Publications
Using a diagnostic corpus of C programs to evaluate buffer overflow detection by static analysis tools
September 5, 2005
Conference Paper
Published in:
10th European Software Engineering Conf., 5-9 September 2005.
Topic:
R&D area:
R&D group:
Summary
A corpus of 291 small C-program test cases was developed to evaluate static and dynamic analysis tools designed to detect buffer overflows. The corpus was designed and labeled using a new, comprehensive buffer overflow taxonomy. It provides a benchmark to measure detection, false alarm, and confusion rates of tools, and also suggests areas for tool enhancement. Experiments with five tools demonstrate that some modern static analysis tools can accurately detect overflows in simple test cases but that others have serious limitations. For example, PolySpace demonstrated a superior detection rate, missing only one detection. Its performance could be enhanced if extremely long run times were reduced, and false alarms were eliminated for some C library functions. ARCHER performed well with no false alarms whatsoever. It could be enhanced by improving inter-procedural analysis and handling of C library functions. Splint detected significantly fewer overflows and exhibited the highest false alarm rate. Improvements in loop handling and reductions in false alarm rate would make it a much more useful tool. UNO had no false alarms, but missed overflows in roughly half of all test cases. It would need improvement in many areas to become a useful tool. BOON provided the worst performance. It did not detect overflows well in string functions, even though this was a design goal.
Summary
A corpus of 291 small C-program test cases was developed to evaluate static and dynamic analysis tools designed to detect buffer overflows. The corpus was designed and labeled using a new, comprehensive buffer overflow taxonomy. It provides a benchmark to measure detection, false alarm, and confusion rates of tools, and...
READ MORE
Two experiments comparing reading with listening for human processing of conversational telephone speech
September 4, 2005
Conference Paper
Published in:
6th Annual Conf. of the Int. Speech Communication Association, INTERSPEECH 2005, 4-8 September 2005.
Topic:
R&D area:
Summary
We report on results of two experiments designed to compare subjects' ability to extract information from audio recordings of conversational telephone speech (CTS) with their ability to extract information from text transcripts of these conversations, with and without the ability to hear the audio recordings. Although progress in machine processing of CTS speech is well documented, human processing of these materials has not been as well studied. These experiments compare subject's processing time and comprehension of widely-available CTS data in audio and written formats -- one experiment involves careful reading and one involves visual scanning for information. We observed a very modest improvement using transcripts compared with the audio-only condition for the careful reading task (speed-up by a factor of 1.2) and a much more dramatic improvement using transcripts in the visual scanning task (speed-up by a factor of 2.9). The implications of the experiments are twofold: (1) we expect to see similar gains in human productivity for comparable applications outside the laboratory environment and (2) the gains can vary widely, depending on the specific tasks involved.
Summary
We report on results of two experiments designed to compare subjects' ability to extract information from audio recordings of conversational telephone speech (CTS) with their ability to extract information from text transcripts of these conversations, with and without the ability to hear the audio recordings. Although progress in machine processing...
READ MORE
Automated extraction of weather variables from camera imagery
August 18, 2005
Conference Paper
Published in:
Proc. of 2005 Mid-Continent Transportation Research Symp., 18-19 August 2005.
Summary
Thousands of traffic and safety monitoring cameras are deployed or are being deployed all across the country and throughout the world. These cameras serve a wide range of uses from monitoring building access to adjusting timing cycles of traffic lights at clogged intersections. Currently, these images are typically viewed on a wall of monitors in a traffic operations or security center where observers manually monitor potentially hazardous or congested conditions and notify the appropriate authorities. However, the proliferation of camera imagery taxes the ability of the manual observer to track and respond to all incidents. In addition, the images contain a wealth of information, including visibility, precipitation type, road conditions, camera outages, etc., that often goes unreported because these variables are not always critical or go undetected. Camera deployments continue to expand and the corresponding rapid increases in both the volume and complexity of camera imagery demand that automated algorithms be developed to condense the discernable information into a form that can be easily used operationally by users. MIT Lincoln Laboratory (MIT/LL) under funding from the Federal Highway Administration (FHWA) is investigating new techniques to extract weather and road condition parameters from standard traffic camera imagery. To date, work has focused on developing an algorithm to measure atmospheric visibility and prove the algorithm concept. The initial algorithm examines the natural edges within the image (the horizon, tree lines, roadways, permanent buildings, etc) and performs a comparison of each image with a historical composite image. This comparison enables the system to determine the visibility in the direction of the sensor by detecting which edges are visible and which are not. A primary goal of the automated camera imagery feature extraction system is to ingest digital imagery with limited specific site information such as location, height, angle, and visual extent, thereby making the system easier for users to implement. There are, of course, many challenges in providing a reliable automated estimate of the visibility under all conditions (camera blockage/movement, dirt/raindrops on lens, etc) and the system attempts to compensate for these situations. This paper details the work-to-date on the visibility algorithm and defines a path for further development of the overall system.
