Program Behavior Research Articles

DOPdefender: An approach to thwarting data-oriented programming attacks based on a data-aware automaton

In recent years, non-control data attacks have become a popular topic in the field of network security. These attacks, such as data-oriented programming (DOP), do not aim to circumvent the control-flow integrity (CFI) protections; rather, they need corrupt only the security-critical non-control data of the target program. Non-control data attacks have been shown to achieve Turing-complete computation. In this paper, we build a non-control data attack description model and analyse feasible defence strategies. We present a new program behaviour model, i.e., the data-aware finite-state automaton (dFSA). Based on the dFSA, we propose the DOPdefender method, which is a method of defending against non-control data attacks. DOPdefender monitors the target process and is aware of the security-critical non-control data that are expected to be operated at runtime, thus validating the legality of the operation on the security-critical non-control data. DOPdefender can prevent adversaries from corrupting the security-critical non-control data of the target program and defend against existing non-control data attacks. We evaluate our method on a Linux operating system. An effectiveness test and a performance test indicate the effectiveness of DOPdefender in thwarting non-control data attacks with a 28.4% runtime overhead on average for CPU-intensive programs and a 13.5% runtime overhead on average for I/O-intensive programs. In the Limitations Section, we discuss a solution to making our method scalable for large-scale programs under some guiding information.

An investigation of misunderstanding code patterns in C open-source software projects

Maintenance consumes 40% to 80% of software development costs. So, it is essential to write source code that is easy to understand to reduce the costs with maintenance. Improving code understanding is important because developers often mistake the meaning of code, and misjudge the program behavior, which can lead to errors. There are patterns in source code, such as operator precedence, and comma operator, that have been shown to influence code understanding negatively. Despite initial results, these patterns have not been evaluated in a real-world setting, though. Thus, it is not clear whether developers agree that the patterns studied by researchers can cause substantial misunderstandings in real-world practice. To better understand the relevance of misunderstanding patterns, we applied a mixed research method approach, by performing repository mining and a survey with developers, to evaluate misunderstanding patterns in 50 C open-source projects, including Apache, OpenSSL, and Python. Overall, we found more than 109K occurrences of the 12 patterns in practice. Our study shows that according to developers only some patterns considered previously by researchers may cause misunderstandings. Our results complement previous studies by taking the perception of developers into account.

Towards energy aware object-oriented development of android applications

Energy consumption has become a concern for developers due to the increasing complexity of applications that are to run on devices with limited battery power. Developers want to develop energy efficient applications however existing tools do not bridge the gap between understanding where energy is consumed and suggesting how the code can be modified in order to reduce energy consumption. A generalized method to relate software structure with its energy consumption is hence desirable. Previous attempts to relate change in object-oriented structure to its effects on energy consumption have been inconclusive. In this paper, we proposed a methodology to relate software structural information represented as metrics to energy consumption. Employing our methodology we empirically validated three Object Oriented (OO) metric suites; the Abreus Metrics (MOOD), Chidamber and Kemerer (CK) metrics and Martin's package metric suite and determine their relationship with energy consumption. Our results show that software structural metrics can be reliably related to energy consumption behavior of programs using a total of 63 releases from seven open-source iteratively developed android applications.

Determinants of Risk Behaviour in Livestock Development Programs: Evidence from South Africa's Kaonafatso Yadikgomo (Kyd) Scheme

Risk plays a significant role in input use decisions and production of output in agricultural production. Understanding farmer risk attitudes and their responses to risk is significant in designing effective intervention programmes. Few studies have tried to identify how the introduction of a livestock programme has tended to influence farmer risk profile. The objective of the study was to highlight the determinants of risk behaviour in participants of a livestock development programme. The study was carried out in KwaZulu-Natal (KZN) Province of South Africa, utilising a purposive sample of 164 respondents who are part of the Kaonafatso Yadikgomo (KYD) Scheme. The cross-sectional survey collected data pertaining to the risk attitudes of the livestock farmers from an attitudinal scale as well as socio-economic and farm biophysical characteristics. Descriptive statistics and multiple linear regression were used to analyse the data. The results show that the livestock farmers were risk loving, with the risk attitude being influenced by the age of household head, monthly household income and experience in rearing cattle at the 𝑝 < 0.1 level. Furthermore, the source of income, herd size, reason for slaughtering cattle distance to the nearest water source and access to a dip tank had significant influence of attitude towards risk at the 𝑝 < 0.05 level. The study concludes that being part of a livestock development programme tends inflto uence the risk attitudes of the participants as the determinants were against a priori expectations.

