Runtime Component Research Articles

FLAShadow: A Flash-based Shadow Stack for Low-end Embedded Systems

Runtime attacks are a rising threat to both low- and high-end systems with the spread of techniques such as Return-Oriented Programming (ROP), which aims at hijacking the control flow of vulnerable applications. Although several control flow integrity schemes have been proposed by both academia and the industry, the vast majority of them are not compatible with low-end embedded devices, especially the ones that lack hardware security features. In this article, we propose \(\sf {\textsc {FLAShadow}}\) , a secure shadow stack design and implementation for low-end embedded systems, relying on zero hardware security features. The key idea is to leverage a software-based memory isolation mechanism to establish an integrity-protected memory area on the Flash of the target device, where \(\sf {\textsc {FLAShadow}}\) can be securely maintained. \(\sf {\textsc {FLAShadow}}\) exclusively reserves a register for maintaining the integrity of the stack pointer and also depends on a minimal trusted runtime component to avoid trusting the compiler toolchain. We evaluate an open-source implementation of \(\sf {\textsc {FLAShadow}}\) for the MSP430 architecture, showing an average performance and memory overhead of 168.58% and 25.91%, respectively. While the average performance overhead is considered high, we show that it is application dependent and incurs less than 5% for some applications.

Toward Verifying Cooperatively Scheduled Runtimes Using CSP

In this article, we present the novel verification of synchronous channel communication and channel alternation (choice) by considering the environment within which our primitives are executing. Our work is in exploring development of a multi-threaded scheduler for a cooperatively scheduled process-oriented language, ProcessJ. We use communicating sequential processes to produce formal specifications for the implementation of the various parts of the language runtime (scheduler, runtime components, and generated code). We use established communicating sequential process specifications that model channel communication and choice as well as the formal verification tool FDR to formally prove that the implementations are correct and behave as expected, when executed by our scheduler (the execution environment). Our approach is novel and not seen in similar research, as we consider the behavior of the systems we examine under the restrictions imposed by an execution environment (a runtime system, a scheduler, an operating system, etc.) and show that even with such restrictions the channel communication and alternation work. More specifically, we show correctness when a system is executed by the ProcessJ cooperative scheduler. The main contributions of this work are in the models defined and method undertaken to verify cooperatively channel communication and choice.

A model-based infrastructure for the specification and runtime execution of self-adaptive IoT architectures

To meet increasingly restrictive requirements and improve quality of service (QoS), Internet of Things (IoT) systems have embraced multi-layered architectures leveraging edge and fog computing. However, the dynamic and changing IoT environment can impact QoS due to unexpected events. Therefore, proactive evolution and adaptation of the IoT system becomes a necessity and concern. In this paper, we present a model-based approach for the specification and execution of self-adaptive multi-layered IoT systems. Our proposal comprises the design of a domain-specific language (DSL) for the specification of such architectures, and a runtime framework to support the system behaviuor and its self-adaptation at runtime. The code for the deployment of the IoT system and the execution of the runtime framework is automatically produced by our prototype code generator. Moreover, we also show and validate the extensibility of such DSL by applying it to the domain of underground mining. The complete infrastructure (modeling tool, generator and runtime components) is available in a online open source repository.

Frisbee: automated testing of Cloud-native applications in Kubernetes

As more and more companies are migrating (or planning to migrate) from on-premise to Cloud, their focus is to find anomalies and deficits as early as possible in the development life cycle. We propose Frisbee, a declarative language and associated runtime components for testing cloud-native applications on top of Kubernetes. Given a template describing the system under test and a workflow describing the experiment, Frisbee automatically interfaces with Kubernetes to deploy the necessary software in containers, launch needed sidecars, execute the workflow steps, and perform automated checks for deviation from expected behavior. We evaluate Frisbee through a series of tests, to demonstrate its role in designing, and evaluating cloud-native applications; Frisbee helps in testing uncertainties at the level of application (e.g., dynamically changing request patterns), infrastructure (e.g., crashes, network partitions), and deployment (e.g., saturation points). Our findings have strong implications for the design, deployment, and evaluation of cloud applications. The most prominent is that: erroneous benchmark outputs can cause an apparent performance improvement, automated failover mechanisms may require interoperability with clients, and that a proper placement policy should also account for the clock frequency, not only the number of cores.

