Richard Johnson  How can we use the visualization tools we currently have more effectively?  How can the Software Development.

Slides:

Advertisements

Similar presentations

Saumya Debray The University of Arizona Tucson, AZ

Advertisements

Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.

Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.

Providing Geography for Topology; A Schematic View of the National Watershed Boundary Dataset (WBD) James E. Mitchell, Ph.D. IT GIS Manager Kurt L. Johnson.

SVG Graph Browsers Data Visualization and Exploration With Directed Graphs in SVG.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Graph Drawing Zsuzsanna Hollander. Reviewed Papers Effective Graph Visualization via Node Grouping Janet M. Six and Ioannis G. Tollis. Proc InfoVis 2001.

1 Presented by Jean-Daniel Fekete. 2  Motivation  Mélange [Elmqvist 2008] Multiple Focus Regions.

Midterm 2 Overview Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.

Graph Visualization cs5764: Information Visualization Chris North.

1 Chapter Seven Large and Fast: Exploiting Memory Hierarchy.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

Improving Network Applications Security: a New Heuristic to Generate Stress Testing Data Presented by Conrad Pack Del Grosso et al.

An Introduction to Software Visualization Dr. Jonathan I. Maletic Software DevelopMent Laboratory Department of Computer Science Kent State University.

7/2/2015cse deadlock © Perkins, DW Johnson and University of Washington1 Deadlock CSE 410, Spring 2008 Computer Systems

Visualization of Graph Data CS 4390/5390 Data Visualization Shirley Moore, Instructor October 6,

Chad Wickman Kent State University Hypertext and Writing.

AVERSTAR GROUP September 6, 2001NASA Software IV&V Facility1 SIAT C++ CSIP Presentation.

1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.

DEEDS Meeting Oct., 26th 2006 Dependable, Embedded Systems and Software Group Department of Computer Science Darmstadt University of Technology Summary.

The Six Essential Elements of Geography

Query Planning for Searching Inter- Dependent Deep-Web Databases Fan Wang 1, Gagan Agrawal 1, Ruoming Jin 2 1 Department of Computer.

Precision Going back to constant prop, in what cases would we lose precision?

INTERDISCIPLINARY SUMMER SCHOOL Concept Map Kojuri J M.D. Cardiologist.Interventionist Associate professor of SUMS.

Course Outline DayContents Day 1 Introduction Motivation, definitions, properties of embedded systems, outline of the current course How to specify embedded.

CMSC 345 Fall 2000 Unit Testing. The testing process.

Lecture 12: Network Visualization Slides are modified from Lada Adamic, Adam Perer, Ben Shneiderman, and Aleks Aris.

Software Testing Testing types Testing strategy Testing principles.

A Graph-based Friend Recommendation System Using Genetic Algorithm

Coping with Change: Preparing for Success on the Grade 10 Texas Assessment of Educational Knowledge and Skills.

UML diagrams What is UML UML diagrams –Static modeoing –Dynamic modeling 1.

SEMINAR WEI GUO. Software Visualization in the Large.

Media Arts and Technology Graduate Program UC Santa Barbara MAT 259 Visualizing Information Winter 2006George Legrady1 MAT 259 Visualizing Information.

1 What is OO Design? OO Design is a process of invention, where developers create the abstractions necessary to meet the system’s requirements OO Design.

1 Program Testing (Lecture 14) Prof. R. Mall Dept. of CSE, IIT, Kharagpur.

Logical view –show classes and objects Process view –models the executables Implementation view –Files, configuration and versions Deployment view –Physical.

Representing Uncertainty, Unknowns and Dynamics of Social Networks NX-Workshop on Social Network Analysis and Visualization for Public Safety 18 – 19 October.

Visualization of space-time patterns of West Nile virus Alan McConchie CPSC 533c: Information Visualization November 15, 2006.

System Testing Beyond unit testing. 2 System Testing Of the three levels of testing, system level testing is closest to everyday experience We evaluate.

A Generic Approach to Automatic Deobfuscation of Executable Code Paper by Babak Yadegari, Brian Johannesmeyer, Benjamin Whitely, Saumya Debray.

MK++ A High Assurance Operating System Kernel Shai Guday David Black.

