Model-based Testing - From Safety to Security
Size: px
Start display at page:

Download "Model-based Testing - From Safety to Security"

Transcription

1 Model-based Testing - From Safety to Security Josip Bozic, Franz Wotawa Graz University of Technology {jbozic, wotawa}@ist.tugraz.at October 24, 2012 Josip Bozic, Franz Wotawa October 24, 2012 Page 1/28

2 Introduction Objects of Research model-based testing SQL injection black-box testing white-box testing fuzzing mutation testing Josip Bozic, Franz Wotawa October 24, 2012 Page 2/28

3 Introduction Model-based Testing Active testing methodology with the objective to generate test suites from models of the SUT. When using models for test suite generation it can be guaranteed that the test suite is complete with respect to the given model. Some faults might still not be detected either because of shortcomings regarding the system s model or combinations of test inputs that make use of unintended interactions between the system under test and its environment. Josip Bozic, Franz Wotawa October 24, 2012 Page 3/28

4 Intention Exploit SQL injection (SQLI) vulnerabilities of a given application. Avoid SUTs built-in input filters, which check every submitted piece of data for suspiciousness. Definition of methods for generating inputs, which will be able to escape all predefined filters so a valid query may be submitted to the database, retrieving stored information (e.g. passwords etc.). Josip Bozic, Franz Wotawa October 24, 2012 Page 4/28

5 Model-based Fuzzing Testing technique, which generates random or semi-random inputs through a fuzz generator. White-box testing method: the structure of the SUT is known. The goal of a SQLI fuzzer is to modify a part of the structure of a SQL statement as a new input without violating its existing syntactic validity. Josip Bozic, Franz Wotawa October 24, 2012 Page 5/28

6 Model-based Fuzzing Approach Description Josip Bozic, Franz Wotawa October 24, 2012 Page 6/28

7 Model-based Fuzzing Approach Description Grammar-based white-box fuzzing method Josip Bozic, Franz Wotawa October 24, 2012 Page 6/28

8 Model-based Fuzzing Approach Description Grammar-based white-box fuzzing method Uses symbolic tokens and input grammar Josip Bozic, Franz Wotawa October 24, 2012 Page 6/28

9 Model-based Fuzzing Approach Description Grammar-based white-box fuzzing method Uses symbolic tokens and input grammar Josip Bozic, Franz Wotawa October 24, 2012 Page 6/28

10 Model-based Fuzzing Josip Bozic, Franz Wotawa October 24, 2012 Page 7/28

11 Model-based Fuzzing 1. Predefined input is symbolically executed. 2. Create constraints on inputs from conditional statements ( input filters). 3. Negation of constraints. 4. Processing in a constraint solver. Find a concrete input that satisfies the constraints according to the grammar. Josip Bozic, Franz Wotawa October 24, 2012 Page 8/28

12 Model-based Fuzzing Example: Given input filters: Initial input: Josip Bozic, Franz Wotawa October 24, 2012 Page 9/28

13 Model-based Fuzzing Example: Given input filters: Initial input: Define symbolic token constraints: Josip Bozic, Franz Wotawa October 24, 2012 Page 9/28

14 Model-based Fuzzing Example: Given input filters: Initial input: Define symbolic token constraints: Josip Bozic, Franz Wotawa October 24, 2012 Page 9/28

15 Model-based Fuzzing Example: Given input filters: Initial input: Define symbolic token constraints: Negate constraint in path Josip Bozic, Franz Wotawa October 24, 2012 Page 9/28

16 Model-based Fuzzing Example: Given input filters: Initial input: Define symbolic token constraints: Negate constraint in path Josip Bozic, Franz Wotawa October 24, 2012 Page 10/28

17 Model-based Fuzzing Example: Given input filters: Initial input: Define symbolic token constraints: Negate constraint in path Satisfy constraint according to grammar Josip Bozic, Franz Wotawa October 24, 2012 Page 10/28

18 Model-based Fuzzing Example: Given input filters: Initial input: Define symbolic token constraints: Negate constraint in path Satisfy constraint according to grammar Josip Bozic, Franz Wotawa October 24, 2012 Page 11/28

19 Model-based Fuzzing Example: Given input filters: Initial input: Define symbolic token constraints: Negate constraint in path Satisfy constraint according to grammar Josip Bozic, Franz Wotawa October 24, 2012 Page 12/28

20 Model-based Fuzzing Fillter white spaces: URL encode the apostrophe: Double-, triple- etc. encodings may be also applied on other input characters, thus getting a very huge number of possible input patterns. Josip Bozic, Franz Wotawa October 24, 2012 Page 13/28

21 Model Inference Assisted Evolutionary Fuzzing Black-box testing approach Combines the usage of model inference and an evolutionary algorithm (EA) in order to generate better input parameters Uses an attack grammar G for generating test cases Mutation of individuals from initial population pool: replacement, crossover Fitness function for evaluation of individual input parts from initial population Goal: reach all locations within a program Josip Bozic, Franz Wotawa October 24, 2012 Page 14/28

22 Model Inference Assisted Evolutionary Fuzzing Evolutionary algorithm 1. generate initial population of individuals 2. evaluate the fitness of each individual using a fitness function 3. select best-fit individuals for reproduction 4. apply mutation and crossover over parents new offspring 5. evaluate the individual fitness of new individuals 6. replace least-fit individuals with new ones new population Josip Bozic, Franz Wotawa October 24, 2012 Page 15/28

