Biblio

This paper presents a method to extract important byte sequences in malware samples by application of convolutional neural network (CNN) to images converted from binary data. This method, by combining a technique called the attention mechanism into CNN, enables calculation of an "attention map," which shows regions having higher importance for classification in the image. The extracted region with higher importance can provide useful information for human analysts who investigate the functionalities of unknown malware samples. Results of our evaluation experiment using malware dataset show that the proposed method provides higher classification accuracy than a conventional method. Furthermore, analysis of malware samples based on the calculated attention map confirmed that the extracted sequences provide useful information for manual analysis.

To improve the security of user-chosen Android screen lock patterns, we propose a novel system-guided pattern lock scheme called "SysPal" that mandates the use of a small number of randomly selected points while selecting a pattern. Users are given the freedom to use those mandated points at any position. We conducted a large-scale online study with 1,717 participants to evaluate the security and usability of three SysPal policies, varying the number of mandatory points that must be used (upon selecting a pattern) from one to three. Our results suggest that the two SysPal policies that mandate the use of one and two points can help users select significantly more secure patterns compared to the current Android policy: 22.58% and 23.19% fewer patterns were cracked. Those two SysPal policies, however, did not show any statistically significant inferiority in pattern recall success rate (the percentage of participants who correctly recalled their pattern after 24 hours). In our lab study, we asked participants to install our screen unlock application on their own Android device, and observed their real-life phone unlock behaviors for a day. Again, our lab study did not show any statistically significant difference in memorability for those two SysPal policies compared to the current Android policy.

With increasing interest in the development of intelligent agents capable of learning, proficiently automating tasks, and gaining world knowledge, the importance of integrating the ability to converse naturally with users is more crucial now than ever before. This thesis aims to understand and characterize different aspects of social language to facilitate the development of intelligent agents that are socially aware and able to engage users to a level that was not previously possible with language generation systems. Using various machine learning algorithms and data-driven approaches to model the nuances of social language in dialogue, such as factual and emotional expression, sarcasm and humor and the related subclasses of rhetorical questions and hyperbole, we can come closer to modeling the characteristics of the social language that allows us to express emotion and knowledge, and thereby exhibit these styles in the agents we develop.

Today, the proportion of software in society as a whole is steadily increasing. In addition to size of software increasing, the number of cases dealing with personal information is also increasing. This shows the importance of weekly software security verification. However, software security is very difficult in cases where libraries do not have source code. To solve this problem, it is necessary to develop a technique for checking existing binary security weaknesses. To this end, techniques for analyzing security weaknesses using intermediate languages are actively being discussed. In this paper, we propose a system that translate binary code to intermediate language to effectively analyze existing security weaknesses within binary code.

The privacy of information is an increasing concern of software applications users. This concern was caused by attacks to cloud services over the last few years, that have leaked confidential information such as passwords, emails and even private pictures. Once the information is leaked, the users and software applications are powerless to contain the spread of information and its misuse. With databases as a central component of applications that store almost all of their data, they are one of the most common targets of attacks. However, typical deployments of databases do not leverage security mechanisms to stop attacks and do not apply cryptographic schemes to protect data. This issue has been tackled by multiple secure databases that provide trade-offs between security, query capabilities and performance. Despite providing stronger security guarantees, the proposed solutions still entrust their data to a single entity that can be corrupted or hacked. Secret sharing can solve this problem by dividing data in multiple secrets and storing each secret at a different location. The division is done in such a way that if one location is hacked, no information can be leaked. Depending on the protocols used to divide data, functions can be computed over this data through secure protocols that do not disclose information or actually know which values are being calculated. We propose a SQL database prototype capable of offering a trade-off between security and query latency by using a different secure protocol. An evaluation of the protocols is also performed, showing that our most relaxed protocol has an improvement of 5+ on the query latency time over the original protocol.

