son évolutivité, son efficacité, sa portabilité et sa sécurité. Toutefois, les propriétés de sécurité de haut niveau sont vérifiées dynamiquement dans Java par le vérificateur du \emph{bytecode} et le gestionnaire de sécurité. Nous proposons alors de concevoir et d'implanter un compilateur certificateur pour Java (JACC) afin d'accroître la flexibilité, l'efficacité et la robustesse de l'architecture de sécurité de Java. Le certificat que génère JACC est vérifié statiquement par le vérificateur de l'architecture JACC. Il est constitué d'annotations qui essaient de reporter et abstraire au mieux le comportement du programme. Les principaux résultats qui nous ont permis d'atteindre ces objectifs sont: \begin{enumerate} \item la définition de la syntaxe et sémantique des annotations du certificat; \item la conception et l'implantation de JACC en partant de Jikes, un compilateur pour le langage Java développé par IBM. Nous avons également pu mener une étude expérimentale pour mesurer la performance de JACC ainsi que la taille des fichiers \emph{.class} générés et nous les avons comparés à Jikes; \item l'élaboration d'un cadre formel pour spécifier le module d'inférence. Cette spécifi\-cation décrit la sémantique opérationnelle de chaque étape d'inférence et ce pour l'ensemble des \emph{opcodes} ainsi qu'un système de types pour les annotations du certificat. \end{enumerate} / Information Systems Security is one of the most pressing challenges facing all kind of organizations today. The security problem has raised from rapid technological advances that are stimulating a greater use of \emph{Information Systems} in world-wide organizations. One of these advances is the use of mobile code. Keeping critical information safe from malicious mobile code is challenging. One way to address the security issue for mobile code is using certifying compilation. The certifying compilation is a language-based, static technique used to collect information (certificate) regarding the safety and security of a software. In addition to the advantages of the static analysis, this approach alleviates the burden on the consumer. The other advantage of this approach is to restrict the trust of the consumer to the verifier only. In this thesis we have applied this approach to Java to check safety and security statically. As we know, Java is present in a wide range of devices, computers, and networks due to it's versatility, efficiency, platform portability and security . Nevertheless, high-level security properties are verified by bytecode verifier and security manager at run time. The main objectives of this thesis are the design and the implementation of a Java certifying compiler (JACC) that helps to increase the flexibility, efficiency and robustness of the Java security architecture. Indeed, JACC certificate is verified statically by the JACC verifier to ensure high-level security properties. The certificate is made up of annotations that try to capture the behavior of a software and represent it in an abstract form. This behavior could be critical and aims to threaten the software user. The main research contributions that led to reach these objectives are: \begin{enumerate} \item the definition of the certificate syntax and semantic; \item the design and the implementation of JACC based on Jikes. We have also measured the generated \emph{.class} files sizes and JACC performance and compared them to Jikes; \item the elaboration of a formal framework in which we formally specify the certificate inference. This specification describes the operational semantic of each inference step as long as a type system for the certificate annotations. \end{enumerate} QA 76.05 UL 2012 M545
739	Memory-Constrained Security Enforcement Talhi, Chamseddine 12 April 2018 (has links) Avec l'extension des cellulaires, des réseaux sans fil et des périphériques mobiles, Java est devenu incontestablement l'environnement d'exécution le plus populaire. Cela est dû à ses aspects de sécurité, portabilité, mobilité et réseaux. Dans ce contexte, la plateforme de choix est Java ME-CLDC. Aussi, vu le nombre grandissant d'applications Java destinées aux périphériques mobiles, la sécurité est devenue un enjeu crucial à considérer d'une manière primordiale. Sécuriser ce type d'applications devient plus qu'impératif, notamment lorsque celles-ci manipulent des données confidentielles telles que les informations relatives aux transactions électroniques. Plus encore, les périph ériques supportant Java se retrouvent souvent interconnectées, ce qui signifie que les applications peuvent ainsi créer des connexions réseaux et faire circuler des données critiques sur les canaux de communications. Cependant, les efforts considérables déployés afin de sécuriser Java ME-CLDC se heurtent à des contraintes de limitations strictes de l'espace mémoire disponible, au sein des périphériques en question. Dans cette optique, cette thèse étudie le problème du maintien de la sécurité sous contraintes mémoire, et cela en analysant la sécurité de la plateforme Java ME-CLDC. Plus précisément, les objectifs majeurs de notre sujet de recherche sont (1) l'évaluation et l'amélioration de la sécurité de Java ME-CLDC et (2) la modélisation du monitoring d'exécution (EM) en y introduisant des contraintes mémoire. à vrai dire, EM constitue une classe importante et omniprésente parmi tous les mécanismes de sécurité utilisés dans les plateformes Java. Les principaux résultats auxquels a abouti notre investigation sont les suivants : - Une analyse de la sécurité de Java ME-CLDC. Les deux contributions principales qu'a engendré cette analyse sont l'analyse de vulnérabilité et l'analyse des risques de cette plateforme. L'analyse de vulnérabilité a révélé la présence de certaines faiblesses dans la plateforme, elle a montré également la manière permettant d'améliorer son modèle de sécurité. Quant à l'analyse des risques, elle a fourni une estimation de la gravité des risques associés