1 |
Finding and remedying high-level security issues in binary codeDewey, David Bryan 07 January 2016 (has links)
C++ and Microsoft's Component Object Model (COM) are examples of a high- level lan- guage and development framework that were built on top of the lower-level, primitive lan- guage, C. C was never designed to support concepts like object orientation, type enforcement, and language independence. Further, these languages and frameworks are designed to com- pile and run directly on the processor where these concepts are also not supported. Other high-level languages that do support these concepts make use of a runtime or virtual machine to create a computing model to suit their needs. By forcing these high-level concepts into a primitive computing model, many security issues have been introduced. Existing binary- level security analysis tools and runtime enforcement frameworks operate at the lowest level of context. As such, they struggle to detect and remedy higher-level security issues. In this dissertation, a framework for elevating the context of binary code is presented. By bringing the context for analysis closer to where these security issues are introduced, this framework allows for higher-level analyses and enforcement frameworks to be developed.
|
2 |
Static Analysis for Efficient Affine Arithmetic on GPUsChan, Bryan January 2007 (has links)
Range arithmetic is a way of calculating with variables that hold ranges of real values. This ability to manage uncertainty during computation has many applications.
Examples in graphics include rendering and surface modeling,
and there are more general applications like global optimization and
solving systems of nonlinear equations.
This thesis focuses on affine arithmetic, one
kind of range arithmetic.
The main drawbacks of affine arithmetic are
that it taxes processors with heavy
use of floating point arithmetic
and uses expensive sparse vectors to represent
noise symbols.
Stream processors like graphics processing units (GPUs)
excel at intense computation, since they
were originally designed for high throughput
media applications. Heavy control flow and irregular
data structures pose problems though, so the
conventional implementation of affine arithmetic
with dynamically managed sparse vectors runs
slowly at best.
The goal of this thesis is to map affine arithmetic
efficiently onto GPUs by turning sparse vectors
into shorter dense vectors at compile time using
static analysis. In addition,
we look at how to improve efficiency further
during the static analysis using unique symbol
condensation. We demonstrate our implementation and
performance of the condensation on several
graphics applications.
|
3 |
Static Analysis for Efficient Affine Arithmetic on GPUsChan, Bryan January 2007 (has links)
Range arithmetic is a way of calculating with variables that hold ranges of real values. This ability to manage uncertainty during computation has many applications.
Examples in graphics include rendering and surface modeling,
and there are more general applications like global optimization and
solving systems of nonlinear equations.
This thesis focuses on affine arithmetic, one
kind of range arithmetic.
The main drawbacks of affine arithmetic are
that it taxes processors with heavy
use of floating point arithmetic
and uses expensive sparse vectors to represent
noise symbols.
Stream processors like graphics processing units (GPUs)
excel at intense computation, since they
were originally designed for high throughput
media applications. Heavy control flow and irregular
data structures pose problems though, so the
conventional implementation of affine arithmetic
with dynamically managed sparse vectors runs
slowly at best.
The goal of this thesis is to map affine arithmetic
efficiently onto GPUs by turning sparse vectors
into shorter dense vectors at compile time using
static analysis. In addition,
we look at how to improve efficiency further
during the static analysis using unique symbol
condensation. We demonstrate our implementation and
performance of the condensation on several
graphics applications.
|
4 |
Stability Analysis of Three-Wheel StrollerLee, Chia-yun 31 July 2008 (has links)
¡@¡@This study provides static and dynamic analysis of three-wheel stroller which is marketed. The model of stroller is built by computer- aided design software SolidWorks for perform static analysis on finite element analysis software ANSYS and mechanism¡¦s dynamic analysis on directed computer-aided mechanism analysis software COSMOSMotion.
¡@¡@It is important of stroller safety because it carry tender babies. The stroller should be examined carefully with three-wheel stroller always used on outdoor. CNS 6263 provides the standard for the safety test on the structure of the stroller, which includes a static analysis. In order to offer absolute safety for stroller, CNS uses a high standard to test the sample. For the market permission, the stroller needs to pass the CNS test, company always let stroller too strong to pass the test, and that will let the volume and weight too large to burden with cost. In this thesis, the researcher discussed the different on stroller between the traditional design and the CNS standard design. He also made an assumption the check if the stroller is overdesign.
