Software Veri Cation Aimed At Security Vulnerabilities
Faculty of Sciences and Technology of the University of CoimbraDepartment of Informatics EngineeringSoftware Verification Aimed at SecurityVulnerabilitiesLuı́s Miguel Agante GonçaloDissertation in the context of the Master in Informatics Engineering, specialization in SoftwareEngineering advised by Prof. Raul André Brajczewski Barbosa and Prof. Regina Lúcia deOliveira Moraes and presented to the Department of Informatics Engineering of the Faculty ofSciences and Technology of the University of CoimbraSeptember 2019
This page is intentionally left blank.
AcknowledgementsThis master thesis this dissertation represents the climax of an academic journey full ofgood moments that I will never forget.I would first like to express my sincere gratitude to my advisors Prof. Raul Barbosaand Prof. Regina Moraes for the support in everything and for steering me in the rightthe direction.To my family I must express my gratitude for providing me with unconditional support,continuous encouragement and endless patience throughout my years of study and throughthe process of researching and writing this dissertation.To my girlfriend, Jéssica, I am thankful for all the kind words, for all the support andspecially for encourage me to continue and not letting me give up.Last but not least, to all my friends and colleagues thank you very much, this wouldnot be possible without all of you!iii
This page is intentionally left blank.
AbstractSoftware testing is an activity aimed at the identification andlater correction of faults capable of reducing the software quality. This activity is essential because the occurrence of mistakesis inevitable and although some of these mistakes are not relevant, others can be expensive and dangerous. Due to this,it is important to test everything that is produced. However,even the best software testing techniques may fail to detectsome faults and in many cases these faults result in securityvulnerabilities.This dissertation aims at developing an approach to findthe bugs that are prone to create security vulnerabilities andthat are usually invisible to the strategies commonly used. Inthe first phase, the types of mistakes more frequently associated with security vulnerabilities were analyzed. This analysisallows us to realize a representative fault injection to calculatethe detection rate of the commonly used testing techniques inorder to understand their effectiveness and the type of faultsthat are more difficult to detect. develop a methodology morefocused on these faults. The developed tool is capable of creating test cases based on the constants present in the code. Onthe other hand, it is also capable of detecting extraneous faults,which are often invisible to the commonly used testing techniques. Afterwards, to verify the feasibility of the developedtool, it was performed a representative vulnerability injectionin order to compare the detection rate of the testing techniquesstudied in comparison with the developed approaches.KeywordsTesting, Software faults, Fault injection, Security vulnerabilities, Securityv
This page is intentionally left blank.
ResumoSoftware testing é uma atividade que tem como finalidade aidentificação e posterior correção de falhas que podem diminuira qualidade do software. Esta atividade é considerada indispensável porque todos cometemos enganos e, apesar de algumas falhas não serem importantes, outras podem ser caras eperigosas. Por esse motivo, é necessário verificar tudo o que éproduzido. No entanto, mesmo as melhores técnicas de testesde software deixam falhas por detetar e, em muitos casos, essasfalhas são responsáveis por criar vulnerabilidades de segurança.Esta dissertação tem como objetivo desenvolver uma metodologia para a deteção de bugs propensos a criar vulnerabilidades de segurança e que são normalmente invisı́veis paraas técnicas de teste geralmente usadas. Numa primeira fase,foi feita uma análise aos defeitos mais frequentemente associados a vulnerabilidades de segurança. Esta análise permitiu-nosperceber que tipo de falhas as técnicas de teste falham em detetar e assim desenvolver uma metodologia mais focada nestetipo de falhas. A ferramenta desenvolvida é capaz de criar casos de teste com base nas constantes presentes no código. Poroutro lado, também é capaz de detetar código superfluo, quemuitas vezes é invisı́vel às técnicas de teste habitualmente utilizadas. Posteriormente, de modo a verificar a viabilidade daferramenta desenvolvida, foi realizada uma injeção de vulnerabilidades representativas de forma a avaliar a deteção de falhaspelas metodologias de teste estudadas em comparação com asabordagens desenvolvidas.Palavras-chaveTestes, Falhas de software, Injeção de falhas, Vulnerabilidadesde segurança, Segurançavii
This page is intentionally left blank.
