A method of determining ranges for algorithmic variables for a processor that uses fixed point arithmetic is provided. The method comprises expressing overflow requirements of processor instructions as inequalities. The method also expresses precision requirements and expressiveness requirements as inequalities and merit functions. A global constraint and optimizer tool is used to find ranges for algorithmic variables based on the inequalities and the merit functions. The use of constraint equation solving and optimization finds optimal algorithmic ranges that provide overflow-free arithmetic as well as optimal expressiveness and precision.

US Patent Number 7,308,702
A system and method for defining and enforcing a security policy. Security mechanism application specific information for each security mechanism is encapsulated as a key and exported to a semantic layer. Keys are combined to form key chains within the semantic layer. The key chains are in turn encapsulated as keys and passed to another semantic layer. A security policy is defined by forming key chains from keys and associating users with the key chains. The security policy is translated and exported to the security mechanisms. The security policy is then enforced via the security mechanisms.

The Language for Investigating Myriad Eventualities (LIME) is intended to serve as a domain modeling and inter-module communication language within Deep Green (DG). Given the representational requirements of DG, LIME needs to be able to encompass uncertain action outcomes, limited information and contingent planning and execution, reasoning about resources, state abstraction, trajectory constraints, temporally extended and overlapping actions, adversary planning and action, dynamically created and destroyed objects and resources, and task decomposition, among other things.
The goal of the seedling is to provide a head start to the Deep Green program, by defining language requirements and a set of design recommendations. This report describes the current status of those design recommendations. To the extent possible, the recommendations are implementation-neutral, because there is more than one way to approach these problems and, more pragmatically, the DG program has not yet started, so exactly how the software gets implemented depends on who gets the contract.

This paper introduces new parsing and context-aware scanning algorithms in which the scanner uses contextual information to disambiguate lexical syntax. The parser utilizes a slightly modified LR-style algorithm that passes to the scanner the set of valid symbols which the scanner may return at that point in parsing. This set is the terminal symbols that are valid for the current state, i.e., those whose entry in the parse table are shift, reduce, or accept, but not error. The scanner then only returns tokens in this set. Also, an analysis is given that can statically verify that the scanner will never return more than one token for a single input. Context-aware scanning is especially useful when parsing and scanning extensible languages in which domain specific languages can be embedded. We illustrate this approach with a declarative specification of a Java subset and extensions that embed SQL queries and Boolean expression tables into Java.

Safety-critical systems, such as avionics systems and medical devices, are developed with stringent safety requirements. System safety analysis provides assurance that the system in consideration satisfies these safety constraints. Traditionally, safety analysis is performed manually based on various informal requirements and design documents. Recent work in the area of model-based safety analysis,where safety analysis is based on a central formal model of the system, has helped demonstrate some key advantages of this methodology, including automatic generation of safety artifacts. Although most of this work is still far from being mature, we believe that this methodology holds promise in making the safety analysis process more formal, automated, consistent, and most importantly in helping tightly integrate the safety and systems engineering processes. We also believe that it is crucial to have a flexible modeling notation to capture both the system and the failure information to be able to derive “realistic” safety analysis. To corroborate our position, in this paper, we describe our prototype tool for automatically generating static fault trees based on architectural AADL models that can be input into a commercial fault tree analysis tool, CAFTA. We also put forth some challenges that we encountered that are potentially applicable to other approaches to automating generation of safety artifacts.

This paper describes the Java Language Extender framework, a tool that allows one to create new domain-adapted languages by importing domain-specific language extensions into an extensible implementation of Java 1.4. Language extensions may define the syntax, semantic analysis, and optimizations of new language constructs. Java and the language extensions are specified as higher-order attribute grammars. We describe several language extensions and their implementation in the framework. For example, one embeds the SQL database query language into Java and statically checks for syntax and type errors in SQL queries.The tool supports the modular specification of composable language extensions so that programmers can import into Java the unique set of extensions that they desire. When extensions follow certain restrictions, they can be composed without requiring any implementation-level knowledge of the language extensions. The tools automatically compose the selected extensions and the Java host language specification.

Systems and methods for an associative policy model are provided. One embodiment of the present invention provides a method for implementing an associative policy. In this embodiment, the method includes providing a policy on a policy server, the policy having a service definition that contains first and second relational components, providing first and second network entities, operatively coupling the first and second network entities to the policy server, dynamically associating the first network entity with the second network entity (wherein such associating includes binding the first relational component of the service definition in the policy to the first network entity, and binding the second relational component of the service definition in the policy to the second network entity), and enforcing the policy on the first and second network entities.

In a paper that was presented at the recently-concluded real-time systems symposium, Vestal proposed a new real-time task model that is able to represent the fact that the worst-case execution time (WCET) of a single task may be determined to different levels of accuracy with different degrees of confidence. In systems with multiple criticality requirements -different tasks need to be assured of meeting their deadlines with different levels of confidence – such multiple specifications of WCET may be exploited to obtain better processor utilization.This paper conducts a thorough study of the feasibility and schedulability questions for such multi-criticality real-time task systems when implemented upon preemptive uniprocessor platforms.

A computer implemented method of predicting decisions uses the knowledge of one or more individuals. The individuals, referred to as a team, are knowledgeable about the domain in which decisions are being made. The team individually rates the importance of decision criteria they deem relevant. They then rate the extent which multiple problem characteristics are deemed relevant to the decision. The ratings are subjected to automated quantitative analysis for consistency, and the raters may discuss and modify inconsistent ratings if appropriate. Once the ratings are accepted, the raters then rate the decision options against the highest scoring problem characteristics as determined in the initial ratings. After one or more further rounds of consistency evaluations, the highest rated options are selected as the prediction of the decision to made by the adversary.

The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelligent software reasoning system to anticipate, recognize, respond to, and attribute attacks as well as a widely distributed set of hardware-based sensor-effectors to provide alerts used by the reasoning system and to implement responses as directed by it. Using hardware sensor-effectors greatly reduces the risk that a savvy malicious insider can bypass or cripple the system’s monitoring and control capabilities. In this paper we describe the prototype SPDR system and the results of its successful evaluation by an independent, DARPA-sponsored Red Team. We conclude with thoughts on possible SPDR enhancements and further research.