¡@¡@A three-wheel stroller is a jogging stroller, and it is usually used on high velocity. Manufacturer should consider its steady, especially when the mass center of three-wheel stroller is usually too high. Dynamic analysis in this study will discuss the effect on the stroller when the forces of user are applied on the stroller. By the rollover formula of the three-wheel car, this study modified the program for three-wheel stroller in order to consider the influence of the force on the stroller. Comparing the results between the simulation of software and the calculation of the rollover function of three-wheel stroller, this study provides models for designers to prevent the rollover from the stroller.
|
5 |
Testing and Security Related Considerations in Embedded SoftwarePierce, Luke 01 December 2016 (has links)
The continued increasing use of microprocessors in embedded systems has caused a proliferation of embedded software in small devices. In practice, many of these devices are difficult to update to fix security flaws and software errors. This brings an emphasis on ensuring the secure and reliable software prior to the release of the device to ensure the optimal user experience. With the growing need to enable test and diagnostic capabilities into embedded devices the use of the JTAG interface has grown. While the intentions of the interface was originally to give the ability to shift in data into and out of chip’s scan chains for test, the generic framework has allowed for its features to expand. For embedded microprocessor’s the interface allows for halting execution, insertion of instructions, reprogramming the software, and reading from memory. While it creates a powerful debugging system, it also allows unlimited access to a malicious users. In turn such a user has the ability to either copy the intellectual property on the device, disable digital rights management routines, or alter the devices behavior. A novel method to secure JTAG access through the use of a multi-tiered permission system is presented in this paper. The use of static code analysis can be used to verify the functionality of embedded software code. Ideally, a software code should be tested in a way that guarantees correct behavior across all possible execution paths. While in practices this is typically infeasible due to the innumerable number of paths in the system, the use of automated test systems can help maximize the amount of code covered. In addition, such methods can also identify non-executable software statements that can be an indication of software issues, or sections of software that should not be targeted for testing. New static code analysis methods are presented in this dissertation. One technique uses supersets of software solution spaces to correctly identify unreachable software code in complex systems. Another presented technique automatically generates a set of test vectors to quickly maximize the number of code blocks executed by the set of test vectors. It is shown that such a method can be significantly faster than traditional methods.
|
6 |
Data Modeling for Static Analysis of Web Applications / Data Modeling for Static Analysis of Web ApplicationsBaštecký, Pavel January 2015 (has links)
The PHP is a very popular language which is used to write a server side part of web applications. The language is very simple to use and there are lots of small or more complex pages across the internet. But the great widespread of the PHP attracts the people which want to harm and compromise security of the web applications. The weverca analyzer is the first tool which is able to perform complex security analysis of a full page written in the modern version of the PHP and give information about possible security risks in the application. But the performance of Weverca is limited by its time and memory complexity caused by inefficient inner representation of a PHP memory state. The goal of this thesis is to find and solve main problems of the original memory representation. The output of this thesis is an implementation of the new memory representation which minimizes the complexity of the original solution. Powered by TCPDF (www.tcpdf.org)
|
7 |
Concurrent Interprocedural Dataflow AnalysisZou, Di January 2015 (has links)
Detecting bugs plays a significant role in software development. Bugs may lead to unexpected behaviors. An attacker can gain control over a system by exploiting its bugs. Usually, an attack can be triggered by user's input. Unchecked user input can cause serious problems in a program. In order to prevent this situation, user's input must be checked carefully before it can be used. To provide the information of where user's input can affect a program, the taint dataflow analysis is being considered.
In this thesis, we introduce a concurrent solution to perform static taint dataflow analysis. The goal is to find the statements of the program dependent on user input and inform the developers to validate those. We provides a method for the static concurrent taint dataflow analysis based on sequential static taint dataflow analysis.
Static dataflow analysis is time consuming. This research addresses the challenge of efficiently analyzing the dataflow. Our experimental shows that our concurrent taint dataflow analysis improves the speed of analyzing complex programs.
|
8 |
Automatically Generating Searchable Fingerprints For WordPress Plugins Using Static Program AnalysisLi, Chuang 01 June 2022 (has links)
No description available.
|
9 |
Compile-Time Characterization of Recurrent Patterns in Irregular ComputationsSingri, Arjun Jagadeesh 03 September 2010 (has links)
No description available.
|
10 |
A Cost Effective Methodology for Quantitative Evaluation of Software Reliability using Static AnalysisSchilling, Walter William, Jr. January 2007 (has links)
No description available.
|
Page generated in 0.0755 seconds