Verifying Information Flow Over Unbounded Processes (2009)
William R. Harris, Nicholas A. Kidd, Sagar Chaki, Somesh Jha, Thomas Reps
Distributed Information Flow Control (DIFC) systems enable programmers to express desired information-flow policies, and enforce the policies via a reference monitor that restricts interactions...
University of Wisconsin-Madison Rutgers University (2009)
Vinod Ganapathy, Matthew J. Renzelmann, Arini Balakrishnan, Michael M. Swift, Somesh Jha, Sun Microsystems
Device drivers commonly execute in the kernel to achieve high performance and easy access to kernel services. However, this comes at the price of decreased reliability and increased programming...
The Pennyslvania State University (2009)
Dave King, Trent Jaeger, Somesh Jha, Sanjit A. Seshia
Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current...
Towards Practical Privacy for Genomic Computation (2009)
Somesh Jha, Louis Kruger, Vitaly Shmatikov
Abstract Many basic tasks in computational biology involveoperations on individual DNA and protein sequences. These sequences, even when anonymized, are vulnerableto re-identification attacks and may...
Towards Practical Privacy for Genomic Computation (2008)
Somesh Jha, Louis Kruger, Vitaly Shmatikov
Abstract Many basic tasks in computational biology involveoperations on individual DNA and protein sequences. These sequences, even when anonymized, are vulnerableto re-identification attacks and may...
Agent Cloning: An Approach to gent Mobility and Resource Allocation (2008)
Onn Shehory, Katia Sycara, Prasad Chalasani, Somesh Jha
Multi-agent systems are subject to performance bottlenecks in cases where agents cannot perform tasks by themselves due to insufficient resources. Solutions to such problems include passing tasks to...
Abstract An Architecture for Generating Semantics-Aware Signatures (2008)
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha
Identifying new intrusions and developing effective signatures that detect them is essential for protecting computer networks. We present Nemean, a system for automatic generation of intrusion...
Towards Practical Privacy for Genomic Computation (2008)
Somesh Jha, Louis Kruger, Vitaly Shmatikov
Many basic tasks in computational biology involve operations on individual DNA and protein sequences. These sequences, even when anonymized, are vulnerable to re-identification attacks and may reveal...
Abstract An Architecture for Generating Semantics-Aware Signatures (2008)
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha
Identifying new intrusions and developing effective signatures that detect them is essential for protecting computer networks. We present Nemean, a system for automatic generation of intrusion...
Microdrivers: A New Architecture for Device Drivers (2008)
Vinod Ganapathy, Arini Balakrishnan, Michael M. Swift, Somesh Jha
Commodity operating systems achieve good performance by running device drivers in-kernel. Unfortunately, this architecture offers poor fault isolation. This paper introduces microdrivers, which...
ABSTRACT Secure Function Evaluation with Ordered Binary Decision Diagrams (2008)
Privacy-preserving protocols allow multiple parties with private inputs to perform joint computation while preserving the privacy of their respective inputs. An important cryptographic primitive for...
David Brumley, Hao Wang, Somesh Jha, Dawn Song, Inparticular Weneedautomatic
techniqueswhichgeneratesoundsignatures—signatures whichwillnotmistakenlyblocklegitimatetrafficorraise falsealarms. Inaddition,weneedsignaturestohavefew...
Software Transformations to Improve Malware Detection (2008)
Mihai Christodorescu, Somesh Jha, Johannes Kinder, Stefan Katzenbeisser, Helmut Veith
Abstract. Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In...
On Effective Model-Based Intrusion Detection (2008)
Jonathon T. Giffin, Somesh Jha, Barton P. Miller
Model-based intrusion detectors restrict program execution to a previously computed model of expected behavior. We consider two classes of attacks against these systems: bypass attacks that evade...
Hao Wang, Somesh Jha, Thomas Reps, Stefan Schwoon, Stuart Stubblebine
Trust-management systems address the authorization problem in distributed systems by defining a formal language for expressing authorization and access-control policies, and relying on an algorithm...
Vinod Ganapathy, David King, Trent Jaeger, Somesh Jha
This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive...
Distributed Certificate-Chain Discovery in SPKI/SDSI (2008)
Stefan Schwoon, Hao Wang, Somesh Jha, Thomas W. Reps
Abstract. The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trust-management system SPKI/SDSI, the security...
Towards Automated Authorization Policy Enforcement (2008)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
In systems with shared resources, authorization policy enforcement ensures that these resources are accessible only to users who are allowed to do so. Recently, there is growing interest to (i)...
Abstract An Architecture for Generating Semantics-Aware Signatures (2008)
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha
Identifying new intrusions and developing effective signatures that detect them is essential for protecting computer networks. We present Nemean, a system for automatic generation of intrusion...
