-
Towards Operation Proof Obligation Generation for VDM
Authors:
Nick Battle,
Peter Gorm Larsen
Abstract:
All formalisms have the ability to ensure that their models are internally consistent. Potential inconsistencies are generally highlighted by assertions called proof obligations, and the generation of these obligations is an important role of the tools that support the method. This capability has been available for VDM tools for many years. However, support for obligation generation for explicit o…
▽ More
All formalisms have the ability to ensure that their models are internally consistent. Potential inconsistencies are generally highlighted by assertions called proof obligations, and the generation of these obligations is an important role of the tools that support the method. This capability has been available for VDM tools for many years. However, support for obligation generation for explicit operation bodies has always been limited. This work describes the current state of work to address this, showing the capabilities so far and highlighting the work remaining.
△ Less
Submitted 15 June, 2025;
originally announced June 2025.
-
Software Engineering for Self-Adaptive Robotics: A Research Agenda
Authors:
Shaukat Ali,
Ana Cavalcanti,
Cláudio Ângelo Gonçalves Gomes,
Peter Gorm Larsen,
Hassan Sartaj,
Anastasios Tefas,
Jim Woodcock,
Houxiang Zhang
Abstract:
Self-adaptive robotic systems are designed to operate autonomously in dynamic and uncertain environments, requiring robust mechanisms to monitor, analyse, and adapt their behaviour in real-time. Unlike traditional robotic software, which follows predefined logic, self-adaptive robots leverage artificial intelligence, machine learning, and model-driven engineering to continuously adjust to changing…
▽ More
Self-adaptive robotic systems are designed to operate autonomously in dynamic and uncertain environments, requiring robust mechanisms to monitor, analyse, and adapt their behaviour in real-time. Unlike traditional robotic software, which follows predefined logic, self-adaptive robots leverage artificial intelligence, machine learning, and model-driven engineering to continuously adjust to changing operational conditions while ensuring reliability, safety, and performance. This paper presents a research agenda for software engineering in self-adaptive robotics, addressing critical challenges across two key dimensions: (1) the development phase, including requirements engineering, software design, co-simulation, and testing methodologies tailored to adaptive robotic systems, and (2) key enabling technologies, such as digital twins, model-driven engineering, and AI-driven adaptation, which facilitate runtime monitoring, fault detection, and automated decision-making. We discuss open research challenges, including verifying adaptive behaviours under uncertainty, balancing trade-offs between adaptability, performance, and safety, and integrating self-adaptation frameworks like MAPE-K. By providing a structured roadmap, this work aims to advance the software engineering foundations for self-adaptive robotic systems, ensuring they remain trustworthy, efficient, and capable of handling real-world complexities.
△ Less
Submitted 26 May, 2025;
originally announced May 2025.
-
Identifying Uncertainty in Self-Adaptive Robotics with Large Language Models
Authors:
Hassan Sartaj,
Jalil Boudjadar,
Mirgita Frasheri,
Shaukat Ali,
Peter Gorm Larsen
Abstract:
Future self-adaptive robots are expected to operate in highly dynamic environments while effectively managing uncertainties. However, identifying the sources and impacts of uncertainties in such robotic systems and defining appropriate mitigation strategies is challenging due to the inherent complexity of self-adaptive robots and the lack of comprehensive knowledge about the various factors influe…
▽ More
Future self-adaptive robots are expected to operate in highly dynamic environments while effectively managing uncertainties. However, identifying the sources and impacts of uncertainties in such robotic systems and defining appropriate mitigation strategies is challenging due to the inherent complexity of self-adaptive robots and the lack of comprehensive knowledge about the various factors influencing uncertainty. Hence, practitioners often rely on intuition and past experiences from similar systems to address uncertainties. In this article, we evaluate the potential of large language models (LLMs) in enabling a systematic and automated approach to identify uncertainties in self-adaptive robotics throughout the software engineering lifecycle. For this evaluation, we analyzed 10 advanced LLMs with varying capabilities across four industrial-sized robotics case studies, gathering the practitioners' perspectives on the LLM-generated responses related to uncertainties. Results showed that practitioners agreed with 63-88% of the LLM responses and expressed strong interest in the practicality of LLMs for this purpose.
