David Evans The Bugs and the Bees Research in Swarm Programming and Security University of Virginia.

Slides:



Advertisements
Similar presentations
Static Analysis for Security
Advertisements

3/27/ :01 PM © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Security and Open Source: the 2-Edged Sword Crispin Cowan, Ph.D WireX Communications, Inc wirex.com.
Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.
Visualizing Type Qualifier Inference with Eclipse David Greenfieldboyce Jeffrey S. Foster University of Maryland.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
Automated Tests in NICOS Nightly Control System Alexander Undrus Brookhaven National Laboratory, Upton, NY Software testing is a difficult, time-consuming.
Proactive Software Security R. Sekar Director, Center for Cybersecurity Stony Brook University.
Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle David Evans University of Virginia Department of Computer Science Supported.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
COMP1070/2002/lec3/H.Melikian COMP1070 Lecture #3 v Operating Systems v Describe briefly operating systems service v To describe character and graphical.
Introduction and Overview Questions answered in this lecture: What is an operating system? How have operating systems evolved? Why study operating systems?
The Program Development Cycle
Detection and Prevention of Buffer Overflow Exploit Cai Jun Anti-Virus Section Manager R&D Department Beijing Rising Tech. Corp. LTD.
OPERATING SYSTEMS Goals of the course Definitions of operating systems Operating system goals What is not an operating system Computer architecture O/S.
Let’s Stop Beating Dead Horses, and Start Beating Trojan Horses! David Evans INFOSEC Malicious Code Workshop San Antonio, 13.
Approaching a Problem Where do we start? How do we proceed?
Kavita Singh CS-A What is Swarm Intelligence (SI)? “The emergent collective intelligence of groups of simple agents.”
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
Fundamental Programming: Fundamental Programming K.Chinnasarn, Ph.D.
Software Assurance Session 13 INFM 603. Bugs, process, assurance Software assurance: quality assurance for software Particularly assurance of security.
David Evans These slides: Introduction to Static Analysis.
David Evans CS551/651: Dependable Computing University of Virginia Computer Science Static Analysis.
Writing Systems Software in a Functional Language An Experience Report Iavor Diatchki, Thomas Hallgren, Mark Jones, Rebekah Leslie, Andrew Tolmach.
OSes: 3. OS Structs 1 Operating Systems v Objectives –summarise OSes from several perspectives Certificate Program in Software Development CSE-TC and CSIM,
Major Disciplines in Computer Science Ken Nguyen Department of Information Technology Clayton State University.
David Evans The Bugs and the Bees Research in Programming Languages and Security University of.
David Evans The Bugs and the Bees Research in Programming Languages and Security University of.
Systems for Safety and Dependability David Evans University of Virginia Department of Computer Science.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
1 Splint: A Static Memory Leakage tool Presented By: Krishna Balasubramanian.
(A Somewhat Self-Indulgent) Splint Retrospective David Evans University of Virginia 25 October 2010.
WOSS 2002Selvin George1 A Biologically Inspired Programming Model for Self-Healing Systems Selvin George Computer Science David Evans Computer Science.
Silberschatz, Galvin and Gagne  Operating System Concepts UNIT II Operating System Services.
Technical Seminar Presentation Presented By:- Prasanna Kumar Misra(EI ) Under the guidance of Ms. Suchilipi Nepak Presented By Prasanna.
High Confidence Software and Systems HCMDSS Workshop Brad Martin June 2, 2005.
Policy-Directed Code Safety David Evans April 1999 Software Devices and Systems MIT Lab for Computer Science.
Static/Dynamic Analysis: Past, Present and Future Verification Grand Challenge Workshop SRI Menlo Park 22 February 2005 David Evans University of Virginia.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
Sampling Dynamic Dataflow Analyses Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan University of British Columbia.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally.
CSCI 101 Rouda’s Sections.  Application Software  Microsoft Word  Photoshop  Business Software  Inventory and Shipping control  Financial Analysis.
David Evans Swarm Programming How to Program a MicroNet University of Virginia Department of Computer.
What Makes Device Driver Development Hard Synthesizing Device Drivers Roumen Kaiabachev and Walid Taha Department of Computer Science, Rice University.
From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.
MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.
David Evans The Bugs and the Bees Research in Programming Languages and Security University of.
Introduction to Computer Programming Concepts M. Uyguroğlu R. Uyguroğlu.
CPSC 872 John D. McGregor Session 31 This is it..
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
University of Virginia Computer Science Extensible Lightweight Static Checking David Evans On the I/O.
Static/Dynamic Analysis: Past, Present and Future
CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet
Improving Security Using Extensible Lightweight Static Analysis
CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet
All You Ever Wanted to Know About Dynamic Taint Analysis & Forward Symbolic Execution (but might have been afraid to ask) Edward J. Schwartz, Thanassis.
Efficient Memory Safety for TinyOS 2.1
Buffer Overflow Slide Set #7 Textbook Chapter 10 Clicker Questions
Annotation-Assisted Lightweight Static Checking
Sampling Dynamic Dataflow Analyses
Presentation transcript:

