11,175 research outputs found

    SoK:Prudent Evaluation Practices for Fuzzing

    Get PDF
    Fuzzing has proven to be a highly effective approach to uncover software bugs over the past decade. After AFL popularized the groundbreaking concept of lightweight coverage feedback, the field of fuzzing has seen a vast amount of scientific work proposing new techniques, improving methodological aspects of existing strategies, or porting existing methods to new domains. All such work must demonstrate its merit by showing its applicability to a problem, measuring its performance, and often showing its superiority over existing works in a thorough, empirical evaluation. Yet, fuzzing is highly sensitive to its target, environment, and circumstances, e.g., randomness in the testing process. After all, relying on randomness is one of the core principles of fuzzing, governing many aspects of a fuzzer's behavior. Combined with the often highly difficult to control environment, the reproducibility of experiments is a crucial concern and requires a prudent evaluation setup. To address these threats to validity, several works, most notably Evaluating Fuzz Testing by Klees et al., have outlined how a carefully designed evaluation setup should be implemented, but it remains unknown to what extent their recommendations have been adopted in practice. In this work, we systematically analyze the evaluation of 150 fuzzing papers published at the top venues between 2018 and 2023. We study how existing guidelines are implemented and observe potential shortcomings and pitfalls. We find a surprising disregard of the existing guidelines regarding statistical tests and systematic errors in fuzzing evaluations. For example, when investigating reported bugs, we find that the search for vulnerabilities in real-world software leads to authors requesting and receiving CVEs of questionable quality. Extending our literature analysis to the practical domain, we attempt to reproduce claims of eight fuzzing papers. These case studies allow us to assess the practical reproducibility of fuzzing research and identify archetypal pitfalls in the evaluation design. Unfortunately, our reproduced results reveal several deficiencies in the studied papers, and we are unable to fully support and reproduce the respective claims. To help the field of fuzzing move toward a scientifically reproducible evaluation strategy, we propose updated guidelines for conducting a fuzzing evaluation that future work should follow

    Configuration Management of Distributed Systems over Unreliable and Hostile Networks

    Get PDF
    Economic incentives of large criminal profits and the threat of legal consequences have pushed criminals to continuously improve their malware, especially command and control channels. This thesis applied concepts from successful malware command and control to explore the survivability and resilience of benign configuration management systems. This work expands on existing stage models of malware life cycle to contribute a new model for identifying malware concepts applicable to benign configuration management. The Hidden Master architecture is a contribution to master-agent network communication. In the Hidden Master architecture, communication between master and agent is asynchronous and can operate trough intermediate nodes. This protects the master secret key, which gives full control of all computers participating in configuration management. Multiple improvements to idempotent configuration were proposed, including the definition of the minimal base resource dependency model, simplified resource revalidation and the use of imperative general purpose language for defining idempotent configuration. Following the constructive research approach, the improvements to configuration management were designed into two prototypes. This allowed validation in laboratory testing, in two case studies and in expert interviews. In laboratory testing, the Hidden Master prototype was more resilient than leading configuration management tools in high load and low memory conditions, and against packet loss and corruption. Only the research prototype was adaptable to a network without stable topology due to the asynchronous nature of the Hidden Master architecture. The main case study used the research prototype in a complex environment to deploy a multi-room, authenticated audiovisual system for a client of an organization deploying the configuration. The case studies indicated that imperative general purpose language can be used for idempotent configuration in real life, for defining new configurations in unexpected situations using the base resources, and abstracting those using standard language features; and that such a system seems easy to learn. Potential business benefits were identified and evaluated using individual semistructured expert interviews. Respondents agreed that the models and the Hidden Master architecture could reduce costs and risks, improve developer productivity and allow faster time-to-market. Protection of master secret keys and the reduced need for incident response were seen as key drivers for improved security. Low-cost geographic scaling and leveraging file serving capabilities of commodity servers were seen to improve scaling and resiliency. Respondents identified jurisdictional legal limitations to encryption and requirements for cloud operator auditing as factors potentially limiting the full use of some concepts

    Southern Adventist University Undergraduate Catalog 2023-2024

    Get PDF
    Southern Adventist University\u27s undergraduate catalog for the academic year 2023-2024.https://knowledge.e.southern.edu/undergrad_catalog/1123/thumbnail.jp

    Automation for network security configuration: state of the art and research trends

    Get PDF
    The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated

    Planetary Hinterlands:Extraction, Abandonment and Care

    Get PDF
    This open access book considers the concept of the hinterland as a crucial tool for understanding the global and planetary present as a time defined by the lasting legacies of colonialism, increasing labor precarity under late capitalist regimes, and looming climate disasters. Traditionally seen to serve a (colonial) port or market town, the hinterland here becomes a lens to attend to the times and spaces shaped and experienced across the received categories of the urban, rural, wilderness or nature. In straddling these categories, the concept of the hinterland foregrounds the human and more-than-human lively processes and forms of care that go on even in sites defined by capitalist extraction and political abandonment. Bringing together scholars from the humanities and social sciences, the book rethinks hinterland materialities, affectivities, and ecologies across places and cultural imaginations, Global North and South, urban and rural, and land and water