Distributed Certificate-Chain Discovery in SPKI/SDSI (2008)
Stefan Schwoon, Hao Wang, Somesh Jha, Thomas W. Reps
Abstract. The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trust-management system SPKI/SDSI, the security...
Trent Jaeger, Vinod Ganapathy, Somesh Jha
� Authorization policies and their enforcement � Three concepts: � Subjects (e.g., users, processes) � Objects (e.g., system resources) � Security-sensitive operations on objects. �...
Distributed Certificate-Chain Discovery in SPKI/SDSI (2008)
Stefan Schwoon, Hao Wang, Somesh Jha, Thomas W. Reps, Methoden Informatik
Hao Wang, Somesh Jha, Thomas Reps, Stefan Schwoon, Stuart Stubblebine
Trust-management systems address the authorization problem in distributed systems by defining a formal language for expressing authorization and access-control policies, and relying on an algorithm...
Hao Wang, Somesh Jha, Miron Livny, Patrick D. Mcdaniel
A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving...
ABSTRACT Mining Specifications of Malicious Behavior (2008)
Mihai Christodorescu, Somesh Jha, Christopher Kruegel
Malware detectors require a specification of malicious behavior. Typically, these specifications are manually constructed by investigating known malware. We present an automatic technique to overcome...
Non-linear Quantification Scheduling (2008)
In Image Computation, Pankaj Chauhan, Edmund M. Clarke, Somesh Jha, Jim Kukula, Tom Shiple, ...
Computing the set of states reachable in one step from a given set of states, i.e. image computation, is a crucial step in several symbolic verification algorithms, including model checking and...
Non-linear Quantification Scheduling (2008)
In Image Computation, Pankaj Chauhan, Edmund M. Clarke, Somesh Jha, Jim Kukula, Tom Shiple, ...
Computing the set of states reachable in one step from a given set of states, i.e. image computation, is a crucial step in several symbolic verification algorithms, including model checking and...
Distributed Certificate-Chain Discovery in SPKI/SDSI (2008)
Stefan Schwoon Hao, Hao Wang, Somesh Jha, Thomas W. Reps
The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trust-management system SPKI/SDSI, the security policy is...
Whitepaper: Specification-based Monitoring Question: What is signature-based detection? (2008)
Answer: Signature-based detection is a malware detection approach that identifies a malware instance by the presence at least one byte code pattern present in a database of signatures from known...
Model Checking Algorithms for the µ-Calculus (2007)
Sergey Berezin, Edmund Clarke, Somesh Jha, Will Marrero
this paper will work with any of them. For the sake of concreteness, we will use the propositional ¯-calculus of Kozen [12]. Closed formulas in this logic evaluate to sets of states. A considerable...
Sagar Chaki, Edmund Clarke, Alex Groce, Somesh Jha, Tu Vienna
We present a new methodology for automatic verification of C programs against finite state machine specifications. Our approach is compositional, naturally enabling us to decompose the verification...
Edmund Clarke, Orna Grumberg, Somesh Jha, Yuan Lu
Abstract. We present an automatic iterative abstraction-refinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be...
Edmund Clarke, Orna Grumberg, Somesh Jha, Yuan Lu
Abstract. Model checking is an automatic verification technique for finite state concurrent systems. In this approach to verification, temporal logic specifications are checked by an exhaustive...
Applying Quantitative Economic Models to Qualitative Engineering Judgments (2007)
Shawn Butler, Shawn Butler, Somesh Jha, Somesh Jha, Mary Shaw, Mary Shaw
My model for choosing investments Expects to get ratio-scale measurements But for software design Even ordinal is fine Can the model give reasonable guesstimates? We have been attempting to apply...
Alexis Campailla, Sagar Chaki, Edmund Clarke, Somesh Jha
Implicit invocation or publish-subscribe has become an important architectural style for large-scale system design and evolution. The publish-subscribe style facilitates developing large-scale...
2.1 Analysis of State Machines (2007)
implementation, and testing. Artifacts such as message sequence charts, state machines, code, and test plans are produced during each phase of the process. The purpose of this course is to provide...
ABSTRACT Non-linear Quantification Scheduling in Image Computation ∗ (2007)
Pankaj Chauhan, Edmund M. Clarke, Somesh Jha, Jim Kukula, Tom Shiple, Helmut Veith, ...
Computing the set of states reachable in one step from a given set of states, i.e. image computation, is a crucial step in several symbolic verification algorithms, including model checking and...
Omniunpack: Fast, generic, and safe unpacking of malware (2007)
Lorenzo Martignoni, Mihai Christodorescu, Somesh Jha
Malicious software (or malware) has become a growing threat as malware writers have learned that signaturebased detectors can be easily evaded by “packing ” the malicious payload in layers of...
