Lockdown: Dynamic Control-Flow Integrity

Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI) is a promising defense mechanism that restricts open control-flow transfers to a static set of well-known locations. We present Lockdown, an approach to dynamic CFI that protects legacy, binary-only executables and libraries. Lockdown adaptively learns the control-flow graph of a running process using information from a trusted dynamic loader. The sandbox component of Lockdown restricts interactions between different shared objects to imported and exported functions by enforcing fine-grained CFI checks. Our prototype implementation shows that dynamic CFI results in low performance overhead.Comment: ETH Technical Repor

Gauging the three-nucleon spectator equation

We derive relativistic three-dimensional integral equations describing the interaction of the three-nucleon system with an external electromagnetic field. Our equations are unitary, gauge invariant, and they conserve charge. This has been achieved by applying the recently introduced gauging of equations method to the three-nucleon spectator equations where spectator nucleons are always on mass shell. As a result, the external photon is attached to all possible places in the strong interaction model, so that current and charge conservation are implemented in the theoretically correct fashion. Explicit expressions are given for the three-nucleon bound state electromagnetic current, as well as the transition currents for the scattering processes \gamma He3 -> NNN, Nd -> \gamma Nd, and \gamma He3 -> Nd. As a result, a unified covariant three-dimensional description of the NNN-\gamma NNN system is achieved.Comment: 23 pages, REVTeX, epsf, 4 Postscript figure

Donaldson-Thomas invariants and wall-crossing formulas

Notes from the report at the Fields institute in Toronto. We introduce the Donaldson-Thomas invariants and describe the wall-crossing formulas for numerical Donaldson-Thomas invariants.Comment: 18 pages. To appear in the Fields Institute Monograph Serie

Multi-phonon scattering and Ti-induced hydrogen dynamics in sodium alanate

We use ab initio methods and neutron inelastic scattering (NIS) to study the structure, energetics, and dynamics of pure and Ti-doped sodium alanate (NaAlH_4), focusing on the possibility of substitutional Ti doping. The NIS spectrum is found to exhibit surprisingly strong and sharp two-phonon features. The calculations reveal that substitutional Ti doping is energetically possible. Ti prefers to substitute for Na and is a powerful hydrogen attractor that facilitates multiple Al--H bond breaking. Our results hint at new ways of improving the hydrogen dynamics and storage capacity of the alanates.Comment: 5 pages, with 4 postscript figures embedded. Uses REVTEX4 and graphicx macro

Gauging the spectator equations

We show how to derive relativistic, unitary, gauge invariant, and charge conserving three-dimensional scattering equations for a system of hadrons interacting with an electromagnetic field. In the method proposed, the spectator equations describing the strong interactions of the hadrons are gauged using our recently introduced gauging of equations method. A key ingredient in our model is the on-mass-shell particle propagator. We discuss how to gauge this on-mass-shell propagator so that both the Ward-Takahashi and Ward identities are satisfied. We then demonstrate our gauging procedure by deriving the gauge-invariant three-dimensional expression for the deuteron photodisintegration amplitude within the spectator approach.Comment: 17 pages, REVTeX, epsf, 1 Postscript figur

Performance regression testing of concurrent classes

Developers of thread-safe classes struggle with two oppos-ing goals. The class must be correct, which requires syn-chronizing concurrent accesses, and the class should pro-vide reasonable performance, which is difficult to realize in the presence of unnecessary synchronization. Validating the performance of a thread-safe class is challenging because it requires diverse workloads that use the class, because ex-isting performance analysis techniques focus on individual bottleneck methods, and because reliably measuring the per-formance of concurrent executions is difficult. This paper presents SpeedGun, an automatic performance regression testing technique for thread-safe classes. The key idea is to generate multi-threaded performance tests and to com-pare two versions of a class with each other. The analysis notifies developers when changing a thread-safe class signif-icantly influences the performance of clients of this class. An evaluation with 113 pairs of classes from popular Java projects shows that the analysis effectively identifies 13 per-formance differences, including performance regressions that the respective developers were not aware of

The cap-snatching SFTSV endonuclease domain is an antiviral target

Severe fever with thrombocytopenia syndrome virus (SFTSV) is a tick-borne virus with 12%-30% case mortality rates and is related to the Heartland virus (HRTV) identified in the United States. Together, SFTSV and HRTV are emerging segmented, negative-sense RNA viral (sNSV) pathogens with potential global health impact. Here, we characterize the amino-terminal cap-snatching endonuclease domain of SFTSV polymerase (L) and solve a 2.4-Å X-ray crystal structure. While the overall structure is similar to those of other cap-snatching sNSV endonucleases, differences near the C terminus of the SFTSV endonuclease suggest divergence in regulation. Influenza virus endonuclease inhibitors, including the US Food and Drug Administration (FDA) approved Baloxavir (BXA), inhibit the endonuclease activity in in vitro enzymatic assays and in cell-based studies. BXA displays potent activity with a half maximal inhibitory concentration (I

Observation of Bound Surface States in Grain Boundary Junctions of High Temperature Superconductors

We have performed a detailed study of the tunneling spectra of bicrystal grain boundary junctions (GBJs) fabricated from the HTS YBCO, BSCCO, LSCO, and NCCO. In all experiments the tunneling direction was along the CuO planes. With the exception of NCCO, for all materials a pronounced zero bias conductance peak was observed which decreases with increasing temperature and disappears at the critical temperature. These results can be explained by the presence of a dominating d-wave symmetry of the order parameter resulting in the formation of zero energy Andreev bound states at surfaces and interfaces of HTS. The absence of a ZBCP for NCCO is consistent with a dominating s-wave symmetry of the pair potential in this material. The observed nonlinear shift of spectral weight to finite energies by applying a magnetic field is in qualitative agreement with recent theoretical predictions.Comment: 4 pages, 4 figures, to be published in Phys. Rev.

Adapt or Become Extinct!:The Case for a Unified Framework for Deployment-Time Optimization

The High-Performance Computing ecosystem consists of a large variety of execution platforms that demonstrate a wide diversity in hardware characteristics such as CPU architecture, memory organization, interconnection network, accelerators, etc. This environment also presents a number of hard boundaries (walls) for applications which limit software development (parallel programming wall), performance (memory wall, communication wall) and viability (power wall). The only way to survive in such a demanding environment is by adaptation. In this paper we discuss how dynamic information collected during the execution of an application can be utilized to adapt the execution context and may lead to performance gains beyond those provided by static information and compile-time adaptation. We consider specialization based on dynamic information like user input, architectural characteristics such as the memory hierarchy organization, and the execution profile of the application as obtained from the execution platform\u27s performance monitoring units. One of the challenges of future execution platforms is to allow the seamless integration of these various kinds of information with information obtained from static analysis (either during ahead-of-time or just-in-time) compilation. We extend the notion of information-driven adaptation and outline the architecture of an infrastructure designed to enable information flow and adaptation through-out the life-cycle of an application