A Computer Vision Encyclopedia-Based Framework with Illustrative UAV Applications

This paper presents the structure of an encyclopedia-based framework (EbF) in which to develop computer vision systems that incorporate the principles of agile development with focussed knowledge-enhancing information. The novelty of the EbF is that it specifies both the use of drop-in modules, to enable the speedy implementation and modification of systems by the operator, and it incorporates knowledge of the input image-capture devices and presentation preferences. This means that the system includes automated parameter selection and operator advice and guidance. Central to this knowledge-enhanced framework is an encyclopedia that is used to store all information pertaining to the current system operation and can be used by all of the imaging modules and computational runtime components. This ensures that they can adapt to changes within the system or its environment. We demonstrate the implementation of this system over three use cases in computer vision for unmanned aerial vehicles (UAV) showing how it is easy to control and set up by novice operators utilising simple computational wrapper scripts.

BoundWarden: Thread-enforced spatial memory safety through compile-time transformations

This paper presents BoundWarden, a novel spatial memory safety enforcement approach that utilizes a combination of compile-time transformation and runtime concurrent monitoring techniques. The compiler extension component of BoundWarden transparently instruments source code of C programs with the code that allows the runtime component of BoundWarden to comprehensively detect and prevent buffer overflow and other out-of-bound errors in buffers on the stack, heap, as well as BSS and data segments of memory. To reduce runtime overhead of bound checking, the runtime component of BoundWarden leverages the ubiquity of multi-core processors by offloading most of the work to a dedicated bound checking thread, which is responsible for performing bound checking and managing metadata. To preserve memory layout and maintain compatibility with existing libraries and binaries, BoundWarden stores the base and the bound of buffers in a separated dedicated bound table. Experiments showed that the prototype of BoundWarden is effective at enforcing spatial memory safety by successfully passing all 850 tests of RIPE test suite, and 94% of NIST's SARD test suite 89, while the results from the Olden benchmark suite showed that on average BoundWarden introduced roughly 1.85x overhead, compared to the uninstrumented code. • We propose BoundWarden, a spatial memory safety enforcement system. • BoundWarden utilizes compile-time transformation and concurrent monitoring techniques. • BoundWarden enforces spatial memory safety in buffers on stack, heap, BSS, and data segments. • BoundWarden offloads runtime overhead to the bound checking thread. • We evaluate BoundWarden using two test suites and one benchmark.

Context-Aware Kubernetes Scheduler for Edge-native Applications on 5G

This paper is an extension of work originally presented in SoftCOM 2019 [1]. The novelty of this work reside in its focused improvement of our scheduling algorithm towards its usage on a real 5G infrastructure. Industrial IoT applications are often designed to run in a distributed way on the devices and controller computers with strict service requirements for the nodes and the links between them. 5G, especially in concomitance with Edge Computing, will provide the desired level of connectivity for these setups and it will permit to host application run-time components in edge clouds. However, allocation of the edge cloud resources for Industrial IoT (IIoT) applications, is still commonly solved by rudimentary scheduling techniques (i.e. simple strategies based on CPU usage and device readiness, employing very few dynamic information). Orchestrators inherited from the cloud computing, like Kubernetes, are not satisfying to the requirements of the aforementioned applications and are not optimized for the diversity of devices which are often also limited in capacity. This design is especially slow in reacting to the environmental changes. In such circumstances, in order to provide a proper solution using these tools, we propose to take the physical, operational and network parameters (thus the full context of the IIoT application) into consideration, along with the software states and orchestrate the applications dynamically.

Assessing the Rate of Shoreline Changes of Rameswaram Island, Tamilnadu, India, using MATLAB Component Runtime Utility & Digital Shoreline Analysis System

The Present study highlights the changes in the coastal tract of Rameswaram island located between the geometric location, latitude 9° 10' to 9° 20' N and the longitude 79° 12' to 79° 30' E. Using Geospatial Technology, Long-term changes have noticed from digitized shorelines taken from Landsat imageries and SOI toposheet for the years 1968, 1978, 1988, 1999, 2009 and 2018. Digital Shoreline Analysis System (DSAS) an extension provided by USGS for ArcGIS used to cast transects perpendicular from the baseline, towards the shorelines. High water Line (HTL) has taken as shoreline in this study. The distance between the shorelines has taken from the cast transects plotted from the baseline. For the rate of change calculation, MATLAB component runtime utility for ArcGIS has used. Based on the Linear Regression Rate (LRR) the shore has classified into High Erosion, Low Erosion, Stable and Low Accretion, High Accretion zones. The island has a shoreline length of 78.4 km, and the studies found that 27.83 km (35.41%) of shoreline is accreting nature, 37.90 km (48.21%) of shoreline is stable, and 12.86 km (16.36 %) of shoreline tends to erode. During the field investigation identified that High amount of erosion occurred in the locations near Pamban, Tharavaithopu and Dhanushkodi. Also, Accretion identified over the locations Ayyanthopu, Natarajapuram and Arichumanai tip. Wind action is one of the physical parameters that induced the erosion in some location of this study area.

