Secure, dynamic and distributed access control stack for database applications

In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: (1) if policies are complex, their enforcement can lead to performance decay of database servers; (2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.

Ordenação por translocação de genomas sem sinal utilizando algoritmos genéticos

Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, Programa de Pós-Graducação em Informática, 2016.

Physical Design Methodologies for Low Power and Reliable 3D ICs

As the semiconductor industry struggles to maintain its momentum down the path following the Moore's Law, three dimensional integrated circuit (3D IC) technology has emerged as a promising solution to achieve higher integration density, better performance, and lower power consumption. However, despite its significant improvement in electrical performance, 3D IC presents several serious physical design challenges. In this dissertation, we investigate physical design methodologies for 3D ICs with primary focus on two areas: low power 3D clock tree design, and reliability degradation modeling and management. Clock trees are essential parts for digital system which dissipate a large amount of power due to high capacitive loads. The majority of existing 3D clock tree designs focus on minimizing the total wire length, which produces sub-optimal results for power optimization. In this dissertation, we formulate a 3D clock tree design flow which directly optimizes for clock power. Besides, we also investigate the design methodology for clock gating a 3D clock tree, which uses shutdown gates to selectively turn off unnecessary clock activities. Different from the common assumption in 2D ICs that shutdown gates are cheap thus can be applied at every clock node, shutdown gates in 3D ICs introduce additional control TSVs, which compete with clock TSVs for placement resources. We explore the design methodologies to produce the optimal allocation and placement for clock and control TSVs so that the clock power is minimized. We show that the proposed synthesis flow saves significant clock power while accounting for available TSV placement area. Vertical integration also brings new reliability challenges including TSV's electromigration (EM) and several other reliability loss mechanisms caused by TSV-induced stress. These reliability loss models involve complex inter-dependencies between electrical and thermal conditions, which have not been investigated in the past. In this dissertation we set up an electrical/thermal/reliability co-simulation framework to capture the transient of reliability loss in 3D ICs. We further derive and validate an analytical reliability objective function that can be integrated into the 3D placement design flow. The reliability aware placement scheme enables co-design and co-optimization of both the electrical and reliability property, thus improves both the circuit's performance and its lifetime. Our electrical/reliability co-design scheme avoids unnecessary design cycles or application of ad-hoc fixes that lead to sub-optimal performance. Vertical integration also enables stacking DRAM on top of CPU, providing high bandwidth and short latency. However, non-uniform voltage fluctuation and local thermal hotspot in CPU layers are coupled into DRAM layers, causing a non-uniform bit-cell leakage (thereby bit flip) distribution. We propose a performance-power-resilience simulation framework to capture DRAM soft error in 3D multi-core CPU systems. In addition, a dynamic resilience management (DRM) scheme is investigated, which adaptively tunes CPU's operating points to adjust DRAM's voltage noise and thermal condition during runtime. The DRM uses dynamic frequency scaling to achieve a resilience borrow-in strategy, which effectively enhances DRAM's resilience without sacrificing performance. The proposed physical design methodologies should act as important building blocks for 3D ICs and push 3D ICs toward mainstream acceptance in the near future.

Improvements in Hardware Transactional Memory for GPU Architectures

In the multi-core CPU world, transactional memory (TM)has emerged as an alternative to lock-based programming for thread synchronization. Recent research proposes the use of TM in GPU architectures, where a high number of computing threads, organized in SIMT fashion, requires an effective synchronization method. In contrast to CPUs, GPUs offer two memory spaces: global memory and local memory. The local memory space serves as a shared scratch-pad for a subset of the computing threads, and it is used by programmers to speed-up their applications thanks to its low latency. Prior work from the authors proposed a lightweight hardware TM (HTM) support based in the local memory, modifying the SIMT execution model and adding a conflict detection mechanism. An efficient implementation of these features is key in order to provide an effective synchronization mechanism at the local memory level. After a quick description of the main features of our HTM design for GPU local memory, in this work we gather together a number of proposals designed with the aim of improving those mechanisms with high impact on performance. Firstly, the SIMT execution model is modified to increase the parallelism of the application when transactions must be serialized in order to make forward progress. Secondly, the conflict detection mechanism is optimized depending on application characteristics, such us the read/write sets, the probability of conflict between transactions and the existence of read-only transactions. As these features can be present in hardware simultaneously, it is a task of the compiler and runtime to determine which ones are more important for a given application. This work includes a discussion on the analysis to be done in order to choose the best configuration solution.

Preface to Models@run.time 2016

The complexity of adapting software during runtime has spawned interest in how models can be used to validate, monitor and adapt runtime behaviour. The use of models during runtime extends the use of modeling techniques beyond the design and implementation phases. The goal of this workshop is to look at issues related to developing appropriate modeldriven approaches to managing and monitoring the execution of systems and, also, to allow the system to reason about itself. We aim to continue the discussion of research ideas and proposals from researchers who work in relevant areas such as MDE, software architectures, reflection, and autonomic and self-adaptive systems, and provide a 'state-of-the-art' research assessment expressed in terms of challenges and achievements.