Towards understanding the costs of avoiding out-of-thin-air results

Eliminating so-called “out-of-thin-air” (OOTA) results is an open problem with many existing programming language memory models including Java, C, and C++. OOTA behaviors are problematic in that they break both formal and informal modular reasoning about program behavior. Defining memory model semantics that are easily understood, allow existing optimizations, and forbid OOTA results remains an open problem. This paper explores two simple solutions to this problem that forbid OOTA results. One solution is targeted towards C/C++-like memory models in which racing operations are explicitly labeled as atomic operations and a second solution is targeted towards Java-like languages in which all memory operations may create OOTA executions. Our solutions provide a per-candidate execution criterion that makes it possible to examine a single execution and determine whether the memory model permits the execution. We implemented and evaluated both solutions in the LLVM compiler framework. Our results show that on an ARMv8 processor the first solution has no overhead on average and a maximum overhead of 6.3% on 43 concurrent data structures, and that the second solution has an average overhead of 3.1% and a maximum overhead of 17.6% on the SPEC CPU2006 C/C++ benchmarks.

A Theoretical and Empirical Study of Diversity-Aware Mutation Adequacy Criterion

Diversity has been widely studied in software testing as a guidance towards effective sampling of test inputs in the vast space of possible program behaviors. However, diversity has received relatively little attention in mutation testing. The traditional mutation adequacy criterion is a one-dimensional measure of the total number of killed mutants. We propose a novel, diversity-aware mutation adequacy criterion called distinguishing mutation adequacy criterion, which is fully satisfied when each of the considered mutants can be identified by the set of tests that kill it, thereby encouraging inclusion of more diverse range of tests. This paper presents the formal definition of the distinguishing mutation adequacy and its score. Subsequently, an empirical study investigates the relationship among distinguishing mutation score, fault detection capability, and test suite size. The results show that the distinguishing mutation adequacy criterion detects 1.33 times more unseen faults than the traditional mutation adequacy criterion, at the cost of a 1.56 times increase in test suite size, for adequate test suites that fully satisfies the criteria. The results show a better picture for inadequate test suites; on average, 8.63 times more unseen faults are detected at the cost of a 3.14 times increase in test suite size.

Simulation of Mechanical Behaviour in Milling and Polishing of Dental Polymeric (resin) Composites

Dental resin composites have a wide applicability in the dental field. They exhibit their own chemical composition that imparts certain physico-mechanical properties. The machining of the pieces of these composites must be sufficiently light, without affecting their strength. For processing these parts, respectively of the dental work, is used or carbide burs, or diamond burs, depending on the mechanical strength of the composite. To determine composite behaviour under action of the conical finishers was simulated their behaviour in specific simulation programs. As a result, stress concentrators may appear from the first processing which may affect the later resistance of the piece or dental work.

Successful referral behavior in referral reward programs

PurposeReferral reward programs (RRPs) incentivize existing customers (inductors) to refer new customers (inductees). The effectiveness of RRPs is not well understood as previous studies either focused on referral intent and/or ignored inductee responses. However, an RRP is only effective if inductors recommend and inductees respond with buying the service. The purpose of this paper is to examine the drivers of existing customers’ successful referral behavior.Design/methodology/approachThis study combines a bank’s customer relationship management (CRM) data which were used to identify successful inductors and non-inductors. Then, observed behavioral and customer background data from the CRM database (including successful referrals, deposits in euros, number of products held, relationship duration, income, age, and gender) were combined with survey data capturing attitudinal variables (i.e. perceived relationship quality, reward attractiveness, referral metaperception, opportunism, and involvement). This approach allowed for the simultaneous testing of all hypothesized drivers of successful referral behavior.FindingsMetaperception (i.e. the process by which individuals determine the impressions other might form of them and their behavior) was the strongest and most significant driver of successful RRP participation, followed by attractiveness of the reward. That is, inductors recommended successfully when they believed that their incentivized referral did not look bad (or even looked good) and incentives were perceived as attractive. This finding is important as metaperception so far has only been examined in theoretical and experimental studies with intent as dependent variables. Second, latent class analysis (LCA) revealed that there were two segments of inductors of which one was opportunistic. Opportunism as a driver of referral behavior has not been shown in past research using more traditional analyses, whereas LCA uncovered it as a driver for one-third of all respondents.Practical implicationsThe findings offer managers a better understanding of the key determinants of successful referral behavior with important RRP design implications that counter frequent practice (e.g. designing RRPs with high face value but then reducing its usefulness through terms and conditions). Furthermore, managers may consider segment-specific reward structures to improve the effectiveness of their RRPs.Originality/valueThis study is the first to examine inductor determinants of successful referral behavior and identify inductor segments.