△ Less
Submitted 29 April, 2025;
originally announced April 2025.
-
Pathological Regularization Regimes in Classification Tasks
Authors:
Maximilian Wiesmann,
Paul Larsen
Abstract:
In this paper we demonstrate the possibility of a trend reversal in binary classification tasks between the dataset and a classification score obtained from a trained model. This trend reversal occurs for certain choices of the regularization parameter for model training, namely, if the parameter is contained in what we call the pathological regularization regime. For ridge regression, we give nec…
▽ More
In this paper we demonstrate the possibility of a trend reversal in binary classification tasks between the dataset and a classification score obtained from a trained model. This trend reversal occurs for certain choices of the regularization parameter for model training, namely, if the parameter is contained in what we call the pathological regularization regime. For ridge regression, we give necessary and sufficient algebraic conditions on the dataset for the existence of a pathological regularization regime. Moreover, our results provide a data science practitioner with a hands-on tool to avoid hyperparameter choices suffering from trend reversal. We furthermore present numerical results on pathological regularization regimes for logistic regression. Finally, we draw connections to datasets exhibiting Simpson's paradox, providing a natural source of pathological datasets.
△ Less
Submitted 20 June, 2024;
originally announced June 2024.
-
State of the Art Report: Verified Computation
Authors:
Jim Woodcock,
Mikkel Schmidt Andersen,
Diego F. Aranha,
Stefan Hallerstede,
Simon Thrane Hansen,
Nikolaj Kuhne Jakobsen,
Tomas Kulik,
Peter Gorm Larsen,
Hugo Daniel Macedo,
Carlos Ignacio Isasa Martin,
Victor Alexander Mtsimbe Norrild
Abstract:
This report describes the state of the art in verifiable computation. The problem being solved is the following:
The Verifiable Computation Problem (Verifiable Computing Problem) Suppose we have two computing agents. The first agent is the verifier, and the second agent is the prover. The verifier wants the prover to perform a computation. The verifier sends a description of the computation to t…
▽ More
This report describes the state of the art in verifiable computation. The problem being solved is the following:
The Verifiable Computation Problem (Verifiable Computing Problem) Suppose we have two computing agents. The first agent is the verifier, and the second agent is the prover. The verifier wants the prover to perform a computation. The verifier sends a description of the computation to the prover. Once the prover has completed the task, the prover returns the output to the verifier. The output will contain proof. The verifier can use this proof to check if the prover computed the output correctly. The check is not required to verify the algorithm used in the computation. Instead, it is a check that the prover computed the output using the computation specified by the verifier. The effort required for the check should be much less than that required to perform the computation.
This state-of-the-art report surveys 128 papers from the literature comprising more than 4,000 pages. Other papers and books were surveyed but were omitted. The papers surveyed were overwhelmingly mathematical. We have summarised the major concepts that form the foundations for verifiable computation. The report contains two main sections. The first, larger section covers the theoretical foundations for probabilistically checkable and zero-knowledge proofs. The second section contains a description of the current practice in verifiable computation. Two further reports will cover (i) military applications of verifiable computation and (ii) a collection of technical demonstrators. The first of these is intended to be read by those who want to know what applications are enabled by the current state of the art in verifiable computation. The second is for those who want to see practical tools and conduct experiments themselves.
△ Less
Submitted 16 February, 2024; v1 submitted 29 August, 2023;
originally announced August 2023.
