Gwan Hwan Hwang

REACHABILITY TESTING: AN APPROACH TO TESTING CONCURRENT SOFTWARE

Concurrent programs are more difficult to test than sequential programs because of non-deterministic behavior. An execution of a concurrent program non-deterministically exercises a sequence of synchronization events called a synchronization sequence (or SYN-sequence). Non-deterministic testing of a concurrent program P is to execute P with a given input many times in order to exercise distinct SYN-sequences. In this paper, we present a new testing approach called reachability testing. If every execution of P with input X terminates, reachability testing of P with input X derives and executes all possible SYN-sequences of P with input X. We show how to perform reachability testing of concurrent programs using read and write operations. Also, we present results of empirical studies comparing reachability and non-deterministic testing. Our results indicate that reachability testing has advantages over non-deterministic testing.

An array operation synthesis scheme to optimize Fortran 90 programs

An increasing number of programming languages, such as Fortran 90 and APL, are providing a rich set of intrinsic array functions and array expressions. These constructs which constitute an important part of data parallel languages provide excellent opportunities for compiler optimizations. In this paper, we present a new approach to combine consecutive data access patterns of array constructs into a composite access function to the source arrays. Our scheme is based on the composition of access functions, which is similar to a composition of mathematic functions. Our new scheme can handle not only data movements of arrays of different numbers of dimensions and segmented array operations but also masked array expressions and multiple sources array operations. As a result, our proposed scheme is the first synthesis scheme which can synthesize Fortran 90 RESHAPE, EOSHIFT, MERGE, and WHERE constructs together. Experimental results show speedups from 1.21 to 2.95 for code fragments from real applications on a Sequent multiprocessor machine by incorporating the proposed optimizations.

Reachability testing: an approach to testing concurrent software

Concurrent programs are more difficult to test than sequential programs because of nondeterministic behavior. An execution of a concurrent program nondeterministically exercises a sequence of synchronization events, called a synchronization sequence (or SYN-sequence). Nondeterministic testing of a concurrent program P is to execute P with a given input many times in order to exercise distinct SYN-sequences and produce different results. We present a new testing approach, called reachability testing. If P with input X contains a finite number of SYN-sequences, reachability testing of P with input X can execute all possible SYN-sequences of P with input X. We show how to perform reachability testing of concurrent programs using read and write operations. Also, we present results of empirical studies comparing reachability and nondeterministic testing. Our results indicate that reachability testing has advantages over nondeterministic testing.<<ETX>>

A Function-Composition Approach to Synthesize Fortran 90 Array Operations

An increasing number of programming languages, such as Fortran 90 and APL, are providing a rich set of intrinsic array functions and array expressions. These constructs which constitute an important part of data parallel languages provide excellent opportunities for compiler optimizations. In this paper, we present a new approach to combine consecutive array operations or array expressions into a composite access function of the source arrays. Our scheme is based on the composition of access functions, which is analogous to a composition of mathematic functions. Our new scheme can handle not only data movements of arrays with different numbers of dimensions and with multiple-clause array operations but also masked array expressions and multiple-source array operations. As a result, our proposed scheme is the first synthesis scheme which can collectively synthesize Fortran 90 RESHAPE, EOSHIFT, MERGE, array reduction operations, and WHERE constructs. In addition, we also discuss the case that the synthesis scheme may result in a performance anomaly in the presence of common subexpressions and one-to-many array operations. A solution is proposed to avoid such a performance anomaly. Experimental results show speedups from 1.21 to 2.95 over the base code for code fragments from real applications on a Sequent multiprocessor machine and also show comparable performance improvements on an 8-node SGI Power Challenge by incorporating our proposed optimizations

Technology for testing nondeterministic client/server database applications

The execution of a client/server application involving database access requires a sequence of database transaction events (or, T-events), called a transaction sequence (or, T-sequence). A client/server database application may have nondeterministic behavior in that multiple executions thereof with the same input may produce different T-sequences. We present a framework for testing all possible T-sequences of a client/server database application. We first show how to define a T-sequence in order to provide sufficient information to detect race conditions between T-events. Second, we design algorithms to change the outcomes of race conditions in order to derive race variants, which are prefixes of other T-sequences. Third, we develop a prefix-based replay technique for race variants derived from T-sequences. We prove that our framework can derive all the possible T-sequences in cases where every execution of the application terminates. A formal proof and an analysis of the proposed framework are given. We describe a prototype implementation of the framework and present experimental results obtained from it.

