107 resultados para Nonlinear static analysis
em Queensland University of Technology - ePrints Archive
Resumo:
Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.
Resumo:
In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.
Resumo:
This paper presents a nonlinear finite element (FE) model for the analysis of very high strength (VHS) steel hollow sections wrapped by high modulus carbon fibre rein forced polymer (CFRP) sheets. The bond strength of CFRP wrapped VHS circular steel hollow section under tension is investigated using the FE model. The three dimensional FE model by Nonlinear static analysis has been carried out by Strand 7 finite element software. The model is validated by the experimental data obtained from Fawzia et al [1]. A detail parametric study has been performed to examine the effect of number of CFRP layers, different diameters of VHS steel tube and different bond lengths of CFRP sheet. The analytical model developed by Fawzia et al. [1] has been used to determine the load carrying capacity of different diameters of CFRP strengthened VHS steel tube by using the capacity from each layer of CFRP sheet. The results from FE model have found in reasonable agreement with the analytical model developed by Fawzia et al [1]. This validation was necessary because the analytical model by Fawzia et al [1] was developed by using only one diameter of VHS steel tube and fixed (five) number of CFRP layers. It can be concluded that the developed analytical model is valid for CFRP strengthened VHS steel tubes with diameter range of 38mm to 100mm and CFRP layer range of 3 to 5 layers. Based on the results it can also be concluded that the effective bond length is consistent for different diameters of steel tubes and different layers of CFRP. Three layers of CFRP is considered most effective wrapping scheme due to the cost effectiveness. Finally the distribution of longitudinal and hoop stress has been determined by the finite element model for different diameters of CFRP strengthened VHS steel tube.
Resumo:
Defence organisations perform information security evaluations to confirm that electronic communications devices are safe to use in security-critical situations. Such evaluations include tracing all possible dataflow paths through the device, but this process is tedious and error-prone, so automated reachability analysis tools are needed to make security evaluations faster and more accurate. Previous research has produced a tool, SIFA, for dataflow analysis of basic digital circuitry, but it cannot analyse dataflow through microprocessors embedded within the circuit since this depends on the software they run. We have developed a static analysis tool that produces SIFA compatible dataflow graphs from embedded microcontroller programs written in C. In this paper we present a case study which shows how this new capability supports combined hardware and software dataflow analyses of a security critical communications device.
Resumo:
Data flow analysis techniques can be used to help assess threats to data confidentiality and integrity in security critical program code. However, a fundamental weakness of static analysis techniques is that they overestimate the ways in which data may propagate at run time. Discounting large numbers of these false-positive data flow paths wastes an information security evaluator's time and effort. Here we show how to automatically eliminate some false-positive data flow paths by precisely modelling how classified data is blocked by certain expressions in embedded C code. We present a library of detailed data flow models of individual expression elements and an algorithm for introducing these components into conventional data flow graphs. The resulting models can be used to accurately trace byte-level or even bit-level data flow through expressions that are normally treated as atomic. This allows us to identify expressions that safely downgrade their classified inputs and thereby eliminate false-positive data flow paths from the security evaluation process. To validate the approach we have implemented and tested it in an existing data flow analysis toolkit.
Resumo:
The increasing ecological awareness and stringent requirements for environmental protection have led to the development of water lubricated bearings in many applications where oil was used as the lubricant. The chapter details the theoretical analysis to determine both the static and dynamic characteristics,including the stability (using both the linearised perturbation method and the nonlinear transient analysis) of multiple axial groove water lubricated bearings. Experimental measurements and computational fluid dynamics (CFD) simulations by the Tribology research group at Queensland University of Technology,Australia and Manipal Institute of Technology, India, have highlighted a significant gap in the understanding of the flow phenomena and pressure conditions within the lubricating fluid. An attempt has been made to present a CFD approach to model fluid flow in the bearing with three equi-spaced axial grooves and supplied with water from one end of the bearing. Details of the experimental method used to measure the film pressure in the bearing are outlined. The lubricant is subjected to a velocity induced flow (as the shaft rotates) and a pressure induced flow (as the water is forced from one end of the bearing to the other). Results are presented for the circumferential and axial pressure distribution in the bearing clearance for different loads, speeds and supply pressures. The axial pressure profile along the axial groove located in the loaded part of the bearing is measured. The theoretical analysis shows that smaller the groove angle better will be the load-carrying capacity and stability of these bearings. Results are compared with experimentally measured pressure distributions.