-
Digital Twin as a Service (DTaaS): A Platform for Digital Twin Developers and Users
Authors:
Prasad Talasila,
Cláudio Gomes,
Peter Høgh Mikkelsen,
Santiago Gil Arboleda,
Eduard Kamburjan,
Peter Gorm Larsen
Abstract:
Establishing digital twins is a non-trivial endeavour especially when users face significant challenges in creating them from scratch. Ready availability of reusable models, data and tool assets, can help with creation and use of digital twins. A number of digital twin frameworks exist to facilitate creation and use of digital twins. In this paper we propose a digital twin framework to author digi…
▽ More
Establishing digital twins is a non-trivial endeavour especially when users face significant challenges in creating them from scratch. Ready availability of reusable models, data and tool assets, can help with creation and use of digital twins. A number of digital twin frameworks exist to facilitate creation and use of digital twins. In this paper we propose a digital twin framework to author digital twin assets, create digital twins from reusable assets and make the digital twins available as a service to other users. The proposed framework automates the management of reusable assets, storage, provision of compute infrastructure, communication and monitoring tasks. The users operate at the level of digital twins and delegate rest of the work to the digital twin as a service framework.
△ Less
Submitted 13 June, 2023; v1 submitted 12 May, 2023;
originally announced May 2023.
-
Bidirectional UML Visualisation of VDM Models
Authors:
Jonas Lund,
Lucas Bjarke Jensen,
Nick Battle,
Peter Gorm Larsen,
Hugo Daniel Macedo
Abstract:
The VDM-PlantUML Plugin enables translations between the text based UML tool PlantUML and VDM++ and has been released as a part of the VDM VSCode extension. This enhances already extensive feature-set of VDM VSCode with support for UML. The link between VDM and UML is thoroughly described with a set of translation rules that serve as the base of the implementation of the translation plugin. This i…
▽ More
The VDM-PlantUML Plugin enables translations between the text based UML tool PlantUML and VDM++ and has been released as a part of the VDM VSCode extension. This enhances already extensive feature-set of VDM VSCode with support for UML. The link between VDM and UML is thoroughly described with a set of translation rules that serve as the base of the implementation of the translation plugin. This is however still an early rendition of the plugin with limited usability due to the loss of information between translations and a lack of workflow optimisations, which we plan to solve in the future.
△ Less
Submitted 13 April, 2023;
originally announced April 2023.
-
VDM recursive functions in Isabelle/HOL
Authors:
Leo Freitas,
Peter Gorm Larsen
Abstract:
For recursive functions general principles of induction needs to be applied. Instead of verifying them directly using the Vienna Development Method Specification Language (VDM-SL), we suggest a translation to Isabelle/HOL. In this paper, the challenges of such a translation for recursive functions are presented. This is an extension of an existing translation and a VDM mathematical toolbox in Isab…
▽ More
For recursive functions general principles of induction needs to be applied. Instead of verifying them directly using the Vienna Development Method Specification Language (VDM-SL), we suggest a translation to Isabelle/HOL. In this paper, the challenges of such a translation for recursive functions are presented. This is an extension of an existing translation and a VDM mathematical toolbox in Isabelle/HOL enabling support for recursive functions.
△ Less
Submitted 30 March, 2023;
originally announced March 2023.
-
Modelling Chess in VDM++
Authors:
Morten Haahr Kristensen,
Peter Gorm Larsen
Abstract:
The game of chess is well-known and widely played all over the world. However, the rules for playing it are rather complex since there are different types of pieces and the ways they are allowed to move depend upon the type of the piece. In this paper we discuss alternative paradigms that can be used for modelling the rule of the chess game using VDM++ and show what we believe is the best model. I…
▽ More
The game of chess is well-known and widely played all over the world. However, the rules for playing it are rather complex since there are different types of pieces and the ways they are allowed to move depend upon the type of the piece. In this paper we discuss alternative paradigms that can be used for modelling the rule of the chess game using VDM++ and show what we believe is the best model. It is also illustrated how this model can be connected to a standard textual notation for the moves in a chess game. This can be used to combine the formal model to a more convenient interface.
△ Less
Submitted 18 March, 2023;
originally announced March 2023.
