The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Developers often try to find occurrences of a certain term in a software system. Traditionally, a text search is limited to static source code files. In this paper, we introduce a simple approach, RuntimeSearch, where the given term is searched in the values of all string expressions in a running program. When a match is found, the program is paused and its runtime properties can be explored with...
Runtime Verification consists in studying a system at runtime, looking for input and output events to discover, check or enforce behavioral properties. Interactive debugging consists in studying a system at runtime in order to discover and understand its bugs and fix them, inspecting interactively its internal state.Interactive Runtime Verification (i-RV) combines runtime verification and interactive...
Bugs cannot always be avoided and can have various consequences on the reliability of softwares. Techniques for finding and undestanding bugs are therefore needed for developers to be able to fix them. Existing techniques for finding and getting insight on bugs have limitations. Static analysis cannot detect every bugs, Interactive Debugging can be tedious, Runtime Verification usually does not have...
Security in embedded systems remains a major concern. Untrustworthy authorities use a wide range of software attacks. This demo introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) implementations on ARM-based SoCs. DIFT is a solution that consists in tracking the dissemination of data inside the system and allows to enforce some security properties. In this demo,...
Software systems with quality of service (QoS), such as database management systems and web servers, are ubiquitous. Such systems must meet strict performance requirements. Instrumentation is a useful technique for the analysis and debugging of QoS systems. Dynamic binary instrumentation (DBI) extracts runtime information to comprehend system's behavior and detect performance bottlenecks. However,...
Inter-component communication (ICC) serves as a key element of any Android app's implementation. Specifically, an Android app uses Intents as the main mechanism for ICC to complete tasks such as switching between different user interfaces, starting background services, communicating to other apps on the Android device, and saving or retrieving data from device storage. Thus, dissecting how an app...
Existing static analysis tools require significant programmer effort. On large code bases, static analysis tools produce thousands of warnings. It is unrealistic to expect users to review such a massive list and to manually make changes for each warning. To address this issue we propose CCBot (short for <bold>C</bold>ode<bold>C</bold>ontracts <bold>Bot</bold>),...
Dynamic taint analysis traces data flows in applications at runtime and allows detection and consequently prevention of flow-based vulnerabilities, such as data leaks or injection attacks. While dynamic taint analysis spanning all components of the stack is potentially more precise, it requires adaptations of components across the OS stack and thus does not allow to analyze applications in their real...
Surrounding autonomous embedded devices are in a constant expansion. The advent and the rise of Internet of Things (IoT) enable these objects to take a giant step forward, especially regarding their large scale deployment in real-world applications of the everyday life. A significant part of these objects are battery-powered and energy-dependent. Thus, energy is a critical resource which greatly complicates...
As one of the most prominent threat, information leakages usually take sensitive data from some private sources and improperly release the data through malicious or misused method invocations and intercommunications. As a countermeasure against this threat, a number of detection approaches have been developed based on static analysis, esp. taint analysis. But we still have not reached a satisfactory...
Software memory disclosure attacks, such as buffer over-read, often work quietly and would cause secret data leakage. The well-known OpenSSL Heartbleed vulnerability leaked out millions of servers’ private keys, which caused most of the Internet services insecure at that time. Existing solutions are either hard to apply to large code bases (e.g., through formal verification [20] or symbolic execution...
Despite all the efforts of the research community, buffer overflows remain one of the most dangerous bugs for modern IT systems. The problem is compounded by the fact that there are many developers who do not follow the basic rules of a secure software development lifecycle, supplying proprietary vulnerable products. To address this problem, the industry has proposed a number of techniques that perform...
For runtime verification techniques, the most important part that limits its usage is how to reduce the influence of monitors. An important indicator is the amount of software codes after monitor instrumentation. The application of RV is hindered from the size-explosion problem of monitor construction. Namely, the state number of the monitor obtained is doubly exponential in the size of the input...
Although reflection methods in Android can facilitate developing applications, they will block control flow and data flow in static analysis, making its precision decreased. To solve this problem, we trigger applications to execute reflection methods and record its reflection targets at runtime. Reflection targets may be a method invocation, field setting or instantiating of some classes. Considering...
Internet of Things (IoT) services are increasingly deployed at the edge to access and control Things. The execution of such services needs to be monitored to provide information for security, service contract, and system operation management. Although different techniques have been proposed for deploying and executing IoT services in IoT gateways and edge servers, there is a lack of generic policy...
With the raise of computer systems' complexity, greater number of modules, technologies involved and functionalities, monitoring and keeping up with such systems in real time has become an indispensable task, given the fact that the quality of production software impacts directly on decision making and risk management by organizations. Knowing what to observe, which metrics are being more used for...
One of the most urgent challenges in event based performance analysis is the enormous amount of collected data. Combining event tracing and periodic sampling has been a successful approach to allow a detailed event-based recording of MPI communication and a coarse recording of the remaining application with periodic sampling. In this paper, we present a novel approach to automatically adapt the sampling...
Network latency in mobile apps is the first and foremost concern since the majority of apps frequently fetch data from the Internet and mobile devices rely on wireless networks. To minimize network latency, we propose a novel prefetching technique which has the potential of reducing latency to "zero". Our approach aims to prefetch latency-hogging HTTP requests in mobile applications, which...
With the introduction of Android 5 Lollipop, the Android Runtime (ART) superseded the Dalvik Virtual Machine (DVM) by introducing ahead-of-time compilation and native execution of applications, effectively deprecating seminal works such as TaintDroid that hitherto depend on the DVM. In this paper, we discuss alternatives to overcome those restrictions and highlight advantages for the security community...
Decision guidance models are a means for design space exploration and documentation. In this paper, we present decision guidance models for microservice monitoring. The selection of a monitoring system is an essential part of each microservice architecture due to the high level of dynamic structure and behavior of such a system. We present decision guidance models for generation of monitoring data,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.