Resumo:
Static anaylsis represents an approach of checking source code or compiled code of applications before it gets executed. Chess and McGraw state that static anaylsis promises to identify common coding problems automatically. While manual code checking is also a form of static analysis, software tools are used in most cases in order to perform the checks. Chess and McGraw additionaly claim that good static checkers can help to spot and eradicate common security bugs.
Resumo:
Radial profiles of magnetic fields in the electrostatic (E) and electromagnetic (H) modes of low-frequency (∼500) inductively coupled plasmas (ICP) were measured using miniature magnetic probes. A simplified plasma fluid model explaining the generation of the second harmonics of the azimuthal magnetic field in the plasma source was proposed. Because of apparent similarity in the procedure of derivation of the pondermotive force-caused nonlinear terms, pronounced generation of the nonlinear static azimuthal magnetic field could be expected.
Resumo:
With the increasing importance of Application Domain Specific Processor (ADSP) design, a significant challenge is to identify special-purpose operations for implementation as a customized instruction. While many methodologies have been proposed for this purpose, they all work for a single algorithm chosen from the target application domain. Such algorithm-specific approaches are not suitable for designing instruction sets applicable to a whole family of related algorithms. For an entire range of related algorithms, this paper develops a methodology for identifying compound operations, as a basis for designing “domain-specific” Instruction Set Architectures (ISAs) that can efficiently run most of the algorithms in a given domain. Our methodology combines three different static analysis techniques to identify instruction sequences common to several related algorithms: identification of (non-branching) instruction sequences that occur commonly across the algorithms; identification of instruction sequences nested within iterative constructs that are thus executed frequently; and identification of commonly-occurring instruction sequences that span basic blocks. Choosing different combinations of these results enables us to design domain-specific special operations with different desired characteristics, such as performance or suitability as a library function. To demonstrate our approach, case studies are carried out for a family of thirteen string matching algorithms. Finally, the validity of our static analysis results is confirmed through independent dynamic analysis experiments and performance improvement measurements.
Resumo:
We present a hierarchical model for assessing an object-oriented program's security. Security is quantified using structural properties of the program code to identify the ways in which `classified' data values may be transferred between objects. The model begins with a set of low-level security metrics based on traditional design characteristics of object-oriented classes, such as data encapsulation, cohesion and coupling. These metrics are then used to characterise higher-level properties concerning the overall readability and writability of classified data throughout the program. In turn, these metrics are then mapped to well-known security design principles such as `assigning the least privilege' and `reducing the size of the attack surface'. Finally, the entire program's security is summarised as a single security index value. These metrics allow different versions of the same program, or different programs intended to perform the same task, to be compared for their relative security at a number of different abstraction levels. The model is validated via an experiment involving five open source Java programs, using a static analysis tool we have developed to automatically extract the security metrics from compiled Java bytecode.
Resumo:
Refactoring is a common approach to producing better quality software. Its impact on many software quality properties, including reusability, maintainability and performance, has been studied and measured extensively. However, its impact on the information security of programs has received relatively little attention. In this work, we assess the impact of a number of the most common code-level refactoring rules on data security, using security metrics that are capable of measuring security from the viewpoint of potential information flow. The metrics are calculated for a given Java program using a static analysis tool we have developed to automatically analyse compiled Java bytecode. We ran our Java code analyser on various programs which were refactored according to each rule. New values of the metrics for the refactored programs then confirmed that the code changes had a measurable effect on information security.
Resumo:
Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.