-
Comparison between the HUBCAP and DIGITBrain Platforms for Model-Based Design and Evaluation of Digital Twins
Authors:
Prasad Talasila,
Daniel-Cristian Crăciunean,
Pirvu Bogdan-Constantin,
Peter Gorm Larsen,
Constantin Zamfirescu,
Alea Scovill
Abstract:
Digital twin technology is an essential approach to managing the lifecycle of industrial products. Among the many approaches used to manage digital twins, co-simulation has proven to be a reliable one. There have been multiple attempts to create collaborative and sustainable platforms for management of digital twins. This paper compares two such platforms, namely the HUBCAP and the DIGITbrain. Bot…
▽ More
Digital twin technology is an essential approach to managing the lifecycle of industrial products. Among the many approaches used to manage digital twins, co-simulation has proven to be a reliable one. There have been multiple attempts to create collaborative and sustainable platforms for management of digital twins. This paper compares two such platforms, namely the HUBCAP and the DIGITbrain. Both these platforms have been and continue to be used among a stable group of researchers and industrial product manufacturers of digital twin technologies. This comparison of the HUBCAP and the DIGITbrain platforms is illustrated with an example use case of industrial factory to be used for manufacturing of agricultural robots.
△ Less
Submitted 15 December, 2022;
originally announced December 2022.
-
Constructing Neural Network-Based Models for Simulating Dynamical Systems
Authors:
Christian Møldrup Legaard,
Thomas Schranz,
Gerald Schweiger,
Ján Drgoňa,
Basak Falay,
Cláudio Gomes,
Alexandros Iosifidis,
Mahdi Abkar,
Peter Gorm Larsen
Abstract:
Dynamical systems see widespread use in natural sciences like physics, biology, chemistry, as well as engineering disciplines such as circuit analysis, computational fluid dynamics, and control. For simple systems, the differential equations governing the dynamics can be derived by applying fundamental physical laws. However, for more complex systems, this approach becomes exceedingly difficult. D…
▽ More
Dynamical systems see widespread use in natural sciences like physics, biology, chemistry, as well as engineering disciplines such as circuit analysis, computational fluid dynamics, and control. For simple systems, the differential equations governing the dynamics can be derived by applying fundamental physical laws. However, for more complex systems, this approach becomes exceedingly difficult. Data-driven modeling is an alternative paradigm that seeks to learn an approximation of the dynamics of a system using observations of the true system. In recent years, there has been an increased interest in data-driven modeling techniques, in particular neural networks have proven to provide an effective framework for solving a wide range of tasks. This paper provides a survey of the different ways to construct models of dynamical systems using neural networks. In addition to the basic overview, we review the related literature and outline the most significant challenges from numerical simulations that this modeling paradigm must overcome. Based on the reviewed literature and identified challenges, we provide a discussion on promising research areas.
△ Less
Submitted 22 July, 2022; v1 submitted 2 November, 2021;
originally announced November 2021.
-
A Survey of Practical Formal Methods for Security
Authors:
Tomas Kulik,
Brijesh Dongol,
Peter Gorm Larsen,
Hugo Daniel Macedo,
Steve Schneider,
Peter Würtz Vinther Tran-Jørgensen,
Jim Woodcock
Abstract:
In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which pr…
▽ More
In today's world, critical infrastructure is often controlled by computing systems. This introduces new risks for cyber attacks, which can compromise the security and disrupt the functionality of these systems. It is therefore necessary to build such systems with strong guarantees of resiliency against cyber attacks. One way to achieve this level of assurance is using formal verification, which provides proofs of system compliance with desired cyber security properties. The use of Formal Methods (FM) in aspects of cyber security and safety-critical systems are reviewed in this article. We split FM into the three main classes: theorem proving, model checking and lightweight FM. To allow the different uses of FM to be compared, we define a common set of terms. We further develop categories based on the type of computing system FM are applied in. Solutions in each class and category are presented, discussed, compared and summarised. We describe historical highlights and developments and present a state-of-the-art review in the area of FM in cyber security. This review is presented from the point of view of FM practitioners and researchers, commenting on the trends in each of the classes and categories. This is achieved by considering all types of FM, several types of security and safety critical systems and by structuring the taxonomy accordingly. The article hence provides a comprehensive overview of FM and techniques available to system designers of security-critical systems, simplifying the process of choosing the right tool for the task. The article concludes by summarising the discussion of the review, focusing on best practices, challenges, general future trends and directions of research within this field.