23 Model Inference Assisted Evolutionary Fuzzing 1. Infer a model of the SUT with tools from the SPaCIos project all state transitions are obtained. Josip Bozic, Franz Wotawa October 24, 2012 Page 16/28

24 Model Inference Assisted Evolutionary Fuzzing 1. Infer a model of the SUT with tools from the SPaCIos project all state transitions are obtained. Josip Bozic, Franz Wotawa October 24, 2012 Page 17/28

25 Model Inference Assisted Evolutionary Fuzzing 2. Navigate through the entire system for user-controlled input (username, password etc.). Josip Bozic, Franz Wotawa October 24, 2012 Page 18/28

26 Model Inference Assisted Evolutionary Fuzzing 2. Navigate through the entire system for user-controlled input (username, password etc.). Josip Bozic, Franz Wotawa October 24, 2012 Page 19/28

27 Model Inference Assisted Evolutionary Fuzzing 3. Apply fuzzing from the initial state: according to the attack grammar G, generate input parts of SQL statement. Josip Bozic, Franz Wotawa October 24, 2012 Page 20/28

28 Model Inference Assisted Evolutionary Fuzzing 3. Apply fuzzing from the initial state: according to the attack grammar G, generate input parts of SQL statement. Josip Bozic, Franz Wotawa October 24, 2012 Page 21/28

29 Model Inference Assisted Evolutionary Fuzzing Initial query: Josip Bozic, Franz Wotawa October 24, 2012 Page 22/28

30 Model Inference Assisted Evolutionary Fuzzing Initial query: First mutation: Josip Bozic, Franz Wotawa October 24, 2012 Page 22/28

31 Model Inference Assisted Evolutionary Fuzzing Initial query: First mutation: Second mutation: Josip Bozic, Franz Wotawa October 24, 2012 Page 22/28

32 Model Inference Assisted Evolutionary Fuzzing Initial query: First mutation: Second mutation: Crossover: Josip Bozic, Franz Wotawa October 24, 2012 Page 22/28

33 Model-based Mutation Testing Proposed approach White-box approach Uses attack model which describes concrete syntax and order of attacks includes input queries but also alternative attacking directions and bears all known types of filter techniques Generation process of test sequences is directed Level of randomness is minimized Grammar for test case generation Josip Bozic, Franz Wotawa October 24, 2012 Page 23/28

34 Model-based Mutation Testing Josip Bozic, Franz Wotawa October 24, 2012 Page 24/28

35 Model-based Mutation Testing The idea behind this method is to mutate the attack model, either by changing parts of SQL injection statements or by changing the order of the execution. Josip Bozic, Franz Wotawa October 24, 2012 Page 25/28

36 Model-based Mutation Testing Josip Bozic, Franz Wotawa October 24, 2012 Page 26/28

37 Conclusion and Future Work New ideas concerning the implementation of several model-based testing techniques regarding SQLI. The implementation is still an area with high demand for further scientific research. Cover practical problems and examine further fundamental research. The same techniques may also be applied for other security breaking methods. Josip Bozic, Franz Wotawa October 24, 2012 Page 27/28

38 Questions? Thank You / Vielen Dank! Josip Bozic, Franz Wotawa October 24, 2012 Page 28/28

Similar documents

Who are we? Cesena Security and Network Applications. Why join CeSeNA?

Who are we? Cesena Security and Network Applications. Why join CeSeNA? Unexpected inputs: the danger of data and code injection Who are we? Cesena Security and Network Applications We like computer security and we want to share our knowledge. Founded by Marco Ramilli in 2005.

More information

Abstract parsing: static analysis of dynamically generated string output using LR-parsing technology

Abstract parsing: static analysis of dynamically generated string output using LR-parsing technology Abstract parsing: static analysis of dynamically generated string output using LR-parsing technology Kyung-Goo Doh 1, Hyunha Kim 1, David A. Schmidt 2 1. Hanyang University, Ansan, South Korea 2. Kansas

More information

Lecture 9 Evolutionary Computation: Genetic algorithms

Lecture 9 Evolutionary Computation: Genetic algorithms Lecture 9 Evolutionary Computation: Genetic algorithms Introduction, or can evolution be intelligent? Simulation of natural evolution Genetic algorithms Case study: maintenance scheduling with genetic

More information

R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.