aux vulnérabilités décelées. - Une modélisation du monitoring d'exécution sous contraintes mémoire. Cette modélisation couvre aussi bien les moniteurs conventionnels que des moniteurs plus puissants. Les contributions principales qui découlent de notre modélisation sont les suivantes: Premièrement, nous avons défini une nouvelle classe d'automates, dite Bounded History Automata (BHA) ou automates à historique borné, classe d'automate qui permet de spécifier les mécanismes EM opérant sous contraintes mémoire. Deuxièmement, nous avons identifié une nouvelle taxonomie orientée mémoire des propriétés assurées par EM. Troisièmement, nous avons étudié les propriétés localement testables qui peuvent être assurées par des EMs opérant sous contraintes mémoire. Cela est fait en deux étapes: on commence par identi- fier les propriétés assurées par EMs qui sont de nature locale, ensuite on vérifie si ces dernières peuvent être spécifiées par des BHAs. / With the proliferation of mobile, wireless and internet-enabled devices (e.g., PDAs, cell phones, pagers, etc.), Java is emerging as a standard execution environment due to its security, portability, mobility and network support features. The platform of choice in this setting is Java ME-CLDC. With the large number of applications available for Javaenabled network-connected devices, security is of paramount importance. Applications can handle user-sensitive data such as phonebook data or bank account information. Moreover, Java-enabled devices support networking, which means that applications can also create network connections and send or receive data. However, the considerable efforts of securing Java ME-CLDC are constrained by strict memory limitations of the target devices. This thesis aims at investigating memory-constrained security by analyzing the security of Java ME-CLDC and characterizing enforceable security policies. More precisely, the main objectives of our research are (1) evaluating and improving the security of Java ME-CLDC and (2) characterizing memory-constrained execution monitoring; an important class of security mechanisms. The main results of our research are the following: - A security analysis of Java ME-CLDC. The two main contributions of this analysis are a vulnerability analysis and a risk analysis of the platform. The vulnerability analysis revealed the presence of vulnerabilities in the platform and showed how to improve the underlying security model. The risk analysis provided a seriousness estimation of the risks associated with the uncovered vulnerabilities. - A characterization of memory-constrained execution monitoring. This characterization covers conventional monitors as well as more powerful monitors. The contribution of this characterization is mainly threefold. First, we deffined a new automata class, called Bounded History Automata (BHA), to specify memoryconstrained EM enforcement. Second, we identiffied a new memory-directed taxonomy of EM-enforceable properties. Third, we investigated the enforcement of local properties using memory-constrained EM. This was performed by identifying BHA-enforceable local properties and explaining how to check whether an EM-enforceable policy is local or not. QA 76.05 UL 2007
740	App enabling environment to Volvo CE platforms Duff, Gerard January 2014 (has links) This thesis was submitted to the faculty of Innovation, Design and Technology, IDT, at Mälardalen university in Västerås, Sweden as a partial fulfillment of the requirements to obtain the M.Sc. in computer science, specializing in embedded systems. The work presented was carried out in the months January to June in 2014 partially in Volvo Construction Equipment, Volvo CE, Eskilstuna, and partially at Mälardalen university in Västerås. Federated Resilient Embedded Systems Technology for AUTOSAR, FRESTA, is a collaborative project between Volvo and the Swedish Institute of Computer Science, SICS, that aims to make it possible to add third party applications to vehicle’s computer systems without compromising system security and robustness. The mechanism is developed by SICS for AUTOSAR, AUTomotive Open System ARchitecture, an open standardized automotive software architecture for vehicles. The following report documents the efforts to study and port the FRESTA mechanism to the Volvo CE platform, and develop a Java application to test the porting. The investigation will aspire to determine if it is feasible to introduce Java based third party applications to resource constrained embedded systems, without causing a deterioration in the predictability and security of the system. / Avhandlingen lades fram för fakulteten för innovation, design och teknik, IDT, vid Mälardalens högskola i Västerås som en del av kraven för att erhålla M.Sc. i datavetenskap med inriktning mot inbyggda system. Arbetet genomfördes under månaderna januari till juni 2014 delvis i Volvo Construction Equipment, Volvo CE, Eskilstuna, och delvis vid Mälardalens högskola i Västerås. Federated Resilient Embedded Systems Technology for AUTOSAR, FRESTA, är ett samarbetsprojekt mellan Volvo och Svenska Institutet för datavetenskap, SICS, som syftar till att göra det möjligt att lägga tredjepartsapplikationer till fordonets datorsystem utan att äventyra systemets säkerhet och robusthet. Mekanismen är utvecklat av SICS för AUTOSAR, Automotive Open System Architecture, en öppen standardiserad fordons programvaruarkitektur för fordon. Följande rapport dokumenterar arbetet med att studera Fresta mekanismen till Volvo CE-plattformen, och utveckla ett Java-program för att testa portning. Undersökningen kommer att sträva efter att avgöra om det är genomförbart att införa en Java-baserad tredje part för att resursbegränsa inbyggda system, utan att orsaka en försämring av förutsägbarhet och säkerhet i systemet. Resource constrained embedded systems Third party applications Electronic control units porting Java virtual machine Java Embedded C

Search results