Badger: Complexity Analysis with Fuzzing and Symbolic Execution

Hybrid testing approaches that involve fuzz testing and symbolic execution have shown promising results in achieving high code coverage, uncovering subtle errors and vulnerabilities in a variety of software applications. In this paper we describe Badger - a new hybrid approach for complexity analysis, with the goal of discovering vulnerabilities which occur when the worst-case time or space complexity of an application is significantly higher than the average case. Badger uses fuzz testing to generate a diverse set of inputs that aim to increase not only coverage but also a resource-related cost associated with each path. Since fuzzing may fail to execute deep program paths due to its limited knowledge about the conditions that influence these paths, we complement the analysis with a symbolic execution, which is also customized to search for paths that increase the resource-related cost. Symbolic execution is particularly good at generating inputs that satisfy various program conditions but by itself suffers from path explosion. Therefore, Badger uses fuzzing and symbolic execution in tandem, to leverage their benefits and overcome their weaknesses. We implemented our approach for the analysis of Java programs, based on Kelinci and Symbolic PathFinder. We evaluated Badger on Java applications, showing that our approach is significantly faster in generating worst-case executions compared to fuzzing or symbolic execution on their own

The effect of time constraint on anticipation, decision making, and option generation in complex and dynamic environments

Researchers interested in performance in complex and dynamic situations have focused on how individuals predict their opponent(s) potential courses of action (i.e., during assessment) and generate potential options about how to respond (i.e., during intervention). When generating predictive options, previous research supports the use of cognitive mechanisms that are consistent with long-term working memory (LTWM) theory (Ericsson and Kintsch in Phychol Rev 102(2):211–245, 1995; Ward et al. in J Cogn Eng Decis Mak 7:231–254, 2013). However, when generating options about how to respond, the extant research supports the use of the take-the-first (TTF) heuristic (Johnson and Raab in Organ Behav Hum Decis Process 91:215–229, 2003). While these models provide possible explanations about how options are generated in situ, often under time pressure, few researchers have tested the claims of these models experimentally by explicitly manipulating time pressure. The current research investigates the effect of time constraint on option-generation behavior during the assessment and intervention phases of decision making by employing a modified version of an established option-generation task in soccer. The results provide additional support for the use of LTWM mechanisms during assessment across both time conditions. During the intervention phase, option-generation behavior appeared consistent with TTF, but only in the non-time-constrained condition. Counter to our expectations, the implementation of time constraint resulted in a shift toward the use of LTWM-type mechanisms during the intervention phase. Modifications to the cognitive-process level descriptions of decision making during intervention are proposed, and implications for training during both phases of decision making are discussed

Effects of age and eccentricity on visual target detection

The aim of this study was to examine the effects of aging and target eccentricity on a visual search task comprising 30 images of everyday life projected into a hemisphere, realizing a ±90° visual field. The task performed binocularly allowed participants to freely move their eyes to scan images for an appearing target or distractor stimulus (presented at 10°; 30°, and 50° eccentricity). The distractor stimulus required no response, while the target stimulus required acknowledgment by pressing the response button. One hundred and seventeen healthy subjects (mean age = 49.63 years, SD = 17.40 years, age range 20–78 years) were studied. The results show that target detection performance decreases with age as well as with increasing eccentricity, especially for older subjects. Reaction time also increases with age and eccentricity, but in contrast to target detection, there is no interaction between age and eccentricity. Eye movement analysis showed that younger subjects exhibited a passive search strategy while older subjects exhibited an active search strategy probably as a compensation for their reduced peripheral detection performance

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of sensor malware has been developing that leverages these sensors to steal information from the physical environment (e.g., researchers have recently demonstrated how malware can listen for spoken credit card numbers through the microphone, or feel keystroke vibrations using the accelerometer). Yet the possibilities of what malware can see through a camera have been understudied. This paper introduces a novel visual malware called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call virtual theft. Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware

The Impact of Inter-Hospital Transfer on Clinical Outcomes following Endovascular Treatment for Acute Ischemic Stroke

PURPOSE Hospitals designated as primary stroke centers offer noninvasive treatment for acute ischemic stroke, but only comprehensive stroke centers are equipped to provide endovascular treatment. When stroke patients needing endovascular treatment present to the emergency department at a primary stroke center, they then require inter-hospital transfer to a comprehensive center for definitive treatment. Recent studies have found significant treatment delays and poor clinical outcomes in patients requiring inter-hospital transfer1,2. The primary aim of this study is to determine if inter-hospital transfer impacts clinical outcomes after endovascular treatment for acute ischemic stroke. A secondary aim is to determine whether inter-hospital transfer coincides with any significant treatment delay. METHODS This study involves retrospective chart review for 107 patients undergoing endovascular treatment for acute ischemic stroke at one of three hospitals in Austin, Texas from October 2016 to September 2018. 26 patients required inter-hospital transfer, while 81 (the control group) presented directly to a hospital offering endovascular treatment. Two-tailed T- and U-tests were used for analysis of parametric and non-parametric variables pertaining to time intervals and baseline characteristics. Odds ratios were calculated to compare dichotomized outcomes between groups, with significance determined by chi-square. RESULTS Inter-hospital transfer significantly prolonged onset to groin (mean difference = 37.2 min, p=.02). The transfer group was more likely to experience intracranial hemorrhage (53.9% > 22.2%, p<.01). Clinical outcomes did not significantly differ between groups. CONCLUSIONS Although observed trends in these data suggest poor outcomes for transfer patients, small sample size limits the significance of these findings. However, the significant treatment delay seen in the transfer group warrants a discussion on city protocol changes regarding patient transport via emergency services. Protocol changes favoring direct delivery of patients to comprehensive stroke centers may reduce treatment delay and yield improved clinical outcomes.Dell Medical Schoo