△ Less
Submitted 3 September, 2021;
originally announced September 2021.
-
The Specification Language Server Protocol: A Proposal for Standardised LSP Extensions
Authors:
Jonas Kjær Rask,
Frederik Palludan Madsen,
Nick Battle,
Hugo Daniel Macedo,
Peter Gorm Larsen
Abstract:
The Language Server Protocol (LSP) changed the field of Integrated Development Environments(IDEs), as it decouples core (programming) language features functionality from editor smarts, thus lowering the effort required to extend an IDE to support a language. The concept is a success and has been adopted by several programming languages and beyond. This is shown by the emergence of several LSP imp…
▽ More
The Language Server Protocol (LSP) changed the field of Integrated Development Environments(IDEs), as it decouples core (programming) language features functionality from editor smarts, thus lowering the effort required to extend an IDE to support a language. The concept is a success and has been adopted by several programming languages and beyond. This is shown by the emergence of several LSP implementations for the many programming and specification languages (languages with a focus on modelling, reasoning, or proofs). However, for such languages LSP has been ad-hocly extended with the additional functionalities that are typically not found for programming languages and thus not supported in LSP. This foils the original LSP decoupling goal, because the move towards a new IDE requires yet another re-implementation of the ad-hoc LSP extension. In this paper we contribute with a conservative extension of LSP providing a first proposal towards a standard protocol decoupling the support of specification languages from the IDE. We hope our research attracts the larger community and motivates the need of a joint task force leading to a standardised LSP extension serving the particular needs of specification languages.
△ Less
Submitted 6 August, 2021;
originally announced August 2021.
-
dMVX: Secure and Efficient Multi-Variant Execution in a Distributed Setting
Authors:
Alexios Voulimeneas,
Dokyung Song,
Per Larsen,
Michael Franz,
Stijn Volckaert
Abstract:
Multi-variant execution (MVX) systems amplify the effectiveness of software diversity techniques. The key idea is to run multiple diversified program variants in lockstep while providing them with the same input and monitoring their run-time behavior for divergences. Thus, adversaries have to compromise all program variants simultaneously to mount an attack successfully. Recent work proposed distr…
▽ More
Multi-variant execution (MVX) systems amplify the effectiveness of software diversity techniques. The key idea is to run multiple diversified program variants in lockstep while providing them with the same input and monitoring their run-time behavior for divergences. Thus, adversaries have to compromise all program variants simultaneously to mount an attack successfully. Recent work proposed distributed, heterogeneous MVX systems that leverage different ABIs and ISAs to increase the diversity between program variants further. However, existing distributed MVX system designs suffer from high performance overhead due to time-consuming network transactions for the MVX system's operations. This paper presents dMVX, a novel hybrid distributed MVX design, which incorporates new techniques that significantly reduce the overhead of MVX systems in a distributed setting. Our key insight is that we can intelligently reduce the MVX operations that use expensive network transfers. First, we can limit the monitoring of system calls that are not security-critical. Second, we observe that, in many circumstances, we can also safely cache or avoid replication operations needed for I/O related system calls. Our evaluation shows that dMVX reduces the performance degradation from over 50% to 3.1% for realistic server benchmarks.
△ Less
Submitted 3 November, 2020;
originally announced November 2020.
-
A Cloud-Based Collaboration Platform for Model-Based Design of Cyber-Physical Systems
Authors:
Peter Gorm Larsen,
Hugo Daniel Macedo,
John Fitzgerald,
Holger Pfeifer,
Martin Benedikt,
Stefano Tonetta,
Angelo Marguglio,
Sergio Gusmeroli,
George Suciu Jr
Abstract:
Businesses, particularly small and medium-sized enterprises, aiming to start up in Model-Based Design (MBD) face difficult choices from a wide range of methods, notations and tools before making the significant investments in planning, procurement and training necessary to deploy new approaches successfully. In the development of Cyber-Physical Systems (CPSs) this is exacerbated by the diversity o…
▽ More
Businesses, particularly small and medium-sized enterprises, aiming to start up in Model-Based Design (MBD) face difficult choices from a wide range of methods, notations and tools before making the significant investments in planning, procurement and training necessary to deploy new approaches successfully. In the development of Cyber-Physical Systems (CPSs) this is exacerbated by the diversity of formalisms covering computation, physical and human processes. In this paper, we propose the use of a cloud-enabled and open collaboration platform that allows businesses to offer models, tools and other assets, and permits others to access these on a pay-per-use basis as a means of lowering barriers to the adoption of MBD technology, and to promote experimentation in a sandbox environment.