Contents1 Introduction11.1Motivation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21.2Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31.3Scope and Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41.4Document Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52 State of the art72.1Software faults and security vulnerabilities . . . . . . . . . . . . . . . . . . .72.2Fault Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72.3Software Fault Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92.42.3.1Software Fault Injection Tools . . . . . . . . . . . . . . . . . . . . . . 102.3.2Comparison of software fault injection tools . . . . . . . . . . . . . . 11Software Testing Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.4.1Black-box Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.4.2White-box Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172.4.3Grey-box Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222.5Related projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242.6Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Field study on security vulnerabilities273.1Previous field study overview . . . . . . . . . . . . . . . . . . . . . . . . . . 273.2Study expansion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Testing for security vulnerabilities374.1Workflow and implementation . . . . . . . . . . . . . . . . . . . . . . . . . . 374.2Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394.3Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40ix
Software verification aimed at security vulnerabilities5 Results416 Discussion516.1Advantages and disadvantages. . . . . . . . . . . . . . . . . . . . . . . . . 516.2Work plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516.3Work plan alterations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 Conclusion55x
AcronymsACTS Automated Combinatorial Testing for Software.AST Abstract syntax tree.DOCTOR Integrated software fault injection environment.EFC Extraneous function call.EIFS Extraneous IF construct plus statements.Ferrari Fault and ERRor Automatic Real-time Injection.FIAT Fault Injection Based Automated Testing Environment.FTAPE Fault Tolerance And Performance Evaluator.G-SWFIT Generic Software Fault Injection Technique.LFI Library-level Fault Injector.MCS Minimal cut sets.MFC Missing function call.MIFS Missing if construct and surrounded statements.MLAC Missing AND sub-expr in expression used as branch condition.MLOC Missing OR sub-expr in expression used as branch condition.MLPA Missing small and localized part of the algorithm.MODIFI MODel-Implemented Fault Injection.OAT Orthogonal Array Testing.ODC Orthogonal Defect Classification.PFI Probe/fault injection.SWIFI Software Implemented Fault Injection.VM Virtual machine.WALR Wrong algorithm — code was misplaced.WLEC Wrong logical expression used as branch condition.xi
This page is intentionally left blank.
List of Figures1.1Limitations of different fault detection techniques, adapted from [1] . . . . .2.1Example of a cause-effect graph, adapted from [2] . . . . . . . . . . . . . . . 142.2Example of a state transition diagram, adapted from [3] . . . . . . . . . . . 162.3Example of a control flow graph, adapted from [4] . . . . . . . . . . . . . . 182.4Example of a control flow graph, adapted from [5] . . . . . . . . . . . . . . 192.5Regression testing diagram, adapted from [6] . . . . . . . . . . . . . . . . . 233.1Distribution of emulation operators across multiple functions and multiplefiles, from [7] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283.2Absolute frequency of vulnerabilities over the number of operator instancesnecessary to emulate them, from [7] . . . . . . . . . . . . . . . . . . . . . . 283.3Most common operators associated with software faults and security vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303.4Lines of code distribution of the functions analyzed and all functions . . . . 323.5Complexity distribution of the functions analyzed and all functions . . . . . 324.1Developed tool workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386.1Gantt chart for the expected work plan . . . . . . . . . . . . . . . . . . . . 526.2Gantt chart for the real work plan . . . . . . . . . . . . . . . . . . . . . . . 54xiii3
This page is intentionally left blank.
List of Tables2.1Example of decision table, adapted from [8] . . . . . . . . . . . . . . . . . . 142.2Example of test cases created using all pair testing, adapted from [9] . . . . 152.3Example of conventional testing technique, adapted from [10] . . . . . . . . 152.4Example of Orthogonal array testing technique, adapted from [10] . . . . . 162.5Example of a state transition table, adapted from [3] . . . . . . . . . . . . . 162.6Example with three factors and three levels, adapted from [11] . . . . . . . 222.7Table of test cases, adapted from [11] . . . . . . . . . . . . . . . . . . . . . . 222.8Client name and address input-recall testing, adapted from [12] . . . . . . . 232.9Summarized information of Table 2.8, adapted from [12] . . . . . . . . . . . 243.1Most frequent types of programming mistakes that cause software vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293.2Most frequent fault types occurring in software, from [13] . . . . . . . . . . 303.3Cyclomatic complexity of functions with software vulnerabilities . . . . . . 335.1Functions selected for the fault injection . . . . . . . . . . . . . . . . . . . . 425.2Number of patches for each function . . . . . . . . . . . . . . . . . . . . . . 425.3Results from random testing . . . . . . . . . . . . . . . . . . . . . . . . . . . 445.4Detailed results from random testing . . . . . . . . . . . . . . . . . . . . . . 445.5Results from control flow testing . . . . . . . . . . . . . . . . . . . . . . . . 455.6Detailed results from control flow testing . . . . . . . . . . . . . . . . . . . . 465.7Detailed results from literal based testing . . . . . . . . . . . . . . . . . . . 475.8Faults detected only by our methodology5.9Focused extra functionalities. . . . . . . . . . . . . . . . . . . 48. . . . . . . . . . . . . . . . . . . . . . . . . . 48xv
This page is intentionally left blank.
