A formal framework for security testing of automotive over-the-air update systems

Modern vehicles are comparable to desktop computers due to the increase in connectivity. This fact also extends to potential cyber-attacks. A solution for preventing and mitigating cyber attacks is Over-The-Air (OTA) updates. This solution has also been used for both desktops and mobile phones. The current de facto OTA security system for vehicles is Uptane, which is developed to solve the unique issues vehicles face. The Uptane system needs to have a secure method of updating; otherwise, attackers will exploit it. To this end, we have developed a comprehensive and model-based security testing approach by translating Uptane and our attack model into formal models in Communicating Sequential Processes (CSP). These are combined and verified to generate an exhaustive list of test cases to see to which attacks Uptane may be susceptible. Security testing is then conducted based on these generated test cases, on a test-bed running an implementation of Uptane. The security testing result enables us to validate the security design of Uptane and some vulnerabilities to which it is subject

Integrated information increases with fitness in the evolution of animats

One of the hallmarks of biological organisms is their ability to integrate disparate information sources to optimize their behavior in complex environments. How this capability can be quantified and related to the functional complexity of an organism remains a challenging problem, in particular since organismal functional complexity is not well-defined. We present here several candidate measures that quantify information and integration, and study their dependence on fitness as an artificial agent ("animat") evolves over thousands of generations to solve a navigation task in a simple, simulated environment. We compare the ability of these measures to predict high fitness with more conventional information-theoretic processing measures. As the animat adapts by increasing its "fit" to the world, information integration and processing increase commensurately along the evolutionary line of descent. We suggest that the correlation of fitness with information integration and with processing measures implies that high fitness requires both information processing as well as integration, but that information integration may be a better measure when the task requires memory. A correlation of measures of information integration (but also information processing) and fitness strongly suggests that these measures reflect the functional complexity of the animat, and that such measures can be used to quantify functional complexity even in the absence of fitness data.Comment: 27 pages, 8 figures, one supplementary figure. Three supplementary video files available on request. Version commensurate with published text in PLoS Comput. Bio

Intraspecific trait variation and coordination: Root and leaf economics spectra in coffee across environmental gradients

Hypotheses on the existence of a universal “Root Economics Spectrum” (RES) have received arguably the least attention of all trait spectra, despite the key role root trait variation plays in resource acquisition potential. There is growing interest in quantifying intraspecific trait variation (ITV) in plants, but there are few studies evaluating (i) the existence of an intraspecific RES within a plant species, or (ii) how a RES may be coordinated with other trait spectra within species, such as a leaf economics spectrum (LES). Using Coffea arabica (Rubiaceae) as a model species, we measured seven morphological and chemical traits of intact lateral roots, which were paired with information on four key LES traits. Field collections were completed across four nested levels of biological organization. The intraspecific trait coefficient of variation (cv) ranged from 25 to 87% with root diameter and specific root tip density showing the lowest and highest cv, respectively. Between 27 and 68% of root ITV was explained by site identity alone for five of the seven traits measured. A single principal component explained 56.2% of root trait covariation, with plants falling along a RES from resource acquiring to conserving traits. Multiple factor analysis revealed significant orthogonal relationships between root and leaf spectra. RES traits were strongly orthogonal with respect to LES traits, suggesting these traits vary independently from one another in response to environmental cues. This study provides among the first evidence that plants from the same species differentiate from one another along an intraspecific RES. We find that in one of the world's most widely cultivated crops, an intraspecific RES is orthogonal to an intraspecific LES, indicating that above and belowground responses of plants to managed (or natural) environmental gradients are likely to occur independently from one another. (Résumé d'auteur

Session 1: Eugenics Narrative and Reproductive Engineering

Proceedings of the Pittsburgh Workshop in History and Philosophy of Biology, Center for Philosophy of Science, University of Pittsburgh, March 23-24 2001 Session 1: Eugenics Narrative and Reproductive Engineerin

Targeted Greybox Fuzzing with Static Lookahead Analysis

Automatic test generation typically aims to generate inputs that explore new paths in the program under test in order to find bugs. Existing work has, therefore, focused on guiding the exploration toward program parts that are more likely to contain bugs by using an offline static analysis. In this paper, we introduce a novel technique for targeted greybox fuzzing using an online static analysis that guides the fuzzer toward a set of target locations, for instance, located in recently modified parts of the program. This is achieved by first semantically analyzing each program path that is explored by an input in the fuzzer's test suite. The results of this analysis are then used to control the fuzzer's specialized power schedule, which determines how often to fuzz inputs from the test suite. We implemented our technique by extending a state-of-the-art, industrial fuzzer for Ethereum smart contracts and evaluate its effectiveness on 27 real-world benchmarks. Using an online analysis is particularly suitable for the domain of smart contracts since it does not require any code instrumentation---instrumentation to contracts changes their semantics. Our experiments show that targeted fuzzing significantly outperforms standard greybox fuzzing for reaching 83% of the challenging target locations (up to 14x of median speed-up)