Buffer Overrun Detection Using Linear Programming and Static Analysis (2006)
Ganapathy, Vinod, Jha, Somesh, Chandler, David, Melski, David, Vitek, David
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Automated Discovery of Mimicry Attacks (2006)
Giffin, Jonathon T., Jha, Somesh, Miller, Barton P.
Model-based anomaly detection systems restrict program execution by a predefined model of allowed system call sequences. These systems are useful only if they detect actual attacks. Previous research...
Reducing the Dependence of SPKI/SDSI on PKI (2006)
Wang, Hao, Jha, Somesh, Reps, Thomas, Schwoon, Stefan
Trust-management systems address the authorization problem in distributed systems. They offer several advantages over other approaches, such as support for delegation and making authorization...
Backtracking algorithmic complexity attacks against a nids (2006)
Randy Smith, Cristian Estan, Somesh Jha
Network Intrusion Detection Systems (NIDS) have become crucial to securing modern networks. To be effective, a NIDS must be able to counter evasion attempts and operate at or near wire-speed. Failure...
NetSpy: Automatic generation of spyware signatures for NIDS (2006)
Hao Wang, Somesh Jha, Vinod Ganapathy
We present NetSpy, a tool to automatically generate network-level signatures for spyware. NetSpy determines whether an untrusted program is spyware by correlating user input with network traffic...
Weighted Pushdown Systems and Trust-Management Systems (2006)
Somesh Jha, Stefan Schwoon, Hao Wang, Thomas Reps
The authorization problem is to decide whether, according to a security policy, some principal should be allowed access to a resource. In the trustmanagement system SPKI/SDSI, the security policy is...
Towards automatic generation of vulnerability-based signatures (2006)
David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha
In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work...
Towards automatic generation of vulnerability-based signatures (2006)
David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha
In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work...
Retrofitting legacy code for authorization policy enforcement (2006)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
Researchers have long argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of...
Automated discovery of mimicry attacks (2006)
Jonathon T. Giffin, Somesh Jha, Barton P. Miller
Abstract. Model-based anomaly detection systems restrict program execution by a predefined model of allowed system call sequences. These systems are useful only if they detect actual attacks....
Retrofitting legacy code for authorization policy enforcement (2006)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic...
Towards automatic generation of vulnerability-based signatures (2006)
David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha
In this paper we explore the problem of creating vulnerability signatures. A vulnerability signature matches all exploits of a given vulnerability, even polymorphic or metamorphic variants. Our work...
Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures (2006)
David Brumley, James Newsome, Dawn Song, Hao Wang, Somesh Jha
01-1-0708. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and
Semantics-Aware Malware Detection (2005)
Mihai Christodorescu, Somesh Jha, Sanjit A, Seshia Dawn Song, Randal E. Bryant
2 Semantics of malware detection
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component,...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
A Logic of File Systems (2005)
Years of innovation in file systems have been highly successful in improving their performance and functionality, but at the cost of complicating their interaction with the disk. A variety of...
An architecture for generating semantic-aware signatures (2005)
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha
Identifying new intrusion exploits and developing effective detection signatures for them is essential for protecting computer networks. We present Nemean, a system for automatic generation of...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy Sanjit, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component,...
Reducing the Dependence of Trust-Management Systems on PKI (2005)
Hao Wang Somesh, Hao Wang, Somesh Jha, Thomas Reps, Stefan Schwoon, Stuart Stubblebine
Trust-management systems address the authorization problem in distributed systems by defining a formal language for expressing authorization and access-control policies, and relying on an algorithm...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component,...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
Mihai Christodorescu, Johannes Kinder, Somesh Jha, Stefan Katzenbeisser, Helmut Veith
Malware is code designed for a malicious purpose, such as obtaining root privilege on a host. A malware detector identifies malware and thus prevents it from adversely affecting a host. In order to...
An architecture for generating semantics-aware signatures (2005)
Vinod Yegneswaran, Jonathon T. Giffin, Paul Barford, Somesh Jha
Identifying new intrusions and developing effective signatures that detect them is essential for protecting computer networks. We present Nemean, a system for automatic generation of intrusion...
A Logic of File Systems (2005)
Years of innovation in file systems have been highly successful in improving their performance and functionality, but at the cost of complicating their interaction with the disk. A variety of...
Automatic Discovery of API-Level Exploits (2005)
Vinod Ganapathy, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
Environment-sensitive intrusion detection (2005)
Jonathon T. Giffin, David Dagon, Somesh Jha, Wenke Lee, Barton P. Miller
Abstract. We perform host-based intrusion detection by constructing a model from a program’s binary code and then restricting the program’s execution by the model. We improve the effectiveness of...