R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. 5 S O F T W A R E E N G I N E E R I N G B Y S O M M E R V I L L E S E

More information

Attack Graph Modeling and Generation

Attack Graph Modeling and Generation Attack Graph Modeling and Generation Ratnesh Kumar, Professor, IEEE Fellow Electrical and Computer Engineering, Iowa State University PhD Students: Mariam Ibrahim German Jordanian University Attack Graph:

More information

CSC 4510 Machine Learning

CSC 4510 Machine Learning 10: Gene(c Algorithms CSC 4510 Machine Learning Dr. Mary Angela Papalaskari Department of CompuBng Sciences Villanova University Course website: www.csc.villanova.edu/~map/4510/ Slides of this presenta(on

More information

GIS Functions and Integration. Tyler Pauley Associate Consultant

GIS Functions and Integration. Tyler Pauley Associate Consultant GIS Functions and Integration Tyler Pauley Associate Consultant Contents GIS in AgileAssets products Displaying data within AMS Symbolizing the map display Display on Bing Maps Demo- Displaying a map in

More information

Towards Lightweight Integration of SMT Solvers

Towards Lightweight Integration of SMT Solvers Towards Lightweight Integration of SMT Solvers Andrei Lapets Boston University Boston, USA lapets@bu.edu Saber Mirzaei Boston University Boston, USA smirzaei@bu.edu 1 Introduction A large variety of SMT

More information

DETECTING THE FAULT FROM SPECTROGRAMS BY USING GENETIC ALGORITHM TECHNIQUES

DETECTING THE FAULT FROM SPECTROGRAMS BY USING GENETIC ALGORITHM TECHNIQUES DETECTING THE FAULT FROM SPECTROGRAMS BY USING GENETIC ALGORITHM TECHNIQUES Amin A. E. 1, El-Geheni A. S. 2, and El-Hawary I. A **. El-Beali R. A. 3 1 Mansoura University, Textile Department 2 Prof. Dr.

More information

Normalization by Evaluation

Normalization by Evaluation Normalization by Evaluation Andreas Abel Department of Computer Science and Engineering Chalmers and Gothenburg University PhD Seminar in Mathematical Engineering EAFIT University, Medellin, Colombia 9

More information

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms Wen-ling Huang and Jan Peleska University of Bremen {huang,jp}@cs.uni-bremen.de MBT-Paradigm Model Is a partial

More information

Växjö University. Software Security Testing. A Flexible Architecture for Security Testing. School of Mathematics and System Engineering

Växjö University. Software Security Testing. A Flexible Architecture for Security Testing. School of Mathematics and System Engineering School of Mathematics and System Engineering Reports from MSI - Rapporter från MSI Växjö University Software Security Testing A Flexible Architecture for Security Testing Martin Andersson Aug 2008 MSI

More information

Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference

Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference David Poole University of British Columbia 1 Overview Belief Networks Variable Elimination Algorithm Parent Contexts

More information

Model-based Mutation Testing via Symbolic Refinement Checking

Model-based Mutation Testing via Symbolic Refinement Checking Model-based Mutation Testing via Symbolic Refinement Checking Bernhard K. Aichernig a, Elisabeth Jöbstl a, Stefan Tiran a,b a Institute for Software Technology, Graz University of Technology Inffeldgasse

More information

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees 1 / 35 A Stochastic Framework for Quantitative Analysis of R. Jhawar K. Lounis S. Mauw CSC/SnT University of Luxembourg Luxembourg Security and Trust of Software Systems, 2016 ADT2P & TREsPASS Project

More information

Genetic Algorithms. Donald Richards Penn State University

Genetic Algorithms. Donald Richards Penn State University Genetic Algorithms Donald Richards Penn State University Easy problem: Find the point which maximizes f(x, y) = [16 x(1 x)y(1 y)] 2, x, y [0,1] z (16*x*y*(1-x)*(1-y))**2 0.829 0.663 0.497 0.331 0.166 1

More information

Structural Induction

Structural Induction Structural Induction In this lecture we ll extend the applicability of induction to many universes, ones where we can define certain kinds of objects by induction, in addition to proving their properties

More information

The State Explosion Problem

The State Explosion Problem The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis

More information

Advanced Topics in LP and FP

Advanced Topics in LP and FP Lecture 1: Prolog and Summary of this lecture 1 Introduction to Prolog 2 3 Truth value evaluation 4 Prolog Logic programming language Introduction to Prolog Introduced in the 1970s Program = collection

More information

CS 243 Lecture 11 Binary Decision Diagrams (BDDs) in Pointer Analysis

CS 243 Lecture 11 Binary Decision Diagrams (BDDs) in Pointer Analysis CS 243 Lecture 11 Binary Decision Diagrams (BDDs) in Pointer Analysis 1. Relations in BDDs 2. Datalog -> Relational Algebra 3. Relational Algebra -> BDDs 4. Context-Sensitive Pointer Analysis 5. Performance

More information

Databases Exam HT2016 Solution

Databases Exam HT2016 Solution Databases Exam HT2016 Solution Solution 1a Solution 1b Trainer ( ssn ) Pokemon ( ssn, name ) ssn - > Trainer. ssn Club ( name, city, street, streetnumber ) MemberOf ( ssn, name, city ) ssn - > Trainer.