Peek-a-boo: Inferring program behaviors in a virtualized infrastructure without introspection

Cloud service providers are often prohibited from accessing the content of tenant VMs, yet current techniques for monitoring attacks and unauthorized activities rely on virtual machine introspection (VMI). While the introspections are useful for narrowing down the semantic gap between the status observed at the hypervisor-level and that seen in a VM, they potentially reveal the sensitive information of a tenant stored in the machine. In this paper, we aim to infer specific program activities in a VM without VMI methods, where our approach has to solve the strong semantic gap problem. We introduce Infermatic, a system that utilizes only hypervisor-level features and supervised machine learning methods to infer program behaviors in a VM. Using the classifiers trained by Infermatic, we can also bridge the strong semantic gap by systematically identifying the semantic links between our hypervisor features and selected program behaviors. In evaluations, we demonstrate that the hypervisor features are effective in isolating program activities and do so with an average accuracy of 0.875 (AUC) for the 24 behaviors that we have identified. In addition, our statistical models (or trained classifiers) can identify the hypervisor features that accurately characterize selected program behaviors when they involve lower-level operations. We further extend Infermatic’s ability to detect program behaviors to other security applications—we present a malicious VM detector for the cloud that achieves an average detection of 0.817 (AUC). Our detector shows the hypervisor features are resilient against evasion attacks even when an attacker can reduce the number of available features to the system. Moreover, we present that the detector can operate in a scalable manner by identifying a malicious VM even when the VM under inspection is collocated with other VM’s operating under workloads.

RTTV: a dynamic CFI measurement tool based on TPM

In programme dynamic analysis, control flow integrity (CFI) is an efficient way to investigate programme's behaviour. By detecting these CF instructions, researchers can obtain programme's runtime information and execution status accurately. This feature makes CFI a sharp and sensitive approach to detect programme abnormal conditions and malicious attacks such as stack overflow and return-oriented programming. Meanwhile, with the development of dynamic trusted computing technique, a Trusted Platform Module (TPM) chip can provide cryptographic service both in a system's booting period and runtime period. In this study, the authors combine CFI and dynamic trusted computing to present runtime trusted verifier (RTTV) as a dynamic CFI measurement tool based on TPM. Compared to traditional measurement methods, their work is more accurate and reliable, can totally enforce programme run as predefined CF. RTTV uses TPM as `root of trust', which also provides computing resource such as hash algorithm to reduce performance overhead. With the characteristic of sensitivity, simplicity and efficiency, RTTV can especially meet the security requirement of remote embedded systems such as satellites and other valuable equipments.

Examining Relationships between Food Procurement Characteristics and Nutritional Quality in Washington State Child Care Settings.

Sixty percent of US children 5 years old and under receive up to two-thirds of their daily nutrition in early care and education (ECE) settings. Although participation in the federal Child and Adult Care Food Program (CACFP) is shown to improve nutrition, little is known about the relationship between procurement practices (where and how child care programs purchase food) and nutrition in ECE settings or whether these practices differ depending on participation in CACFP. We assessed self-reported nutrition practices and procurement practices by CACFP participation using a 2013 cross-sectional survey of 690 Washington ECE centers ("Centers") and 1260 family homes (family home child care [FHCCs]) serving children aged 2-5 years old using validated survey tools. We examined the relationship between procurement variables (i.e., main store and main mode) and nutrition scores using multinomial logistic regression models that adjusted for sociodemographic and program characteristics. In-person shopping was the primary mode of shopping for all programs, regardless of CACFP participation. Some Centers but very few FHCCs reported online shopping as their primary mode. Centers and non-CACFP FHCCs shopped primarily at megastores (Costco, Target, etc.). CACFP FHCCs used both megastores and grocery stores (Albertsons, QFC, etc.) at similar rates. Adjusted multinomial models found that shopping online or at two or more stores was associated with higher nutritional quality of foods served by programs. Understanding the procurement behaviors of ECE programs helps to illuminate and prioritize potential interventions that would support healthy food purchases.