△ Less
Submitted 5 May, 2020;
originally announced May 2020.
-
DMON: A Distributed Heterogeneous N-Variant System
Authors:
Alexios Voulimeneas,
Dokyung Song,
Fabian Parzefall,
Yeoul Na,
Per Larsen,
Michael Franz,
Stijn Volckaert
Abstract:
N-Variant Execution (NVX) systems utilize software diversity techniques for enhancing software security. The general idea is to run multiple different variants of the same program alongside each other while monitoring their run-time behavior. If the internal disparity between the running variants causes observable differences in response to malicious inputs, the monitor can detect such divergences…
▽ More
N-Variant Execution (NVX) systems utilize software diversity techniques for enhancing software security. The general idea is to run multiple different variants of the same program alongside each other while monitoring their run-time behavior. If the internal disparity between the running variants causes observable differences in response to malicious inputs, the monitor can detect such divergences in execution and then raise an alert and/or terminate execution. Existing NVX systems execute multiple, artificially diversified program variants on a single host. This paper presents a novel, distributed NVX design that executes program variants across multiple heterogeneous host computers; our prototype implementation combines an x86-64 host with an ARMv8 host. Our approach greatly increases the level of "internal different-ness" between the simultaneously running variants that can be supported, encompassing different instruction sets, endianness, calling conventions, system call interfaces, and potentially also differences in hardware security features. A major challenge to building such a heterogeneous distributed NVX system is performance. We present solutions to some of the main performance challenges. We evaluate our prototype system implementing these ideas to show that it can provide reasonable performance on a wide range of realistic workloads.
△ Less
Submitted 8 March, 2019;
originally announced March 2019.
-
Co-simulation of Continuous Systems: A Tutorial
Authors:
Cláudio Gomes,
Casper Thule,
Peter Gorm Larsen,
Joachim Denil,
Hans Vangheluwe
Abstract:
Co-simulation consists of the theory and techniques to enable global simulation of a coupled system via the composition of simulators. Despite the large number of applications and growing interest in the challenges, the field remains fragmented into multiple application domains, with limited sharing of knowledge.
This tutorial aims at introducing co-simulation of continuous systems, targeted at…
▽ More
Co-simulation consists of the theory and techniques to enable global simulation of a coupled system via the composition of simulators. Despite the large number of applications and growing interest in the challenges, the field remains fragmented into multiple application domains, with limited sharing of knowledge.
This tutorial aims at introducing co-simulation of continuous systems, targeted at researchers new to the field.
△ Less
Submitted 22 September, 2018;
originally announced September 2018.
-
SoK: Sanitizing for Security
Authors:
Dokyung Song,
Julian Lettner,
Prabhu Rajasekaran,
Yeoul Na,
Stijn Volckaert,
Per Larsen,
Michael Franz
Abstract:
The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program analysis. Dynamic bug finding tools --- henceforth "sanitizers" --- can find bugs that elude other types of analysis because they observe the actual execution of a…
▽ More
The C and C++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program analysis. Dynamic bug finding tools --- henceforth "sanitizers" --- can find bugs that elude other types of analysis because they observe the actual execution of a program, and can therefore directly observe incorrect program behavior as it happens.
A vast number of sanitizers have been prototyped by academics and refined by practitioners. We provide a systematic overview of sanitizers with an emphasis on their role in finding security issues. Specifically, we taxonomize the available tools and the security vulnerabilities they cover, describe their performance and compatibility properties, and highlight various trade-offs.
△ Less
Submitted 12 June, 2018;
originally announced June 2018.