Chapter 1IntroductionSoftware quality is increasingly becoming essential to all business. Although many factorscan affect the quality of the software, for example a careful design or a good architecture,testing is still the primary method used by the industry to evaluate developed software.The concept of software testing can be separated in validation and verification. Validationis the process of evaluating software at the end of the software development process toensure compliance with the intended usage expressed by the software specification. Itnormally depends on the knowledge of the application for which the software is written.For example, validation of software for an airplane requires knowledge from aerospaceengineers and pilots. Verification is the process of determining if the product fulfills therequirements established in the previous phases. It is usually a more technical activity andrequires knowledge about the individual software artifacts, requirements and specifications[14].Even the most advanced testing techniques may fail. The software is complex andhumans are prone to make mistakes, so vulnerabilities tend to occur [15]. As the numberof software systems increases, so do the number of vulnerabilities; and considering thatmost systems are exposed through the internet to multiple users, someone may try toexploit the vulnerabilities to warm the system. New software vulnerabilities are discoveredon an almost daily basis and have caused severe damage to organizations [16]. Thus, it iscrucial to be able to detect and correct them as early as possible.The main objective on this dissertation is to develop a methodology that complementsthe commonly testing techniques on the detection of security vulnerabilities in softwarewritten in C programming language. We decided to focus in C as it is widely used fordeveloping system software and system bugs can be more dangerous than application bugs.For example, a vulnerability in OpenSSH can be exploited by an attacker to remotelyobtain access to the system and execute unauthorized actions, exposing information fromend-users and organizations. Also, according to the TIOBE Index [17], this language hasconsistently been at the top of popularity for almost 20 years, so it is still a vastly usedprogramming language.1
Software verification aimed at security vulnerabilities1.1MotivationIt is well known that, nowadays, software is present in almost everything. It is alsoknown that software possesses a high probability of containing bugs. Some of them do notchange the software functionalities but they can be exploited by an attacker to performunauthorized actions. Apart from the information that can be stolen, there are highcosts associated with these attacks. It is projected that “by 2021 the costs related withcybercrime hit 6 trillion annually” [18].One of the most famous exploits was the Heartbleed Bug [19]. This security vulnerability allowed intruders to read the memory of the systems protected by the vulnerableversions of the OpenSSL. This bug provided the attackers with the opportunity to eavesdrop on communications, steal data directly from services and users and to impersonatethem. The problem was that due to a missing bound check on the heartbeat request messages the attacker could request more data than authorized. However, if a deeper analysisto the fault itself is done, it is possible to observe that this vulnerability could be fixed byignoring the heartbeat request messages that ask for more data than their payload need.In other words, with the addition of some if-statements to prevent the buffer over-read,this vulnerability was removed.Another famous exploits was the Virtualized Environment Neglected Operations Manipulation, also known as VENON [20]. This vulnerability was present in the virtualfloppy drive code used by many computer virtualization platforms. It allowed an attackerto escape from the boundaries of an affected virtual machine. This Virtual machine (VM)escape could give access to the host system and all other VMs running potentially impacting thousands of organizations and millions of end users. However, taking a closerlook at the changes made to correct this vulnerability, it is possible to see that it was onlynecessary a single operation on a variable’s value. The vulnerability exploited the memoryaccess that could get out of bounds leading to a memory corruption. So making sure thatthe index is always bounded, in this case through the use of the modulo operation, thevulnerability was removed.The Dirty Cow [21] was a security vulnerability on Linux kernel that affected allLinux-based operating systems including Android. The bug exploited a race condition inthe implementation of the copy-on-write mechanism in the kernel memory-management.With the right timing, an unprivileged local user could use this flaw to gain write accessto otherwise read-only memory mappings. Although it is a local privilege escalation, itcan be used in conjunction with other exploits allowing remote root access on a computer.Moreover, another important fact regarding this vulnerability is that the attack does notleave traces in the system log. Looking at the bug-fix patch, there is the possibility torealize that it only requires small code changes to correct this security vulnerability. Thevulnerability is reduced to a wrong logical expression used in a branch condition and awrong logical expression used in an assignment. These small changes can be detected andcorrected preventing this vulnerability.It is observed that the commonly used testing techniques may be failing in some cases.These cases that escape and can lead to serious security breach are the cases that thepresent thesis proposes to deal with.2