Development of a framework to create plugins in Android Apps

The present work aims to allow developers to implement small features on a certain Android application in a fast and easy manner, as well as provide their users to install them ondemand, i.e., they can install the ones they are interested in. These small packages of features are called plugins, and the chosen development language to develop these in was JavaScript. In order to achieve that, an Android framework was developed that enables the host application to install, manage and run these plugins at runtime. This framework was designed to have a very clean and almost readable API, which allowed for better code organization and maintainability. The implementation used the Google’s engine “V8” to interpret the JavaScript code and through a set of JNI calls made that code call certain Android methods previously registered in the runtime. In order to test the framework, it was integrated with the client’s communication application RCS+ using two plugins developed alongside the framework. Although these plugins had only the more common requirements, they were proven to work successfully as intended. Concluding, the framework although successful made it clear that this kind of development through a non-native API has its set of difficulties especially regarding the implementation of complex features.

Improving the Performance of Database-Centric Applications Through Program Analysis

Thesis (Ph.D, Computing) -- Queen's University, 2016-09-30 09:55:51.506

Classifying And Predicting Software Security Vulnerabilities based on Reproducibility

Security defects are common in large software systems because of their size and complexity. Although efficient development processes, testing, and maintenance policies are applied to software systems, there are still a large number of vulnerabilities that can remain, despite these measures. Some vulnerabilities stay in a system from one release to the next one because they cannot be easily reproduced through testing. These vulnerabilities endanger the security of the systems. We propose vulnerability classification and prediction frameworks based on vulnerability reproducibility. The frameworks are effective to identify the types and locations of vulnerabilities in the earlier stage, and improve the security of software in the next versions (referred to as releases). We expand an existing concept of software bug classification to vulnerability classification (easily reproducible and hard to reproduce) to develop a classification framework for differentiating between these vulnerabilities based on code fixes and textual reports. We then investigate the potential correlations between the vulnerability categories and the classical software metrics and some other runtime environmental factors of reproducibility to develop a vulnerability prediction framework. The classification and prediction frameworks help developers adopt corresponding mitigation or elimination actions and develop appropriate test cases. Also, the vulnerability prediction framework is of great help for security experts focus their effort on the top-ranked vulnerability-prone files. As a result, the frameworks decrease the number of attacks that exploit security vulnerabilities in the next versions of the software. To build the classification and prediction frameworks, different machine learning techniques (C4.5 Decision Tree, Random Forest, Logistic Regression, and Naive Bayes) are employed. The effectiveness of the proposed frameworks is assessed based on collected software security defects of Mozilla Firefox.

Clínica médica e cirúrgica em animais de companhia

Este relatório foi realizado no âmbito do estágio curricular do Mestrado Integrado em Medicina Veterinária da Universidade de Évora, que decorreu no Centro Hospitalar Veterinário de 1 de Setembro de 2015 a 1 de Fevereiro de 2016. A primeira componente trata da casuística acompanhada durante o estágio. A área da clínica médica representada com maior frequência foi a gastroenterologia. A segunda componente consiste na revisão bibliográfica sobre a síndrome de dilatação e torção gástrica, complementada com dois casos acompanhados durante o estágio. Esta ocorre principalmente em cães de raça de grande porte, como o Dogue Alemão, o Pastor Alemão, o Poodle Médio e o Rottweiler. O diagnóstico implica uma anamnese completa, tendo como queixas timpanismo abdominal e vómito não produtivo, confirmando-se por raio x abdominal. O tratamento recomendado passa pela rehidratação, descompressão gástrica, gastrectomia parcial (em caso de necrose gástrica) e gastropexia. A gastropexia profilática está recomendada em raças predispostas; Abstract: Small Animal Practice This report was elaborated following a traineeship under the context of integrated masters degree in veterinary medicine of Universidade de Évora at the Centro Hospitalar Veterinario from September 1st, 2015 to February, 1st, 2016. The first component covers the casuistry accompanied during the mentioned traineeship. The most prevalent clinical area was the gastroenterology. The second component consists of a literature review of gastric dilatation volvulus syndrome along the report of two cases followed. This syndrome often occurs in giant dog breeds. Great Dane, German Shepherd, Standard Poodle and Rottweiler, are examples. The main complains are retching and bloat, and the diagnostic is made by abdominal radiography. The treatment consists in stabilization of the patient, gastric decompression, partial gastrectomy (if needed) and gastropexy. Prophylactic grastopexy is the recommended procedure for predisposed breeds.