More information

Information Flow Analysis via Path Condition Refinement

Information Flow Analysis via Path Condition Refinement Information Flow Analysis via Path Condition Refinement Mana Taghdiri, Gregor Snelting, Carsten Sinz Karlsruhe Institute of Technology, Germany FAST September 16, 2010 KIT University of the State of Baden-Wuerttemberg

More information

Frequency-hiding Dependency-preserving Encryption for Outsourced Databases

Frequency-hiding Dependency-preserving Encryption for Outsourced Databases Frequency-hiding Dependency-preserving Encryption for Outsourced Databases ICDE 17 Boxiang Dong 1 Wendy Wang 2 1 Montclair State University Montclair, NJ 2 Stevens Institute of Technology Hoboken, NJ April

More information

Solving Extended Regular Constraints Symbolically

Solving Extended Regular Constraints Symbolically Solving Extended Regular Constraints Symbolically Margus Veanes Microsoft Research, Redmond 16 Dec 2009 Küberneetika Instituudi Seminar 1 Initial Motivation Test table and test data generation for SQL

More information

Smart Data Collection and Real-time Digital Cartography

Smart Data Collection and Real-time Digital Cartography Smart Data Collection and Real-time Digital Cartography Yuji Murayama and Ko Ko Lwin Division of Spatial Information Science Faculty of Life and Environmental Sciences University of Tsukuba IGU 2013 1

More information

ArchaeoKM: Managing Archaeological data through Archaeological Knowledge

ArchaeoKM: Managing Archaeological data through Archaeological Knowledge Computer Applications and Quantitative Methods in Archeology - CAA 2010 Fco. Javier Melero & Pedro Cano (Editors) ArchaeoKM: Managing Archaeological data through Archaeological Knowledge A. Karmacharya

More information

OECD QSAR Toolbox v.4.1. Tutorial on how to predict Skin sensitization potential taking into account alert performance

OECD QSAR Toolbox v.4.1. Tutorial on how to predict Skin sensitization potential taking into account alert performance OECD QSAR Toolbox v.4.1 Tutorial on how to predict Skin sensitization potential taking into account alert performance Outlook Background Objectives Specific Aims Read across and analogue approach The exercise

More information

OECD QSAR Toolbox v.4.1. Tutorial illustrating new options for grouping with metabolism

OECD QSAR Toolbox v.4.1. Tutorial illustrating new options for grouping with metabolism OECD QSAR Toolbox v.4.1 Tutorial illustrating new options for grouping with metabolism Outlook Background Objectives Specific Aims The exercise Workflow 2 Background Grouping with metabolism is a procedure

More information

Artificial Intelligence (AI) Common AI Methods. Training. Signals to Perceptrons. Artificial Neural Networks (ANN) Artificial Intelligence

Artificial Intelligence (AI) Common AI Methods. Training. Signals to Perceptrons. Artificial Neural Networks (ANN) Artificial Intelligence Artificial Intelligence (AI) Artificial Intelligence AI is an attempt to reproduce intelligent reasoning using machines * * H. M. Cartwright, Applications of Artificial Intelligence in Chemistry, 1993,

More information

Evolution & Natural Selection

Evolution & Natural Selection Evolution & Natural Selection Learning Objectives Know what biological evolution is and understand the driving force behind biological evolution. know the major mechanisms that change allele frequencies

More information

An Evolution Strategy for the Induction of Fuzzy Finite-state Automata

An Evolution Strategy for the Induction of Fuzzy Finite-state Automata Journal of Mathematics and Statistics 2 (2): 386-390, 2006 ISSN 1549-3644 Science Publications, 2006 An Evolution Strategy for the Induction of Fuzzy Finite-state Automata 1,2 Mozhiwen and 1 Wanmin 1 College

More information

Database Applications (15-415)

Database Applications (15-415) Database Applications (15-415) Relational Calculus Lecture 6, January 26, 2016 Mohammad Hammoud Today Last Session: Relational Algebra Today s Session: Relational calculus Relational tuple calculus Announcements:

More information

Forecasting & Futurism

Forecasting & Futurism Article from: Forecasting & Futurism December 2013 Issue 8 A NEAT Approach to Neural Network Structure By Jeff Heaton Jeff Heaton Neural networks are a mainstay of artificial intelligence. These machine-learning

More information

Search. Search is a key component of intelligent problem solving. Get closer to the goal if time is not enough

Search. Search is a key component of intelligent problem solving. Get closer to the goal if time is not enough Search Search is a key component of intelligent problem solving Search can be used to Find a desired goal if time allows Get closer to the goal if time is not enough section 11 page 1 The size of the search

More information

Improved TBL algorithm for learning context-free grammar

Improved TBL algorithm for learning context-free grammar Proceedings of the International Multiconference on ISSN 1896-7094 Computer Science and Information Technology, pp. 267 274 2007 PIPS Improved TBL algorithm for learning context-free grammar Marcin Jaworski

More information

Program Analysis Part I : Sequential Programs

Program Analysis Part I : Sequential Programs Program Analysis Part I : Sequential Programs IN5170/IN9170 Models of concurrency Program Analysis, lecture 5 Fall 2018 26. 9. 2018 2 / 44 Program correctness Is my program correct? Central question for

More information

Computational Logic Fundamentals (of Definite Programs): Syntax and Semantics

Computational Logic Fundamentals (of Definite Programs): Syntax and Semantics Computational Logic Fundamentals (of Definite Programs): Syntax and Semantics 1 Towards Logic Programming Conclusion: resolution is a complete and effective deduction mechanism using: Horn clauses (related

More information

Algorithms for Data Science

Algorithms for Data Science Algorithms for Data Science CSOR W4246 Eleni Drinea Computer Science Department Columbia University Tuesday, December 1, 2015 Outline 1 Recap Balls and bins 2 On randomized algorithms 3 Saving space: hashing-based