Summary form only given. All-optical switching (AOS) has been observed in ferromagnetic (FM) layers and synthetic ferrimagnetic heterostructures [1-4]. In this work, we use anomalous Hall effect (AHE) measurements to demonstrate controlled helicity-dependent switching in synthetic ferrimagnetic heterostructures. The two FM layers are engineered to have different Curie temperatures Tc1 (fixed) and Tc2 (variable). We show that irrespective of whether Tc2 is higher or lower than Tc1, the final magnetic configuration of the heterostructure is controlled by using the laser polarization to set the magnetic state of the FM layer with the highest Tc. All samples were grown on glass substrates at room temperature by DC magnetron sputtering. Two sets of samples were prepared. The first set are single FM layers with layer composition Ta (3 nm)/Pt (4 nm)/FM1(2)/Pt capping (4 nm), where FM1 = Co (0.6 nm) is a Co layer and FM2 = CoFeB (tCoFeB)/Pt(0.4 nm)/ CoFeB (tCoFeB) (0.2 ≤ tCoFeB ≤ 0.6 nm) is a composite CoFeB layer where both CoFeB layers are ferromagnetically coupled and act as a single layer. FM1 and FM2 were used to produce the second set of synthetic ferrimagnetic samples with layer structure Ta (3 nm)/Pt (4 nm)/FM1/Pt (0.4 nm)/Ru (0.9 nm)/Pt (0.4 nm)/FM2/Pt capping (4 nm). The Ru layer provides the antiferromagnetic RKKY interlayer exchange coupling between the adjacent FM1 and FM2 layers while the Pt layers on either side of the Ru layer can tune the strength of the coupling and stabilize their perpendicular anisotropy [5]. To study the AOS, we use a Ti: sapphire fs-laser with a wavelength of 800 nm and a pulse duration of 43 fs. A quarter-wave plate is used to create a circularly polarized [right(σ+) and left-handed (σ-)] beam. We first measured the magnetic properties of the FM1 and FM2 layers using vibrating sample magnetometry (VSM). All FM samples show full remanence in perpendicular hyst- resis loops at room temperature (not shown). The temperature-dependent magnetization scans (not shown) give a Curie temperature Tc1 of 524 K for FM1. For FM2, increasing tCoFeB increases its Curie temperatureTc2. At tCoFeB = 0.5 nm, Tc2 - Tc1. Hall crosses are patterned by optical lithography and ion milling. The width of the current carrying wire is - 5 um, giving a DC current density of - 6 x 109 A/m2 during the measurement. Figure 1(a) shows the resulting perpendicular Hall hysteresis loop of the synthetic ferrimagnetic sample with tCoFeB = 0.2 nm. At remanence, the stable magnetic configurations are the two antiparallel orientations of FM1 and FM2 [State I and II in Fig. 1(a)]. To study the AOS, we swept the laser beam with a power of 0.45 mW and a speed of 1 μm/sec across the Hall cross, and the corresponding Hall voltage was constantly monitored. In Fig. 1(b), we show the normalized Hall voltage, VHall, as a function of the laser beam position x for both beam polarizations σ+ and σ-. The initial magnetic configuration was State I. When the beam is at the center of the cross (position B), both beam polarizations give VHall - 0. As the beam leaves the cross (position C), the σbeam changes the magnetic configurations from State I to State II (FM1 magnetization pointing down), while the system reverts to State I using the σ+ beam. Changing the initial configuration from State I to State II results in the same final magnetic configurations, determined by the laser beam polarizations (not shown). Similar results (not shown) were obtained for samples with tCoFeB ≤ 0.4 nm. However, at tCoFeB = 0.6 nm, the σbeam results in the final magnetic configurations with FM2 magnetization pointing down (State I) and the σ+ beam results in the State II configuration, suggesting that the final state is determined by the beam polar

Alternatives to rare earth permanent magnets, such as alnico, will reduce supply instability, increase sustainability, and could decrease the cost of permanent magnets, especially for high-temperature applications, such as traction drive motors. Alnico magnets with moderate coercivity, high remanence, and relatively high-energy product are conventionally processed by directional solidification and (significant) final machining, contributing to increased costs and additional material waste. Additive manufacturing (AM) is developing as a cost effective method to build net-shape 3-D parts with minimal final machining and properties comparable to wrought parts. This paper describes initial studies of net-shape fabrication of alnico magnets by AM using a laser engineered net shaping (LENS) system. High-pressure gas atomized pre-alloyed powders of two different modified alnico “8” compositions, with high purity and sphericity, were built into cylinders using the LENS process, and followed by heat treatment. The magnetic properties showed improvement over their cast and sintered counterparts. The resulting alnico permanent magnets were characterized using scanning electron microscopy, energy dispersive spectroscopy, electron backscatter diffraction, and hysteresisgraph measurements. These results display the potential for net-shape processing of alnico permanent magnets for use in next generation traction-drive motors and other applications requiring high temperatures and/or complex engineered part geometries.