David Evans The Bugs and the Bees Research in Swarm Programming and Security University of Virginia Department of Computer Science

9 Nov 2001David Evans - CSCP2 Research Projects The Bugs The Bees - “Programming the Swarm” Splint How can we efficiently find coding errors? How can we program large collections of devices and reason about their behavior?

9 Nov 2001David Evans - CSCP3 A Gross Oversimplification Effort Required Low Unfathomable Formal Verifiers Bugs Detected none all Compilers Splint

9 Nov 2001David Evans - CSCP4 Approach Extend type checking to detect more classes of problems Programmers add annotations (formal specifications) –Simple and precise –Describe programmers intent: Types, memory management, data hiding, aliasing, modification, null-ity, buffer sizes, security, etc. Splint detects inconsistencies between annotations and code –Simple (fast!) dataflow analyses

9 Nov 2001David Evans - CSCP5 Recent Work Detecting Buffer Overflow Vulnerabilities [David Larochelle] –Most commonly exploited security vulnerability –Still the most common attack Code Red exploited buffer overflow in IIS >50% of CERT advisories, 23% of CVE entries in 2001 Attributes describe sizes of allocated buffers

9 Nov 2001David Evans - CSCP6 Splint More information: splint.cs.virginia.edu IEEE Software Jan/Feb 2002 USENIX Security ’01, PLDI ’96 Public release (since 1996 as LCLint) – real users, mentioned in C FAQ, C Unleashed, Linux Journal, etc. We need cooperative industrial users Students: –Graduate: David Larochelle, Greg Yukl –Undergraduate: David Friedman, Mike Lanouette, Hien Phan Funding: NASA

9 Nov 2001David Evans - CSCP7 Programming the Swarm

9 Nov 2001David Evans - CSCP8 (Really) Brief History of Computer Science Machines Programming Methods Reasoning Tools Monolithic Computers First High-Level Languages Manual Proof of Properties of Trivial Programs “Programming in the Small” Fixed Networks of PCs Modular Programming, Interfaces, Objects Tools for Reasoning about Distributed Programs “Programming in the Large” “Programming the Swarm” Billions of small, cheap unreliable devices in physical environments Swarm Programming, Group Behaviors Tools for Reasoning about Groups in unpredictable environments

9 Nov 2001David Evans - CSCP9 Programming the Swarm: Long-Range Goal Cement 10 GFlop

9 Nov 2001David Evans - CSCP10 Why this Might be Possible? Biology Does It –Ant routing Find best route to food source using pheromone trails –Bee house-hunting Reach consensus by dancing and split to new hive –Complex creatures self-organize from short DNA program and dumb chemicals Genetic code for 2 humans differs in only 2M base pairs (.5 MB < 1% of Win2000)

9 Nov 2001David Evans - CSCP11 Swarm Programming Model Swarm Program Synthesizer Environment Model Behavioral Description Device Model Primitives Library Device Units Programmed Device Units Device Programs

9 Nov 2001David Evans - CSCP12 Research Issues How can we describe the properties of swarm behaviors, devices and environments? What are the right primitives and combination mechanisms? How can we synthesize swarm programs with known functional and non-functional properties? Security –Can we use swarm programming to build systems that are resilient to classes of attack? –Can we produce swarm programs with known behavioral constraints? –Can we provide privacy using wireless communications in a swarm?

9 Nov 2001David Evans - CSCP13 Programming the Swarm swarm.cs.virginia.edu Students: –Graduate: Gilbert Backers, Joel Winstead, Weilin Zhong –Undergraduates: Keen Browne, Mike Cuvelier, John Calandrino, Bill Oliver, Mike Hoyge, Jon McCune, Errol McEachron, Ankush Seth Funding: NSF

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.