Biblio

Coverage-guided testing has shown to be an effective way to find bugs. If we model coverage-guided testing as a search problem (i.e., finding inputs that can cover more branches), then its efficiency mainly depends on two factors: (1) the accuracy of the searching algorithm and (2) the number of inputs that can be evaluated per unit time. Therefore, improving the search throughput has shown to be an effective way to improve the performance of coverage-guided testing.In this work, we present a novel design to improve the search throughput: by evaluating newly generated inputs with JIT-compiled path constraints. This approach allows us to significantly improve the single thread throughput as well as scaling to multiple cores. We also developed several optimization techniques to eliminate major bottlenecks during this process. Evaluation of our prototype JIGSAW shows that our approach can achieve three orders of magnitude higher search throughput than existing fuzzers and can scale to multiple cores. We also find that with such high throughput, a simple gradient-guided search heuristic can solve path constraints collected from a large set of real-world programs faster than SMT solvers with much more sophisticated search heuristics. Evaluation of end-to-end coverage-guided testing also shows that our JIGSAW-powered hybrid fuzzer can outperform state-of-the-art testing tools.

Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art static analysis approaches have mostly overlooked the presence of such native code, which, however, may implement some key sensitive, or even malicious, parts of the app behavior. This limitation of the state of the art is a severe threat to validity in a large range of static analyses that do not have a complete view of the executable code in apps. To address this issue, we propose a new advance in the ambitious research direction of building a unified model of all code in Android apps. The JUCIFY approach presented in this paper is a significant step towards such a model, where we extract and merge call graphs of native code and bytecode to make the final model readily-usable by a common Android analysis framework: in our implementation, JUCIFY builds on the Soot internal intermediate representation. We performed empirical investigations to highlight how, without the unified model, a significant amount of Java methods called from the native code are “unreachable” in apps' callgraphs, both in goodware and malware. Using JUCIFY, we were able to enable static analyzers to reveal cases where malware relied on native code to hide invocation of payment library code or of other sensitive code in the Android framework. Additionally, JUCIFY'S model enables state-of-the-art tools to achieve better precision and recall in detecting data leaks through native code. Finally, we show that by using JUCIFY we can find sensitive data leaks that pass through native code.

Logic obfuscation has been proposed as a counter-measure against supply chain threats such as overproduction and IP piracy. However, the functional corruption it offers can be exploited by oracle-guided pruning attacks to recover the obfuscation key, forcing existing logic obfuscation methods to trivialize their output corruption which in turn leads to a diminished protection scope. In this paper, we address this quandary through an FSM obfuscation methodology that delivers obfuscation scope not only through external secrets but more importantly through inherent state transition patterns. We leverage a minimum-cut graph partitioning algorithm to divide the FSM diagram and implement the resulting partitions with distinct FF configurations, enabled by a novel synthesis methodology supporting reconfigurable FFs. The obfuscated FSM can be activated by invoking key values to dynamically switch the FF configuration at a small number of inter-partition transitions. Yet, the overall obfuscation scope comprises far more intra-partition transitions which are driven solely by the inherent transition sequences and thus reveal no key trace. We validate the security of the proposed obfuscation method against numerous functional and structural attacks. Experimental results confirm its delivery of extensive obfuscation scope at marginal overheads.

Advances in deep neural networks (DNNs) have shown tremendous promise in the medical domain. However, the deep learning tools that are helping the domain, can also be used against it. Given the prevalence of fraud in the healthcare domain, it is important to consider the adversarial use of DNNs in manipulating sensitive data that is crucial to patient healthcare. In this work, we present the design and implementation of a DNN-based image translation attack on biomedical imagery. More specifically, we propose Jekyll, a neural style transfer framework that takes as input a biomedical image of a patient and translates it to a new image that indicates an attacker-chosen disease condition. The potential for fraudulent claims based on such generated `fake' medical images is significant, and we demonstrate successful attacks on both X-rays and retinal fundus image modalities. We show that these attacks manage to mislead both medical professionals and algorithmic detection schemes. Lastly, we also investigate defensive measures based on machine learning to detect images generated by Jekyll.