There are many everyday situations in which users need to enter their user identification (user ID), such as logging in to computer systems and entering secure offices. In such situations, contactless passive IC cards are convenient because users can input their user ID simply by passing the card over a reader. However, these cards cannot be used for successive interactions. To address this issue, we propose AccelTag, a contactless IC card equipped with an acceleration sensor and a liquid crystal display (LCD). AccelTag utilizes high-function RFID technology so that the acceleration sensor and the LCD can also be driven by a wireless power supply. With its built-in acceleration sensor, AccelTag can acquire its direction and movement when it is waved over the reader. We demonstrate several applications using AccelTag, such as displaying several types of information in the card depending on the user's requirements.

Over the years a lot of effort has been put on solving extensibility problems, while retaining important software engineering properties such as modular type-safety and separate compilation. Most previous work focused on operations that traverse and process extensible Abstract Syntax Tree (AST) structures. However, there is almost no work on operations that build such extensible ASTs, including parsing. This paper investigates solutions for the problem of modular parsing. We focus on semantic modularity and not just syntactic modularity. That is, the solutions should not only allow complete parsers to be built out of modular parsing components, but also enable the parsing components to be modularly type-checked and separately compiled. We present a technique based on parser combinators that enables modular parsing. Interestingly, the modularity requirements for modular parsing rule out several existing parser combinator approaches, which rely on some non-modular techniques. We show that Packrat parsing techniques, provide solutions for such modularity problems, and enable reasonable performance in a modular setting. Extensibility is achieved using multiple inheritance and Object Algebras. To evaluate the approach we conduct a case study based on the “Types and Programming Languages” interpreters. The case study shows the effectiveness at reusing parsing code from existing interpreters, and the total parsing code is 69% shorter than an existing code base using a non-modular parsing approach.

Destination IP prefix-based routing protocols are core to Internet routing today. Internet autonomous systems (AS) possess fixed IP prefixes, while packets carry the intended destination AS's prefix in their headers, in clear text. As a result, network communications can be easily identified using IP addresses and become targets of a wide variety of attacks, such as DNS/IP filtering, distributed Denial-of-Service (DDoS) attacks, man-in-the-middle (MITM) attacks, etc. In this work, we explore an alternative network architecture that fundamentally removes such vulnerabilities by disassociating the relationship between IP prefixes and destination networks, and by allowing any end-to-end communication session to have dynamic, short-lived, and pseudo-random IP addresses drawn from a range of IP prefixes rather than one. The concept is seemingly impossible to realize in todays Internet. We demonstrate how this is doable today with three different strategies using software defined networking (SDN), and how this can be done at scale to transform the Internet addressing and routing paradigms with the novel concept of a distributed software defined Internet exchange (SDX). The solution works with both IPv4 and IPv6, whereas the latter provides higher degrees of IP addressing freedom. Prototypes based on Open vSwitches (OVS) have been implemented for experimentation across the PEERING BGP testbed. The SDX solution not only provides a technically sustainable pathway towards large-scale traffic analysis resistant network (TARN) support, it also unveils a new business model for customer-driven, customizable and trustable end-to-end network services.

This paper presents the results of a cryptographic analysis of the protocols used by the European Rail Traffic Management System (ERTMS). A stack of three protocols secures the communication between trains and trackside equipment; encrypted radio communication is provided by the GSM-R protocol, on top of this the EuroRadio protocol provides authentication for a train control application-level protocol. We present an attack which exploits weaknesses in all three protocols: GSM-R has the same well known weaknesses as the GSM protocol, and we present a new collision attack against the EuroRadio protocol. Combined with design weaknesses in the application-level protocol, these vulnerabilities allow an attacker, who observes a MAC collision, to forge train control messages. We demonstrate this attack with a proof of concept using train control messages we have generated ourselves. Currently, ERTMS is only used to send small amounts of data for short sessions, therefore this attack does not present an immediate danger. However, if EuroRadio was to be used to transfer larger amounts of data trains would become vulnerable to this attack. Additionally, we calculate that, under reasonable assumptions, an attacker who could monitor all backend control centres in a country the size of the UK for 45 days would have a 1% chance of being able to take control of a train.