Reversing Parallel Programs with Blocks and Procedures

We show how to reverse a while language extended with blocks, local variables, procedures and the interleaving parallel composition. Annotation is defined along with a set of operational semantics capable of storing necessary reversal information, and identifiers are introduced to capture the interleaving order of an execution. Inversion is defined with a set of operational semantics that use saved information to undo an execution. We prove that annotation does not alter the behaviour of the original program, and that inversion correctly restores the initial program state.

Shadow Symbolic Execution for Testing Software Patches

While developers are aware of the importance of comprehensively testing patches, the large effort involved in coming up with relevant test cases means that such testing rarely happens in practice. Furthermore, even when test cases are written to cover the patch, they often exercise the same behaviour in the old and the new version of the code. In this article, we present a symbolic execution-based technique that is designed to generate test inputs that cover the new program behaviours introduced by a patch. The technique works by executing both the old and the new version in the same symbolic execution instance, with the old version shadowing the new one. During this combined shadow execution, whenever a branch point is reached where the old and the new version diverge, we generate a test input exercising the divergence and comprehensively test the new behaviours of the new version. We evaluate our technique on the Coreutils patches from the CoREBench suite of regression bugs, and show that it is able to generate test inputs that exercise newly added behaviours and expose some of the regression bugs.

How verified (or tested) is my code? Falsification-driven verification and testing

Formal verification has advanced to the point that developers can verify the correctness of small, critical modules. Unfortunately, despite considerable efforts, determining if a “verification” verifies what the author intends is still difficult. Previous approaches are difficult to understand and often limited in applicability. Developers need verification coverage in terms of the software they are verifying, not model checking diagnostics. We propose a methodology to allow developers to determine (and correct) what it is that they have verified, and tools to support that methodology. Our basic approach is based on a novel variation of mutation analysis and the idea of verification driven by falsification. We use the CBMC model checker to show that this approach is applicable not only to simple data structures and sorting routines, and verification of a routine in Mozilla’s JavaScript engine, but to understanding an ongoing effort to verify the Linux kernel read-copy-update mechanism. Moreover, we show that despite the probabilistic nature of random testing and the tendency to incompleteness of testing as opposed to verification, the same techniques, with suitable modifications, apply to automated test generation as well as to formal verification. In essence, it is the number of surviving mutants that drives the scalability of our methods, not the underlying method for detecting faults in a program. From the point of view of a Popperian analysis where an unkilled mutant is a weakness (in terms of its falsifiability) in a “scientific theory” of program behavior, it is only the number of weaknesses to be examined by a user that is important.

Substance use disorders and sexual behavior; the effects of alcohol and drugs on patients' sexual thoughts, feelings and behavior

IntroductionHardly any research exists on the relationship between substance use and sexual behaviors in patients with a substance use disorder. This study aimed to examine this relation by looking into perceived positive effects on sexual behavior, perceived negative effects and risky sexual behavior due to substance use in patient groups of users of alcohol, stimulants, sedatives and Gamma hydroxybutyrate (GHB). In addition, the current study aimed to address the question whether sexual behavior (e.g. number of sexual partners, sexual activity) differs between these patient groups. MethodA total of 180 patients with a substance use disorder (i.e. alcohol, amphetamine, cannabis, cocaine, GHB and opiates) participated. A self-report questionnaire was administered with questions on substance use, sexual behaviors (e.g. sexual activity, masturbation, use of pornography) and statements about the perceived changes in sexual functioning and behavior under influence of the primary substance of abuse. ResultsAll four groups reported changes in sexual thoughts, feelings and behavior due to the use of their primary substance. More than half of the patients reported enhancements in sexual domains (i.e. sexual pleasure, sexual arousal, sexual behavior), but also decrements or risky behaviors and about a quarter stated that their sexual thoughts, feelings and behaviors were often associated with the use of their primary substance of abuse. Patients with a GHB use disorder reported the strongest relation between drug use and sexual behavior. Users of GHB not only reported more enhancement in several sexual domains, but also less decline in sexual domains compared to the other patient groups and more risky behavior or more sexual activity than some of the other groups of patients. ConclusionsThe results underline the importance of addressing the relationship between substance use and sexual behavior in treatment programs, as patients may be hesitant to stop their use of substances when they experience many positive effects in their sexual behavior. Future research directions are suggested.

