Abstract-Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90%... more
Abstract-Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90% applications are vulnerable to these ...
Software Testing is the emerging and important field of IT industry because without the concept of software testing, there is no quality software which is produced in the industry. Verification and Validation are the two basic building... more
Software Testing is the emerging and important field of IT industry because without the concept of software testing, there is no quality software which is produced in the industry. Verification and Validation are the two basic building blocks of software testing process. There are various testing tactics, strategies and methodologies to test the software. Path Testing is one such a methodology used to test the software. Basically, path testing is a type of White Box/ Glass Box/ Open Box/ Structural testing technique. It generates the test suite based on the number of independent paths that are presented in a program by drawing the Control Flow Graph of an application. The basic objective of this paper is to acquire the knowledge on the basis path testing by considering a sample of code and the implementation of path testing is described with its merits and demerits.
Applications written in dynamically typed scripting languages are increasingly popular for Web software development. Even on the server side, programmers are using dynamically typed scripting languages such as Ruby and Python to build... more
Applications written in dynamically typed scripting languages are increasingly popular for Web software development. Even on the server side, programmers are using dynamically typed scripting languages such as Ruby and Python to build complex applications quickly. As the number and complexity of dynamically typed scripting language applications grows, optimizing their performance is becoming important. Some of the best performing compilers and optimizers for dynamically typed scripting languages are developed entirely from scratch and target a specific language. This approach is not scalable, given the variety of dynamically typed scripting languages, and the effort involved in developing and maintaining separate infrastructures for each. In this paper, we evaluate the feasibility of adapting and extending an existing production-quality method-based Just-In-Time (JIT) compiler for a language with dynamic types. Our goal is to identify the challenges and shortcomings with the current...
Although graphical user interfaces (GUIs) constitute a large part of the software being developed today and are typically created using rapid prototyping, there are no effective regression testing techniques for GUIs. The needs of GUI... more
Although graphical user interfaces (GUIs) constitute a large part of the software being developed today and are typically created using rapid prototyping, there are no effective regression testing techniques for GUIs. The needs of GUI regression testing differ from those of traditional software. When the structure of a GUI is modified, test cases from the original GUI are either reusable or unusable on the modified GUI. Since GUI test case generation is expensive, our goal is to make the unusable test cases usable. The idea of reusing these unusable ( a.k.a. obsolete ) test cases has not been explored before. In this paper, we show that for GUIs, the unusability of a large number of test cases is a serious problem. We present a novel GUI regression testing technique that first automatically determines the usable and unusable test cases from a test suite after a GUI modification. It then determines which of the unusable test cases can be repaired so they can execute on the modified G...
This paper presents a software-based technique to detect control-flow errors using basic level control-flow checking and inherent redundancy in commodity multi-core processors. The proposed detection technique is composed of two phases of... more
This paper presents a software-based technique to detect control-flow errors using basic level control-flow checking and inherent redundancy in commodity multi-core processors. The proposed detection technique is composed of two phases of basic and program-level control-flow checking. Basic-level control-flow error detection is achieved through inserting additional instructions into program at design time regarding to control-flow graph. Previous research shows that modern superscalar microprocessors already contain significant amounts of redundancy. Program-level control-flow checking can detect CFEs by leveraging existing microprocessors redundancy. Therefore, the cost of adding extra redundancy for fault tolerance is eliminated. In order to evaluate the proposed technique, three workloads quick sort, matrix multiplication and linked list utilized to run on a multi-core processor, and a total of 6000 transient faults have been injected on the processor. The advantage of the proposed technique in terms of performance and memory overheads and detection capability compared with conventional control-flow error detection techniques.
Software Testing is one of the indispensable parts of the software development lifecycle and structural testing is one of the most widely used testing paradigms to test various software. Structural testing relies on code path... more
Software Testing is one of the indispensable parts of the software development lifecycle and structural testing is one of the most widely used testing paradigms to test various software. Structural testing relies on code path identification, which in turn leads to identification of effective paths. Aim of the current paper is to present a simple and novel algorithm with the help of an ant colony optimization, for the optimal path identification by using the basic property and behavior of the ants. This novel approach uses certain set of rules to find out all the effective/optimal paths via ant colony optimization (ACO) principle. The method concentrates on generation of paths, equal to the cyclomatic complexity. This algorithm guarantees full path coverage.
In this paper, we present two new control flow based pointcuts to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. They allow to identify particular join points in a program's... more
In this paper, we present two new control flow based pointcuts to Aspect-Oriented Programming (AOP) languages that are needed for systematic hardening of security concerns. They allow to identify particular join points in a program's control flow graph (CFG). The first proposed primitive is the Closest Common Ancestor (CCA), which returns the closest ancestor join point to the pointcuts of
Program analysis is useful for debugging, testing and maintenance of software systems due to information about the structure and relationship of the program’s modules . In general, program analysis is performed either based on control... more
Program analysis is useful for debugging, testing and maintenance of software systems due to information about the structure and relationship of the program’s modules . In general, program analysis is performed either based on control flow graph or dependence graph. However, in the case of aspect-oriented programming (AOP), control flow graph (CFG) or dependence graph (DG) are not enough to model the properties of Aspect-oriented (AO) programs. With respect to AO programs, although AOP is good for modular representation and crosscutting concern, suitable model for program analysis is required to gather information on its structure for the purpose of minimizing maintenance effort. In this paper Aspect Oriented Dependence Flow Graph (AODFG) as an intermediate representation model is proposed to represent the structure of aspect-oriented programs. AODFG is formed by merging the CFG and DG, thus more information about dependencies between the join points, advice, aspects and their associated construct with the flow of control from one statement to another are gathered. We discussthe performance of AODFG by analysing some examples of AspectJ program taken from AspectJ Development Tools (AJDT).