An Iterative Framework for Simulation Conformance (2005)
Chaki, Sagar, Clarke, Edmund, Jha, Somesh, Veith, Helmut
MAGIC is a software verification project for C source code which verifies conformance of software components against statemachine specifications. To this aim, MAGIC extracts abstract software models...
Formalizing sensitivity in static analysis for intrusion detection (2004)
Henry Hanping Feng, Jonathon T. Giffin, Yong Huang, Somesh Jha, Wenke Lee, Barton P. Miller
Security policy reconciliation in distributed computing environments (2004)
Hao Wang, Somesh Jha, Miron Livny
A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving...
Testing Malware Detectors (2004)
Mihai Christodorescu, Somesh Jha
In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the...
Formalizing Sensitivity in Static Analysis for Intrusion Detection (2004)
Henry Hanping Feng, Jonathon T. Giffin, Yong Huang, Somesh Jha, Wenke Lee, Barton P. Miller
A key function of a host-based intrusion detection system is to monitor program execution. Models constructed using static analysis have the highly desirable feature that they do not produce false...
Modular Verification of Software Components in C (2004)
Sagar Chaki, Edmund Clarke, Alex Groce, Somesh Jha, Helmut Veith
We present a new methodology for automatic verification of C programs against finite state machine specifications. Our approach is compositional, naturally enabling us to decompose the verification...
Automatic Discovery of API-Level Vulnerabilities (2004)
Vinod Ganapathy Sanjit, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
A system is vulnerable to an API-level attack if its security can be compromised by invoking an allowed sequence of operations from its API. We present a formal framework to model and analyze APIs,...
Fusion and Filtering in Distributed Intrusion Detection Systems (2004)
Paul Barford, Somesh Jha, Vinod Yegneswara
False alarms and timely identification of new attacks are two of the biggest challenges to the effective use of network intrusion detection systems (NIDS). A potential means for addressing these...
Automatic Discovery of API-Level Vulnerabilities (2004)
Vinod Ganapathy Sanjit, Sanjit A. Seshia, Somesh Jha, Thomas W. Reps, Al E. Bryant
A system is vulnerable to an API-level attack if its security can be compromised by invoking an allowed sequence of operations from its API. We present a formal framework to model and analyze APIs,...
Security policy reconciliation in distributed computing environments (2004)
Hao Wang, Somesh Jha, Miron Livny
A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving...
Attack generation for NIDS testing using natural deduction (2004)
Shai Rubin, Somesh Jha, Barton P. Miller
Abstract A common way to elude a signature-based NIDS is to transform an attack instance that the NIDSrecognizes into another instance that it fails to recognize. For example, to avoid matching...
Global Intrusion Detection in the DOMINO Overlay System (2004)
Vinod Yegneswaran, Paul Barford, Somesh Jha
Sharing data between widely distributed intrusion detection systems offers the possibility of significant improvements in speed and accuracy over isolated systems. In this paper, we describe and...
Attack generation for NIDS testing using natural deduction (2004)
Shai Rubin, Somesh Jha, Barton P. Miller
A common way to elude a signature-based NIDS is to transform an attack instance that the NIDS recognizes into another instance that it fails to recognize. For example, to avoid matching between the...
Efficient context-sensitive intrusion detection (2004)
Jonathon T. Giffin, Somesh Jha, Barton P. Miller
Model-based intrusion detection compares a process’s execution against a program model to detect intrusion attempts. Models constructed from static program analysis have historically traded...
Formalizing sensitivity in static analysis for intrusion detection (2004)
Henry Hanping Feng, Jonathon T. Giffin, Yong Huang, Somesh Jha, Wenke Lee, Barton P. Miller
A key function of a host-based intrusion detection system is to monitor program execution. Models constructed using static analysis have the highly desirable feature that they do not produce false...
Efficient context-sensitive intrusion detection (2004)
Jonathon T. Giffin, Somesh Jha, Barton P. Miller
Model-based intrusion detection compares a process’s execution against a program model to detect intrusion attempts. Models constructed from static program analysis have historically traded...
Efficient Context-Sensitive Intrusion Detection (2004)
Jonathon T. Giffin, Somesh Jha, Barton P. Miller
Model-based intrusion detection compares a process's execution against a program model to detect intrusion attempts. Models constructed from static program analysis have historically traded...
Global Intrusion Detection in the DOMINO Overlay System (2004)
Vinod Yegneswaran, Paul Barford, Somesh Jha
Sharing data between widely distributed intrusion detection systems offers the possibility of significant improvements in speed and accuracy over isolated systems. In this paper, we describe and...
Static Analysis of Executables to Detect Malicious Patterns (2003)
Mihai Christodorescu, Somesh Jha
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Static Analysis of Executables to Detect Malicious Patterns (2003)
Mihai Christodorescu, Somesh Jha
Permission is granted for noncommercial reproduction of the work for educational or research purposes.