Introduction1.2BackgroundThe present dissertation aims to complement the existing software testing strategies inorder to detect more vulnerabilities. To this end a study of the situations in which a bugcreates a security vulnerability was made.This dissertation starts by applying and evaluating the existing software testing strategies in the state of the art. With each of these strategies, a test suite for each selectedprogram is produced. A test suite can be defined as a collection of test cases. On theother hand, a test case is defined as an input and an expected result used to exercise theprogram. Our objective is to measure the effectiveness of these test suites in identifyingsecurity vulnerabilities. Based on these results, the next step is to complement the strategies in order to obtain better test suites, capable of detecting more security vulnerabilities.Ntafos [22] conducted a study which compared the effectiveness of three testing techniques(random, control-flow and data-flow testing). The experiment used seven mathematicalprograms with software faults and applied the three testing techniques to detect thesefaults. This study reveled that the techniques used have limitations which prevent themfrom discovering all faults. Therefore, it is important to use many different testing techniques and develop new ones. This idea is presented in Figure 1.1. Our goal is to reducethe gap between the total number of faults present in a program and the number of faultsdetected using the various testing techniques [1].Figure 1.1: Limitations of different fault detection techniques, adapted from [1]This methodology, inspired by mutation testing, provides the opportunity to understand which types of software vulnerabilities tend to remain undetected to the currentstrategies of control-flow testing, data-flow testing, etc.3
Software verification aimed at security vulnerabilities1.3Scope and ObjectivesThe core objective of this dissertation is to develop a way to complement the currenttesting techniques based on knowledge about which types of faults more frequently lead toa security vulnerability. Taking into consideration the main objective, the following goalswere developed: Study of the conditions in which a software fault leads to a security vulnerability. Perform fault injection to emulate representative security vulnerabilities in order toevaluate the commonly used testing techniques and understand where they may fail. Develop an approach to improve upon the commonly used testing by finding morevulnerabilities. Evaluate the results obtained from the developed approach.The first goal will be addressed by analyzing real bugs shared in open-source projectrepositories and manually classifying them. Part of this work has already been done andit is important to extend it to fully understand why some types of faults are more proneto create security vulnerabilities. As said before, not all faults are exploitable, and toaccomplish the proposed goals, it is necessary to understand the conditions that lead abug to create a security vulnerability.The second goal is the simulation of representative security vulnerabilities in the programs selected. The faults are considered representative because they derive from thestudy previously conducted on real security faults. The fault injection will help to evaluate the effectiveness of the software testing strategies presented in the state of the arton detecting security vulnerabilities. Each strategy results in a test suite for each of theselected programs. So afterwards, it is possible to assess the type of faults that requiremore attention.The third goal aims at the development of a methodology that complements the testingtechniques used but focusing more on security vulnerabilities. With the results obtained,it will be possible to understand the types of faults that escape the testing techniques andbased on this knowledge, develop a methodology to address these particular faults.The last goal consists on the validation of the approach presented. A similar evaluationusing the same faulty functions will be performed and the results will be analyzed to understand if it complements or not the testing techniques previously used. It is understoodthat it is almost impossible to create a testing technique capable of detecting all type offaults, the objective consists on complementing the other techniques with a more focusedapproach.These objectives together are summarized in the title of this dissertation, softwareverification targeted for the identification of security vulnerabilities.4
Introduction1.4Document StructureThis dissertation is divided in 5 chapters: Introduction, Field study on security vulnerabilities, Testing for security vulnerabilities, Results, Discussion and Conclusion.The first chapter identifies the theme of this dissertation, the objectives and the motivation behind it. The second chapter, State of the Art, presents the study that wasmade to deepen the knowledge of the topics of this dissertation. Initially, it is presenteda model whose objective is to perform fault classification. Various studies are also shownabout software fault injection and the software testing techniques studied for this project.Lastly, some approaches similar to what is intended to be done in this dissertation areintroduced. The third chapter presents a review of an earlier study conducted on securityvulnerabilities and our deepening of the results. The fourth chapter presents the workdone to develop our approach on detecting security related faults. It is also explained indetail the decisions, assumptions and all the steps made to obtain the resulting tool. Theresults of the application of three testing technique are presented in the next chapter. Thesixth chapter, discussion, presents the work plan of this dissertation and the advantagesand disadvantages of using the developed tool. The last chapter concludes the dissertationand states the final ideas of the project and the future work.5
This page is intentionally left blank.