More information

Weak Synchronization & Synchronizability. Multi-tape Automata and Machines

Weak Synchronization & Synchronizability. Multi-tape Automata and Machines Weak Synchronization and Synchronizability of Multi-tape Automata and Machines Oscar H. Ibarra 1 and Nicholas Tran 2 1 Department of Computer Science University of California at Santa Barbara ibarra@cs.ucsb.edu

More information

OECD QSAR Toolbox v.4.0. Tutorial on how to predict Skin sensitization potential taking into account alert performance

OECD QSAR Toolbox v.4.0. Tutorial on how to predict Skin sensitization potential taking into account alert performance OECD QSAR Toolbox v.4.0 Tutorial on how to predict Skin sensitization potential taking into account alert performance Outlook Background Objectives Specific Aims Read across and analogue approach The exercise

More information

Verification of String Manipulating Programs Using Multi-Track Automata

Verification of String Manipulating Programs Using Multi-Track Automata Verification of String Manipulating Programs Using Multi-Track Automata Fang Yu University of California, Santa Barbara yuf@cs.ucsb.edu Tevfik Bultan University of California, Santa Barbara bultan@cs.ucsb.edu

More information

7 RC Simulates RA. Lemma: For every RA expression E(A 1... A k ) there exists a DRC formula F with F V (F ) = {A 1,..., A k } and

7 RC Simulates RA. Lemma: For every RA expression E(A 1... A k ) there exists a DRC formula F with F V (F ) = {A 1,..., A k } and 7 RC Simulates RA. We now show that DRC (and hence TRC) is at least as expressive as RA. That is, given an RA expression E that mentions at most C, there is an equivalent DRC expression E that mentions

More information

Mechanizing Elliptic Curve Associativity

Mechanizing Elliptic Curve Associativity Mechanizing Elliptic Curve Associativity Why a Formalized Mathematics Challenge is Useful for Verification of Crypto ARM Machine Code Joe Hurd Computer Laboratory University of Cambridge Galois Connections

More information

Genetic Engineering and Creative Design

Genetic Engineering and Creative Design Genetic Engineering and Creative Design Background genes, genotype, phenotype, fitness Connecting genes to performance in fitness Emergent gene clusters evolved genes MIT Class 4.208 Spring 2002 Evolution

More information

Fall 2003 BMI 226 / CS 426 LIMITED VALIDITY STRUCTURES

Fall 2003 BMI 226 / CS 426 LIMITED VALIDITY STRUCTURES Notes III-1 LIMITED VALIDITY STRUCTURES Notes III-2 TRAVELING SALESPERSON PROBLEM (TSP) Given a (symmetric) matrix of distances between N cities Salesperson is to visit each city once and only once Goal

More information

CS145 Midterm Examination

CS145 Midterm Examination S145 Midterm Examination Please read all instructions (including these) carefully. The exam is open book and open notes; any written materials may be used. There are four parts on the exam, with a varying

More information

Configuring LDAP Authentication in iway Service Manager

Configuring LDAP Authentication in iway Service Manager Configuring LDAP Authentication in iway Service Manager LDAP authentication in iway Service Manager (ism) allows ism to authenticate against LDAP and associate an LDAP ism role to the user. ism includes

More information

Gecco 2007 Tutorial / Grammatical Evolution

Gecco 2007 Tutorial / Grammatical Evolution Gecco 2007 Grammatical Evolution Tutorial Conor Ryan Biocomputing and Developmental Systems Group Department of Computer Science and Information Systems University of Limerick Copyright is held by the

More information

Grade 9 District Formative Assessment-Extended Response. Name Teacher

Grade 9 District Formative Assessment-Extended Response. Name Teacher Name Teacher /5 ER.DFA1.9.RST.04 Determine the meaning of symbols, key terms, and other domain-specific words and phrases as they are used in a specific scientific or technical context relevant to grades

More information

On computer aided knowledge discovery in logic and related areas

On computer aided knowledge discovery in logic and related areas Proceedings of the Conference on Mathematical Foundations of Informatics MFOI2016, July 25-29, 2016, Chisinau, Republic of Moldova On computer aided knowledge discovery in logic and related areas Andrei

More information

The PITA System for Logical-Probabilistic Inference

The PITA System for Logical-Probabilistic Inference The System for Logical-Probabilistic Inference Fabrizio Riguzzi 1 and Terrance Swift 2 1 EDIF University of Ferrara, Via Saragat 1, I-44122, Ferrara, Italy fabrizio.riguzzi@unife.it 2 CETRIA Universidade

More information

Koza s Algorithm. Choose a set of possible functions and terminals for the program.

Koza s Algorithm. Choose a set of possible functions and terminals for the program. Step 1 Koza s Algorithm Choose a set of possible functions and terminals for the program. You don t know ahead of time which functions and terminals will be needed. User needs to make intelligent choices

More information

Authentication. Chapter Message Authentication

Authentication. Chapter Message Authentication Chapter 5 Authentication 5.1 Message Authentication Suppose Bob receives a message addressed from Alice. How does Bob ensure that the message received is the same as the message sent by Alice? For example,

More information

Timo Latvala. March 7, 2004

Timo Latvala. March 7, 2004 Reactive Systems: Safety, Liveness, and Fairness Timo Latvala March 7, 2004 Reactive Systems: Safety, Liveness, and Fairness 14-1 Safety Safety properties are a very useful subclass of specifications.