Call-by-need effects via coeffects

Abstract Effect systems refine types with information about the behaviour of programs. They have been used for many purposes, such as optimizing programs, determining resource usage, and finding bugs. So far, however, work on effect systems has largely concentrated on call-by-value languages. We consider the problem of designing an effect system for a lazy language. This is more challenging because it depends on the ability to locate the first use of each variable. Coeffect systems, which track contextual requirements of programs, provide a method of doing this. We describe how to track variable usage in a coeffect system that can be instantiated for different reduction strategies, including call-by-need. We then add effects to the result, allowing work that has been done on effect systems for call-by-value languages to be applied to lazy languages.

A Decision Tree Analysis of a Multi-Player Card Game With Imperfect Information

This article describes how computer Daihinmin involves playing Daihinmin, a popular card game in Japan, by using a player program. Because strong player programs of Computer Daihinmin use machine-learning techniques, such as the Monte Carlo method, predicting the program's behavior is difficult. In this article, the authors extract the features of the player program through decision tree analysis. The features of programs are extracted by generating decision trees based on three types of viewpoints. To show the validity of their method, computer experiments were conducted. The authors applied their method to three programs with relatively obvious behaviors, and they confirmed that the extracted features were correct by observing real behaviors of the programs.

The balance between clinical and administrative leadership in forensic psychiatry

Marylin Dakers-Hayward is the Clinical Director of the Forensic Psychiatry Program at St. Joseph’s Healthcare Hamilton. This program has 5 units; one secure, one undesignated, two general and one assessment, for a total of 114 beds. The program also has a forensic outpatient clinic which includes forensic outpatient rehabilitation program, aggression clinic, and sexual behaviour clinic.

HM3alD: Polymorphic Malware Detection Using Program Behavior-Aware Hidden Markov Model

Malware have been tremendously growing in recent years. Most malware use obfuscation techniques for evasion and hiding purposes, but they preserve the functionality and malicious behavior of original code. Although most research work has been mainly focused on program static analysis, some recent contributions have used program behavior analysis to detect malware at run-time. Extracting the behavior of polymorphic malware is one of the major issues that affects the detection result. In this paper, we propose HM3alD, a novel program behavior-aware hidden Markov model for polymorphic malware detection. The main idea is to use an effective clustering scheme to partition the program behavior of malware instances and then apply a novel hidden Markov model (called program behavior-aware HMM) on each cluster to train the corresponding behavior. Low-level program behavior, OS-level system call sequence, is mapped to high-level action sequence and used as transition triggers across states in program behavior-aware HMM topology. Experimental results show that HM3alD outperforms all current dynamic and static malware detection methods, especially in term of FAR, while using a large dataset of 6349 malware.

A vehicle type-based approach to model car following behaviors in simulation programs (case study: Car-motorcycle following behavior)

Traffic simulation models often neglect the important role of motorcycles and assume a flow of various combinations of cars. This paper addresses how much different would be the behavior of a car driver while following a motorcyclist compared to cases in which a car follows another car, along with a segment of an urban highway in the non-congested flow. Recognition of such a difference might help to develop existing simulation models and to improve the behavior of car drivers in such a way to lead to lower accidents with motorcycles. To reach the goal, a GHR (Gazis-Herman-Rothery) model for car following is applied and data have been collected by video cameras during 15 min time intervals in three different days. Analysis of 198 car-motorcycle and 374 car-car following observations has indicated that when a car driver follows a motorcycle, keeps a higher headway (about 10 m in the low speed) with a lower acceleration/deceleration in comparison with the situation in which car driver follow another one. It means that the behavior of the follower car driver would be more cautious compared to situations in which a car driver follows another one, especially in space headways <10 m. In addition to main findings of the paper for developing a more realistic simulation program, the paper also addresses that in cases when the required safe space between a car and a motorcycle would be endangered, a warning message could be generated for the car driver (by implementing an in-veh ITS technology) to warn driver about keeping a safe distance.