PYE

Languages like Java and C# follow a two-step process of compilation: static compilation and just-in-time (JIT) compilation. As the time spent in JIT compilation gets added to the execution-time of the application, JIT compilers typically sacrifice the precision of program analyses for efficiency. The alternative of performing the analysis for the whole program statically ignores the analysis of libraries (available only at runtime), and thereby generates imprecise results. To address these issues, in this article, we propose a two-step (static+JIT) analysis framework called precise-yet-efficient (PYE) that helps generate precise analysis-results at runtime at a very low cost. PYE achieves the twin objectives of precision and performance during JIT compilation by using a two-pronged approach: (i) It performs expensive analyses during static compilation, while accounting for the unavailability of the runtime libraries by generating partial results, in terms of conditional values , for the input application. (ii) During JIT compilation, PYE resolves the conditions associated with these values, using the pre-computed conditional values for the libraries, to generate the final results. We have implemented the static and the runtime components of PYE in the Soot optimization framework and the OpenJDK HotSpot Server Compiler (C2), respectively. We demonstrate the usability of PYE by instantiating it to perform two context-, flow-, and field-sensitive heap-based analyses: (i) points-to analysis for null-dereference-check elimination; and (ii) escape analysis for synchronization elimination. We evaluate these instantiations against their corresponding state-of-the-art implementations in C2 over a wide range of benchmarks. The extensive evaluation results show that our strategy works quite well and fulfills both the promises it makes: enhanced precision while maintaining efficiency during JIT compilation.

An architecture for IoT-enabled intelligent process-aware cloud production platform: a case study in a networked cloud clinical laboratory

Cloud production is an emerging paradigm that supports co-designing and co-producing integrated solutions with customers. The realisation of this paradigm requires integrated platforms that enable parties collaborating within a production ecosystem to inter-operate networked business processes. Previous research has proposed different architectures for cloud production platforms from different perspectives like virtualiseng and servitiseng manufacturing resources, distributed and networked sensing supported by IoT technologies, and service-oriented and process-centred computing to compose and enact networked production services. However, an integrated architecture that brings together insights from service-oriented cloud manufacturing, IoT-enabled intelligence, and networked process-centred service composition and enactment has not been sufficiently addressed in previous research. In order to incorporate insights from the mentioned different perspectives, in this paper architectural analysis, synthesis, and evaluation steps are conducted to propose a conceptual architecture for IoT-enabled intelligent process-aware cloud production platforms. This architecture describes design-time and run-time components of a cloud production platform that can sense and intelligently respond to events within a value network. To evaluate the applicability of the proposed architecture within real-life scenarios, a case study is conducted in a cloud clinical laboratory in Tehran, Iran. Within this case study, a concrete cloud clinical laboratory platform has been instantiated.

Integrated Synthesis and Execution of Optimal Plans for Multi-Robot Systems in Logistics

Model-based synthesis allows to generate plans to achieve high-level tasks while satisfying certain properties of interest. However, when such plans are executed on concrete systems, several modeling assumptions may be challenged, jeopardizing their real applicability. This paper presents an integrated system for generating, executing and monitoring optimal-by-construction plans for multi-robot systems. This system unites the power of Optimization Modulo Theories with the flexibility of an on-line executive, providing optimal solutions for high-level task planning, and runtime feedback on their feasibility. After presenting how our system orchestrates static and runtime components, we demonstrate its capabilities using the RoboCup Logistics League as testbed. We do not only present our final solution but also its chronological development, and draw some general observations for the development of OMT-based approaches.

Big Data techniques to measure credit banking risk in home equity loans

Nowadays, the volume of databases that financial companies manage is so great that it has become necessary to address this problem, and the solution to this can be found in Big Data techniques applied to massive financial datasets for segmenting risk groups. In this paper, the presence of large datasets is approached through the development of some Monte Carlo experiments using known techniques and algorithms. In addition, a linear mixed model (LMM) has been implemented as a new incremental contribution to calculate the credit risk of financial companies. These computational experiments are developed with several combinations of dataset sizes and forms to cover a wide variety of cases. Results reveal that large datasets need Big Data techniques and algorithms that yield faster and unbiased estimators. Big Data can help to extract the value of data and thus better decisions can be made without the runtime component. Through these techniques, there would be less risk for financial companies when predicting which clients will be successful in their payments. Consequently, more people could have access to credit loans.