... Islamabad, Pakistan a.rauf@nu.edu.pk Sajid Anwar Department of Computer Science National university of Computer & Emerging Sciences Islamabad, Pakistansajid.anwar@nu.edu.pk M. Arfan Jaffer Department of Computer ...
A major concern in implementing a checkpoint-based recovery protocol for distributed systems is the performance degradation resulting from process roll-backs. In critical systems, it is highly desirable to contain the rollback distance as... more
A major concern in implementing a checkpoint-based recovery protocol for distributed systems is the performance degradation resulting from process roll-backs. In critical systems, it is highly desirable to contain the rollback distance as well as the number of processes involved in the rollback so that timely recovery is possible. One popular approach to accomplish such goals is to control the communication of messages which are the main cause of error propagation. In this paper, we show that watchdog processor-based concurrent error detection can be merged with recovery so that quick recovery from errors is possible without restricting the communications. The low cost and low latency characteristic of an m-out-of-n code-based error detection scheme is exploited to develop a novel message validation technique which helps in curtailing the excessive rollback during recovery. A simulation analysis is conducted to demonstrate the beneets of combining detection and recovery | an approac...
Detection tools such as virus scanners have performed poorly, particularly when facing previously unknown virus or novel variants of existing ones. This study proposes an efficient and novel method based on arbitrary length of control... more
Detection tools such as virus scanners have performed poorly, particularly when facing previously unknown virus or novel variants of existing ones. This study proposes an efficient and novel method based on arbitrary length of control flow graphs (ALCFG) and similarity of the aligned ALCFG matrix. The metamorphic viruses are generated by two tools; namely: next generation virus creation kit (NGVCK0.30) and virus creation lab for Windows 32 (VCL32). The results show that all the generated metamorphic viruses can be detected by using the suggested approach, while less than 62% are detected by well-known antivirus software.
Attacks often exploit memory errors to gain control over the execution of vulnerable programs. These attacks remain a serious problem despite previous research on techniques to prevent them. We present write integrity testing (WIT), a new... more
Attacks often exploit memory errors to gain control over the execution of vulnerable programs. These attacks remain a serious problem despite previous research on techniques to prevent them. We present write integrity testing (WIT), a new technique that provides practical protection from these attacks. WIT uses points-to analysis at compile time to compute the control-flow graph and the set of objects that can be written by each instruction in the program. Then it generates code instrumented to prevent instructions from ...
This paper presents a software-based technique to detect control-flow errors using basic level control-flow checking and inherent redundancy in commodity multi-core processors. The proposed detection technique is composed of two phases of... more
This paper presents a software-based technique to detect control-flow errors using basic level control-flow checking and inherent redundancy in commodity multi-core processors. The proposed detection technique is composed of two phases of basic and program-level control-flow checking. Basic-level control-flow error detection is achieved through inserting additional instructions into program at design time regarding to control-flow graph. Previous research shows that modern superscalar microprocessors already contain significant amounts of redundancy. Program-level control-flow checking can detect CFEs by leveraging existing microprocessors redundancy. Therefore, the cost of adding extra redundancy for fault tolerance is eliminated. In order to evaluate the proposed technique, three workloads quick sort, matrix multiplication and linked list utilized to run on a multi-core processor, and a total of 6000 transient faults have been injected on the processor. The advantage of the proposed technique in terms of performance and memory overheads and detection capability compared with conventional control-flow error detection techniques.
A program analysis tool can play an important role in helping users understand and improve OpenMP codes. Dragon is a robust interactive program analysis tool based on the Open64 compiler, an open source OpenMP, C/C++/Fortran77/90 compiler... more
A program analysis tool can play an important role in helping users understand and improve OpenMP codes. Dragon is a robust interactive program analysis tool based on the Open64 compiler, an open source OpenMP, C/C++/Fortran77/90 compiler for Intel Itanium systems. We developed the Dragon tool on top of Open64 to exploit its powerful analyses in order to provide static as well as dynamic (feedback-based) information which can be used to develop or optimize OpenMP codes. Dragon enables users to visualize and print essential program structures and obtain runtime information on their applications. Current features include static/dynamic call graphs and control flow graphs, data dependence analysis and interprocedural array region summaries, that help understand procedure side effects within parallel loops. On-going work extends Dragon to display data access patterns at runtime, and provide support for runtime instrumentation and optimizations.