This paper analyzes the main elements in NS network simulator, makes adetailed view of dataflow management in a link, a node, and an agent, respectively, and introducesthe information described by its trace file. Base...This paper analyzes the main elements in NS network simulator, makes adetailed view of dataflow management in a link, a node, and an agent, respectively, and introducesthe information described by its trace file. Based on the analysis of transportation and treatmentof different packets in NS, a dataflow state machine is proposed with its states exchange triggeringevents and a dataflow analyzer is designed and implemented according to it. As the machine statefunctions, the analyzer can make statistic of total transportation flux of a specified dataflow andoffer a general fluctuation diagram. Finally, a concrete example is used to test its performance.展开更多
Periodic control systems (PCSs) are widely used in real-time embedded system domain. However, traditional manual requirement analysis assumes the expert knowledge, which is laborious and error-prone. This paper prop...Periodic control systems (PCSs) are widely used in real-time embedded system domain. However, traditional manual requirement analysis assumes the expert knowledge, which is laborious and error-prone. This paper proposes a novel requirement analysis approach, which supports the automated validation of the informal requirement specifi- cations. Based on the normalized initial requirement docu- ments, our approach can construct an intermediate SPARDL model with both formal syntax and semantics. To check the overall system behaviors, our approach can transform the SPARDL models into executable code for simulation. The derived prototype simulator from SPARDL models enables the testing-based system behavior validation. Moreover, our approach enables the analysis of the dataflow relations in SPARDL models. By revealing input/output and affecting re- lations, our dataflow analysis techniques can help software engineers to figure out the potential data dependencies be- tween SPARDL modules. This is very useful for the module reuse when a new version of the system is developed. A study of our approach using an industry design demonstrates the practicality and effectiveness of our approach.展开更多
The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for softw...The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.展开更多
The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for softw...The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.展开更多
This paper presents an AES(advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution.Both decryption and encryption procedu...This paper presents an AES(advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution.Both decryption and encryption procedures of an AES are implemented on the chip.A fine-grained dataflow architecture is proposed,which dynamically exploits intrinsic byte-level independence in the algorithm.A novel circuit called an HMF(Hold-MatchFetch) unit is proposed for random control,which randomly sets execution orders for concurrent operations.The AES chip was manufactured in SMIC 0.18μm technology.The average energy for encrypting one group of plain texts(128 bits secrete keys) is 19 nJ.The core area is 0.43 mm^2.A sophisticated experimental setup was built to test the DPA resistance.Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack.Compared with the corresponding fixed order execution,the hardware based random order execution is improved by at least 21 times the DPA resistance.展开更多
基金The Natural Science Foundation of Jiangsu Province (BK2001205).
文摘This paper analyzes the main elements in NS network simulator, makes adetailed view of dataflow management in a link, a node, and an agent, respectively, and introducesthe information described by its trace file. Based on the analysis of transportation and treatmentof different packets in NS, a dataflow state machine is proposed with its states exchange triggeringevents and a dataflow analyzer is designed and implemented according to it. As the machine statefunctions, the analyzer can make statistic of total transportation flux of a specified dataflow andoffer a general fluctuation diagram. Finally, a concrete example is used to test its performance.
基金Zheng Wang, Bin Gu, and Mengfei Yang are par-tially supported by the National Natural Science Foundation of China (Grant Nos. 90818024, 91118007). Jianwen Li is partially supported by the National Natural Science Foundation of China (Grant No. 61021004). Geguang Pu is partially supported by Fundamental Research Funds for the Central Univer- sities, 973 Program (Grant No. 2011CB302904) and the National Natural Science Foundation of China (Grant No. 61061130541). Mengsong Chen is partially supported by the National Natural Science Foundation of China (Grant No. 61202103).
文摘Periodic control systems (PCSs) are widely used in real-time embedded system domain. However, traditional manual requirement analysis assumes the expert knowledge, which is laborious and error-prone. This paper proposes a novel requirement analysis approach, which supports the automated validation of the informal requirement specifi- cations. Based on the normalized initial requirement docu- ments, our approach can construct an intermediate SPARDL model with both formal syntax and semantics. To check the overall system behaviors, our approach can transform the SPARDL models into executable code for simulation. The derived prototype simulator from SPARDL models enables the testing-based system behavior validation. Moreover, our approach enables the analysis of the dataflow relations in SPARDL models. By revealing input/output and affecting re- lations, our dataflow analysis techniques can help software engineers to figure out the potential data dependencies be- tween SPARDL modules. This is very useful for the module reuse when a new version of the system is developed. A study of our approach using an industry design demonstrates the practicality and effectiveness of our approach.
基金This research was supported in part by the National Natural Science Foundation of China(Grant No.61802394,U1836209)Foundation of Science and Technology on Information Assurance Laboratory(No.KJ-17-110)+1 种基金National Key Research and Development Program of China(2016QY071405)Strategic Priority Research Program of the CAS(XDC02040100,XDC02030200,XDC02020200).
文摘The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.
基金supported in part by the National Natural Science Foundation of China(Grant No.61802394,U1836209)Foundation of Science and Technology on Information Assurance Laboratory(No.KJ-17-110)+1 种基金National Key Research and Development Program of China(2016QY071405)Strategic Priority Research Program of the CAS(XDC02040100,XDC02030200,XDC02020200).
文摘The Integer-Overflow-to-Buffer-Overflow(IO2BO)vulnerability has been widely exploited by attackers to cause severe damages to computer systems.Automatically identifying this kind of vulnerability is critical for software security.Despite many works have been done to mitigate integer overflow,existing tools either report large number of false positives or introduce unacceptable time consumption.To address this problem,in this article we present a static analysis framework.It first constructs an inter-procedural call graph and utilizes taint analysis to accurately identify potential IO2BO vulnerabilities.Then it uses a light-weight method to further filter out false positives.Specifically,it generates constraints representing the conditions under which a potential IO2BO vulnerability can be triggered,and feeds the constraints to SMT solver to decide their satisfiability.We have implemented a prototype system ELAID based on LLVM,and evaluated it on 228 programs of the NIST’s SAMATE Juliet test suite and 14 known IO2BO vulnerabilities in real world.The experiment results show that our system can effectively and efficiently detect all known IO2BO vulnerabilities.
基金supported by the National Natural Science Foundation of China(No.61006021)the Beijing Natural Science Foundation(No. 4112029)
文摘This paper presents an AES(advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution.Both decryption and encryption procedures of an AES are implemented on the chip.A fine-grained dataflow architecture is proposed,which dynamically exploits intrinsic byte-level independence in the algorithm.A novel circuit called an HMF(Hold-MatchFetch) unit is proposed for random control,which randomly sets execution orders for concurrent operations.The AES chip was manufactured in SMIC 0.18μm technology.The average energy for encrypting one group of plain texts(128 bits secrete keys) is 19 nJ.The core area is 0.43 mm^2.A sophisticated experimental setup was built to test the DPA resistance.Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack.Compared with the corresponding fixed order execution,the hardware based random order execution is improved by at least 21 times the DPA resistance.