    Hybrid energy system integration and management for solar energy: a review

    Get PDF
    The conventional grid is increasingly integrating renewable energy sources like solar energy to lower carbon emissions and other greenhouse gases. While energy management systems support grid integration by balancing power supply with demand, they are usually either predictive or real-time and therefore unable to utilise the full array of supply and demand responses, limiting grid integration of renewable energy sources. This limitation is overcome by an integrated energy management system. This review examines various concepts related to the integrated energy management system such as the power system configurations it operates in, and the types of supply and demand side responses. These concepts and approaches are particularly relevant for power systems that rely heavily on solar energy and have constraints on energy supply and costs. Building on from there, a comprehensive overview of current research and progress regarding the development of integrated energy management system frameworks, that have both predictive and real-time energy management capabilities, is provided. The potential benefits of an energy management system that integrates solar power forecasting, demand-side management, and supply-side management are explored. Furthermore, design considerations are proposed for creating solar energy forecasting models. The findings from this review have the potential to inform ongoing studies on the design and implementation of integrated energy management system, and their effect on power systems

    Resource-aware scheduling for 2D/3D multi-/many-core processor-memory systems

    Get PDF
    This dissertation addresses the complexities of 2D/3D multi-/many-core processor-memory systems, focusing on two key areas: enhancing timing predictability in real-time multi-core processors and optimizing performance within thermal constraints. The integration of an increasing number of transistors into compact chip designs, while boosting computational capacity, presents challenges in resource contention and thermal management. The first part of the thesis improves timing predictability. We enhance shared cache interference analysis for set-associative caches, advancing the calculation of Worst-Case Execution Time (WCET). This development enables accurate assessment of cache interference and the effectiveness of partitioned schedulers in real-world scenarios. We introduce TCPS, a novel task and cache-aware partitioned scheduler that optimizes cache partitioning based on task-specific WCET sensitivity, leading to improved schedulability and predictability. Our research explores various cache and scheduling configurations, providing insights into their performance trade-offs. The second part focuses on thermal management in 2D/3D many-core systems. Recognizing the limitations of Dynamic Voltage and Frequency Scaling (DVFS) in S-NUCA many-core processors, we propose synchronous thread migrations as a thermal management strategy. This approach culminates in the HotPotato scheduler, which balances performance and thermal safety. We also introduce 3D-TTP, a transient temperature-aware power budgeting strategy for 3D-stacked systems, reducing the need for Dynamic Thermal Management (DTM) activation. Finally, we present 3QUTM, a novel method for 3D-stacked systems that combines core DVFS and memory bank Low Power Modes with a learning algorithm, optimizing response times within thermal limits. This research contributes significantly to enhancing performance and thermal management in advanced processor-memory systems

    LIPIcs, Volume 251, ITCS 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 251, ITCS 2023, Complete Volum

