Formally Verified Implementation of an Idealized Model of Virtualization

VirtualCert is a machine-checked model of virtualization that can be used to reason about isolation between operating systems in presence of cache-based side-channels. In contrast to most prominent projects on operating systems verification, where such guarantees are proved directly on concrete implementations of hypervisors, VirtualCert abstracts away most implementations issues and specifies the effects of hypervisor actions axiomatically, in terms of preconditions and postconditions. Unfortunately, seemingly innocuous implementation issues are often relevant for security. Incorporating the treatment of errors into VirtualCert is therefore an important step towards strengthening the isolation theorems proved in earlier work. In this paper, we extend our earlier model with errors, and prove that isolation theorems still apply. In addition, we provide an executable specification of the hypervisor, and prove that it correctly implements the axiomatic model. The executable specification constitutes a first step towards a more realistic implementation of a hypervisor, and provides a useful tool for validating the axiomatic semantics developed in previous work

Systems Analytics and Integration of Big Omics Data

A “genotype"" is essentially an organism's full hereditary information which is obtained from its parents. A ""phenotype"" is an organism's actual observed physical and behavioral properties. These may include traits such as morphology, size, height, eye color, metabolism, etc. One of the pressing challenges in computational and systems biology is genotype-to-phenotype prediction. This is challenging given the amount of data generated by modern Omics technologies. This “Big Data” is so large and complex that traditional data processing applications are not up to the task. Challenges arise in collection, analysis, mining, sharing, transfer, visualization, archiving, and integration of these data. In this Special Issue, there is a focus on the systems-level analysis of Omics data, recent developments in gene ontology annotation, and advances in biological pathways and network biology. The integration of Omics data with clinical and biomedical data using machine learning is explored. This Special Issue covers new methodologies in the context of gene–environment interactions, tissue-specific gene expression, and how external factors or host genetics impact the microbiome

Design and evaluation of information flow signature for secure computation of applications

This thesis presents an architectural solution that provides secure and reliable execution of an application that computes critical data, in spite of potential hardware and software vulnerabilities. The technique does not require source code of or specifications about the malicious library function(s) called during execution of an application. The solution is based on the concept of Information Flow Signatures (IFS). The technique uses both a model-checker-based symbolic fault injection analysis tool called SymPLFIED to generate an IFS for an application or operating system, and runtime signature checking at the level of hardware to protect the integrity of critical data. The runtime checking is implemented in the IFS module. Reliable computation of data is ensured by the critical value re-computation (CVR) module. Prototype implementation of the signature checking and reliability module on a soft processor within an FPGA incurs no performance overhead and about 12% chip area overhead. The security module itself incurs about 7.5% chip area overhead. Performance evaluations indicate that the IFS module incurs as little as 3-4% overhead compared to 88-100% overhead when the runtime checking is implemented as a part of software. Preliminary testing indicates that the technique can provide 100% coverage for insider attacks that manifest as memory corruption and change the architectural state of the processor. Hence the IFS and CVR implementation offers a flexible, low-overhead, high-coverage method for ensuring reliable and secure computing

Essays on Investment Fluctuation and Market Volatility

This dissertation includes two different groups of objects in macroeconomics and financial economics. In macroeconomics, the aggregate investment fluctuation and its relation to an individual firm\u27s behavior have been extensively studied for the past three decades. Most studies on the interdependence behavior of firms\u27 investment focus on the key issue of separating a firm\u27s reaction to others\u27 behavior from reaction to common shocks. However, few researchers have addressed the issue of isolating this endogenous effect from a statistical and econometrical approach. The first essay starts with a comprehensive review of the investment fluctuation and firms\u27 interdependence behavior, followed by an econometric model of lumpy investments and an analysis of the binary choice behavior of firms\u27investments. The last part of the first essay investigates the unique characteristics of the Italian economy and discusses the economic policy implications of our research findings. We ask a similar question in the field of financial economics: Where does stock market volatility come from? The literature on the sources of such volatility is abundant. As a result of the availability of high-frequency financial data, attention has been increasingly directed at the modeling of intraday volatility of asset prices and returns. However, no empirical research of intraday volatility analysis has been applied at both a single stock level and industry level in the food industry. The second essay is aimed at filling this gap by modeling and testing intraday volatility of asset prices and returns. It starts with a modified High Frequency Multiplicative Components GARCH (Generalized Autoregressive Conditional Heteroscedasticity) model, which breaks daily volatility into three parts: daily volatility, deterministic intraday volatility, and stochastic intraday volatility. Then we apply this econometric model to a single firm as well as the whole food industry using the Trade and Quote Data and Center for Research in Security Prices data. This study finds that there is little connection between the intraday return and overnight return. There exists, however, strong evidence that the food recall announcements have negative impacts on asset returns of the associated publicly traded firms

Formal analysis of security models for mobile devices, virtualization platforms and domain name systems

En esta tesis investigamos la seguridad de aplicaciones de seguridad criticas, es decir aplicaciones en las cuales una falla podria producir consecuencias inaceptables. Consideramos tres areas: dispositivos moviles, plataformas de virtualizacion y sistemas de nombres de dominio. La plataforma Java Micro Edition define el Perfil para Dispositivos de Informacion Moviles (MIDP) para facilitar el desarrollo de aplicaciones para dispositivos moviles, como telefonos celulares y asistentes digitales personales. En este trabajo primero estudiamos y comparamos formalmente diversas variantes del modelo de seguridad especificado por MIDP para acceder a recursos sensibles de un dispositivo movil. Los hipervisores permiten que multiples sistemas operativos se ejecuten en un hardware compartido y ofrecen un medio para establecer mejoras de seguridad y flexibilidad de sistemas de software. En esta tesis formalizamos un modelo de hipervisor y establecemos (formalmente) que el hipervisor asegura propiedades de aislamiento entre los diferentes sistemas operativos de la plataforma, y que las solicitudes de estos sistemas son atendidas siempre. Demostramos tambien que las plataformas virtualizadas son transparentes, es decir, que un sistema operativo no puede distinguir si ejecuta solo en la plataforma o si lo hace junto con otros sistemas operativos. Las Extensiones de Seguridad para el Sistema de Nombres de Dominio (DNSSEC) constituyen un conjunto de especificaciones que proporcionan servicios de aseguramiento de autenticacion e integridad de origen de datos DNS. Finalmente, presentamos una especificaci´on minimalista de un modelo de DNSSEC que proporciona los fundamentos necesarios para formalmente establecer y verificar propiedades de seguridad relacionadas con la cadena de confianza del arbol de DNSSEC. Desarrollamos todas nuestras formalizaciones en el C´alculo de Construccion