Summary
Thousands of traffic and safety monitoring cameras are deployed or are being deployed all across the country and throughout the world. These cameras serve a wide range of uses from monitoring building access to adjusting timing cycles of traffic lights at clogged intersections. Currently, these images are typically viewed on...
READ MORE
Dynamic buffer overflow detection
August 10, 2005
Conference Paper
Published in:
Workshop on Defining the State of the Art in Security Software Tools, 10-11 August 2005.
Topic:
R&D area:
R&D group:
Summary
The capabilities of seven dynamic buffer overflow detection tools (Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC) are evaluated in this paper. These tools employ different approaches to runtime buffer overflow detection and range from commercial products to open-source gcc-enhancements. A comprehensive testsuite was developed consisting of specifically-designed test cases and model programs containing real-world vulnerabilities. Insure++, CCured and CRED provide the highest buffer overflow detection rates, but only CRED provides an open-source, extensible and scalable solution to detecting buffer overflows. Other tools did not detect off-by-one errors, did not scale to large programs, or performed poorly on complex programs.
Summary
The capabilities of seven dynamic buffer overflow detection tools (Chaperon, Valgrind, CCured, CRED, Insure++, ProPolice and TinyCC) are evaluated in this paper. These tools employ different approaches to runtime buffer overflow detection and range from commercial products to open-source gcc-enhancements. A comprehensive testsuite was developed consisting of specifically-designed test cases...
READ MORE
Design and testing of an all-digital readout integrated circuit for infrared focal plane arrays
August 3, 2005
Conference Paper
Published in:
SPIE Vol. 5902. Focal Plane Arrays for Space Telescopes II, 3-4 August 2005, pp. 1-11.
Summary
The digital focal plane array (DFPA) project demonstrates the enabling technologies necessary to build readout integrated circuits for very large infrared focal plane arrays (IR FPAs). Large and fast FPAs are needed for a new class of spectrally diverse sensors. Because of the requirement for high-resolution (low noise) sampling, and because of the sample rate needed for rapid acquisition of high-resolution spectra, it is highly desirable to perform analog-to-digital (A/D) conversion right at the pixel level. A dedicated A/D converter located under every pixel in a one-million-plus element array, and all-digital readout integrated circuits will enable multi- and hyper-spectral imaging systems with unprecedented spatial and spectral resolution and wide area coverage. DFPAs provide similar benefits to standard IR imaging systems as well. We have addressed the key enabling technologies for realizing the DFPA architecture in this work. Our effort concentrated on demonstrating a 60-micron footprint, 14-bit A/D converter and 2.5 Gbps, 16:1 digital multiplexer, the most basic components of the sensor. The silicon test chip was fabricated in a 0.18- micron CMOS process, and was designed to operate with HgxCd1-xTe detectors at cryogenic temperatures. Two A/D designs, one using static logic and one using dynamic logic, were built and tested for performance and power dissipation. Structures for evaluating the bit-error-rate of the multiplexer on-chip and through a differential output driver were implemented for a complete performance assessment. A unique IC probe card with fixtures to mount into an evacuated, closed-cycle helium dewar were also designed for testing up to 2.5 Gbps at temperatures as low as 50 K.