    MECHANICAL ENERGY HARVESTER FOR POWERING RFID SYSTEMS COMPONENTS: MODELING, ANALYSIS, OPTIMIZATION AND DESIGN

    Get PDF
    Finding alternative power sources has been an important topic of study worldwide. It is vital to find substitutes for finite fossil fuels. Such substitutes may be termed renewable energy sources and infinite supplies. Such limitless sources are derived from ambient energy like wind energy, solar energy, sea waves energy; on the other hand, smart cities megaprojects have been receiving enormous amounts of funding to transition our lives into smart lives. Smart cities heavily rely on smart devices and electronics, which utilize small amounts of energy to run. Using batteries as the power source for such smart devices imposes environmental and labor cost issues. Moreover, in many cases, smart devices are in hard-to-access places, making accessibility for disposal and replacement difficult. Finally, battery waste harms the environment. To overcome these issues, vibration-based energy harvesters have been proposed and implemented. Vibration-based energy harvesters convert the dynamic or kinetic energy which is generated due to the motion of an object into electric energy. Energy transduction mechanisms can be delivered based on piezoelectric, electromagnetic, or electrostatic methods; the piezoelectric method is generally preferred to the other methods, particularly if the frequency fluctuations are considerable. In response, piezoelectric vibration-based energy harvesters (PVEHs), have been modeled and analyzed widely. However, there are two challenges with PVEH: the maximum amount of extractable voltage and the effective (operational) frequency bandwidth are often insufficient. In this dissertation, a new type of integrated multiple system comprised of a cantilever and spring-oscillator is proposed to improve and develop the performance of the energy harvester in terms of extractable voltage and effective frequency bandwidth. The new energy harvester model is proposed to supply sufficient energy to power low-power electronic devices like RFID components. Due to the temperature fluctuations, the thermal effect over the performance of the harvester is initially studied. To alter the resonance frequency of the harvester structure, a rotating element system is considered and analyzed. In the analytical-numerical analysis, Hamilton’s principle along with Galerkin’s decomposition approach are adopted to derive the governing equations of the harvester motion and corresponding electric circuit. It is observed that integration of the spring-oscillator subsystem alters the boundary condition of the cantilever and subsequently reforms the resulting characteristic equation into a more complicated nonlinear transcendental equation. To find the resonance frequencies, this equation is solved numerically in MATLAB. It is observed that the inertial effects of the oscillator rendered to the cantilever via the restoring force effects of the spring significantly alter vibrational features of the harvester. Finally, the voltage frequency response function is analytically and numerically derived in a closed-from expression. Variations in parameter values enable the designer to mutate resonance frequencies and mode shape functions as desired. This is particularly important, since the generated energy from a PVEH is significant only if the excitation frequency coming from an external source matches the resonance (natural) frequency of the harvester structure. In subsequent sections of this work, the oscillator mass and spring stiffness are considered as the design parameters to maximize the harvestable voltage and effective frequency bandwidth, respectively. For the optimization, a genetic algorithm is adopted to find the optimal values. Since the voltage frequency response function cannot be implemented in a computer algorithm script, a suitable function approximator (regressor) is designed using fuzzy logic and neural networks. The voltage function requires manual assistance to find the resonance frequency and cannot be done automatically using computer algorithms. Specifically, to apply the numerical root-solver, one needs to manually provide the solver with an initial guess. Such an estimation is accomplished using a plot of the characteristic equation along with human visual inference. Thus, the entire process cannot be automated. Moreover, the voltage function encompasses several coefficients making the process computationally expensive. Thus, training a supervised machine learning regressor is essential. The trained regressor using adaptive-neuro-fuzzy-inference-system (ANFIS) is utilized in the genetic optimization procedure. The optimization problem is implemented, first to find the maximum voltage and second to find the maximum widened effective frequency bandwidth, which yields the optimal oscillator mass value along with the optimal spring stiffness value. As there is often no control over the external excitation frequency, it is helpful to design an adaptive energy harvester. This means that, considering a specific given value of the excitation frequency, energy harvester system parameters (oscillator mass and spring stiffness) need to be adjusted so that the resulting natural (resonance) frequency of the system aligns with the given excitation frequency. To do so, the given excitation frequency value is considered as the input and the system parameters are assumed as outputs which are estimated via the neural network fuzzy logic regressor. Finally, an experimental setup is implemented for a simple pure cantilever energy harvester triggered by impact excitations. Unlike the theoretical section, the experimental excitation is considered to be an impact excitation, which is a random process. The rationale for this is that, in the real world, the external source is a random trigger. Harmonic base excitations used in the theoretical chapters are to assess the performance of the energy harvester per standard criteria. To evaluate the performance of a proposed energy harvester model, the input excitation type consists of harmonic base triggers. In summary, this dissertation discusses several case studies and addresses key issues in the design of optimized piezoelectric vibration-based energy harvesters (PVEHs). First, an advanced model of the integrated systems is presented with equation derivations. Second, the proposed model is decomposed and analyzed in terms of mechanical and electrical frequency response functions. To do so, analytic-numeric methods are adopted. Later, influential parameters of the integrated system are detected. Then the proposed model is optimized with respect to the two vital criteria of maximum amount of extractable voltage and widened effective (operational) frequency bandwidth. Corresponding design (influential) parameters are found using neural network fuzzy logic along with genetic optimization algorithms, i.e., a soft computing method. The accuracy of the trained integrated algorithms is verified using the analytical-numerical closed-form expression of the voltage function. Then, an adaptive piezoelectric vibration-based energy harvester (PVEH) is designed. This final design pertains to the cases where the excitation (driving) frequency is given and constant, so the desired goal is to match the natural frequency of the system with the given driving frequency. In this response, a regressor using neural network fuzzy logic is designed to find the proper design parameters. Finally, the experimental setup is implemented and tested to report the maximum voltage harvested in each test execution

    SmartChoices: Augmenting Software with Learned Implementations

    Full text link
    We are living in a golden age of machine learning. Powerful models are being trained to perform many tasks far better than is possible using traditional software engineering approaches alone. However, developing and deploying those models in existing software systems remains difficult. In this paper we present SmartChoices, a novel approach to incorporating machine learning into mature software stacks easily, safely, and effectively. We explain the overall design philosophy and present case studies using SmartChoices within large scale industrial systems
    • …
    corecore