发布求助
文献互助 智能选刊 最新文献

ACM Sigada Ada Letters最新文献

筛选
英文 中文
SPARK Formal Verification for Security SPARK安全形式验证
ACM Sigada Ada Letters Pub Date : 2020-01-10 DOI: 10.1145/3379106.3379117
Tucker Taft
{"title":"SPARK Formal Verification for Security","authors":"Tucker Taft","doi":"10.1145/3379106.3379117","DOIUrl":"https://doi.org/10.1145/3379106.3379117","url":null,"abstract":"PDF of Powerpoint Slides","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121483740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Common Vulnerabilities Enumeration (CVE), Common Weakness Enumeration (CWE), and Common Quality Enumeration (CQE): Attempting to systematically catalog the safety and security challenges for modern, networked, software-intensive systems 公共漏洞枚举(CVE)、公共弱点枚举(CWE)和公共质量枚举(CQE):尝试对现代、网络化、软件密集型系统的安全和安全挑战进行系统编目
ACM Sigada Ada Letters Pub Date : 2019-12-06 DOI: 10.1145/3375408.3375410
Bob Martin
{"title":"Common Vulnerabilities Enumeration (CVE), Common Weakness Enumeration (CWE), and Common Quality Enumeration (CQE): Attempting to systematically catalog the safety and security challenges for modern, networked, software-intensive systems","authors":"Bob Martin","doi":"10.1145/3375408.3375410","DOIUrl":"https://doi.org/10.1145/3375408.3375410","url":null,"abstract":"PDF of Powerpoint Slides","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"200 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115062455","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Programming Languages for Security 面向安全的编程语言
ACM Sigada Ada Letters Pub Date : 2019-12-06 DOI: 10.1145/3375408.3375414
Stephen Chong
{"title":"Programming Languages for Security","authors":"Stephen Chong","doi":"10.1145/3375408.3375414","DOIUrl":"https://doi.org/10.1145/3375408.3375414","url":null,"abstract":"PDF of Powerpoint Slides","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128669342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cyber Resiliency Overview: What Is It, and How Do We Build It into Our Systems? 网络弹性概述:它是什么,我们如何将其构建到我们的系统中?
ACM Sigada Ada Letters Pub Date : 2019-12-06 DOI: 10.1145/3375408.3375412
D. Bodeau
{"title":"Cyber Resiliency Overview: What Is It, and How Do We Build It into Our Systems?","authors":"D. Bodeau","doi":"10.1145/3375408.3375412","DOIUrl":"https://doi.org/10.1145/3375408.3375412","url":null,"abstract":"What Is Cyber Resiliency? Cyber Resiliency: The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130321129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Minimal Specifications for Detecting Security Vulnerabilities 检测安全漏洞的最小规范
ACM Sigada Ada Letters Pub Date : 2019-12-06 DOI: 10.1145/3375408.3375417
Andrew Berns, James Curbow, Joshua Hilliard, Sheriff Jorkeh, Miho Sanders
{"title":"Minimal Specifications for Detecting Security Vulnerabilities","authors":"Andrew Berns, James Curbow, Joshua Hilliard, Sheriff Jorkeh, Miho Sanders","doi":"10.1145/3375408.3375417","DOIUrl":"https://doi.org/10.1145/3375408.3375417","url":null,"abstract":"Computers are nearly ubiquitous in modern society with uses from maintaining friendships and monitoring homes to managing money and coordinating health care. As the roles of a computer continue to expand, so to does the threat posed by cyberattacks. An important challenge for today's software engineers is to build secure software and help neutralize these threats. Formal methods have long been suggested as an excellent way to build secure software but have not been widely adopted for this purpose. The \"conventional wisdom\" has suggested several reasons for this slow adoption, including a steep learning curve, difficulty in augmenting existing systems, and lack of tools with security-specific abstractions. Our hypothesis, however, is that applying a small and easy to learn subset of the techniques available today could significantly decrease software vulnerabilities and reduce the risk of cyberattacks. In this paper, we discuss the motivation for our hypothesis and discuss our ongoing experiment to test it.","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115711629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
SPARK by Example: an introduction to formal verification through the standard C++ library SPARK示例:通过标准c++库进行形式化验证的介绍
ACM Sigada Ada Letters Pub Date : 2019-12-06 DOI: 10.1145/3375408.3375415
Léo Creuse, Joffrey Huguet, C. Garion, J. Hugues
{"title":"SPARK by Example: an introduction to formal verification through the standard C++ library","authors":"Léo Creuse, Joffrey Huguet, C. Garion, J. Hugues","doi":"10.1145/3375408.3375415","DOIUrl":"https://doi.org/10.1145/3375408.3375415","url":null,"abstract":"This paper presents SPARK by Example [10], a guide for people wanting to get involved in formal verification of SPARK programs. SPARK by Example is inspired by ACSL by Example, a similar effort for C/ACSL programs, and provides detailed specification, implementation and proof of classic algorithms (array manipulation, sorting, heap etc). A comparison between ACSL and SPARK is done in the light of proof performance and ease of use.","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125225012","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Tool Support for Confidentiality-by-Construction 对按构造保密的工具支持
ACM Sigada Ada Letters Pub Date : 2019-12-06 DOI: 10.1145/3375408.3375413
Tobias Runge, Ina Schaefer, Alexander Knüppel, L. Cleophas, D. Kourie, B. Watson