A Mutual Nonrepudiation Protocol for Cloud Storage with Interchangeable Accesses of a Single Account from Multiple Devices

Obtaining mutual nonrepudiation between the user and service provider is crucial in cloud storage. One of the solutions for mutual nonrepudiation is based on logging attestations, which are signed messages. For every request, clients and service provider exchange attestations. These attestations will be used in an auditing protocol to verify their behavior. The chain-hashing scheme chains attestations and stores them in service provider for supporting write serializability and read freshness of files. However, the chain-hashing scheme is inefficient when files in an account can be accessed by multiple client devices interchangeably. In this paper we first show that the chain-hashing scheme cannot resist roll-back attack from service provider unless client devices keep all the attestations or there exists a way to broadcast the last attestation to all the client devices. We propose a scheme that can guarantee mutual nonrepudiation between the user and service provider without requiring the client devices to exchange any messages, and each client device only has to store the last attestation it received. We also propose how to apply the hash tree to remove accumulated attestations. The results from related experiments demonstrate the feasibility of the proposed scheme. A service provider of cloud storage can use the proposed scheme to provide a mutual nonrepudiation guarantee in their service-level agreement.

The design and implementation of an application program interface for securing XML documents

The encryption and signature standards proposed by W3C specifying the format for encrypted XML documents are important advances towards XML security [Eastlake, Donald, Reagle, Joseph, Imamura, Takeshi, Dillaway, Blair, Simon, Ed, 2002. XML Encryption Syntax and Processing. W3C Recommendation 10 December 2002 , Eastlake, Donald, Reagle, Joseph, Solo, David, Bartel, Mark, Boyer, John, Fox, Barb, LaMacchia, Brian, Simon, Ed, 2002. XML-Signature Syntax and Processing W3C Recommendation, 12 February 2002. ]. Related works include the proposal of a specification language that allows a programmer to describe the security details of XML documents [Hwang, Gwan-Hwan, Chang, Tao-Ku, 2004. An operational model and language support for securing XML documents. Computers & Security 23(6), 498-529, Hwang, Gwan-Hwan, Chang, Tao-Ku, 2001. Document security language (DSL) and an efficient automatic securing tool for XML documents. International Conference on Internet Computing, Las Vegas, Nevada, USA, 24-28 June 2001, pp. 393-399]. Despite the success of these works, we consider them to be insufficient from the viewpoint of software engineering. In this paper, we employ some real examples to demonstrate that it is necessary to design an appropriate API for the securing system of subtree encryption for XML documents. The goal is to increase productivity and reduce the cost of maintaining this kind of software, for which we propose a document security language (DSL) API. We describe the implementation of the DSL API, and use experimental results to demonstrate its practicality.

Implementing the Chinese Wall Security Model in Workflow Management Systems

The Chinese wall security model (CWSM) was designed to provide access controls that mitigate conflict of interest in commercial organizations, and is especially important for large-scale interenterprise workflow applications. This paper describes how to implement the CWSM in a WfMS. We first demonstrate situations in which the role-based access control model is not sufficient for this, and we then propose a security policy language to solve this problem, also providing support for the intrinsic dynamic access control mechanism defined in the CWSM (i.e., the dynamic binding of subjects and elements in the company data set). This language can also specify several requirements of the dynamic security policy that arise when applying the CWSM in WfMSs. Finally we discuss how to implement a run-time system to implement CWSM policies specified by this language in a WfMS.

An Operational Model and Language Support for Securing Web Services

In this paper, we propose an operational model to support the security of Web services. In addition to satisfying the basic security requirements, including authentication, confidentiality, data integrity, and nonrepudiation, the proposed model supports security mechanisms such as element-wise encryption and temporal-based element-wise digital signatures. Furthermore, the proposed model supports a flexible key specification scheme called explicit key definition, which can be used to define three different types of keys: static keys, dynamically selected keys, and keys applied to digital signatures. The service requester can determine the identity of the keys used without negotiating with the service provider. The implementation and experimental results demonstrate the feasibility of the proposed system.

Real-Time Proof of Violation for Cloud Storage

In this paper we define and explore proof of violation (POV) for cloud storage systems. A POV scheme enables a user or a service provider to produce a precise proof of either the occurrence of the violation of properties or the innocence of the service provider. POV schemes are solutions for obtaining mutual nonrepudiation between users and the service provider in the cloud. Existing solutions for obtaining mutual nonrepudiation only support epoch-based POV. The drawback of an epoch-based POV scheme is that violation of properties can only be detected at the end of an epoch. We propose a real-time POV scheme in which the auditing can be performed at the time of each file operation. To the best of our knowledge, it is the first scheme that can perform real-time POV for cloud storage. In addition, each client device only needs to store a partial hash tree of files in an account. Experimental results are presented that demonstrate the feasibility of the proposed scheme. Service providers of cloud storage can use the proposed scheme to provide a mutual nonrepudiation guarantee in their service-level agreements.