Data sampling is critical process for energy constrained Wireless Sensor Networks. In this article, we proposed a Predictive Data Recovery Compressive Sensing (PDR-CS) procedure for data sampling. PDR-CS samples data measurements from the monitoring field on the basis of spatial and temporal correlation and sparse measurements recovered at the Sink. Our proposed algorithm, PDR-CS extends the iterative re-weighted -ℓ1(IRW - ℓ1) minimization and regularization on the top of Spatio-temporal compressibility for enhancing accuracy of signal recovery and reducing the energy consumption. The simulation study shows that from the less number of samples are enough to recover the signal. And also compared with the other compressive sensing procedures, PDR-CS works with less time.

In this paper, we address the problem of joint user association and power allocation for non-orthogonal multiple access (NOMA) networks with multiple base stations (BSs). A user grouping procedure into orthogonal clusters, as well as an allocation of different physical resource blocks (PRBs) is considered. The problem of interest is mathematically described using the maximization of the weighted sum rate. We apply two different swarm intelligence algorithms, namely, the recently introduced Grey Wolf Optimizer (GWO), and the popular Particle Swarm Optimization (PSO), in order to solve this problem. Numerical results demonstrate that the above-described problem can be satisfactorily addressed by both algorithms.

As portals to the Internet, web browsers constitute prominent targets for attacks. Existing defenses that redefine web APIs typically capture information related to a single JavaScript function. Thus, they fail to defend against the so-called web concurrency attacks that use multiple interleaved functions to trigger a browser vulnerability. In this paper, we propose JSKernel, the first generic framework that introduces a kernel concept into JavaScript to defend against web concurrency attacks. The JavaScript kernel, inspired from operating system concepts, enforces the execution order of JavaScript events and threads to fortify security. We implement a prototype of JSKernel deployable as add-on extensions to three widely used web browsers, namely Google Chrome, Mozilla Firefox, and Microsoft Edge. These open-source extensions are available at (https://github.com/jskernel2019/jskernel) along with a usability demo at (https://jskernel2019.github.io/). Our evaluation shows the prototype to be robust to web concurrency attacks, fast, and backward compatible with legacy websites.

Whenever any internet user visits a website, a scripting language runs in the background known as JavaScript. The embedding of malicious activities within the script poses a great threat to the cyberworld. Attackers take advantage of the dynamic nature of the JavaScript and embed malicious code within the website to download malware and damage the host. JavaScript developers obfuscate the script to keep it shielded from getting detected by the malware detectors. In this paper, we propose a novel technique for analysing and detecting JavaScript using sandbox assisted ensemble model. We extract the payload using malware-jail sandbox to get the real script. Upon getting the extracted script, we analyse it to define the features that are needed for creating the dataset. We compute Pearson's r between every feature for feature extraction. An ensemble model consisting of Sequential Minimal Optimization (SMO), Voted Perceptron and AdaBoost algorithm is used with voting technique to detect malicious JavaScript. Experimental results show that our proposed model can detect obfuscated and de-obfuscated malicious JavaScript with an accuracy of 99.6% and 0.03s detection time. Our model performs better than other state-of-the-art models in terms of accuracy and least training and detection time.

The JavaCard multi-application platform is now deployed to over twenty billion smartcards, used in various applications ranging from banking payments and authentication tokens to SIM cards and electronic documents. In most of those use cases, access to various cryptographic primitives is required. The standard JavaCard API provides a basic level of access to such functionality (e.g., RSA encryption) but does not expose low-level cryptographic primitives (e.g., elliptic curve operations) and essential data types (e.g., Integers). Developers can access such features only through proprietary, manufacturer-specific APIs. Unfortunately, such APIs significantly reduce the interoperability and certification transparency of the software produced as they require non-disclosure agreements (NDA) that prohibit public sharing of the applet's source code.We introduce JCMathLib, an open library that provides an intermediate layer realizing essential data types and low-level cryptographic primitives from high-level operations. To achieve this, we introduce a series of optimization techniques for resource-constrained platforms that make optimal use of the underlying hardware, while having a small memory footprint. To the best of our knowledge, it is the first generic library for low-level cryptographic operations in JavaCards that does not rely on a proprietary API.Without any disclosure limitations, JCMathLib has the potential to increase transparency by enabling open code sharing, release of research prototypes, and public code audits. Moreover, JCMathLib can help resolve the conflict between strict open-source licenses such as GPL and proprietary APIs available only under an NDA. This is of particular importance due to the introduction of JavaCard API v3.1, which targets specifically IoT devices, where open-source development might be more common than in the relatively closed world of government-issued electronic documents.