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Weighted pushdown systems and their application to interprocedural dataflow analysis (2003)
Thomas Reps, Stefan Schwoon, Somesh Jha
Abstract. Recently, pushdown systems (PDSs) have been extended to weighted PDSs, in which each transition is labeled with a value, and the goal is to determine the meet-over-allpaths value (for paths...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
Vinod Ganapathy, Somesh Jha, David Ch, David Melski, David Vitek
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Modular Verification of Software Components in C (2003)
Sagar Chaki Edmund, Edmund Clarke, Alex Groce, Somesh Jha, Tu Vienna
We present a new methodology for automatic verification of C programs against finite state machine specifications. Our approach is compositional, naturally enabling us to decompose the verification...
Static Analysis of Executables to Detect Malicious Patterns (2003)
Mihai Christodorescu, Somesh Jha
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an...
Static Analysis of Executables to Detect Malicious Patterns (2003)
Mihai Christodorescu, Somesh Jha
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an...
Counterexample-Guided Abstraction Refinement for Symbolic Model Checking (2003)
Edmund Clarke, Yuan Lu, Orna Grumberg, Somesh Jha, Helmuth Veith
The state explosion problem remains a major hurdle in applying symbolic model checking to large hardware designs. State space abstraction, having been essential for verifying designs of industrial...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
Vinod Ganapathy, Somesh Jha, David Ch, David Melski, David Vitek
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a scalable analysis based on modeling C string manipulations as a...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
Vinod Ganapathy, Somesh Jha, David Ch, David Melski, David Vitek
Static Analysis of Executables to Detect Malicious Patterns (2003)
Mihai Christodorescu, Somesh Jha
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an...
Static Analysis of Executables to Detect Malicious Patterns (2003)
Mihai Christodorescu, Somesh Jha
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an...
Static Analysis of Executables to Detect Malicious Patterns (2003)
Mihai Christodorescu, Somesh Jha
Abstract Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a uniqueviewpoint on malicious code detection. We regard malicious code detection as an...
Buffer Overrun Detection using Linear Programming and Static Analysis (2003)
This paper addresses the issue of identifying buffer overrun vulnerabilities by statically analyzing C source code. We demonstrate a light-weight analysis based on modeling C string manipulations as...
Weighted pushdown systems and their application to interprocedural dataflow analysis (2003)
Thomas Reps, Stefan Schwoon, Somesh Jha
Abstract. Recently, pushdown systems (PDSs) have been extended to weighted PDSs, in which each transition is labeled with a value, and the goal is to determine the meet-over-allpaths value (for paths...
Efficient Type Matching (2002)
Somesh Jha, Jens Palsberg, Tian Zhao
Palsberg and Zhao [17] presented an O(n ) time algorithm for matching two recursive types. In this paper, we present an O(n log n) algorithm for the same problem. Our algorithm works by reducing the...
Tree-Like Counterexamples in Model Checking (2002)
Edmund Clarke, Yuan Lu, Broadcom Com, Helmut Veith, Somesh Jha
Counterexamples for specification violations provide engineers with important debugging information. Although counterexamples are considered one of the main advantages of model checking, state-of the...
Efficient type matching (2002)
Somesh Jha, Jens Palsberg, Tian Zhao
Abstract. Palsberg and Zhao [17] presented an O(n 2) time algorithm for matching two recursive types. In this paper, we present an O(n log n) algorithm for the same problem. Our algorithm works by...
Detecting manipulated remote call streams (2002)
Jonathon T. Giffin, Somesh Jha, Barton P. Miller
In the Internet, mobile code is ubiquitous and includes such examples as browser plug-ins, Java applets, and document macros. In this paper, we address an important vulnerability in mobile code...
Somesh Jha, Jens Palsberg, Tian Zhao
Palsberg and Zhao [14] presented an O(n 2) time algorithm for matching two recursive types. In this paper, we present an O(n log n) algorithm for the same problem. Our algorithm works by reducing the...
Survivability Analysis of Networked Systems (2001)
Survivability is the ability of a system to continue operating despite the presence of abnormal events such as failures and intrusions. Ensuring system survivability has increased in importance as...
From Authentication to Authorization (2001)
PKIs focus on establishing a link between an entity and a key. Hence, PKIs provide a mechanism for entity identification by providing a link between an entity and a key. However, the real requirement...
Efficient Filtering in Publish-Subscribe Systems using Binary Decision Diagrams (2001)
Alexis Campailla, Sagar Chaki, Edmund Clarke, Somesh Jha
Implicit invocation or publish-subscribe has become an important architectural style for large-scale system design and evolution. The publish-subscribe style facilitates developing large-scale...
