Automated static timing analysis methods provide a safe but usually overestimated worst-case execution time (WCET) due to infeasible execution paths. In this paper, we propose a visual language, User Constraint Language (UCL), to obtain a tight WCET estimation. UCL provides intuitive visual notations with which users can easily specify various levels of flow information to characterize valid execution paths of a program. The user constraints specified in UCL are translated into finite automata. The combined automaton, constructed by a cross-production of the automata for program and user constraints, reflects the static structure and possible dynamic behavior of the program. It contains only the execution paths satisfying user constraints. A case study using part of a software program for satellite flight demonstrates the effectiveness of UCL and our approach.

Masqueraders who impersonate other users pose serious threat to computer security. Unfortunately, firewalls or misuse-based intrusion detection systems are generally ineffective in detecting masqueraders. Anomaly detection techniques have been proposed as a complementary approach to overcome such limitations. However, they are not accurate enough in detection, and the rate of false alarm is too high for the technique to be applied in practice. For example, recent empirical studies on masquerade detection using UNIX commands found the accuracy to be below 70%. In this research, we performed a comparative study to investigate the effectiveness of SVM (Support Vector Machine) technique using the same data set and configuration reported in the previous experiments. In order to improve accuracy of masquerade detection, we used command frequencies in sliding windows as feature sets. In addition, we chose to ignore commands commonly used by all the users and introduce the concept of voting engine. Though still imperfect, we were able to improve the accuracy of masquerade detection to 80.1% and 94.8%, whereas previous studies reported accuracy of 69.3% and 62.8% in the same configurations. This study convincingly demonstrates that SVM is useful as an anomaly detection technique and that there are several advantages SVM offers as a tool to detect masqueraders.