With the explosive data growth arise from internet of things, how to ensure information security is facing unprecedented challenges. In this paper, a joint PHY/MAC layer security scheme with artificial noise design in singular value decomposition (SVD) based multiple input multiple output hybrid automatic retransmission request (MIMO HARQ) system is proposed to resolve the problem of low data rates in existing cross-layer security design and further adapt to the high data rate requirement of 5G. First, the SVD was applied to simplify MIMO systems into several parallel sub-channels employing HARQ protocol. Then, different from traditional null space based artificial noise design, the artificial noise design, which is dependent on the characteristics of channel states and transmission rounds, is detailed presented. Finally, the analytical and simulation results proved that with the help of the proposed artificial noise, both the information security and data rate performance can be significantly improved compared with that in single input single output (SISO) system.

A joint source-channel coding (JSCC) scheme based on hybrid digital/analog coding is proposed for the transmission of correlated sources over discrete-memoryless two-way channels (DM-TWCs). The scheme utilizes the correlation between the sources in generating channel inputs, thus enabling the users to coordinate their transmission to combat channel noise. The hybrid scheme also subsumes prior coding methods such as rate-one separate source-channel coding and uncoded schemes for two-way lossy transmission, as well as the correlation-preserving coding scheme for (almost) lossless transmission. Moreover, we derive a distortion outer bound for the source-channel system using a genie-aided argument. A complete JSSC theorem for a class of correlated sources and DM-TWCs whose capacity region cannot be enlarged via interactive adaptive coding is also established. Examples that illustrate the theorem are given.

In this paper, we consider the problem of joint target detection and tracking in compressive sampling and processing (CSP-JDT). CSP can process the compressive samples of sparse signals directly without signal reconstruction, which is suitable for handling high-resolution radar signals. However, in CSP, the radar target detection and tracking problems are usually solved separately or by a two-stage strategy, which cannot obtain a globally optimal solution. To jointly optimize the target detection and tracking performance and inspired by the optimal Bayes joint decision and estimation (JDE) framework, a jointly optimized target detection and tracking algorithm in CSP is proposed. Since detection and tracking are highly correlated, we first develop a measurement matrix construction method to acquire the compressive samples, and then a joint CSP Bayesian approach is developed for target detection and tracking. The experimental results demonstrate that the proposed method outperforms the two-stage algorithms in terms of the joint performance metric.

Sybil attacks, wherein a network is subverted by forging node identities, remains an open issue in wireless sensor networks (WSNs). This paper proposes a scheme, called Location and Communication ID (LCID) based detection, which employs residual energy, communication ID and location information of sensor nodes for Sybil attacks prevention. Moreover, LCID takes into account the resource constrained nature of WSNs and enhances energy conservation through hierarchical routing. Sybil nodes are purged before clusters formation to ensure that only legitimate nodes participate in clustering and data communication. CH selection is based on the average energy of the entire network to load-balance energy consumption. LCID selects a CH if its residual energy is greater than the average network energy. Furthermore, the workload of CHs is equally distributed among sensor nodes. A CH once selected cannot be selected again for 1/p rounds, where p is the CH selection probability. Simulation results demonstrate that, as compared to an eminent scheme, LCID has a higher Sybil attacks detection ratio, higher network lifetime, higher packet reception rate at the BS, lower energy consumption, and lower packet loss ratio.

We study conflict situations that dynamically arise in traffic scenarios, where different agents try to achieve their set of goals and have to decide on what to do based on their local perception.
We distinguish several types of conflicts for this setting. In order to enable modelling of conflict situations and the reasons for conflicts, we present a logical framework that adopts concepts from epistemic and modal logic, justification and temporal logic. Using this framework, we illustrate how conflicts can be identified and how we derive a chain of justifications leading to this conflict. We discuss how conflict resolution can be done when a vehicle has local, incomplete information, vehicle to vehicle communication (V2V) and partially ordered goals.

