2,566 research outputs found
A formal framework for security testing of automotive over-the-air update systems
Modern vehicles are comparable to desktop computers due to the increase in connectivity. This fact also extends to potential cyber-attacks. A solution for preventing and mitigating cyber attacks is Over-The-Air (OTA) updates. This solution has also been used for both desktops and mobile phones. The current de facto OTA security system for vehicles is Uptane, which is developed to solve the unique issues vehicles face. The Uptane system needs to have a secure method of updating; otherwise, attackers will exploit it. To this end, we have developed a comprehensive and model-based security testing approach by translating Uptane and our attack model into formal models in Communicating Sequential Processes (CSP). These are combined and verified to generate an exhaustive list of test cases to see to which attacks Uptane may be susceptible. Security testing is then conducted based on these generated test cases, on a test-bed running an implementation of Uptane. The security testing result enables us to validate the security design of Uptane and some vulnerabilities to which it is subject
Integrated information increases with fitness in the evolution of animats
One of the hallmarks of biological organisms is their ability to integrate
disparate information sources to optimize their behavior in complex
environments. How this capability can be quantified and related to the
functional complexity of an organism remains a challenging problem, in
particular since organismal functional complexity is not well-defined. We
present here several candidate measures that quantify information and
integration, and study their dependence on fitness as an artificial agent
("animat") evolves over thousands of generations to solve a navigation task in
a simple, simulated environment. We compare the ability of these measures to
predict high fitness with more conventional information-theoretic processing
measures. As the animat adapts by increasing its "fit" to the world,
information integration and processing increase commensurately along the
evolutionary line of descent. We suggest that the correlation of fitness with
information integration and with processing measures implies that high fitness
requires both information processing as well as integration, but that
information integration may be a better measure when the task requires memory.
A correlation of measures of information integration (but also information
processing) and fitness strongly suggests that these measures reflect the
functional complexity of the animat, and that such measures can be used to
quantify functional complexity even in the absence of fitness data.Comment: 27 pages, 8 figures, one supplementary figure. Three supplementary
video files available on request. Version commensurate with published text in
PLoS Comput. Bio
Intraspecific trait variation and coordination: Root and leaf economics spectra in coffee across environmental gradients
Hypotheses on the existence of a universal “Root Economics Spectrum” (RES) have received arguably the least attention of all trait spectra, despite the key role root trait variation plays in resource acquisition potential. There is growing interest in quantifying intraspecific trait variation (ITV) in plants, but there are few studies evaluating (i) the existence of an intraspecific RES within a plant species, or (ii) how a RES may be coordinated with other trait spectra within species, such as a leaf economics spectrum (LES). Using Coffea arabica (Rubiaceae) as a model species, we measured seven morphological and chemical traits of intact lateral roots, which were paired with information on four key LES traits. Field collections were completed across four nested levels of biological organization. The intraspecific trait coefficient of variation (cv) ranged from 25 to 87% with root diameter and specific root tip density showing the lowest and highest cv, respectively. Between 27 and 68% of root ITV was explained by site identity alone for five of the seven traits measured. A single principal component explained 56.2% of root trait covariation, with plants falling along a RES from resource acquiring to conserving traits. Multiple factor analysis revealed significant orthogonal relationships between root and leaf spectra. RES traits were strongly orthogonal with respect to LES traits, suggesting these traits vary independently from one another in response to environmental cues. This study provides among the first evidence that plants from the same species differentiate from one another along an intraspecific RES. We find that in one of the world's most widely cultivated crops, an intraspecific RES is orthogonal to an intraspecific LES, indicating that above and belowground responses of plants to managed (or natural) environmental gradients are likely to occur independently from one another. (Résumé d'auteur
Session 1: Eugenics Narrative and Reproductive Engineering
Proceedings of the Pittsburgh Workshop in History and Philosophy of Biology, Center for Philosophy of Science, University of Pittsburgh, March 23-24 2001 Session 1: Eugenics Narrative and Reproductive Engineerin
Targeted Greybox Fuzzing with Static Lookahead Analysis
Automatic test generation typically aims to generate inputs that explore new
paths in the program under test in order to find bugs. Existing work has,
therefore, focused on guiding the exploration toward program parts that are
more likely to contain bugs by using an offline static analysis.
In this paper, we introduce a novel technique for targeted greybox fuzzing
using an online static analysis that guides the fuzzer toward a set of target
locations, for instance, located in recently modified parts of the program.
This is achieved by first semantically analyzing each program path that is
explored by an input in the fuzzer's test suite. The results of this analysis
are then used to control the fuzzer's specialized power schedule, which
determines how often to fuzz inputs from the test suite. We implemented our
technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart
contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an
online analysis is particularly suitable for the domain of smart contracts
since it does not require any code instrumentation---instrumentation to
contracts changes their semantics. Our experiments show that targeted fuzzing
significantly outperforms standard greybox fuzzing for reaching 83% of the
challenging target locations (up to 14x of median speed-up)
- …