In financial markets, the variance of stock returns plays an important role to reduce a risk, and daily volatility is often used as one of its measurement. We in this paper focus on Realized Volatility (RV), which is one of the most well-known volatility index. Traditionally regression models have been widely used to estimate it, but Genetic Programming (GP) approaches have been proposed recent years. While regression models estimate a suitable equation for forecasting RV, GP approaches estimate a tree (individual) that consists of economic information. Through evolution process, effective economic information can survive, so GP approaches can not only estimate RV values, but also extract effective information. However, GP approaches need computational efforts to avoid premature convergence. In this paper, we proposed a mutation-base GP approach for RV estimation, and analyze which economic information is needed to estimate RV accurately.

A technique of finding a set of sequential circuit nodes in which Trojan Circuits (TC) may be implanted is suggested. The technique is based on applying the precise (not heuristic) random estimations of internal node observability and controllability. Getting the estimations we at the same time derive and compactly represent all sequential circuit full states (depending on input and state variables) in which of that TC may be switched on. It means we obtain precise description of TC switch on area for the corresponding internal node v. The estimations are computed with applying a State Transition Graph (STG) description, if we suppose that TC may be inserted out of the working area (out of the specification) of the sequential circuit. Reduced Ordered Binary Decision Diagrams (ROBDDs) for the combinational part and its fragments are applied for getting the estimations by means of operations on ROBDDs. Techniques of masking TCs are proposed. Masking sub-circuits overhead is appreciated.

High detection sensitivity in the presence of process variation is a key challenge for hardware Trojan detection through side channel analysis. In this work, we present an efficient Trojan detection approach in the presence of elevated process variations. The detection sensitivity is sharpened by 1) comparing power levels from neighboring regions within the same chip so that the two measured values exhibit a common trend in terms of process variation, and 2) generating test patterns that toggle each cell multiple times to increase Trojan activation probability. Detection sensitivity is analyzed and its effectiveness demonstrated by means of RPD (relative power difference). We evaluate our approach on ISCAS'89 and ITC'99 benchmarks and the AES-128 circuit for both combinational and sequential type Trojans. High detection sensitivity is demonstrated by analysis on RPD under a variety of process variation levels and experiments for Trojan inserted circuits.

Power is increasingly the limiting factor in High Performance Computing (HPC) at Exascale and will continue to influence future advancements in supercomputing. Recent processors equipped with on-board hardware counters allow real time monitoring of operating conditions such as energy and temperature, in addition to performance measures such as instructions retired and memory accesses. An experimental memory study presented on modern CPU architectures, Intel Sandybridge and Haswell, identifies a metric, TORo\_core, that detects bandwidth saturation and increased latency. TORo-Core is used to construct a dynamic policy applied at coarse and fine-grained levels to modulate per-core power controls on Haswell machines. The coarse and fine-grained application of dynamic policy shows best energy savings of 32.1% and 19.5% with a 2% slowdown in both cases. On average for six MPI applications, the fine-grained dynamic policy speeds execution by 1% while the coarse-grained application results in a 3% slowdown. Energy savings through frequency reduction not only provide cost advantages, they also reduce resource contention and create additional thermal headroom for non-throttled cores improving performance.

We show that the basic semidefinite programming relaxation value of any constraint satisfaction problem can be computed in NC; that is, in parallel polylogarithmic time and polynomial work. As a complexity-theoretic consequence we get that $\backslash$MIPone[k,c,s] $\backslash$subseteq $\backslash$PSPACE provided s/c $\backslash$leq (.62-o(1))k/2textasciicircumk, resolving a question of Austrin, H$\backslash$aa stad, and Pass. Here $\backslash$MIPone[k,c,s] is the class of languages decidable with completeness c and soundness s by an interactive proof system with k provers, each constrained to communicate just 1 bit.