{"title":"Tool Support for Confidentiality-by-Construction","authors":"Tobias Runge, Ina Schaefer, Alexander Knüppel, L. Cleophas, D. Kourie, B. Watson","doi":"10.1145/3375408.3375413","DOIUrl":"https://doi.org/10.1145/3375408.3375413","url":null,"abstract":"In many software applications, it is necessary to preserve confidentiality of information. Therefore, security mechanisms are needed to enforce that secret information does not leak to unauthorized users. However, most language-based techniques that enable information flow control work post-hoc, deciding whether a specific program violates a confidentiality policy. In contrast, we proposed in previous work a refinement-based approach to derive programs that preserve confidentiality-by-construction. This approach follows the principles of Dijkstra's correctness-by-construction. In this extended abstract, we present the implementation and tool support of that refinement-based approach allowing to specify the information flow policies first and to create programs in a simple while language which comply to these policies by construction. In particular, we present the idea of confidentiality-by-construction using an example and discuss the IDE C-CorC supporting this development approach.","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128875219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Soundness of a Dataflow Analysis for Memory Monitoring 内存监控数据流分析的合理性
ACM Sigada Ada Letters Pub Date : 2019-12-06 DOI: 10.1145/3375408.3375416
Dara Ly, N. Kosmatov, Julien Signoles, F. Loulergue
{"title":"Soundness of a Dataflow Analysis for Memory Monitoring","authors":"Dara Ly, N. Kosmatov, Julien Signoles, F. Loulergue","doi":"10.1145/3375408.3375416","DOIUrl":"https://doi.org/10.1145/3375408.3375416","url":null,"abstract":"An important concern addressed by runtime verification tools for C code is related to detecting memory errors. It requires to monitor some properties of memory locations (e.g., their validity and initialization) along the whole program execution. Static analysis based optimizations have been shown to significantly improve the performances of such tools by reducing the monitoring of irrelevant locations. However, soundness of the verdict of the whole tool strongly depends on the soundness of the underlying static analysis technique. This paper tackles this issue for the dataflow analysis used to optimize the E-ACSL runtime assertion checking tool.We formally define the core dataflow analysis used by E-ACSL and prove its soundness.","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124059567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Approaches to Cyber-Resilience through Language System Design 通过语言系统设计实现网络弹性
ACM Sigada Ada Letters Pub Date : 2019-12-06 DOI: 10.1145/3375408.3375411
D. A. Wheeler
{"title":"Approaches to Cyber-Resilience through Language System Design","authors":"D. A. Wheeler","doi":"10.1145/3375408.3375411","DOIUrl":"https://doi.org/10.1145/3375408.3375411","url":null,"abstract":"Software doesn't do what users wish due to defects, including security vulnerabilities Especially focus on vulnerabilities Defect categories for our purposes: Unintentional defects Security-related defects Non-security-related defects Intentional defects from malicious individual or subversion appearing to be from individual Need to help organization counter underhanded code Malicious organization: Hard to deal with Organization's goal & might not be considered defects Mechanisms to support independent review can help","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131221984","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Session Summary: Language Issues 会议总结:语言问题
ACM Sigada Ada Letters Pub Date : 2018-07-23 DOI: 10.1145/3241950.3241965
T. Vardanega, Andy Andy Wellings
{"title":"Session Summary: Language Issues","authors":"T. Vardanega, Andy Andy Wellings","doi":"10.1145/3241950.3241965","DOIUrl":"https://doi.org/10.1145/3241950.3241965","url":null,"abstract":"This position paper follows from a previous proposal to integrate a time-triggered scheduler in a priority- based, preemptive scheduler such as that supported by Ada's task dispatching policy FIFO Within Priorities . The resulting combined scheduling carries the advantages of both time-triggered and priority-based scheduling, and helps mitigating their drawbacks. The paper presents a system model for the time-triggered subsystem that extends the original proposal, and describes a Ravenscar implementation of the scheduler at the run-time system level, in the form of a new package Ada.Dispatching.TTS. Multiple programming patterns can be implemented on top of this scheduler. With respect to the previously proposed full-Ada implementation, only patterns that implied the use of asynchronous transfer of control have been excluded. On the other hand, the extension of the original model enables new patterns, not supported in our previous proposal, using the new types of continuation and optional slots. We hold that bringing the time-triggered paradigm to Ravenscar is both feasible and convenient for the High-Integrity and Embedded application domains.","PeriodicalId":330677,"journal":{"name":"ACM Sigada Ada Letters","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123684496","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信