Chapter 2State of the artThis chapter presents a technology which extracts valuable information from the defectstream of any software engineering process. Afterwards, software testing will be introduced as well as the commonly used mechanisms and their objectives. It is important tounderstand the techniques and their limitation to assess their effectiveness. In order toevaluate the detection ratio of these techniques, it was necessary to emulate software faults.Therefore, different fault injection tools will be described in this chapter. Finally, a briefreview is presented of studies in the domain so as to understand the current knowledge inthe area of this dissertation.2.1Software faults and security vulnerabilitiesSoftware faults are programming mistakes that cause a program to malfunction or toproduce incorrect/unexpected results. Some faults cause the system to crash, some causea connection failure, some prevent a user to log in. However, some software faults createdata leakage or elevate user privileges, these are security vulnerabilities. Is important toconsider that every device has software which contains software faults, thus it is inevitablethat it also contains security vulnerabilities [23]. However, as Linus Torvalds said securityproblems are just bugs [24]. A security vulnerability is a software fault that can open asecurity breach. It is a narrower concept as not all faults are exploitable to the point ofcreating a security vulnerability, it depends on the type of software, and on the type offault. They represent a serious concert to programmers and organizations as they representthousands of millions of euros loss occurring because of what is mostly a preventableproblem. Also, with the increasing in size and complexity of today’s software projectsleads to a growing number of security vulnerabilities.2.2Fault ClassificationThere has been a number of studies on the nature of software faults specifically aimed atsystematically classifying them by examining software patches and defect corrections. Animportant contribution to promote this study of software faults is the Orthogonal DefectClassification (ODC) [25].The ODC was originally developed in the early 1990s by Ram Chillarege at IBM. Thisclassification is a concept that enables in-process feedback for the developers. It extracts7
Software verification aimed at security vulnerabilitiessemantic information from the defects that occur through the software development process to create cause-effect relationships. ODC essentially means that a defect is categorizedinto classes that collectively point to the part of the process that requires more attention.In the first pilot [26], the classification set was composed of 5 defect types: function,initialization, checking, assignment and documentation. This set provided a sufficient spanto explain why the development process had troubles and what could be done to fix it,however, in subsequent discussions and pilots, the model was refined to the current eightclasses [25]: Function - This defect affects significant capability, end-user features, productapplication programming interface (API), interface with hardware architecture orglobal structures. It would require a formal design change. Assignment - An assignment defect indicates a few lines of code, such as the initialization of control blocks or data structure. Interface - This defect corresponds to errors in interacting with other components,modules, device drivers via macros, call statements, control blocks or parameter lists. Checking - Addresses program logic that has failed to properly validate data andvalues before they are used, loop conditions, etc. Timing/serialization - This defects are those that are corrected by improved management of shared and real-time resources. Build/package/merge - These errors occur due to mistakes in library systems,management of changes or version control. Documentation - Errors in documentation that can affect both publications andmaintenance notes. Algorithm - Errors that affect the efficiency or correctness of the task and canbe fixed by (re)implementing an algorithm or data structure without the need of adesign change.8