More information

Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies

Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies Jun Dai, Xiaoyan Sun, and Peng Liu College of Information Sciences and Technology Pennsylvania State University,

More information

Evolutionary computation in high-energy physics

Evolutionary computation in high-energy physics Evolutionary computation in high-energy physics Liliana Teodorescu Brunel University, United Kingdom Abstract Evolutionary computation is a branch of computer science with which, traditionally, high-energy

More information

Integrating Induction and Deduction for Verification and Synthesis

Integrating Induction and Deduction for Verification and Synthesis Integrating Induction and Deduction for Verification and Synthesis Sanjit A. Seshia Associate Professor EECS Department UC Berkeley DATE 2013 Tutorial March 18, 2013 Bob s Vision: Exploit Synergies between

More information

Differential Privacy and Verification. Marco Gaboardi University at Buffalo, SUNY

Differential Privacy and Verification. Marco Gaboardi University at Buffalo, SUNY Differential Privacy and Verification Marco Gaboardi University at Buffalo, SUNY Given a program P, is it differentially private? P Verification Tool yes? no? Proof P Verification Tool yes? no? Given a

More information

OECD QSAR Toolbox v.3.2. Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding

OECD QSAR Toolbox v.3.2. Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding OECD QSAR Toolbox v.3.2 Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding Outlook Background Objectives Specific Aims The exercise Workflow

More information

Propositional Reasoning

Propositional Reasoning Propositional Reasoning CS 440 / ECE 448 Introduction to Artificial Intelligence Instructor: Eyal Amir Grad TAs: Wen Pu, Yonatan Bisk Undergrad TAs: Sam Johnson, Nikhil Johri Spring 2010 Intro to AI (CS

More information

Universität Augsburg

Universität Augsburg Universität Augsburg Algebraic Separation Logic H.-H. Dang P. Höfner B. Möller Report 2010-06 July 2010 Institut für Informatik D-86135 Augsburg Copyright c H.-H. Dang P. Höfner B. Möller Institut für

More information

Erly Marsh - a Model-Based Testing tool. Johan Blom, PhD

Erly Marsh - a Model-Based Testing tool. Johan Blom, PhD Erly Marsh - a Model-Based Testing tool Johan Blom, PhD 1 Motivation Mobile Arts Develops server software for mobile telecom operators (Location server, SMSC etc.) Implementations rather big and complicated

More information

Advanced DB CHAPTER 5 DATALOG

Advanced DB CHAPTER 5 DATALOG Advanced DB CHAPTER 5 DATALOG Datalog Basic Structure Syntax of Datalog Rules Semantics of Nonrecursive Datalog Safety Relational Operations in Datalog Recursion in Datalog The Power of Recursion A More

More information

On the Probabilistic Symbolic Analysis of Software. Corina Pasareanu CMU-SV NASA Ames

On the Probabilistic Symbolic Analysis of Software. Corina Pasareanu CMU-SV NASA Ames On the Probabilistic Symbolic Analysis of Software Corina Pasareanu CMU-SV NASA Ames Probabilistic Symbolic Execution Quantifies the likelihood of reaching a target event e.g., goal state or assert violation

More information

Elite Galaxy Online. API Documentation v Elite Galaxy Online. All rights reserved

Elite Galaxy Online. API Documentation v Elite Galaxy Online. All rights reserved Elite Galaxy Online API Documentation v2.1 Contents 1. Version Control... 3 2. Overview of Elite Galaxy Online API... 4 3. Retrieving Data from Elite Galaxy Online... 5 3.1. Retrieving Star System Data...

More information

Efficient query evaluation

Efficient query evaluation Efficient query evaluation Maria Luisa Sapino Set of values E.g. select * from EMPLOYEES where SALARY = 1500; Result of a query Sorted list E.g. select * from CAR-IMAGE where color = red ; 2 Queries as

More information

Improving Effectiveness of Automated Software Testing in the Absence of Specifications

Improving Effectiveness of Automated Software Testing in the Absence of Specifications Improving Effectiveness of Automated Software ing in the Absence of Specifications Tao Xie Department of Computer Science North Carolina State University, Raleigh http://www.csc.ncsu.edu/faculty/xie/ 2005

More information

Processes of Evolution

Processes of Evolution 15 Processes of Evolution Forces of Evolution Concept 15.4 Selection Can Be Stabilizing, Directional, or Disruptive Natural selection can act on quantitative traits in three ways: Stabilizing selection

More information

Outline Introduction Background Related Rl dw Works Proposed Approach Experiments and Results Conclusion

Outline Introduction Background Related Rl dw Works Proposed Approach Experiments and Results Conclusion A Semantic Approach to Detecting Maritime Anomalous Situations ti José M Parente de Oliveira Paulo Augusto Elias Emilia Colonese Carrard Computer Science Department Aeronautics Institute of Technology,

More information

Geometric Semantic Genetic Programming (GSGP): theory-laden design of variation operators

Geometric Semantic Genetic Programming (GSGP): theory-laden design of variation operators Geometric Semantic Genetic Programming (GSGP): theory-laden design of variation operators Andrea Mambrini University of Birmingham, UK NICaiA Exchange Programme LaMDA group, Nanjing University, China 7th

More information

Detailed Chemical Kinetics in Multidimensional CFD Using Storage/Retrieval Algorithms

Detailed Chemical Kinetics in Multidimensional CFD Using Storage/Retrieval Algorithms 13 th International Multidimensional Engine Modeling User's Group Meeting, Detroit, MI (2 March 23) Detailed Chemical Kinetics in Multidimensional CFD Using Storage/Retrieval Algorithms D.C. Haworth, L.