Partial Order Reductions for Security Protocol Verification (2000)
Edmund Clarke, Somesh Jha, Will Marrero
emc,sjha,marrero£ Abstract. In this paper we explore partial order reduction that make the task of verifying cryptographic protocols more efficient. These reduction techniques have been implemented...
Partial Order Reductions for Security Protocol Verification (2000)
Edmund Clarke, Somesh Jha, Will Marrero
Abstract. In this paper we explore partial order reduction that make the task of verifying cryptographic protocols more efficient. These reduction techniques have been implemented in our tool BRUTUS....
Counterexample-guided Abstraction Refinement (2000)
Edmund M. Clarke, Orna Grumberg, Somesh Jha, Yuan Lu, Helmut Veith
We present an automatic iterative abstraction-refinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified....
Partial Order Reductions for Security Protocol Verification (2000)
Edmund Clarke Somesh, Edmund Clarke, Somesh Jha, Will Marrero
In this paper we explore partial order reduction that make the task of verifying cryptographic protocols more efficient. These reduction techniques have been implemented in our tool BRUTUS. Although...
Software Design as an Investment Activity: A Real Options Perspective (1999)
Kevin Sullivan, Prasad Chalasani, Somesh Jha, Vibha Sazawal
Many important software design guidelines remain without adequate theoretical or conceptual foundations. Important but inadequately formulated concepts include information hiding (Parnas, 1972 and...
Randomized stopping times and American option pricing with transaction costs (1999)
In a general discrete-time market model with proportional transaction costs, we derive new expectation representations of the range of arbitrage-free prices of an arbitrary American option. The upper...
In a general discrete-time market model with proportional transaction costs, we derive new expectation representations of the range of arbitrage-free prices of an arbitrary American option. A...
Technique For Using, Edmund Clarke, Somesh Jha, Yuan Lu, Dong Wang
We pr o of a new metho do o fo explo ting abstractio n in the c o text ofo del-checking. Our new technique uses abstract BDDs as its underlying data structure. We sho w that this technique builds a...
The Options Approach to Software Prototyping Decisions. (1998)
Chalasani, Prasad, Jha, Somesh, Sullivan, Kevin
Abstract Prototyping is often used to predict, or reduce the uncertainty over, the future profitability of a software design choice. Boehm 1 pioneered the use of techniques from statistical decision...
Environment-Sensitive Intrusion Detection (1998)
Giffin, Jonathan T., Dagon, David, Jha, Somesh, Lee, Wenke, Miller, Barton P.
We perform host-based intrusion detection by constructing a model from a program s binary code and then restricting the program s execution by the model. We improve the effectiveness of such...
Formalizing Sensitivity in Static Analysis for Intrusion Detection (1998)
Feng, Henry H., Giffin, Jonathon T., Huang, Yong, Jha, Somesh, Lee, Wenke, Miller, Barton P.
A key function of a host-based intrusion detection system is to monitor program execution. Models constructed using static analysis have the highly desirable feature that they do not produce false...
An Architecture for Generating Semantics-Aware Signatures (1998)
Yegneswaran, Vinod, Giffin, Jonathon T., Barford, Paul, Jha, Somesh
Identifying new intrusions and developing effective signatures that detect them is essential for protecting computer networks. We present Nemean, a system for automatic generation of intrusion...
Static Analysis of Executables to Detect Malicious Patterns (1998)
Christodorescu, Mihai, Jha, Somesh
Malicious code detection is a crucial component of any defense mechanism. In this paper, we present a unique viewpoint on malicious code detection. We regard malicious code detection as an...
Security Policy Reconciliation in Distributed Computing Environments (1998)
Wang, Hao, Jha, Somesh, Livny, Miron, McDaniel, Patrick D.
A major hurdle in sharing resources between organizations is heterogeneity. Therefore, in order for two organizations to collaborate their policies have to be resolved. The process of resolving...
Weighted Pushdown Systems and Their Application to Interprocedural Dataflow Analysis (1998)
Reps, Thomas, Schwoon, Stefan, Jha, Somesh
Recently, pushdown systems (PDSs) have been extended to weighted PDSs, in which each transition is labeled with a value, and the goal is to determine the meet-over-allpaths value (for paths that meet...
Accurate Approximations for European-Style Asian Options, (1998)
Chalasani, Prasad, Jha, Somesh, Varikooty, Ashok
In the binomial tree model, we provide efficient algorithms for computing an accurate lower bound for the value of a European-style Asian option with either a fixed or a floating strike. These...
Isomorph-free Model Enumeration: A New Method for Checking Relational Specifications (1998)
Daniel Jackson, Somesh Jha, Craig A. Damon
Software specifications often involve data structures with huge numbers of values, and consequently they cannot be checked using standard state exploration or model-checking techniques. Data...