Oblivious Random Access Machine (ORAM) enables a client to access her data without leaking her access patterns. Existing client-efficient ORAMs either achieve O(log N) client-server communication blowup without heavy computation, or O(1) blowup but with expensive homomorphic encryptions. It has been shown that O(log N) bandwidth blowup might not be practical for certain applications, while schemes with O(1) communication blowup incur even more delay due to costly homomorphic operations. In this paper, we propose a new distributed ORAM scheme referred to as Shamir Secret Sharing ORAM (S3ORAM), which achieves O(1) client-server bandwidth blowup and O(1) blocks of client storage without relying on costly partial homomorphic encryptions. S3ORAM harnesses Shamir Secret Sharing, tree-based ORAM structure and a secure multi-party multiplication protocol to eliminate costly homomorphic operations and, therefore, achieves O(1) client-server bandwidth blowup with a high computational efficiency. We conducted comprehensive experiments to assess the performance of S3ORAM and its counterparts on actual cloud environments, and showed that S3ORAM achieves three orders of magnitude lower end-to-end delay compared to alternatives with O(1) client communication blowup (Onion-ORAM), while it is one order of magnitude faster than Path-ORAM for a network with a moderate bandwidth quality. We have released the implementation of S3ORAM for further improvement and adaptation.

Technological advances in wearable and implanted medical devices are enabling wireless body area networks to alter the current landscape of medical and healthcare applications. These systems have the potential to significantly improve real time patient monitoring, provide accurate diagnosis and deliver faster treatment. In spite of their growth, securing the sensitive medical and patient data relayed in these networks to protect patients' privacy and safety still remains an open challenge. The resource constraints of wireless medical sensors limit the adoption of traditional security measures in this domain. In this work, we propose a distributed mobile agent based intrusion detection system to secure these networks. Specifically, our autonomous mobile agents use machine learning algorithms to perform local and network level anomaly detection to detect various security attacks targeted on healthcare systems. Simulation results show that our system performs efficiently with high detection accuracy and low energy consumption.

Identity-Based Encryption (IBE) was introduced as an elegant concept for secure data exchange due to its simplified key management by specifically addressing the asymmetric key distribution problems in multi-user scenarios. In the context of ad-hoc network connections that are of particular importance in the emerging Internet of Things, the simple key discovery procedures as provided by IBE are very beneficial in many situations. In this work we demonstrate for the first time that IBE has become practical even for a range of embedded devices that are populated with low-cost ARM Cortex-M microcontrollers or reconfigurable hardware components. More precisely, we adopt the IBE scheme proposed by Ducas et al. at ASIACRYPT 2014 based on the RLWE problem for which we provide implementation results for two security levels on the aforementioned embedded platforms. We give evidence that the implementations of the basic scheme are efficient, as for a security level of 80 bits it requires 103 ms and 36 ms for encryption and decryption, respectively, on the smallest ARM Cortex-M0 microcontroller.

Wireless mesh network (WMN) consists of mesh gateways, mesh routers and mesh clients. In hybrid WMN, both backbone mesh network and client mesh network are mesh connected. Capacity analysis of multi-hop wireless networks has proven to be an interesting and challenging research topic. The capacity of hybrid WMN depends on several factors such as traffic model, topology, scheduling strategy and bandwidth allocation strategy, etc. In this paper, the capacity of hybrid WMN is studied according to the traffic model and bandwidth allocation. The traffic of hybrid WMN is categorized into internal and external traffic. Then the capacity of each mesh client is deduced according to appropriate bandwidth allocation. The analytical results show that hybrid WMN achieves lower capacity than infrastructure WMN. The results and conclusions can guide for the construction of hybrid WMN.

Recommender system is to suggest items that might be interest of the users in social networks. Collaborative filtering is an approach that works based on similarity and recommends items liked by other similar users. Trust model adopts users' trust network in place of similarity. Multi-faceted trust model considers multiple and heterogeneous trust relationship among the users and recommend items based on rating exist in the network of trustees of a specific facet. This paper applies genetic algorithm to estimate parameters of multi-faceted trust model, in which the trust weights are calculated based on the ratings and the trust network for each facet, separately. The model was built on Epinions data set that includes consumers' opinion, rating for items and the web of trust network. It was used to predict users' rating for items in different facets and root mean squared of prediction error (RMSE) was considered as a measure of performance. Empirical evaluations demonstrated that multi-facet models improve performance of the recommender system.