More information

Evolutionary Algorithms

Evolutionary Algorithms Evolutionary Algorithms a short introduction Giuseppe Narzisi Courant Institute of Mathematical Sciences New York University 31 January 2008 Outline 1 Evolution 2 Evolutionary Computation 3 Evolutionary

More information

OECD QSAR Toolbox v.3.4. Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding

OECD QSAR Toolbox v.3.4. Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding OECD QSAR Toolbox v.3.4 Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding Outlook Background Objectives Specific Aims The exercise Workflow

More information

Non-linear Interpolant Generation and Its Application to Program Verification

Non-linear Interpolant Generation and Its Application to Program Verification Non-linear Interpolant Generation and Its Application to Program Verification Naijun Zhan State Key Laboratory of Computer Science, Institute of Software, CAS Joint work with Liyun Dai, Ting Gan, Bow-Yaw

More information

Evolutionary Computation: introduction

Evolutionary Computation: introduction Evolutionary Computation: introduction Dirk Thierens Universiteit Utrecht The Netherlands Dirk Thierens (Universiteit Utrecht) EC Introduction 1 / 42 What? Evolutionary Computation Evolutionary Computation

More information

Sequence Alignment: A General Overview. COMP Fall 2010 Luay Nakhleh, Rice University

Sequence Alignment: A General Overview. COMP Fall 2010 Luay Nakhleh, Rice University Sequence Alignment: A General Overview COMP 571 - Fall 2010 Luay Nakhleh, Rice University Life through Evolution All living organisms are related to each other through evolution This means: any pair of

More information

OECD QSAR Toolbox v.3.3. Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding

OECD QSAR Toolbox v.3.3. Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding OECD QSAR Toolbox v.3.3 Step-by-step example of how to build and evaluate a category based on mechanism of action with protein and DNA binding Outlook Background Objectives Specific Aims The exercise Workflow

More information

Minimization of Energy Loss using Integrated Evolutionary Approaches

Minimization of Energy Loss using Integrated Evolutionary Approaches Minimization of Energy Loss using Integrated Evolutionary Approaches Attia A. El-Fergany, Member, IEEE, Mahdi El-Arini, Senior Member, IEEE Paper Number: 1569614661 Presentation's Outline Aim of this work,

More information

INVARIANT SUBSETS OF THE SEARCH SPACE AND THE UNIVERSALITY OF A GENERALIZED GENETIC ALGORITHM

INVARIANT SUBSETS OF THE SEARCH SPACE AND THE UNIVERSALITY OF A GENERALIZED GENETIC ALGORITHM INVARIANT SUBSETS OF THE SEARCH SPACE AND THE UNIVERSALITY OF A GENERALIZED GENETIC ALGORITHM BORIS MITAVSKIY Abstract In this paper we shall give a mathematical description of a general evolutionary heuristic

More information

It s about time... The only timeline tool you ll ever need!

It s about time... The only timeline tool you ll ever need! It s about time... The only timeline tool you ll ever need! Introduction about me Jon Tomczak Senior Consultant Crypsis Game Dev turned Forensicator Past: Started TZWorks in 2006 Consultant at Mandiant

More information

Proposal to Include a Grid Referencing System in S-100

Proposal to Include a Grid Referencing System in S-100 1 st IHO-HSSC Meeting The Regent Hotel, Singapore, 22-24 October 2009 Paper for consideration by HSSC Proposal to Include a Grid Referencing System in S-100 Submitted by: Executive Summary: Related Documents:

More information

The Science of Biology. Chapter 1

The Science of Biology. Chapter 1 The Science of Biology Chapter 1 Properties of Life Living organisms: are composed of cells are complex and ordered respond to their environment can grow and reproduce obtain and use energy maintain internal

More information

Mutation-based spreadsheet debugging

Mutation-based spreadsheet debugging W I S S E N! T E C H N I K! L E I D E N S C H A F T Mutation-based spreadsheet debugging Birgit Hofer and Franz Wotawa, Institute for Software Technology, {bhofer,wotawa}@ist.tugraz.at!! www.tugraz.at

More information

Introduction to Optimization

Introduction to Optimization Introduction to Optimization Blackbox Optimization Marc Toussaint U Stuttgart Blackbox Optimization The term is not really well defined I use it to express that only f(x) can be evaluated f(x) or 2 f(x)

More information

Knowledge-based Agents. CS 331: Artificial Intelligence Propositional Logic I. Knowledge-based Agents. Outline. Knowledge-based Agents

Knowledge-based Agents. CS 331: Artificial Intelligence Propositional Logic I. Knowledge-based Agents. Outline. Knowledge-based Agents Knowledge-based Agents CS 331: Artificial Intelligence Propositional Logic I Can represent knowledge And reason with this knowledge How is this different from the knowledge used by problem-specific agents?