Onn Shehory, Katia Sycara, Prasad Chalasani, Somesh Jha
Multi-agent systems are subject to performance bottlenecks in cases where agents cannot perform tasks by themselves due to insufficient resources. Solutions to such problems include passing tasks to...
Formal analysis of branch prediction algorithm (1998)
Somesh Jha, Yuan Lu, Edmund M. Clarke
In modern microprocessors deep pipelines are widely used to speed up execution. The importance of a good branch predictor to the effectiveness of a deep pipeline in the presence of conditional...
Strategies for Querying Information Agents (1998)
Prasad Chalasani, Somesh Jha, Onn Shehory, Katia Sycara
. In a simple cooperative MAS model where a collection of "querying agents" can send queries to a collection of "information agents", we formalize the problem of designing...
Agent Cloning: An Approach to Agent Mobility and Resource Allocation (1998)
Onn Shehory, Katia Sycara, Prasad Chalasani, Somesh Jha
Multi-agent systems (MAS) are subject to performance bottlenecks in cases where agents cannot perform tasks by themselves due to insufficient resources. Solutions to such problems include passing...
A Refined Binomial Lattice for Pricing American Asian Options (1998)
We present simple and fast algorithms for computing very tight upper and lower bounds on the prices of American Asian options in the binomial model. We introduce a new refined version of the...
Accurate Approximations for European Asian Options (1998)
Prasad Chalasani, Somesh Jha, Ashok Varikooty
In the n-period binomial tree model, we provide fast algorithms to compute very accurate lower and upper bounds on the value of a European-style Asian option. These algorithms are inspired by the...
Strategies for Querying Information Agents (1998)
Prasad Chalasani, Somesh Jha, Onn Shehory, Katia Sycara
. In a simple cooperative MAS model where a collection of "querying agents" can send queries to a collection of "information agents", we formalize the problem of designing...
Multi-agent Coordination through Coalition Formation (1998)
Onn M. Shehory, Katia Sycara, Somesh Jha
Incorporating coalition formation algorithms into agent systems shall be advantageous due to the consequent increase in the overall quality of task performance. Coalition formation was addressed in...
Commerce Protocols, Edmund Clarke, Somesh Jha, Will Marrero
A number of researchers have proposed various tools for checking security protocols. Most of these tools work by comparing the set of possible traces (as expressed by some model of computation) to...
Strategies for querying information agents (1998)
Prasad Chalasani, Somesh Jha, Onn Shehory, Katia Sycara
Abstract. In a simple cooperative MAS model where a collection of “querying agents ” can send queries to a collection of “information agents”, we formalize the problem of designing strategies...
Strategies for querying information agents (1998)
Prasad Chalasani, Somesh Jha, Onn Shehory, Katia Sycara
Abstract. In a simple cooperative MAS model where a collection of “querying agents ” can send queries to a collection of “information agents”, we formalize the problem of designing strategies...
Strategies for querying information agents (1998)
Prasad Chalasani, Somesh Jha, Onn Shehory, Katia Sycara
Abstract. In a simple cooperative MAS model where a collection of “querying agents ” can send queries to a collection of “information agents”, we formalize the problem of designing strategies...
Model Checking for Security Protocols, (1997)
Marrero, Will, Clarke, Edmund, Jha, Somesh
As more resources are added to compiler networks and as more vendors look to the World Wide Web as a viable marketplace the importance of being able to restrict access and to insure some kind of...
Model Checking Algorithms for the mu-Calculus, (1997)
Berezin, Sergey, Clarke, Edmund, Jha, Somesh, Marrero, Will
The propositional mu-calculus is a powerful language for expressing properties of transition systems by using least and greatest fixpoint operators. Recently, the mu-calculus has generated much...
Query Restart Strategies for Web Agents (1997)
Prasad Chalasani, Somesh Jha, Onn Shehory, Katia Sycara
With the explosive growth of the internet, autonomous agents will increasingly need strategies for efficiently retrieving information. The time an agent (or server) takes to answer a query issued to...
Combining Partial Order and Symmetry Reductions (1997)
E. Allen Emerson, Somesh Jha, Doron Peled
. Partial order based reduction techniques to reduce time and memory in model-checking procedures are becoming quite popular. Partial order reduction techniques exploit the independence of actions....
An Options Approach to Software Prototyping (1997)
Prasad Chalasani, Somesh Jha, Kevin Sullivan
Prototyping is often used to predict, or reduce the uncertainty over, the future profitability of a software design choice. Boehm [3] pioneered the use of techniques from Bayesian decision theory to...
Model Checking for Security Protocols (1997)
Will Marrero Edmund, Edmund Clarke, Somesh Jha
As more resources are added to computer networks, and as more vendors look to the World Wide Web as a viable marketplace, the importance of being able to restrict access and to insure some kind of...