-
Robotic design choice overview using co-simulation
Authors:
Martin Peter Christiansen,
Peter Gorm Larsen,
Rasmus Nyholm Jørgensen
Abstract:
Rapid robotic system development sets a demand for multi-disciplinary methods and tools to explore and compare design alternatives. In this paper, we present collaborative modeling that combines discrete-event models of controller software with continuous-time models of physical robot components. The presented co-modeling method utilized VDM for discrete-event and 20-sim for continuous-time modeli…
▽ More
Rapid robotic system development sets a demand for multi-disciplinary methods and tools to explore and compare design alternatives. In this paper, we present collaborative modeling that combines discrete-event models of controller software with continuous-time models of physical robot components. The presented co-modeling method utilized VDM for discrete-event and 20-sim for continuous-time modeling. The collaborative modeling method is illustrated with a concrete example of collaborative model development of a mobile robot animal feeding system. Simulations are used to evaluate the robot model output response in relation to operational demands. The result of the simulations provides the developers with an overview of the impacts of each solution instance in the chosen design space. Based on the solution overview the developers can select candidates that are deemed viable to be deployed and tested on an actual physical robot.
△ Less
Submitted 17 February, 2018;
originally announced February 2018.
-
PartiSan: Fast and Flexible Sanitization via Run-time Partitioning
Authors:
Julian Lettner,
Dokyung Song,
Taemin Park,
Stijn Volckaert,
Per Larsen,
Michael Franz
Abstract:
Sanitizers can detect security vulnerabilities in C/C++ code that elude static analysis. Current practice is to continuously fuzz and sanitize internal pre-release builds. Sanitization-enabled builds are rarely released publicly. This is in large part due to the high memory and processing requirements of sanitizers.
We present PartiSan, a run-time partitioning technique that speeds up sanitizers…
▽ More
Sanitizers can detect security vulnerabilities in C/C++ code that elude static analysis. Current practice is to continuously fuzz and sanitize internal pre-release builds. Sanitization-enabled builds are rarely released publicly. This is in large part due to the high memory and processing requirements of sanitizers.
We present PartiSan, a run-time partitioning technique that speeds up sanitizers and allows them to be used in a more flexible manner. Our core idea is to partition the execution into sanitized slices that incur a run-time overhead, and unsanitized slices running at full speed. With PartiSan, sanitization is no longer an all-or-nothing proposition. A single build can be distributed to every user regardless of their willingness to enable sanitization and the capabilities of their host system. PartiSan can automatically adjust the amount of sanitization to fit within a performance budget or disable sanitization if the host lacks sufficient resources. The flexibility afforded by run-time partitioning also means that we can alternate between different types of sanitizers dynamically; today, developers have to pick a single type of sanitizer ahead of time. Finally, we show that run-time partitioning can speed up fuzzing by running the sanitized partition only when the fuzzer discovers an input that causes a crash or uncovers new execution paths.
△ Less
Submitted 14 May, 2018; v1 submitted 21 November, 2017;
originally announced November 2017.
-
Multi-Variant Execution of Parallel Programs
Authors:
Stijn Volckaert,
Bjorn De Sutter,
Koen De Bosschere,
Per Larsen
Abstract:
Multi-Variant Execution Environments (MVEEs) are a promising technique to protect software against memory corruption attacks. They transparently execute multiple, diversified variants (often referred to as replicae) of the software receiving the same inputs. By enforcing and monitoring the lock-step execution of the replicae's system calls, and by deploying diversity techniques that prevent an att…
▽ More
Multi-Variant Execution Environments (MVEEs) are a promising technique to protect software against memory corruption attacks. They transparently execute multiple, diversified variants (often referred to as replicae) of the software receiving the same inputs. By enforcing and monitoring the lock-step execution of the replicae's system calls, and by deploying diversity techniques that prevent an attacker from simultaneously compromising multiple replicae, MVEEs can block attacks before they succeed.
