76,745 research outputs found
Finding Regressions in Projects under Version Control Systems
Version Control Systems (VCS) are frequently used to support development of
large-scale software projects. A typical VCS repository of a large project can
contain various intertwined branches consisting of a large number of commits.
If some kind of unwanted behaviour (e.g. a bug in the code) is found in the
project, it is desirable to find the commit that introduced it. Such commit is
called a regression point. There are two main issues regarding the regression
points. First, detecting whether the project after a certain commit is correct
can be very expensive as it may include large-scale testing and/or some other
forms of verification. It is thus desirable to minimise the number of such
queries. Second, there can be several regression points preceding the actual
commit; perhaps a bug was introduced in a certain commit, inadvertently fixed
several commits later, and then reintroduced in a yet later commit. In order to
fix the actual commit it is usually desirable to find the latest regression
point.
The currently used distributed VCS contain methods for regression
identification, see e.g. the git bisect tool. In this paper, we present a new
regression identification algorithm that outperforms the current tools by
decreasing the number of validity queries. At the same time, our algorithm
tends to find the latest regression points which is a feature that is missing
in the state-of-the-art algorithms. The paper provides an experimental
evaluation of the proposed algorithm and compares it to the state-of-the-art
tool git bisect on a real data set
HardIDX: Practical and Secure Index with SGX
Software-based approaches for search over encrypted data are still either
challenged by lack of proper, low-leakage encryption or slow performance.
Existing hardware-based approaches do not scale well due to hardware
limitations and software designs that are not specifically tailored to the
hardware architecture, and are rarely well analyzed for their security (e.g.,
the impact of side channels). Additionally, existing hardware-based solutions
often have a large code footprint in the trusted environment susceptible to
software compromises. In this paper we present HardIDX: a hardware-based
approach, leveraging Intel's SGX, for search over encrypted data. It implements
only the security critical core, i.e., the search functionality, in the trusted
environment and resorts to untrusted software for the remainder. HardIDX is
deployable as a highly performant encrypted database index: it is logarithmic
in the size of the index and searches are performed within a few milliseconds
rather than seconds. We formally model and prove the security of our scheme
showing that its leakage is equivalent to the best known searchable encryption
schemes. Our implementation has a very small code and memory footprint yet
still scales to virtually unlimited search index sizes, i.e., size is limited
only by the general - non-secure - hardware resources
How the Sando Search Tool Recommends Queries
Developers spend a significant amount of time searching their local codebase.
To help them search efficiently, researchers have proposed novel tools that
apply state-of-the-art information retrieval algorithms to retrieve relevant
code snippets from the local codebase. However, these tools still rely on the
developer to craft an effective query, which requires that the developer is
familiar with the terms contained in the related code snippets. Our empirical
data from a state-of-the-art local code search tool, called Sando, suggests
that developers are sometimes unacquainted with their local codebase. In order
to bridge the gap between developers and their ever-increasing local codebase,
in this paper we demonstrate the recommendation techniques integrated in Sando
Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3
We investigate the cost of Grover's quantum search algorithm when used in the
context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions.
Our cost model assumes that the attack is run on a surface code based
fault-tolerant quantum computer. Our estimates rely on a time-area metric that
costs the number of logical qubits times the depth of the circuit in units of
surface code cycles. As a surface code cycle involves a significant classical
processing stage, our cost estimates allow for crude, but direct, comparisons
of classical and quantum algorithms.
We exhibit a circuit for a pre-image attack on SHA-256 that is approximately
surface code cycles deep and requires approximately
logical qubits. This yields an overall cost of
logical-qubit-cycles. Likewise we exhibit a SHA3-256 circuit that is
approximately surface code cycles deep and requires approximately
logical qubits for a total cost of, again,
logical-qubit-cycles. Both attacks require on the order of queries in
a quantum black-box model, hence our results suggest that executing these
attacks may be as much as billion times more expensive than one would
expect from the simple query analysis.Comment: Same as the published version to appear in the Selected Areas of
Cryptography (SAC) 2016. Comments are welcome
- …