The Options Approach to Software Prototyping Decisions (1997)
Prasad Chalasani Somesh, Prasad Chalasani, Somesh Jha, Kevin Sullivan
Prototyping is often used to predict, or reduce the uncertainty over, the future profitability of a software design choice. Boehm [1] pioneered the use of techniques from statistical decision theory...
Accurate Approximations for European-Style Asian Options (1997)
Prasad Chalasani Somesh, Prasad Chalasani, Somesh Jha, Ashok Varikooty
In the binomial tree model, we provide efficient algorithms for computing an accurate lower bound for the value of a European-style Asian option with either a fixed or a floating strike. These...
The Options Approach to Software Prototyping Decisions (1997)
Prasad Chalasani, Somesh Jha, Kevin Sullivan
Prototyping is often used to predict, or reduce the uncertainty over, the future profitability of a software design choice. Boehm [1] pioneered the use of techniques from statistical decision theory...
Model Checking for Security Protocols (1997)
Will Marrero, Edmund Clarke, Somesh Jha
As more resources are added to computer networks, and as more vendors look to the World Wide Web as a viable marketplace, the importance of being able to restrict access and to insure some kind of...
Accurate Approximations for European-Style Asian Options (1997)
Prasad Chalasani, Somesh Jha, Ashok Varikooty
In the binomial tree model, we provide efficient algorithms for computing an accurate lower bound for the value of a European-style Asian option with either a fixed or a floating strike. These...
Model Checking for Security Protocols (1997)
Will Marrero, Edmund Clarke, Somesh Jha
As more resources are added to computer networks, and as more vendors look to the World Wide Web as a viable marketplace, the importance of being able to restrict access and to insure some kind of...
An Options Approach to Software Prototyping (1997)
Prasad Chalasani, Somesh Jha, Kevin Sullivan
Prototyping is often used to predict, or reduce the uncertainty over, the future profitability of a software design choice. Boehm [3] pioneered the use of techniques from Bayesian decision theory to...
Multi-agent coordination through coalition formation (1997)
Onn M. Shehory, Katia Sycara, Somesh Jha
Incorporating coalition formation algorithms into agent systems shall be advantageous due to the consequent increase in the overall quality of task performance. Coalition formation was addressed in...
A model checker for authentication protocols (1997)
Will Marrero, Edmund Clarke, Somesh Jha
As more resources are added to computer networks, and as more vendors look to the World Wide Web as a viable marketplace, the importance of being able to restrict access and to insure some kind of...
Model checking algorithms for the µ-calculus (1996)
Sergey Berezin, Edmund Clarke, Somesh Jha, Will Marrero
The propositional µ-calculus is a powerful language for expressing properties of transition systems by using least and greatest fixpoint operators. Recently, the µ-calculus has generated much...
Model Checking Algorithms for the µ-Calculus (1996)
Sergey Berezin, Edmund Clarke, Somesh Jha, Will Marrero
The propositional ¯-calculus is a powerful language for expressing properties of transition systems by using least and greatest fixpoint operators. Recently, the ¯-calculus has generated much...
Symmetry and Induction in Model Checking (1996)
Somesh Jha, Edmund M. Clarke, Stephen Brookes, Daniel Jackson, Robert Kurshan
With the increasing complexity of digital systems, testing of digital systems is becoming increasingly important. Perhaps, the most popular method for testing hardware is simulation. The...
Verification of the Futurebus+ Cache Coherence Protocol (1995)
Edmund Clarke Orna, Edmund M. Clarke, Orna Grumberg, Hiromi Hiraishi, Somesh Jha, David E. Long, ...
We used a hardware description language to construct a formal model of the cache coherence protocol described in the IEEE Futurebus+ standard. By applying temporal logic model checking techniques, we...
A Prover for VHDL-based Hardware Design (1995)
Rainer Schlör, Edmund M. Clarke, Orna Grumberg, Hiromi Hiraishi, Somesh Jha, David E. Long, ...
References
A Prover for VHDL-based Hardware Design (1995)
Rainer Schlör, Edmund M. Clarke, Orna Grumberg, Hiromi Hiraishi, Somesh Jha, David E. Long, ...
References
Improved Rational Two-Port Model of Uniform R-C-NR Structure (1985)
The indefinite admittance matrix of the uniform R-C-NR structure (1) is written in a modified manner. The new expressions for the admittance parameters are expanded utilizing the technique postulated...
Isomorph-free Model Enumeration: A New Method for Checking Relational Specifications
Daniel Jackson, Somesh Jha, Craig A. Damon
Software specifications often involve data structures with huge numbers of values, and consequently cannot be checked using standard state exploration or model checking techniques. Data structures...