The RoboCup Simulator League provides an excellent platform for research on swarm computing. Our ... more The RoboCup Simulator League provides an excellent platform for research on swarm computing. Our research focuses on group behaviors emerge from collections of actors making decisions based on local information. Our RoboCup simulator team is designed around an architecture for experimenting with behavioral primitives defined over groups and mechanisms for combining those behaviors.
Abstract One goal of introductory software engineering courses is to motivate and instill good so... more Abstract One goal of introductory software engineering courses is to motivate and instill good software engineering habits. Unfortunately, practical constraints on typical courses often lead to student experiences that are antithetical to that goal: instead of working in large teams and dealing with changing requirements and maintaining programs over many years, courses generally involve students working alone or in small teams with short projects that end the first time the program works correctly on some selected input.
Abstract This paper describes LCLint, an efficient and flexible tool that accepts as input progra... more Abstract This paper describes LCLint, an efficient and flexible tool that accepts as input programs (written in ANSI C) and various levels of formal specification. Using this information, LCLint reports inconsistencies between a program and its specification. We also describe our experience using LCLint to help understand, document, and re-engineer legacy code.
Abstract Concurrent languages have offered parallel loop constructs for some time to allow a para... more Abstract Concurrent languages have offered parallel loop constructs for some time to allow a parallel computation to be expressed in a simple and straightforward fashion. Modern programming languages include exceptions to allow for clean handling of errors or unexpected conditions, but few concurrent languages incorporate exception handling into their models for parallel loops. As a result, programmers that use parallel loops cannot use exceptions to simplify their programs.
Moving target defenses have been proposed as a way to make it much more difficult for an attacker... more Moving target defenses have been proposed as a way to make it much more difficult for an attacker to exploit a vulnerable system by changing aspects of that system to present attackers with a varying attack surface. The hope is that constructing a successful exploit requires analyzing properties of the system, and that in the time it takes an attacker to learn those properties and construct the exploit, the system will have changed enough by the time the attacker can launch the exploit to disrupt the exploit's functionality.
Abstract The article introduces a new approach to code safety. We present Naccio, a system archit... more Abstract The article introduces a new approach to code safety. We present Naccio, a system architecture that allows a large class of safety policies to be expressed in a general and platform-independent way. Policies are defined in terms of abstract resource manipulations. We describe mechanisms that can be used to efficiently and conveniently enforce these safety policies by transforming programs. We are developing implementations of Naccio that enforce policies on JavaVM classes and Win32 executables.
Abstract This paper reports on our experience using a dynamic analysis tool, Terracotta, to autom... more Abstract This paper reports on our experience using a dynamic analysis tool, Terracotta, to automatically infer temporal properties, and a model checker, Java PathFinder, to check the inferred properties. To our best knowledge, this is the first experiment using a model checker to check automatically inferred properties. We introduce two key ideas to make our approach effective. First, we develop techniques for handling context information in a program's execution traces so that some interesting properties can be discovered.
Abstract—Secure two-party computation allows two parties to evaluate a function of their private ... more Abstract—Secure two-party computation allows two parties to evaluate a function of their private inputs without revealing their own inputs to the other party. The garbled circuit technique, developed by Andrew Yao, is a generic approach to secure computation, but has traditionally been viewed as impractical due to lack of efficient frameworks for generating and executing garbled circuits. Our group has been working on ways to make garbled circuit execution more efficient and scalable.
Abstract We present an efficient matching protocol that can be used in many privacy-preserving bi... more Abstract We present an efficient matching protocol that can be used in many privacy-preserving biometric identification systems in the semi-honest setting. Our most general technical contribution is a new backtracking protocol that uses the byproduct of evaluating a garbled circuit to enable efficient oblivious information retrieval.
Abstract Like most academic communities, Computer Science graduate students at the University of ... more Abstract Like most academic communities, Computer Science graduate students at the University of Virginia need to share personal information. Unfortunately, until recently there was no simple or quick way of doing this. A student could provide a text file in his or her home directory, but only users with accounts to the Computer Science server could view it; alternatively, a student could create a home page, but this was a very timeconsuming.
Abstract The Cracker Barrel peg game is a simple, one-player game commonly found on tables at pan... more Abstract The Cracker Barrel peg game is a simple, one-player game commonly found on tables at pancake restaurants. In this paper, we consider the computational complexity of the Cracker Barrel problem. We show that a variation of a generalization of the problem is NP-complete.
Today's software does not come with meaningful guarantees. This position paper explores why this ... more Today's software does not come with meaningful guarantees. This position paper explores why this is the case, suggests societal and technical impediments to more dependable software, and considers what realistic, meaningful guarantees for software would be like and how to achieve them.
ABSTRACT One goal of many introductory software engineering courses is to simulate realistic soft... more ABSTRACT One goal of many introductory software engineering courses is to simulate realistic software engineering. Unfortunately, many of the practical constraints of typical courses are antithetical to that goal: instead of working in large teams on large projects, dealing with changing requirements and maintaining programs over many years, courses generally involve students working alone or in small teams with short projects than end the first time the program works correctly on some selected input.
