Jonathan D. Pincus

A static analyzer for finding dynamic programming errors

There are important classes of programming errors that are hard to diagnose, both manually and automatically, because they involve a programs dynamic behavior. This article describes a compile‐time analyzer that detects these dynamic errors in large, real‐world programs. The analyzer traces execution paths through the source code, modeling memory and reporting inconsistencies. In addition to avoiding false paths through the program, this approach provides valuable contextual information to the programmer who needs to understand and repair the defects. Automatically‐created models, abstracting the behavior of individual functions, allow inter‐procedural defects to be detected efficiently. A product built on these techniques has been used effectively on several large commercial programs. Copyright

Towards an algebra for security policies

Clashing security policies leads to vulnerabilities. Violating security policies leads to vulnerabilities. A system today operates in the context of a multitude of security policies, often one per application, one per process, one per user. The more security policies that have to be simultaneously satisfied, the more likely the possibility of a clash or violation, and hence the more vulnerable our system is to attack. Moreover, over time a systems security policies will change. These changes occur at small-scale time steps, e.g., using setuid to temporarily grant a process additional access rights; and at large-scale time steps, e.g., when a user changes his browsers security settings. We address the challenge of determining when a system is in a consistent state in the presence of diverse, numerous, and dynamic interacting security policies.