Summary
The digital focal plane array (DFPA) project demonstrates the enabling technologies necessary to build readout integrated circuits for very large infrared focal plane arrays (IR FPAs). Large and fast FPAs are needed for a new class of spectrally diverse sensors. Because of the requirement for high-resolution (low noise) sampling, and...
READ MORE
Description of the Corridor Integrated Weather System (CIWS) weather products
August 1, 2005
Project Report
Published in:
MIT Lincoln Laboratory Report ATC-317
Summary
Improved handling of severe en route and terminal convective weather has been identified by the FAA in both the Operational Evolution Plan (OEP) (FAA, 2002) and the Flight Plan for 2004-2008 (FAA, 2003) as a major thrust over the coming decade for the National Airspace System (NAS) modernization. Achieving such improved capabilities is particularly important in highly congested corridors where there is both a high density of over flights and major terminals. Delay increases during thunderstorm season have been the principal cause of the dramatic delay growth in the US aviation system. When major terminals also underlie the en route airspace, convective weather has even greater adverse impacts, especially if the convective weather occurs frequently. In response to the need to enhance both safety and capacity during adverse weather, the FAA is exploring the concept of a Corridor Integrated Weather System (CIWS). CIWS is designed to improve convective weather decision support for congested en route airspace (and the terminals that lie under that airspace) by automatically generating graphical depictions of the current severe weather situation and providing frequently updated forecasts of the future weather locations for forecast times from zero to two hours. An operational demonstration of the CIWS was conducted during the summer of 2003. This document provides a detailed description of each CIWS weather information product as it was demonstrated in 2003, including a general description of the product, what data sources are used by the product, how the product is generated from the input data, and what caveats in the technical performance apply. A discussion of how the products might be used to enhance safety and support decision-making for traffic management is also included. Detailed information on the operational benefits of the CIWS products demonstrated in 2003 is provided in a companion report (Robinson et al., 2004). Improvements made to the products for the 2004 and 2005 CIWS operational demonstrations are briefly discussed in the final chapter.
Summary
Improved handling of severe en route and terminal convective weather has been identified by the FAA in both the Operational Evolution Plan (OEP) (FAA, 2002) and the Flight Plan for 2004-2008 (FAA, 2003) as a major thrust over the coming decade for the National Airspace System (NAS) modernization. Achieving such...
READ MORE
A wide area network simulation of single-round group membership algorithms
July 27, 2005
Conference Paper
Published in:
NCA 2005: 4th IEEE Int. Symp. on Network Computing and Applications, 27-29 July 2005, pp. 159-168.
Topic:
R&D area:
R&D group:
Summary
A recent theoretical result proposed Sigma, a novel GM protocol that forms views using a single-round of message exchange. Prior GM protocols have required more rounds in the worst-case. In this paper, we investigate how well Sigma performs in practice. We simulate Sigma using WAN connectivity traces and compare its performance to two leading GM protocols, Moshe and Ensemble. Our simulations show, consistently with theoretical results, that Sigma always terminates within one round of message exchange, faster than Moshe and Ensemble. Moreover, Sigma has less message overhead and produces virtually the same quality of views. We also observe that view-oriented GM in dynamic WAN-like environments is practical only in applications where GM need not respond to every disconnect immediately when detected. These applications are able, and prefer, to delay GM response and ignore transient disconnects, avoiding frequent futile view changes and associated overhead. We reference some applications in this category.
Summary
A recent theoretical result proposed Sigma, a novel GM protocol that forms views using a single-round of message exchange. Prior GM protocols have required more rounds in the worst-case. In this paper, we investigate how well Sigma performs in practice. We simulate Sigma using WAN connectivity traces and compare its...
READ MORE
Operational benefits of the Integrated Terminal Weather System (ITWS) at Atlanta
July 15, 2005
Project Report
Published in:
MIT Lincoln Laboratory Report ATC-320
Summary
This report summarizes the results of an initial study to estimate the yearly delay reduction provided by the initial operational capability (IOC) Integrated Terminal Weather System (ITWS) at Hartsfield-Jackson Atlanta International Airport (ATL). Specific objectives of this initial study were to: (1) analyze convective weather operations at ATL to determine major causes of convective weather delay and how those might be modeled quantitatively. (2) provide estimates of the ATL ITWS delay reduction based on the "Decision/Modeling" method using questionnaires and interviews with Atlanta Terminal Radar Approach Control (TRACON) and Air Route Traffic Control Center (ARTCC) operational ITWS users. (3)assess the "reasonableness" of the model-based delay reduction estimates by comparing those savings with estimates of the actual weather-related arrival delays at ATL. In addition, the reasonableness of model-based delay reduction estimates was assessed by determining the average delay savings per ATL flight during times when adverse convective weather is within the coverage of the ATL ITWS. (4)conduct an exploratory study confirming the ATL ITWS delay savings by comparing Aviation System Performance Metrics (ASPM) database delays pre- and post-ITWS at ATL. (5) assess the accuracy of the "downstream" delay model employed in this study by analyzing ASPM data from a major US airline, and (6) make recommendations for follow-on studies of the ITWS delay reduction at Atlanta and other IOC ITWS facilities. [not complete]
Summary
This report summarizes the results of an initial study to estimate the yearly delay reduction provided by the initial operational capability (IOC) Integrated Terminal Weather System (ITWS) at Hartsfield-Jackson Atlanta International Airport (ATL). Specific objectives of this initial study were to: (1) analyze convective weather operations at ATL to determine...
READ MORE
Enhanced detection and classification of buried mines with an UWB multistatic GPR
July 3, 2005
Conference Paper
Published in:
IEEE Antennas and Propagation Society Int. Symp. 2005 Digest, Vol. 3B, 3-8 July 2005, pp. 88-91.
Topic:
R&D group:
Summary
In this paper we present a resonance-based classification technique for the identification of plastic-cased antipersonnel (AP) land mines buried in lossy and dispersive soils under rough surfaces by a stepped-frequency ultra-wideband (UWB) downward-looking ground penetrating radar (GPR) with an array of receivers. For this application the multistatic ground probing sensor is positioned just above the ground surface and operates from UHF to C-Band frequencies. Novel physics-based models based on the finite difference frequency domain (FDFD) technique simulate the characteristic resonating multi-aspect target frequency responses for several realistic buried land mine detection scenarios. Matched filter detection results are presented which assess the GPR's performance in identifying a simulated mine buried under a rough surface at varying depths in dry sand and a dispersive clay loam soil from other false targets such as buried rocks.
Summary
In this paper we present a resonance-based classification technique for the identification of plastic-cased antipersonnel (AP) land mines buried in lossy and dispersive soils under rough surfaces by a stepped-frequency ultra-wideband (UWB) downward-looking ground penetrating radar (GPR) with an array of receivers. For this application the multistatic ground probing sensor...
READ MORE
Quantifying convective delay reduction benefits for weather/ATM systems
June 27, 2005
Conference Paper
Published in:
USA/Europe Air Traffic Management Seminar, 27-30 June 2005.
Topic:
R&D area:
R&D group:
Summary
This paper investigates methods for quantifying convective weather delay reduction benefits for weather/ATM systems and recommends approaches for future assessments. This topic is particularly important at this time because: 1. Convective weather delays continue to be a dominant factor in the overall National Airspace System (NAS) delays, and 2. Benefits quantification and NAS performance assessment have become very important in an era of significant government and airline budget constraints for civil aviation investments. Quantifying convective weather delay benefits for ATM systems has proven to be quite difficult since the delays arise from complicated, highly variable, poorly understood interactions between convective weather and a very complex aviation system. In this paper, we consider key aspects of convective weather disruptions of the aviation system, how the weather severity can be characterized, and discuss practical experience with benefits quantification by a variety of approaches. The paper concludes with recommendations for a methodology to be used in future convective weather delay reduction quantification studies.
Summary
This paper investigates methods for quantifying convective weather delay reduction benefits for weather/ATM systems and recommends approaches for future assessments. This topic is particularly important at this time because: 1. Convective weather delays continue to be a dominant factor in the overall National Airspace System (NAS) delays, and 2. Benefits...
READ MORE