This paper introduces new parsing and context-aware scanning algorithms in which the scanner uses contextual information to disambiguate lexical syntax. The parser utilizes a slightly modified LR-style algorithm that passes to the scanner the set of valid symbols which the scanner may return at that point in parsing. This set is the terminal symbols that are valid for the current state, i.e., those whose entry in the parse table are shift, reduce, or accept, but not error. The scanner then only returns tokens in this set. Also, an analysis is given that can statically verify that the scanner will never return more than one token for a single input. Context-aware scanning is especially useful when parsing and scanning extensible languages in which domain specific languages can be embedded. We illustrate this approach with a declarative specification of a Java subset and extensions that embed SQL queries and Boolean expression tables into Java.

Safety-critical systems, such as avionics systems and medical devices, are developed with stringent safety requirements. System safety analysis provides assurance that the system in consideration satisfies these safety constraints. Traditionally, safety analysis is performed manually based on various informal requirements and design documents. Recent work in the area of model-based safety analysis,where safety analysis is based on a central formal model of the system, has helped demonstrate some key advantages of this methodology, including automatic generation of safety artifacts. Although most of this work is still far from being mature, we believe that this methodology holds promise in making the safety analysis process more formal, automated, consistent, and most importantly in helping tightly integrate the safety and systems engineering processes. We also believe that it is crucial to have a flexible modeling notation to capture both the system and the failure information to be able to derive “realistic” safety analysis. To corroborate our position, in this paper, we describe our prototype tool for automatically generating static fault trees based on architectural AADL models that can be input into a commercial fault tree analysis tool, CAFTA. We also put forth some challenges that we encountered that are potentially applicable to other approaches to automating generation of safety artifacts.

This paper describes the Java Language Extender framework, a tool that allows one to create new domain-adapted languages by importing domain-specific language extensions into an extensible implementation of Java 1.4. Language extensions may define the syntax, semantic analysis, and optimizations of new language constructs. Java and the language extensions are specified as higher-order attribute grammars. We describe several language extensions and their implementation in the framework. For example, one embeds the SQL database query language into Java and statically checks for syntax and type errors in SQL queries.The tool supports the modular specification of composable language extensions so that programmers can import into Java the unique set of extensions that they desire. When extensions follow certain restrictions, they can be composed without requiring any implementation-level knowledge of the language extensions. The tools automatically compose the selected extensions and the Java host language specification.

Systems and methods for an associative policy model are provided. One embodiment of the present invention provides a method for implementing an associative policy. In this embodiment, the method includes providing a policy on a policy server, the policy having a service definition that contains first and second relational components, providing first and second network entities, operatively coupling the first and second network entities to the policy server, dynamically associating the first network entity with the second network entity (wherein such associating includes binding the first relational component of the service definition in the policy to the first network entity, and binding the second relational component of the service definition in the policy to the second network entity), and enforcing the policy on the first and second network entities.

In a paper that was presented at the recently-concluded real-time systems symposium, Vestal proposed a new real-time task model that is able to represent the fact that the worst-case execution time (WCET) of a single task may be determined to different levels of accuracy with different degrees of confidence. In systems with multiple criticality requirements -different tasks need to be assured of meeting their deadlines with different levels of confidence – such multiple specifications of WCET may be exploited to obtain better processor utilization.This paper conducts a thorough study of the feasibility and schedulability questions for such multi-criticality real-time task systems when implemented upon preemptive uniprocessor platforms.

A computer implemented method of predicting decisions uses the knowledge of one or more individuals. The individuals, referred to as a team, are knowledgeable about the domain in which decisions are being made. The team individually rates the importance of decision criteria they deem relevant. They then rate the extent which multiple problem characteristics are deemed relevant to the decision. The ratings are subjected to automated quantitative analysis for consistency, and the raters may discuss and modify inconsistent ratings if appropriate. Once the ratings are accepted, the raters then rate the decision options against the highest scoring problem characteristics as determined in the initial ratings. After one or more further rounds of consistency evaluations, the highest rated options are selected as the prediction of the decision to made by the adversary.

The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelligent software reasoning system to anticipate, recognize, respond to, and attribute attacks as well as a widely distributed set of hardware-based sensor-effectors to provide alerts used by the reasoning system and to implement responses as directed by it. Using hardware sensor-effectors greatly reduces the risk that a savvy malicious insider can bypass or cripple the system’s monitoring and control capabilities. In this paper we describe the prototype SPDR system and the results of its successful evaluation by an independent, DARPA-sponsored Red Team. We conclude with thoughts on possible SPDR enhancements and further research.

A fundamental requirement for success with technology such as automated planning is that it needs to operate on valid models or ontologies of the application domain. Making these models is difficult because the data involved are voluminous, dynamic and come from a variety of sources and formats, so manual entry and maintenance is prohibitive. Using an ontological framework such as OWL can greatly alleviate this effort, but domain experts reason in domain terms, not the formal logic of ontologies. This paper describes an editing system that allows NASA domain experts to construct and maintain ontological information, and yet produce a standard form that can be manipulated by automated planners and other AI applications.

Automation and autonomy are key elements in realizing the vision for space exploration. The NASA Exploration Technology Development Program (ETDP) has been developing several core autonomy capabilities, one of which is called a procedure representation language (PRL). PRL can be automatically translated into code that can be executed by NASA-developed autonomous executives. Another type of automation being developed by ETDP is automated planning aids. These will be needed to increase the number of missions that existing levels of flight personnel are able to handle. But PRL has few constructs to enable automated planners and schedulers to take advantage of the procedures resulting from PRL. In a continuing research effort, we have been developing extensions to PRL to add planning information – resource, constraints and sub-procedural information – so as to produce code usable by automated planning software. From a representative scenario for the PHALCON and EVA flight disciplines, we have derived requirements for planning, developed XML tags for the PRL changes, and translated the changes into the ANML planning language.This paper describes these results.

The process control system (PCS) owner can no longer rely on a physical air gap and custom hardware to protect her network from attack. Demand for greater visibility into PCS operations, coupled with greater use of commodity hardware, now exposes the PCS network to the same threats facing other networks. To address these threats, we argue for the deployment of prevention-based, host-resident, network layer devices, coupled with scalable, service-based management, that will not only protect PCS communications but will also support higher level reasoning about PCS trust-worthiness.  We explain why the modern PCS network is particularly well-suited for this approach, and we highlight where our own research supports this claim.