Good programming languages provide helpful abstractions for writing secure code, but the security properties of the source language are generally not preserved when compiling a program and linking it with adversarial code in a low-level target language (e.g., a library or a legacy application). Linked target code that is compromised or malicious may, for instance, read and write the compiled program's data and code, jump to arbitrary memory locations, or smash the stack, blatantly violating any source-level abstraction. By contrast, a fully abstract compilation chain protects source-level abstractions all the way down, ensuring that linked adversarial target code cannot observe more about the compiled program than what some linked source code could about the source program. However, while research in this area has so far focused on preserving observational equivalence, as needed for achieving full abstraction, there is a much larger space of security properties one can choose to preserve against linked adversarial code. And the precise class of security properties one chooses crucially impacts not only the supported security goals and the strength of the attacker model, but also the kind of protections a secure compilation chain has to introduce. We are the first to thoroughly explore a large space of formal secure compilation criteria based on robust property preservation, i.e., the preservation of properties satisfied against arbitrary adversarial contexts. We study robustly preserving various classes of trace properties such as safety, of hyperproperties such as noninterference, and of relational hyperproperties such as trace equivalence. This leads to many new secure compilation criteria, some of which are easier to practically achieve and prove than full abstraction, and some of which provide strictly stronger security guarantees. For each of the studied criteria we propose an equivalent “property-free” characterization that clarifies which proof techniques apply. For relational properties and hyperproperties, which relate the behaviors of multiple programs, our formal definitions of the property classes themselves are novel. We order our criteria by their relative strength and show several collapses and separation results. Finally, we adapt existing proof techniques to show that even the strongest of our secure compilation criteria, the robust preservation of all relational hyperproperties, is achievable for a simple translation from a statically typed to a dynamically typed language.

The ability to transmit high volumes of data over a long distance makes WiFi mesh networks an ideal transmission solution for remote video surveillance. Instead of independently manipulating the node deployment, channel and interface assignment, and routing to improve the network performance, we propose a joint network design using multi-objective genetic algorithm to take into account the interplay of them. Moreover, we found a performance evaluation method based on the transmission capability of the WiFi mesh networks for the first time. The good agreement of our obtained multiple optimized solutions to the extensive simulation results by NS-3 demonstrates the effectiveness of our design.

In this paper, we have considered the broadcasting of a memoryless bivariate Gaussian source over a Gaussian broadcast channel with respect to bandwidth compression. We have analysed the performance of a hybrid digital-analog (HDA) coding system in combination with joint source channel coding (JSCC) to measure the distortion regions. The transmission advantages due to the combination of both the analog and digital techniques, a class of HDA schemes that yields better performance in distortion is discussed. The performance of source and channel coding for the possible better outcome of the system is measured by employing Wyner-Ziv and Costa coding. In our model, we have considered the upper layer to be a combination of a hybrid layer in the sense of both the analog and digital processing is done. This is executed in presence of quantization error and performance of the system is measured with two conditions: 1) HDA scheme with quantization scaling factor α = 0, i.e. the input of the channel have only the analog information which is considered as the scaled quantization error βS 2) The analog information from the first layer S is suppressed by setting error scaling factor β = 0 and 3) Inclusion of recursive mode with JSCC in each of the three layers for the possible better outcome is considered here.

The utility of mediated environments increases when environmental scale (size and distance) is perceived accurately. We present the use of perceived affordances–-judgments of action capabilities–-as an objective way to assess space perception in an augmented reality (AR) environment. The current study extends the previous use of this methodology in virtual reality (VR) to AR. We tested two locomotion-based affordance tasks. In the first experiment, observers judged whether they could pass through a virtual aperture presented at different widths and distances, and also judged the distance to the aperture. In the second experiment, observers judged whether they could step over a virtual gap on the ground. In both experiments, the virtual objects were displayed with the HoloLens in a real laboratory environment. We demonstrate that affordances for passing through and perceived distance to the aperture are similar in AR to those measured in the real world, but that judgments of gap-crossing in AR were underestimated. These differences across two affordances may result from the different spatial characteristics of the virtual objects (on the ground versus extending off the ground).

Due to the evolution of programming languages, interpreted languages have gained widespread use in scientific and research computing. Interpreted languages excel at being portable, easy to use, and fast in prototyping than their ahead-of-time (AOT) counterparts, including C, C++, and Fortran. While traditionally considered as slow to execute, advancements in Just-in-Time (JIT) compilation techniques have significantly improved the execution speed of interpreted languages and in some cases outperformed AOT languages. In this paper, we explore some challenges and design strategies in developing a high performance parallel discrete event simulation engine, called Simian, written with interpreted languages with JIT capabilities, including Python, Lua, and Javascript. Our results show that Simian with JIT performs similarly to AOT simulators, such as MiniSSF and ROSS. We expect that with features like good performance, userfriendliness, and portability, the just-in-time parallel simulation will become a common choice for modeling and simulation in the near future.
 