More information

CS 331: Artificial Intelligence Propositional Logic I. Knowledge-based Agents

CS 331: Artificial Intelligence Propositional Logic I. Knowledge-based Agents CS 331: Artificial Intelligence Propositional Logic I 1 Knowledge-based Agents Can represent knowledge And reason with this knowledge How is this different from the knowledge used by problem-specific agents?

More information

Genetic Algorithm: introduction

Genetic Algorithm: introduction 1 Genetic Algorithm: introduction 2 The Metaphor EVOLUTION Individual Fitness Environment PROBLEM SOLVING Candidate Solution Quality Problem 3 The Ingredients t reproduction t + 1 selection mutation recombination

More information

7. Propositional Logic. Wolfram Burgard and Bernhard Nebel

7. Propositional Logic. Wolfram Burgard and Bernhard Nebel Foundations of AI 7. Propositional Logic Rational Thinking, Logic, Resolution Wolfram Burgard and Bernhard Nebel Contents Agents that think rationally The wumpus world Propositional logic: syntax and semantics

More information

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte and Frank D. Valencia INRIA /CNRS and LIX, Ecole Polytechnique Motivation Concurrent

More information

Spatial Data Management of Bio Regional Assessments Phase 1 for Coal Seam Gas Challenges and Opportunities

Spatial Data Management of Bio Regional Assessments Phase 1 for Coal Seam Gas Challenges and Opportunities Spatial Data Management of Bio Regional Assessments Phase 1 for Coal Seam Gas Challenges and Opportunities By Dr Zaffar Sadiq Mohamed-Ghouse Principal Consultant, Spatial & IT, GHD zaffar.sadiq@ghd.com

More information

Query-based Learning of XPath Expressions

Query-based Learning of XPath Expressions Query-based Learning of XPath Expressions Julien Carme, Michal Ceresna, and Max Goebel Database and Artificial Intelligence Group Vienna University of Technology Abstract. XML is data format for storing

More information

Local Search & Optimization

Local Search & Optimization Local Search & Optimization CE417: Introduction to Artificial Intelligence Sharif University of Technology Spring 2017 Soleymani Artificial Intelligence: A Modern Approach, 3 rd Edition, Chapter 4 Outline

More information

OECD QSAR Toolbox v.3.0

OECD QSAR Toolbox v.3.0 OECD QSAR Toolbox v.3.0 Step-by-step example of how to categorize an inventory by mechanistic behaviour of the chemicals which it consists Background Objectives Specific Aims Trend analysis The exercise

More information

On Real-time Monitoring with Imprecise Timestamps

On Real-time Monitoring with Imprecise Timestamps On Real-time Monitoring with Imprecise Timestamps David Basin 1, Felix Klaedtke 2, Srdjan Marinovic 1, and Eugen Zălinescu 1 1 Institute of Information Security, ETH Zurich, Switzerland 2 NEC Europe Ltd.,

More information

OECD QSAR Toolbox v.3.3. Step-by-step example of how to categorize an inventory by mechanistic behaviour of the chemicals which it consists

OECD QSAR Toolbox v.3.3. Step-by-step example of how to categorize an inventory by mechanistic behaviour of the chemicals which it consists OECD QSAR Toolbox v.3.3 Step-by-step example of how to categorize an inventory by mechanistic behaviour of the chemicals which it consists Background Objectives Specific Aims Trend analysis The exercise

More information

Athena Visual Software, Inc. 1

Athena Visual Software, Inc. 1 Athena Visual Studio Visual Kinetics Tutorial VisualKinetics is an integrated tool within the Athena Visual Studio software environment, which allows scientists and engineers to simulate the dynamic behavior

More information

LOCAL SEARCH. Today. Reading AIMA Chapter , Goals Local search algorithms. Introduce adversarial search 1/31/14

LOCAL SEARCH. Today. Reading AIMA Chapter , Goals Local search algorithms. Introduce adversarial search 1/31/14 LOCAL SEARCH Today Reading AIMA Chapter 4.1-4.2, 5.1-5.2 Goals Local search algorithms n hill-climbing search n simulated annealing n local beam search n genetic algorithms n gradient descent and Newton-Rhapson

More information

Causality in Concurrent Systems

Causality in Concurrent Systems Causality in Concurrent Systems F. Russo Vrije Universiteit Brussel Belgium S.Crafa Università di Padova Italy HaPoC 31 October 2013, Paris Causality in Concurrent Systems software, hardware or even physical

More information

Geometric Semantic Genetic Programming (GSGP): theory-laden design of semantic mutation operators

Geometric Semantic Genetic Programming (GSGP): theory-laden design of semantic mutation operators Geometric Semantic Genetic Programming (GSGP): theory-laden design of semantic mutation operators Andrea Mambrini 1 University of Birmingham, Birmingham UK 6th June 2013 1 / 33 Andrea Mambrini GSGP: theory-laden

More information

Model Checking in the Propositional µ-calculus

Model Checking in the Propositional µ-calculus Model Checking in the Propositional µ-calculus Ka I Violet Pun INF 9140 - Specification and Verification of Parallel Systems 13 th May, 2011 Overview Model Checking is a useful means to automatically ascertain

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback