This document discusses reverse architecting software by extracting relationships from source code using relation algebra. It describes extracting relations from code without compiling or linking, storing them in a database, and applying relation algebra operations like join and inverse to abstract the relations. The abstracted relations can then be visualized as graphs or tables to understand aspects of the software architecture like inter-task communication and message queue usage. Reverse architecting is challenging but relation algebra can help reformulate many analysis questions and filter irrelevant data to meet analysis goals.
Carlo Bonamico, Sonia Pini - So you want to build your (Angular) Component Li...Codemotion
Most modern Front-End frameworks are Component-Oriented, taking advantage of encapsulation and separation of responsibilities to improve developer productivity and application robustness. However, to fully exploit the power of components, you need to aggregate them in a consistent and modular set. In this talk we share our experience in building several component libraries, from API Design concepts to advanced component interaction patterns, from packaging and documentation to refactoring & interoperability. Examples are Angular-based, but most concepts apply to all Front-End dev approaches.
Slides for the talk with Sonia Pini @Codemotion Milan 2018
So you want to build your (Angular) Component Library? We can help
https://milan2018.codemotionworld.com/conference/
Most modern Front-End frameworks are Component-Oriented, taking advantage of encapsulation and separation of responsibilities to improve developer productivity and application robustness. However, to fully exploit the power of components, you need to aggregate them in a consistent and modular set. In this talk we share our experience in building several component libraries, from API Design concepts to advanced component interaction patterns, from packaging and documentation to refactoring & interoperability. Examples are Angular-based, but most concepts apply to all Front-End dev approaches.
This presentation is about a lecture I gave within the "Software systems and services" immigration course at the Gran Sasso Science Institute, L'Aquila (Italy): http://cs.gssi.infn.it/.
http://www.ivanomalavolta.com
Carlo Bonamico, Sonia Pini - So you want to build your (Angular) Component Li...Codemotion
Most modern Front-End frameworks are Component-Oriented, taking advantage of encapsulation and separation of responsibilities to improve developer productivity and application robustness. However, to fully exploit the power of components, you need to aggregate them in a consistent and modular set. In this talk we share our experience in building several component libraries, from API Design concepts to advanced component interaction patterns, from packaging and documentation to refactoring & interoperability. Examples are Angular-based, but most concepts apply to all Front-End dev approaches.
Slides for the talk with Sonia Pini @Codemotion Milan 2018
So you want to build your (Angular) Component Library? We can help
https://milan2018.codemotionworld.com/conference/
Most modern Front-End frameworks are Component-Oriented, taking advantage of encapsulation and separation of responsibilities to improve developer productivity and application robustness. However, to fully exploit the power of components, you need to aggregate them in a consistent and modular set. In this talk we share our experience in building several component libraries, from API Design concepts to advanced component interaction patterns, from packaging and documentation to refactoring & interoperability. Examples are Angular-based, but most concepts apply to all Front-End dev approaches.
This presentation is about a lecture I gave within the "Software systems and services" immigration course at the Gran Sasso Science Institute, L'Aquila (Italy): http://cs.gssi.infn.it/.
http://www.ivanomalavolta.com
Similar to Reverse Architecting using Relation Algebra.pdf (20)
We study the behavior of the RSA trapdoor function by repeatedly encrypting the ciphertext sent over the public channel. We discuss the problem of finding a cycle in order to reverse the plaintext from the given ciphertext. Simple demos and algorithms/python programs are also presented. While the attack is not necessarily practical, it is educational to learn how the RSA trapdoor function behaves.
We look into the nitty-gritty details of the RSA key generation algorithm. We study how RSA can be exploited when the public exponent e is not chosen carefully. We examine why many digital certificates use e=65537. We also experiment with Hastad's broadcast attack for short RSA exponents in particular.
We study the internal structure of the SRP key exchange protocol and experiment with it. SRP establishes a shared encryption key between communicating parties using passwords that were shared out-of-band. We perform basic cryptanalysis of SRP using open-source implementations. We present a demo of how SRP was compromised due to an implementation bug, allowing the attacker to login without the password. The author of the Go-SRP library promptly fixed the issue on the very same day we reported the vulnerability.
We allow Eve to modify DH parameters as well as public keys of Alice and Bob. This allows Eve to derive the secret key and break the DH crypto system. We demonstrate that the DH key exchange algorithm should not be used without digital signatures.
This was an invited talk at the Central Middle School, Maryland. Without going into a lot of math, I try to explain the fundamental key exchange problem. It was a blast. 8th graders enjoyed it as much as I enjoyed it.
Can we reveal the RSA private exponent d from its public key <e, n>? We study this question for two specific cases: e = 3 and e = 65537. Using demos, we verify that RSA reveals the most significant half of the private exponent d when the public exponent e is small. For example, for 2048-bit RSA, the most significant 1024 bits are revealed!
Computing the Square Roots of Unity to break RSA using Quantum AlgorithmsDharmalingam Ganesan
We study the problem of finding the square roots of unity in a finite group in order to factor composite numbers used in RSA. We implemented Peter Shor’s algorithm to find the square root of unity. Experimental results showed that finding the square roots of unity in a finite group multiplicative group is “hard”.
We experiment with Wiener's attack to break RSA when the secret exponent is short, meaning it is smaller than one quarter of the public modulus size. We discuss cryptanalysis details and present demos of the attack. Our very minor extension of Wiener's attack is also discussed.
If we have an RSA 2048 bits configuration, but our private exponent d is only about 512 bits, then the above attack breaks RSA in a few seconds.
This work uses Continued Fractions to derive the private keys from the given public keys. It turned out that one can derive the private exponent d by approximating it as a ratio of e/n, both are public values.
In a default settings of standard RSA libaries, this attack and my minor extension are not relevant (to the best of our knowledge). However, if we configure our library to choose a very large public encryption exponent e, then our private decryption exponent d could be short enough to mount an attack.
An RSA private key is made of a few private variables. We analyze how these private variables are chained together. Further, we study if one of the private variables is leaked, can we derive the other private variables? Demos of the algorithms are also provided.
The slides demonstrate how to reverse the plaintext from the RSA encrypted ciphertext using an oracle that answers the question: is the last bit of the message 0 or 1?
Slides present a demo of exploiting the homomorphic properties of raw RSA (i.e., without any padding) to reverse an RSA ciphertext, without the private key. We have two roles: Adversary and Challenger. The challenger presents a ciphertext to the adversary to break it. The adversary is allowed to ask for encryption/decryption of any text, except the decryption of the challenge ciphertext. The goal of the adversary is to break the ciphertext.
The slides demonstrate how to break RSA when used incorrectly without integrity checks. The man-in-the-middle is allowed to edit the RSA public exponent e in such a way that the Extended Euclidean Algorithm can be employed to reconstruct the plaintexts from the given ciphertexts.
Slides demonstrate how to break RSA when no padding is applied. I replicated the meet-in-the-middle attack discussed in the existing Crypto literature.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
2. 2
What’s On The Agenda
● Software Architecture
● Reverse Architecting
● A little bit math - I promise
● Extract-Abstract-Present to Reverse Architecting
● Demos (during the presentation)
● Some References
3. 3
Software Architecture
● Software architecture deals with the design of the
high-level structure of the software
● Assembly of architectural elements in some well-chosen
forms to satisfy requirements
● (including Reliability, Scalability, Portability, etc)
● Software architecture deals with
● abstraction
● decomposition and composition
● styles (pipe-and-filter, publish-subscribe, etc.)
4. 4
Describing Software Architecture
using Views
● How to best describe Software Architecture
is a topic of on-going R&D
● In literature, views are used to describe
Software Architecture
● Each view address one concern, for example:
● Structural view shows the decomposition of
system
● Behavioral view shows how components
interact at run-time
● Deployment view shows how components
are assigned to hardware elements
5. 5
Reverse Architecting
Informally, extracting architecture information from
source code (including makefiles, docs, test cases,
etc.)
Some challenges:
● Software architecture is an invisible one
● It is difficult to “see” architecture in source code
● Real-world systems have a lot of code
Goal of reverse architecting: Semi-automatically
extract architecture from source code
6. 6
Some questions we ask
● What are the entry-points to the system?
● Which classes inherit from this class?
● Which files deal with network communication?
● Is this function reachable from ‘main’?
● Are there missing code not in repo?
● Which functions are dead?
● etc. etc. etc.
All these questions can be be viewed as relational
algebra questions!
7. 7
Just a bit of math (I promise)
What do we mean by Relation Algebra?
Three things:
Set - an unordered collection
E.g., set of files {f1.c, f2.c, …}
Binary Relation - an unordered set of pairs
E.g., {<main, run>, <run, execute>, …, }
Multi-Relation - Weighted Binary Relation
E.g., {<caller, callee, 5>, …}
8. 8
Relation Algebra Queries
They are made of set-theory operators only
For example, union, intersection, complement, etc.
Compose two relations using join (a.k.a., comp)
part_of= {<a A}, <b B>, <c C>}
call = {<a b>, <b, c>}
E.g: inverse(part_of) comp (call) comp (part_of)?
9. 9
Relation Algebra Toolset
Made of small utilities for each set-theory operator
Combine utilities using pipe-and-filter style
rel_inv part_of | rel_comp call - | rel_comp -
part_of
I personally used RA tools for several reverse
architecting projects
My Phd thesis has more details
10. 10 A Reverse Architecting
Approach (Philips in 1990s)
Extraction: semi-automated extraction of different
relations (import, inherit, call, etc.)
Abstraction: rise the level of abstraction using
relational algebra queries (imagine SQL)
Presentation: visualize using graphs, tables, etc.
(These were published
by Philips)
11. 11
Extraction
● Language-specific parsers to extract different
relations: inherit, call, include, etc.
○ Code need not compile or link
● Each relation is stored in database/files
● Depending on the goal, more custom parsers
have to be developed to extract code relations
● For example, if your goal is to extract inter-task
RPC views, you need to
○ extract tasks, queue names, which function
writes to or read from queues, etc.
12. 12
Abstraction
A suite of relation algebra operators was developed
for abstraction (see demos)
Again, depending on the goal one could apply
different abstraction operators
Some common abstraction (examples):
● Lift class-level dependencies to package-level
● Filter out irrelevant information for your goal
○ For example, show all Java packages that
depend on Crypto packages
● Abstraction of runtime structure to show
inter-task communication (more details later)
14. 14
A medical device case study
Goal: Extract architecture from source code
Visualize inter-task and msg queue communication
Approach:
Extract relations from code
Abstraction using Relation Algebra
Visualize using our graph visualization tools
18. 18
Conclusion/Takeaways
● Reverse architecting is a challenging problem
● Extract-Abstract-Present using relational algebra
can help with reverse architecting
● Many of the analysis questions can be
reformulated as relational algebra questions!
● The key is to have a goal for your reverse
architecting effort - to filter out irrelevant data
19. 19 Some Reverse Engineering
Papers (not complete at all)
https://www.win.tue.nl/~wstomv/edu/2ii45/yea
r-0910/Maintaining_a_Legacy.pdf
https://www.cs.cmu.edu/~aldrich/courses/654-s
p05/ReengineeringTaxonomy.pdf
https://ieeexplore.ieee.org/document/5959691
https://ieeexplore.ieee.org/document/5071104
…