Richard C. Linger

Function-theoretic principles of program understanding

The authors propose a comprehensive methodology for automated program abstraction of computer programs. The theoretical foundations that support program abstraction are functional abstraction, data analysis, program slicing, and pattern matching. The theory of functional abstraction is applied to an example program. The localization of data scope is described as a step to facilitate the abstraction process. Techniques are presented for automatically abstracting the functions of both nonlooping and looping control structures.<<ETX>>

Function Extraction: Automated Behavior Computation for Aer ospace Software Verification and Certification

[Abstract] The complex aerospace systems of the future will challenge the capabi lities of present -day software engineering, which is reaching cost and complexity limits of development technologies evolved in the first fifty years of computing. A new science for the next fifty years is required to transform software engineering into a computational discipline capable of fast and dependable software development. This paper describes verification and certification challenges for avionics software, in particular, the need to verify behavior in all circumstances of use. The emerging technol ogy of function extraction (FX) for automated computation of software behavior is discussed as a new technology for avionics software certification. An FX demonstration system is employed to illustrate the role of behavior computation in the avionics certi fication process.

Automated vulnerability detection for compiled smart grid software

While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

Realism in Teaching Cybersecurity Research: The Agile Research Process

As global threats to information systems continue to increase, the value of effective cybersecurity research has never been greater. There is a pressing need to educate future researchers about the research process itself, which is increasingly unpredictable, multi-disciplinary, multi-organizational, and team-oriented. In addition, there is a growing demand for cybersecurity research that can produce fast, authoritative, and actionable results. In short, speed matters. Organizations conducting cyber defense can benefit from the knowledge and experience of the best minds in order to make effective decisions in difficult and fast moving situations. The Agile Research process is a new approach to provide such rapid, authoritative, applied research. It is designed to be fast, transparent, and iterative, with each iteration producing results that can be applied quickly. Purdue University is employing Agile Research as a teaching vehicle in an innovative, multi-university graduate program with government sponsor participation, as described in this paper. Because it simulates real-world operations and processes, this program is equipping students to become effective contributors to cybersecurity research.

Automated Behavior Computation for Software Analysis and Validation

Software systems can exhibit massive numbers of execution paths, and even comprehensive testing can exercise only a small fraction of these. It is no surprise that systems experience errors and vulnerabilities in use when many executions are untested. Computations over the functional semantics of programs may offer a potential solution. Structured programs are expressed in a finite hierarchy of control structures, each of which corresponds to a mathematical function or relation. A correctness theorem defines transformation of these structures from procedural logic into non-procedural, as-built specifications of behavior. These computed specifications enumerate behavior for all circumstances of use and cover the behavior space. Automation of these computations affords a new means for validating software functionality and security properties. This paper describes theory and implementation for loop behavior computation in particular, and illustrates use of an automated behavior computation system to validate a miniature looping program with and without embedded malware.

Controlling Combinatorial Complexity in Software and Malware Behavior Computation

Virtually all software is out of intellectual control in that no one knows its full behavior. Software Behavior Computation (SBC) is a new technology for understanding everything software does. SBC applies the mathematics of denotational semantics implemented by function composition in Functional Trace Tables (FTTs) to compute the behavior of programs, expressed as disjoint cases of conditional concurrent assignments. In some circumstances, combinatorial explosions in the number of cases can occur when calculating the behavior of sequences of multiple branching structures. This paper describes computational methods that avoid combinatorial explosions. The predicates that control branching structures such as ifthenelses can be organized into three categories: 1) Independent, resulting in no behavior case explosion, 2) Coordinated, resulting in two behavior cases, or 3) Goal-oriented, with potential exponential growth in the number of cases. Traditional FTT-based behavior computation can be augmented by two additional computational methods, namely, Single-Value Function Abstractions (SVFAs) and, introduced in this paper, Relational Trace Tables (RTTs). These methods can be applied to the three predicate categories to avoid combinatorial growth in behavior cases while maintaining mathematical correctness.

Computing legacy software behavior to understand functionality and security properties: an IBM/370 demonstration

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address current cyber threats. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation on a demonstration project to compute behavior of legacy IBM Assembly code for a federal agency. The ultimate goal is to understand functionality and security vulnerabilities for code modernization. This paper reports on the first phase, to define functional semantics for IBM instructions and conduct behavior computation experiments.

Introduction to the Software Testing and Internet Testbeds Minitrack

As software testing becomes a more complex and extensive process, an opportunity exists to bring together researchers and practitioners from a variety of testing venues to share promising methods, research and technologies. This minitrack focuses on software testing in general and internet testbeds in particular. The papers presented here reflect the variety, scope, and scale of testing ranging from embedded systems testing to large scale network emulation testing. Each paper offers a unique or new way to approach the problem of assuring that the systems perform only their intended functionality and do not include any new vulnerabilities or unexpected outputs. The first paper, “New Trends in Security Evaluation of Bayesian Network based Malware Detection Models,” by Eric Filiol and Sebastien Josse discusses the design and evaluation of statistical information retrieval models, presents informationtheory-based criteria to characterize the effectiveness of spectral analysis models, and discusses the limits of such models. The second paper, “Cloud Chamber: A Self¬Organizing Facility to Create, Exercise, and Examine Software as Service Tenants,” by M. Brent Reynolds, Donald Hulce, Kenneth Hopkinson, Mark Oxley, and Barry Mullins, presents a testbed for understanding how web services behave as tenants in a Software as a Service environment. The testbed inserts sensors into web servers to collect performance data and generates profiles of resource usage for services and availability of servers. The information is used to calculate configurations which better meet changing requirements. The third paper, “Effort Estimates for Vulnerability Discovery Projects,” by Teodor Sommestad, Hannes Holm and Mathias Ekstedt, analyzes weighted estimates from domain experts using Cooke’s classical method on the amount of effort required for a penetration tester to find zero-day vulnerability in a software product. In the paper, “On the Fault-Detection capabilities of Adaptive Random Test Case Prioritization: Case Studies with Large Test Suites,” by Zhi Quan Zhou, Arnaldo Sinaga, and Willy Susilo, the authors investigate the fault-detection capabilities of using frequency information for adaptive random test case prioritization and then comparing Jaccard Distance and Coverage Manhattan Distance. Their results show which approach is superior and how they can be used in a complementary fashion. The fifth paper, “Effectiveness of Random testing of Embedded Systems,” by Padmanabhan Krishnan, R. Venkatesh, Prasad Bokil, Tukaram Muske, and Vijay Suman, examines how practitioners can choose an effective technique to test their systems in an embedded environment. The authors present their findings about test case generation at both the system and unit testing levels. In the sixth paper, “Partitioning Trust in Network Testbeds,” by Gary Won, Robert Ricci, Jonathon Duerig, Leigh Stroller, Srikanth, Chikkulapelly, and Woojn Seok, the authors argue that partitioned trust is increasingly important in large-scale and securitysensitive testbeds. They present a design that accomplishes partitioning by using multiple trust roots. They explain the details of their implementation and share experiences of using it with hundreds of users. The seventh paper, “Automated Behavior Computation for Software Analysis and Validation,” by Mark Pleszkoch, Richard Linger, Stacy Prowell, Kirk Sayre, and Luanne Burns, describes the emerging technology of software behavior computation as a means to derive the full functional effect of software for validation of functionality and analysis of security properties. A system to automate this process, the Function Extraction system, is described, with special focus on implementation of loop behavior computation. Use of a behavior computation system is illustrated for validating a miniature looping program with and without embedded malware. 2012 45th Hawaii International Conference on System Sciences