Abstract Traditional static checkers are limited to detecting simple anomalies since they have no... more Abstract Traditional static checkers are limited to detecting simple anomalies since they have no information regarding the intent of the code. Program verifiers are too expensive for nearly all applications. This thesis investigates the possibilities of using specifications to do lightweight static checks to detect inconsistencies between specifications and implementations. A tool, LCLint, was developed to do static checks on C source code using LCL specifications.
Abstract We present a general methodology for protecting the confidentiality and integrity of use... more Abstract We present a general methodology for protecting the confidentiality and integrity of user data for a class of on-line editing applications. The key insight is that many of these applications are designed to perform most of their data-dependent computation on the client side, so it is possible to maintain their functionality while only exposing an encrypted version of the document to the server.
A fundamental problem with the current operating systems design is that device driver code execut... more A fundamental problem with the current operating systems design is that device driver code executes in the kernel address space with the same level of permissions as the rest of the kernel. Vulnerabilities in device drivers can be exploited to manipulate kernel data structures, and bugs in device driver implementations often lead to system wide crashes. Swift et. al, found that 85% of Windows XP failures are due to flaws in device drivers [SBL03]. Seventy percent of the Linux 2.4.
Abstract Disk drive capabilities and processing power are steadily increasing, and this power giv... more Abstract Disk drive capabilities and processing power are steadily increasing, and this power gives us the possibility of using disks as data processing devices rather than merely for data transfers. In the area of malicious code (malware) detection, anti-virus (AV) engines are slow and have trouble correctly identifying many types of malware. Our goal is to help make malware detection more reliable and more efficient by using the disk drive's processor.
Abstract: The Genesis project sought to provide security through the diversification of software.... more Abstract: The Genesis project sought to provide security through the diversification of software. A major weakness with current information systems is that they use software applications that are clones of each other; a major exploitable flaw in one implies a flaw in all other similarly configured software packages. Breaking this software monoculture was the goal of the bio-inspired diversity area of DARPA's self-regenerative systems program.
Abstract To protect privacy in large systems, users should be able to authenticate against a cent... more Abstract To protect privacy in large systems, users should be able to authenticate against a central server without disclosing their identity to others. Private identification protocols based on public key cryptography are computationally expensive and cannot be implemented on small devices like RFID tags. Symmetric key protocols, on the other hand, provide only modest levels of privacy, but can be efficiently executed on servers and cheaply implemented on devices.
The RoboCup Simulator League provides an excellent platform for research on swarm computing. Our ... more The RoboCup Simulator League provides an excellent platform for research on swarm computing. Our research focuses on group behaviors emerge from collections of actors making decisions based on local information. Our RoboCup simulator team is designed around an architecture for experimenting with behavioral primitives defined over groups and mechanisms for combining those behaviors.
Abstract One goal of introductory software engineering courses is to motivate and instill good so... more Abstract One goal of introductory software engineering courses is to motivate and instill good software engineering habits. Unfortunately, practical constraints on typical courses often lead to student experiences that are antithetical to that goal: instead of working in large teams and dealing with changing requirements and maintaining programs over many years, courses generally involve students working alone or in small teams with short projects that end the first time the program works correctly on some selected input.
Abstract This paper describes LCLint, an efficient and flexible tool that accepts as input progra... more Abstract This paper describes LCLint, an efficient and flexible tool that accepts as input programs (written in ANSI C) and various levels of formal specification. Using this information, LCLint reports inconsistencies between a program and its specification. We also describe our experience using LCLint to help understand, document, and re-engineer legacy code.
Abstract Concurrent languages have offered parallel loop constructs for some time to allow a para... more Abstract Concurrent languages have offered parallel loop constructs for some time to allow a parallel computation to be expressed in a simple and straightforward fashion. Modern programming languages include exceptions to allow for clean handling of errors or unexpected conditions, but few concurrent languages incorporate exception handling into their models for parallel loops. As a result, programmers that use parallel loops cannot use exceptions to simplify their programs.
Moving target defenses have been proposed as a way to make it much more difficult for an attacker... more Moving target defenses have been proposed as a way to make it much more difficult for an attacker to exploit a vulnerable system by changing aspects of that system to present attackers with a varying attack surface. The hope is that constructing a successful exploit requires analyzing properties of the system, and that in the time it takes an attacker to learn those properties and construct the exploit, the system will have changed enough by the time the attacker can launch the exploit to disrupt the exploit's functionality.
Abstract The article introduces a new approach to code safety. We present Naccio, a system archit... more Abstract The article introduces a new approach to code safety. We present Naccio, a system architecture that allows a large class of safety policies to be expressed in a general and platform-independent way. Policies are defined in terms of abstract resource manipulations. We describe mechanisms that can be used to efficiently and conveniently enforce these safety policies by transforming programs. We are developing implementations of Naccio that enforce policies on JavaVM classes and Win32 executables.