Visualizing Large Dynamic Digraphs Michael Burch.

Generating Software Documentation in Use Case Maps from Filtered Execution Traces Edna Braun, Daniel Amyot, Timothy Lethbridge University of Ottawa, Canada.

Software Testing and Quality Assurance 1. What is the objectives of Software Testing?

Visualisation Reference Framework Mark Nixon, Martin Taylor, Margaret Varga, Jan Terje Bjørke and Amy Vanderbilt.

DeepBET Reverse-Engineering the Behavioral Targeting mechanisms of Ad Networks via Deep Learning Sotirios Chatzis Cyprus University of Technology.

High Performance Embedded Computing © 2007 Elsevier Lecture 10: Code Generation Embedded Computing Systems Michael Schulte Based on slides and textbook.

R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.

2/24/2016 A.Aruna/Assistant professor/IT/SNSCE 1.

“Niche Work” Graham J Wills, Lucent Technologies (Bell Lab)

CS223: Software Engineering Lecture 21: Unit Testing Metric.

1 Review and Summary We have covered a LOT of material, spending more time and more detail on 2D image segmentation and analysis, but hopefully giving.

Modelling and Solving Configuration Problems on Business

CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.

Fast Kernel-Density-Based Classification and Clustering Using P-Trees

Automated Testing Tool for UML Behavioral Descriptions

GTECH 709 GIS Data Formats GIS data formats

Program Slicing Baishakhi Ray University of Virginia

Human Complexity of Software

Binding Times Binding is an association between two things Examples:

Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.

Programming Languages

HW2: A prime path generator (Due Oct 6th 23:59)

The digital energy company

SeeSoft A Visualization Tool..

Presentation transcript:

Richard Johnson

 How can we use the visualization tools we currently have more effectively?  How can the Software Development Lifecycle benefit from visualizations?  What is the impact of visualizations on our software security processes?

 What is visualization?  Information transmission through imagery  Why is visualization important?  Visualizations utilize the mind’s most perceptive input mechanism  What are the challenges in visualization?  Create intuitive spatial mappings of non-spatial data  Retain clarity while presenting highly dimensional data

 Data Visualization

 Information Visualization

 Concept Visualization

 Strategy Visualization

 Metaphor Visualization

 Problem Space  Program Visualization  Algorithm Visualization  Sourcing Data  Static vs Dynamic data  Inaccurate analysis tools  The goal is always: Reduce Complexity!

 Structural Connectivity  Execution & Data Flow  Class Hierarchies  State Machine Models  Memory profile  Algorithm Complexity  Revision History  Age and authorship  Milestones in quality assurance

 Execution tracing  Code coverage  Indirect relationships  Dynamic dependencies  Memory tracing  Heap management patterns  Object instances  Taint propagation  Environment

 Attack Surface Area  Dataflow entry points  Privilege boundaries  Implementation Flaws  Arithmetic flaws  Comparison flaws  Unchecked user input  Exploitability  Execution environment  Compiler security  Reachability  History  Code age  Author credibility

 Hierarchical Layout  Layered by order of connectedness  Not for highly connected graphs

 Circular  Nodes aligned on circles  Clustering

 Orthogonal  Edges aligned on axes  Clustering

 Force Directed  Spring, Magnetic, and Gravitational force  Packing

 Hyperbolic Space  Clarity on center focus  Packing

 Higher Dimensional Space  Clarity with high connectivity  Multi-level views

 Nodes  Spatial coordinates  Spatial extents  Color  Shape  Edges  Color  Shape  Width  Style

 Nodes  Spatial coordinates  Spatial extents  Color  Shape  Edges  Color  Shape  Width  Style

 Nodes  Spatial coordinates  Spatial extents  Color  Shape  Edges  Color  Shape  Width  Style

 Observe binary interdependencies

 Acquire a method level control flow graph

 Reduce graph using code coverage data

 Trace dataflow dependency to discover taint propagation

 Use static analysis plugins to derive security properties such as GS and SafeSEH

 Analyze non-covered paths in tainted functions

 Examine source code where correlations occur

 Source Code Revision History  History Flow

 Source Code Revision History  History Flow

 State Machine Models  Thinking Machine

 State Machine Models  Thinking Machine

Richard Johnson