In recent years, the emerging Internet-of-Things (IoT) has led to rising concerns about the security of networked embedded devices. In this work, we propose the SIPHON architecture–-a Scalable high-Interaction Honeypot platform for IoT devices. Our architecture leverages IoT devices that are physically at one location and are connected to the Internet through so-called $\backslash$emph\wormholes\ distributed around the world. The resulting architecture allows exposing few physical devices over a large number of geographically distributed IP addresses. We demonstrate the proposed architecture in a large scale experiment with 39 wormhole instances in 16 cities in 9 countries. Based on this setup, five physical IP cameras, one NVR and one IP printer are presented as 85 real IoT devices on the Internet, attracting a daily traffic of 700MB for a period of two months. A preliminary analysis of the collected traffic indicates that devices in some cities attracted significantly more traffic than others (ranging from 600 000 incoming TCP connections for the most popular destination to less than 50 000 for the least popular). We recorded over 400 brute-force login attempts to the web-interface of our devices using a total of 1826 distinct credentials, from which 11 attempts were successful. Moreover, we noted login attempts to Telnet and SSH ports some of which used credentials found in the recently disclosed Mirai malware.

Vehicular Ad-Hoc Networks (VANET) are the creation of several vehicles communicating with each other in order to create a network capable of communication and data exchange. One of the most promising methods for security and trust amongst vehicular networks is the usage of Public Key Infrastructure (PKI). However, current implementations of PKI as a security solution for determining the validity and authenticity of vehicles in a VANET is not efficient due to the usage of large amounts of delay and computational overhead. In this paper, we investigate the potential of PKI when predictively and preemptively passing along certificates to roadside units (RSU) in an effort to lower delay and computational overhead in a dynamic environment. We look to accomplish this through utilizing fog computing and propose a new protocol to pass certificates along the projected path.

In this paper we explore the opportunities, challenges and best practices around designing technologies for those affected by self-harm. Our work contributes to a growing HCI literature on mental health and wellbeing, as well as understandings of how to imbue appropriate value-sensitivity within the digital design process in these contexts. The first phase of our study was centred upon a hackathon during which teams of designers were asked to conceptualise and prototype digital products or services for those affected by self-harm. We discuss how value-sensitive actions and activities, including engagements with those with lived experiences of self-harm, were used to scaffold the conventional hackathon format in such a challenging context. Our approach was then extended through a series of critical engagements with clinicians and charity workers who provided appraisal of the prototypes and designs. Through analysis of these engagements we expose a number of design challenges for future HCI work that considers self-harm; moreover we offer insight into the role of stakeholder critiques in extending and rethinking hackathons as a design method in sensitive contexts.

As modern attacks become more stealthy and persistent, detecting or preventing them at their early stages becomes virtually impossible. Instead, an attack investigation or provenance system aims to continuously monitor and log interesting system events with minimal overhead. Later, if the system observes any anomalous behavior, it analyzes the log to identify who initiated the attack and which resources were affected by the attack and then assess and recover from any damage incurred. However, because of a fundamental tradeoff between log granularity and system performance, existing systems typically record system-call events without detailed program-level activities (e.g., memory operation) required for accurately reconstructing attack causality or demand that every monitored program be instrumented to provide program-level information. To address this issue, we propose RAIN, a Refinable Attack INvestigation system based on a record-replay technology that records system-call events during runtime and performs instruction-level dynamic information flow tracking (DIFT) during on-demand process replay. Instead of replaying every process with DIFT, RAIN conducts system-call-level reachability analysis to filter out unrelated processes and to minimize the number of processes to be replayed, making inter-process DIFT feasible. Evaluation results show that RAIN effectively prunes out unrelated processes and determines attack causality with negligible false positive rates. In addition, the runtime overhead of RAIN is similar to existing system-call level provenance systems and its analysis overhead is much smaller than full-system DIFT.