Abstract This paper reports on our experience using a dynamic analysis tool, Terracotta, to autom... more Abstract This paper reports on our experience using a dynamic analysis tool, Terracotta, to automatically infer temporal properties, and a model checker, Java PathFinder, to check the inferred properties. To our best knowledge, this is the first experiment using a model checker to check automatically inferred properties. We introduce two key ideas to make our approach effective. First, we develop techniques for handling context information in a program's execution traces so that some interesting properties can be discovered.
Abstract—Secure two-party computation allows two parties to evaluate a function of their private ... more Abstract—Secure two-party computation allows two parties to evaluate a function of their private inputs without revealing their own inputs to the other party. The garbled circuit technique, developed by Andrew Yao, is a generic approach to secure computation, but has traditionally been viewed as impractical due to lack of efficient frameworks for generating and executing garbled circuits. Our group has been working on ways to make garbled circuit execution more efficient and scalable.
Abstract We present an efficient matching protocol that can be used in many privacy-preserving bi... more Abstract We present an efficient matching protocol that can be used in many privacy-preserving biometric identification systems in the semi-honest setting. Our most general technical contribution is a new backtracking protocol that uses the byproduct of evaluating a garbled circuit to enable efficient oblivious information retrieval.
Abstract Like most academic communities, Computer Science graduate students at the University of ... more Abstract Like most academic communities, Computer Science graduate students at the University of Virginia need to share personal information. Unfortunately, until recently there was no simple or quick way of doing this. A student could provide a text file in his or her home directory, but only users with accounts to the Computer Science server could view it; alternatively, a student could create a home page, but this was a very timeconsuming.
Abstract The Cracker Barrel peg game is a simple, one-player game commonly found on tables at pan... more Abstract The Cracker Barrel peg game is a simple, one-player game commonly found on tables at pancake restaurants. In this paper, we consider the computational complexity of the Cracker Barrel problem. We show that a variation of a generalization of the problem is NP-complete.
Today's software does not come with meaningful guarantees. This position paper explores why this ... more Today's software does not come with meaningful guarantees. This position paper explores why this is the case, suggests societal and technical impediments to more dependable software, and considers what realistic, meaningful guarantees for software would be like and how to achieve them.
ABSTRACT One goal of many introductory software engineering courses is to simulate realistic soft... more ABSTRACT One goal of many introductory software engineering courses is to simulate realistic software engineering. Unfortunately, many of the practical constraints of typical courses are antithetical to that goal: instead of working in large teams on large projects, dealing with changing requirements and maintaining programs over many years, courses generally involve students working alone or in small teams with short projects than end the first time the program works correctly on some selected input.
Abstract Traditional static checkers are limited to detecting simple anomalies since they have no... more Abstract Traditional static checkers are limited to detecting simple anomalies since they have no information regarding the intent of the code. Program verifiers are too expensive for nearly all applications. This thesis investigates the possibilities of using specifications to do lightweight static checks to detect inconsistencies between specifications and implementations. A tool, LCLint, was developed to do static checks on C source code using LCL specifications.
Abstract We present a general methodology for protecting the confidentiality and integrity of use... more Abstract We present a general methodology for protecting the confidentiality and integrity of user data for a class of on-line editing applications. The key insight is that many of these applications are designed to perform most of their data-dependent computation on the client side, so it is possible to maintain their functionality while only exposing an encrypted version of the document to the server.
A fundamental problem with the current operating systems design is that device driver code execut... more A fundamental problem with the current operating systems design is that device driver code executes in the kernel address space with the same level of permissions as the rest of the kernel. Vulnerabilities in device drivers can be exploited to manipulate kernel data structures, and bugs in device driver implementations often lead to system wide crashes. Swift et. al, found that 85% of Windows XP failures are due to flaws in device drivers [SBL03]. Seventy percent of the Linux 2.4.
Abstract Disk drive capabilities and processing power are steadily increasing, and this power giv... more Abstract Disk drive capabilities and processing power are steadily increasing, and this power gives us the possibility of using disks as data processing devices rather than merely for data transfers. In the area of malicious code (malware) detection, anti-virus (AV) engines are slow and have trouble correctly identifying many types of malware. Our goal is to help make malware detection more reliable and more efficient by using the disk drive's processor.
Abstract: The Genesis project sought to provide security through the diversification of software.... more Abstract: The Genesis project sought to provide security through the diversification of software. A major weakness with current information systems is that they use software applications that are clones of each other; a major exploitable flaw in one implies a flaw in all other similarly configured software packages. Breaking this software monoculture was the goal of the bio-inspired diversity area of DARPA's self-regenerative systems program.
Abstract To protect privacy in large systems, users should be able to authenticate against a cent... more Abstract To protect privacy in large systems, users should be able to authenticate against a central server without disclosing their identity to others. Private identification protocols based on public key cryptography are computationally expensive and cannot be implemented on small devices like RFID tags. Symmetric key protocols, on the other hand, provide only modest levels of privacy, but can be efficiently executed on servers and cheaply implemented on devices.
Uploads
Papers by David Evans