We consider the scenario where a cloud service provider (CSP) operates multiple geo-distributed datacenters to provide Internet-scale service. Our objective is to minimize the total electricity and bandwidth cost by jointly optimizing electricity procurement from wholesale markets and geographical load balancing (GLB), i.e., dynamically routing workloads to locations with cheaper electricity. Under the ideal setting where exact values of market prices and workloads are given, this problem reduces to a simple linear programming and is easy to solve. However, under the realistic setting where only distributions of these variables are available, the problem unfolds into a non-convex infinite-dimensional one and is challenging to solve. One of our main contributions is to develop an algorithm that is proven to solve the challenging problem optimally, by exploring the full design space of strategic bidding. Trace-driven evaluations corroborate our theoretical results, demonstrate fast convergence of our algorithm, and show that it can reduce the cost for the CSP by up to 20% as compared with baseline alternatives. This paper highlights the intriguing role of uncertainty in workloads and market prices, measured by their variances. While uncertainty in workloads deteriorates the cost-saving performance of joint electricity procurement and GLB, counter-intuitively, uncertainty in market prices can be exploited to achieve a cost reduction even larger than the setting without price uncertainty.

In this paper, we consider the application of Reed-Solomon (RS) channel coding for joint error correction and cooperative network coding on non-binary phase shift keying (PSK) modulated signals. The relay first decodes the RS channel coded messages received each in a time slot from all sources before applying network coding (NC) by the use of bit-level exclusive OR (XOR) operation. The network coded resulting message is then channel encoded before its transmission to the next relay or to the destination according to the network configuration. This scenario shows superior performance in comparison with the case where the relay does not perform channel coding/decoding. For different orders of PSK modulation and different wireless configurations, simulation results demonstrate the improvements resulting from the use of RS channel codes in terms of symbol error rate (SER) versus signal-to-noise ratio (SNR).

We have recently seen an increasing number of attacks that are distributed, and span an entire wide area network (WAN). Today, typically, intrusion detection systems (IDSs) are deployed at enterprise scale and cannot handle attacks that cover a WAN. Moreover, such IDSs are implemented at a single entity that expects to look at all packets to determine an intrusion. Transferring copies of raw packets to centralized engines for analysis in a WAN can significantly impact both network performance and detection accuracy. In this paper, we propose Jaal, a framework for achieving accurate network intrusion detection at scale. The key idea in Jaal is to monitor traffic and construct in-network packet summaries. The summaries are then processed centrally to detect attacks with high accuracy. The main challenges that we address are (a) creating summaries that are concise, but sufficient to draw highly accurate inferences and (b) transforming traditional IDS rules to handle summaries instead of raw packets. We implement Jaal on a large scale SDN testbed. We show that on average Jaal yields a detection accuracy of about 98%, which is the highest reported for ISP scale network intrusion detection. At the same time, the overhead associated with transferring summaries to the central inference engine is only about 35% of what is consumed if raw packets are transferred.

Jasmin is a framework for developing high-speed and high-assurance cryptographic software. The framework is structured around the Jasmin programming language and its compiler. The language is designed for enhancing portability of programs and for simplifying verification tasks. The compiler is designed to achieve predictability and efficiency of the output code (currently limited to x64 platforms), and is formally verified in the Coq proof assistant. Using the supercop framework, we evaluate the Jasmin compiler on representative cryptographic routines and conclude that the code generated by the compiler is as efficient as fast, hand-crafted, implementations. Moreover, the framework includes highly automated tools for proving memory safety and constant-time security (for protecting against cache-based timing attacks). We also demonstrate the effectiveness of the verification tools on a large set of cryptographic routines.

We present the concept of Just-In-Time (JIT) static analysis that interleaves code development and bug fixing in an integrated development environment. Unlike traditional batch-style analysis tools, a JIT analysis tool presents warnings to code developers over time, providing the most relevant results quickly, and computing less relevant results incrementally later. In this paper, we describe general guidelines for designing JIT analyses. We also present a general recipe for transforming static data-flow analyses to JIT analyses through a concept of layered analysis execution. We illustrate this transformation through CHEETAH, a JIT taint analysis for Android applications. Our empirical evaluation of CHEETAH on real-world applications shows that our approach returns warnings quickly enough to avoid disrupting the normal workflow of developers. This result is confirmed by our user study, in which developers fixed data leaks twice as fast when using CHEETAH compared to an equivalent batch-style analysis.