State of the art2.3Software Fault InjectionThe technique of fault injection dates back to the 1970s when it was used at a hardwarelevel [27]. This approach tries to emulate hardware failures into the target system. Thesystem circuit is exposed to some type of interference to produce the fault, and the effectis examined [28].It is believed that the first technique to inject faults was a pin-level fault injection,which either uses probes to drive current on the target pin to produce voltage level faultsor replace the target device by a custom-made socket where digital logical intercepts eachtarget pin. It was primarily used as a test of the dependability of the hardware systemand later specialized hardware was developed to extend this technique, such as devicesthat bombard specific areas of the circuit board with heavy radiation [27].It was soon found that faults could be emulated using software techniques and thiswould bring benefits that could be useful for assessing software systems and it was more attractive because they do not require expensive hardware. Collectively these techniques areknown as Software Implemented Fault Injection (SWIFI). In the simplest case, SWIFI canconfront an interface with randomly generated values. The most complex fault injectiontools operate based on detailed failure cause models and can rely on formal specificationsto work in a more efficient way to guarantee certain fault coverage criteria.The injection process can be used as a complimentary technique to the usual softwaretesting mechanisms. While software tests are designed to assert the correct behavior ofthe system under a representative workload, fault injection asserts the correct behaviorunder an additional fault load [28, 29, 30].It is possible to categorize the software fault injection by when the injection takesplace: Compile-time injection - The program instructions must be modified before theexecution. Instead of injecting faults into the hardware of the target system, thistechnique emulates errors in the source code or assembly code of the target program.The injection generates an erroneous program image and when the system executesit activates the fault. Runtime injections - The faults are injected during the program execution using amechanism to trigger the fault. The commonly used triggering mechanisms are:– Time-ou
OAT Orthogonal Array Testing. ODC Orthogonal Defect Classi cation. PFI Probe/fault injection. SWIFI Software Implemented Fault Injection. VM Virtual machine. WALR Wrong algorithm code was misplaced. . 2.4 Example of Orthogonal array
II. MANY TYPES OF INQUIRY One long-standing option for lab pedagogy is the \cookbook" veri cation lab which directs students through a series of steps, often aimed at demonstrating or verifying a well-known result.6 Cookbook veri cation labs have been maligned for over a century7 because students
1 Lab meeting and introduction to qualitative analysis 2 Anion analysis (demonstration) 3 Anion analysis 4 5. group cation anion analysis 5 4. group cation (demonstration) 6 4. group cation anion analysis 7 3. group cation (demonstration) 8 3. group cation anion analysis 9 Mid-term exam 10 2. group cation (demonstration)
15th International Symposium on Automated Technology for Veri cation and Anal-ysis, ATVA 2017 [CAV’17] 15. CCF: A, CORE: A Non-polynomial Worst-case Analysis of Recursive Programs K. Chatterjee, H. Fu, A.K. Goharshady 29th International Conference on Computer Aided Veri cation, CAV 2017 [CAV’16] 16.
tions which are elastic scattering (including polarization), collisional excitation, ionization, de-excitation, and non-radiative recombination. The veri cation procedure in case of DSMC is based on the reproduction of rate coef- cients in the range of 20:000 200:000 K. Veri cation was successful for ionization, excita-tion and recombination.
Simple articular, simple metaphyseal Simple articular, complex metaphyseal Complex articular, complex metaphyseal Fig 2.2-4 Classifi cation of fractures of the diaphysis into the three fracture groups according to Müller AO/OTA Classifi cation. 2 Principles of trauma care 2.2 Fracture classifi cation
based on the US MIL-HDBK-516 — Airworthiness Certifi cation Criteria, to address the objective of common certifi cation and design codes. The new European Military Aircraft Certifi cation Criteria (EMACC) handbook contains harmonised certifi cation criteria developed to addres
is degraded during the aerobic nitri cation phase and the residual carbon is used up during the anoxic denitri cation phase [ ]. However, such systems are prone to operational hindrances due to reduced rate of nitri cation and the di cultytoseparatenitri cationanddenitri cationreaction processes.Meyeretal.[] noted that nitri cation and
the accounting profession - have come to be known as 'creative accounting'. (1988: 7-8) Terry Smith reports on his experience as an investment analyst: We felt that much of the apparent growth in profits which had occurred in the 1980s was the result of accounting sleight of band rather than genuine economic growth, and we set