Existing MVEEs cannot handle non-trivial multi-threaded programs because their undeterministic behavior introduces benign system call inconsistencies in the replicae, which trigger false positive detections and deadlocks in the MVEEs. This paper for the first time extends the generality of MVEEs to protect multi-threaded software by means of secure and efficient synchronization replication agents. On the PARSEC 2.1 parallel benchmarks running with four worker threads, our prototype MVEE incurs a run-time overhead of only 1.32x.
△ Less
Submitted 26 July, 2016;
originally announced July 2016.
-
Control-Flow Integrity: Precision, Security, and Performance
Authors:
Nathan Burow,
Scott A. Carr,
Joseph Nash,
Per Larsen,
Michael Franz,
Stefan Brunthaler,
Mathias Payer
Abstract:
Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the intended control flow. Researchers have spent more than a decade studying and refining defenses based on Control-Flow Integrity (CFI), and this technique is now int…
▽ More
Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the intended control flow. Researchers have spent more than a decade studying and refining defenses based on Control-Flow Integrity (CFI), and this technique is now integrated into several production compilers. However, so far no study has systematically compared the various proposed CFI mechanisms, nor is there any protocol on how to compare such mechanisms.
We compare a broad range of CFI mechanisms using a unified nomenclature based on (i) a qualitative discussion of the conceptual security guarantees, (ii) a quantitative security evaluation, and (iii) an empirical evaluation of their performance in the same test environment. For each mechanism, we evaluate (i) protected types of control-flow transfers, (ii) the precision of the protection for forward and backward edges. For open-source compiler-based implementations, we additionally evaluate (iii) the generated equivalence classes and target sets, and (iv) the runtime performance.
△ Less
Submitted 27 January, 2017; v1 submitted 12 February, 2016;
originally announced February 2016.
-
Towards Enabling Overture as a Platform for Formal Notation IDEs
Authors:
Luís Diogo Couto,
Peter Gorm Larsen,
Miran Hasanagić,
Georgios Kanakis,
Kenneth Lausdahl,
Peter W. V. Tran-Jørgensen
Abstract:
Formal Methods tools will never have as many users as tools for popular programming languages and so the effort spent on constructing Integrated Development Environments (IDEs) will be orders of magnitudes lower than that of programming languages such as Java. This means newcomers to formal methods do not get the same user experience as with their favourite programming IDE. In order to improve thi…
▽ More
Formal Methods tools will never have as many users as tools for popular programming languages and so the effort spent on constructing Integrated Development Environments (IDEs) will be orders of magnitudes lower than that of programming languages such as Java. This means newcomers to formal methods do not get the same user experience as with their favourite programming IDE. In order to improve this situation it is essential that efforts are combined so it is possible to reuse common features and thus not start from scratch every time. This paper presents the Overture platform where such a reuse philosophy is present. We give an overview of the platform itself as well as the extensibility principles that enable much of the reuse. The paper also contains several examples platform extensions, both in the form of new features and a new IDE supporting a new language.
△ Less
Submitted 16 August, 2015;
originally announced August 2015.
-
Similarity-based matching meets Malware Diversity
Authors:
Mathias Payer,
Stephen Crane,
Per Larsen,
Stefan Brunthaler,
Richard Wartell,
Michael Franz
Abstract:
Similarity metrics, e.g., signatures as used by anti-virus products, are the dominant technique to detect if a given binary is malware. The underlying assumption of this approach is that all instances of a malware (or even malware family) will be similar to each other.
Software diversification is a probabilistic technique that uses code and data randomization and expressiveness in the target ins…
▽ More
Similarity metrics, e.g., signatures as used by anti-virus products, are the dominant technique to detect if a given binary is malware. The underlying assumption of this approach is that all instances of a malware (or even malware family) will be similar to each other.
Software diversification is a probabilistic technique that uses code and data randomization and expressiveness in the target instruction set to generate large amounts of functionally equivalent but different binaries. Malware diversity builds on software diversity and ensures that any two diversified instances of the same malware have low similarity (according to a set of similarity metrics). An LLVM-based prototype implementation diversifies both code and data of binaries and our evaluation shows that signatures based on similarity only match one or few instances in a pool of diversified binaries generated from the same source code.
△ Less
Submitted 27 September, 2014;
originally announced September 2014.