Client Centric Model for Secure Session Management for SAAS in Cloud Environment

Now days Cloud computing is playing major role in IT Sector in terms of reducing expenditure and also playing major part in earning revenue but security and privacy issues making clients in doubt of adapting Cloud environment. Since cloud environment is new which contains three parties (i.e., Cloud service user, Cloud service provider/Cloud user, Cloud provider) the way of protecting the users private information will be different which may not be same as in older web application environments. For this reason, we propose in this paper that at the time of Service Level Agreement (SLA) provider provides online registered Software Component (SC) to be installed at the consumer (Client side) as add-on or as a software component as part of Browser (runtime component) which will have an unique-id and will be activated by the provider at the time of installation of component at client side over SSL protocol. The ID of the component is generated by an Application key or an enterprise key. When the client sends data (user-id, password, message) every time it is encrypted by SC along with ID by using Encryption scheme. So by using this mechanism we propose some of the solutions in this paper to session management and attacks at the client side in Cloud computing environment (SaaS).

Supporting Multi Data Stores Applications in Cloud Environments

The production of huge amount of data and the emergence of cloud computing have introduced new requirements for data management. Many applications need to interact with several heterogeneous data stores depending on the type of data they have to manage: traditional data types, documents, graph data from social networks, simple key-value data, etc. Interacting with heterogeneous data models via different APIs, and multiple data store applications imposes challenging tasks to their developers. Indeed, programmers have to be familiar with different APIs. In addition, the execution of complex queries over heterogeneous data models cannot, currently, be achieved in a declarative way as it is used to be with mono-data store application, and therefore requires extra implementation efforts. Moreover, developers need to master and deal with the complex processes of cloud discovery, and application deployment and execution. In this paper we propose an integrated set of models, algorithms and tools aiming at alleviating developers task for developing, deploying and migrating multiple data stores applications in cloud environments. Our approach focuses mainly on three points. First, we provide a unifying data model used by applications developers to interact with heterogeneous relational and NoSQL data stores. Based on that, they express queries using OPEN-PaaS-DataBase API (ODBAPI), a unique REST API allowing programmers to write their applications code independently of the target data stores. Second, we propose virtual data stores, which act as a mediator and interact with integrated data stores wrapped by ODBAPI. This run-time component supports the execution of single and complex queries over heterogeneous data stores. Finally, we present a declarative approach that enables to lighten the burden of the tedious and non-standard tasks of (1) discovering relevant cloud environment and (2) deploying applications on them while letting developers to simply focus on specifying their storage and computing requirements. A prototype of the proposed solution has been developed and is currently used to implement use cases from the OpenPaaS project.

Noise-Tolerant Explicit Stencil Computations for Nonuniform Process Execution Rates

Next-generation HPC computing platforms are likely to be characterized by significant, unpredictable nonuniformities in execution time among compute nodes and cores. The resulting load imbalances from this nonuniformity are expected to arise from a variety of sources—manufacturing discrepancies, dynamic power management, runtime component failure, OS jitter, software-mediated resiliency, and TLB/- cache performance variations, for example. It is well understood that existing algorithms with frequent points of bulk synchronization will perform relatively poorly in the presence of these sources of process nonuniformity. Thus, recasting classic bulk synchronous algorithms into more asynchronous, coarse-grained parallelism is a critical area of research for next-generation computing. We propose a class of parallel algorithms for explicit stencil computations that can tolerate these nonuniformities by decoupling per process communication and computation in order for each process to progress asynchronously while maintaining solution correctness. These algorithms are benchmarked with a 1D domain decomposed (“slabbed”) implementation of the 2D heat equation as a model problem, and are tested in the presence of simulated nonuniform process execution rates. The resulting performance is compared to a classic bulk synchronous implementation of the model problem. Results show that the runtime of this article’s algorithm on a machine with simulated process nonuniformities is 5--99% slower than the runtime of its classic counterpart on a machine free of nonuniformities. However, when both algorithms are run on a machine with comparable synthetic process nonuniformities, this article’s algorithm is 1--37 times faster than its classic counterpart.

Ontology driven creational design patterns as parameterized and reusable components

We have explored the use of a generic ontology component to separate and encapsulate the design pattern logic of the GoF creational design patterns. We used a unique generic ontology as a runtime component in the creational patterns and then analyzed and compared the implementations with those of traditional GoF creational patterns. We concluded after experimental analysis that ontology driven solutions to creational design patterns not only mitigate the drawbacks identified in the creational patterns but also make the patterns a plug and play parameterized and reusable component whereby the desired objects can be created on the fly. Once the pattern parameters i.e. the participant classes are fed into the pattern ontology, the pattern functionality embedded within the ontological component becomes ready to use. This not only decouples the pattern logic from application logic but also decouples the pattern participant classes from each other. Thus the patterns become reusable even at the implementation level.

IDE Support of String-Embedded Languages

Complex information systems are often implemented by using more than one programming language. Sometimes this variety takes a form of one host and one or few string-embedded languages. Textual representation of clauses in a string-embedded language is built at run time by a host program and then analyzed, compiled or interpreted by a dedicated runtime component (database, web browser etc.) Most general-purpose programming languages may play the role of the host; one of the most evident examples of the string-embedded language is the dynamic SQL which was specified in ISO SQL standard and is supported by the majority of DBMS. Standard IDE functionality such as code completion or syntax highlighting can really helps the developers who use this technique. There are several tools providing this functionality, but they all process only one concrete string-embedded language and cannot be easily extended for supporting another language. We present a platform which allows to easily create tools for string-embedded language processing.

Efficient heterogeneous execution on large multicore and accelerator platforms: Case study using a block tridiagonal solver

The algorithmic and implementation principles are explored in gainfully exploiting GPU accelerators in conjunction with multicore processors on high-end systems with large numbers of compute nodes, and evaluated in an implementation of a scalable block tridiagonal solver. The accelerator of each compute node is exploited in combination with multicore processors of that node in performing block-level linear algebra operations in the overall, distributed solver algorithm. Optimizations incorporated include: (1) an efficient memory mapping and synchronization interface to minimize data movement, (2) multi-process sharing of the accelerator within a node to obtain balanced load with multicore processors, and (3) an automatic memory management system to efficiently utilize accelerator memory when sub-matrices spill over the limits of device memory. Results are reported from our novel implementation that uses MAGMA and CUBLAS accelerator software systems simultaneously with ACML (2013) [2] for multithreaded execution on processors. Overall, using 940 nVidia Tesla X2090 accelerators and 15,040 cores, the best heterogeneous execution delivers a 10.9-fold reduction in run time relative to an already efficient parallel multicore-only baseline implementation that is highly optimized with intra-node and inter-node concurrency and computation–communication overlap. Detailed quantitative results are presented to explain all critical runtime components contributing to hybrid performance.

Recovering Runtime Structures of Software Systems from Static Source Code

While software building blocks and their interdependencies can be recovered from the source code using static fact extraction, behavior and communication paths at runtime are typically gathered from instrumented executions of the system. However, more often than not it is not possible to retrieve data from the running system – either due to a high effort for instrumentation, missing (hardware) infrastructure, or because of advanced communication mechanisms hidden by middleware, frameworks or platforms. In this paper, we present an approach to semiautomatically reconstruct runtime components and connectors using source code analysis, pattern matching, and expert knowledge. We present two applications where we could recover runtime communication paths and component interactions despite the absence of runtime traces.

Integrated Visual Programming Environment

 Abstract—The process of programming includes the creation, compilation, and execution of programs to perform a specific task. The Visual Programming Environment (VPE) provides visual approaches to programming for writing programs graphically, such type of programming platform benefits in rapid prototyping, visual representation of data flow - understanding the logic of the program, and visual debugging. Our approach improves integrated development by way of platform independence combining modules developed using various environments including Microsoft .NET, JAVA, Windows Shell, Win32, COM, MATLAB and Web Services. This paper explores an Integrated Visual Programming Environment (IVPE), including concepts of a network as a system and icon based programming with utility in domainspecific applications such as image processing, algorithm performance measurement, etc. Our newly developed IVPE, Visual Sequencer (VIsual SequencER - VISER) provides an environment for integrating run-time components such as .NET (managed DLL assemblies), Java (class files), MATLAB (DLLs generated by mcc matlab compiler), Win32 (unmanaged DLL libraries), COM objects, and Web Services (WSDL supported). We have also presented some test cases of image processing which utilizes various processing modules from various programming environments.