ProbeGuard:Mitigating Probing Attacks Through Reactive Program Transformations

Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions. We propose a solution, ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives

How BGSU Students Define Intimate Partner Violence and Intimate Partner Abuse

This study examines what behaviors undergraduate, heterosexual female Bowling Green State University students age 18-24 classify as “Intimate Partner Violence†and as “Intimate Partner Abuse.†This research begins to explore how this population defines these terms through looking at what types of behaviors are seen as violence and what types of behaviors are seen as abuse. Participants were randomly selected to take one of two online surveys. One survey asked participants to decide if listed behaviors were “Intimate Partner Violence†when committed by a male partner against a female partner. The other survey asked the same but replaced “Intimate Partner Violence†with “Intimate Partner Abuse.†The findings from this research can impact future violence and abuse education programs at BGSU. It fills the important role of helping these program coordinators understand how the target population defines these terms, allowing the coordinators to improve their programs to better educate their target audience about violence and abuse

Play Therapy Behavior of Sexually Abused Children

This survey research was designed to identify play therapy behaviors of sexually abused children. A survey instrument was developed from a comprehensive review of the professional literature and the assistance of an expert panel. After a field test, 140 items of play therapy behavior were developed into a survey instrument. The respondent was asked to rate on a Likert scale the frequency of occurrence of these play therapy behaviors of sexually abused children. Each play therapy behavior was rated for the following four groups: Males, 3-6 Years; Females, 3-6 Years; Males, 7-10 Years and Females, 7-10 Years. The entire international membership of the Association of Play Therapy (APT) was used to obtain the largest possible number of viable responses. As anticipated, of the 786 replies, 41% were not seeing sexually abused children in play therapy. In order to insure the most robust findings possible, it was determined to utilize data from the 249 most experienced play therapists (having worked with 16 or more sexually abused children). The typical respondent in this group was a female play therapist, 40-50 years of age, with a Masters degree in Counseling or Social Work

Shining Light On Shadow Stacks

Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge,i.e., indirect calls through function pointers and virtual calls. Protecting the backward edge is left to stack canaries, which are easily bypassed through information leaks. Shadow Stacks are a fully precise mechanism for protecting backwards edges, and should be deployed with CFI mitigations. We present a comprehensive analysis of all possible shadow stack mechanisms along three axes: performance, compatibility, and security. For performance comparisons we use SPEC CPU2006, while security and compatibility are qualitatively analyzed. Based on our study, we renew calls for a shadow stack design that leverages a dedicated register, resulting in low performance overhead, and minimal memory overhead, but sacrifices compatibility. We present case studies of our implementation of such a design, Shadesmar, on Phoronix and Apache to demonstrate the feasibility of dedicating a general purpose register to a security monitor on modern architectures, and the deployability of Shadesmar. Our comprehensive analysis, including detailed case studies for our novel design, allows compiler designers and practitioners to select the correct shadow stack design for different usage scenarios.Comment: To Appear in IEEE Security and Privacy 201

Illuminated Porcelain Forms

None provided

What happened? Do preschool children and capuchin monkeys spontaneously use visual traces to locate a reward?

This project has received funding from the European Research Council (ERC) under the European Union's Horizon 2020 Research and Innovation Programme (grant agreement no. 639072). Edinburgh Zoo's Living Links Research Facility is core supported by the Royal Zoological Society of Scotland (registered charity no.: SC004064) through funding generated by its visitors, members and supporters.The ability to infer unseen causes from evidence is argued to emerge early in development and to be uniquely human. We explored whether preschoolers and capuchin monkeys could locate a reward based on the physical traces left following a hidden event. Preschoolers and capuchin monkeys were presented with two cups covered with foil. Behind a barrier, an experimenter (E) punctured the foil coverings one at a time, revealing the cups with one cover broken after the first event and both covers broken after the second. One event involved hiding a reward, the other event was performed with a stick (order counterbalanced). Preschoolers and, with additional experience, monkeys could connect the traces to the objects used in the puncturing events to find the reward. Reversing the order of events perturbed the performance of 3-year olds and capuchins, while 4-year-old children performed above chance when the order of events was reversed from the first trial. Capuchins performed significantly better on the ripped foil task than they did on an arbitrary test in which the covers were not ripped but rather replaced with a differently patterned cover. We conclude that by 4 years of age children spontaneously reason backwards from evidence to deduce its cause.Publisher PDFPeer reviewe

Multi-task Self-Supervised Visual Learning

We investigate methods for combining multiple self-supervised tasks--i.e., supervised tasks where data can be collected without manual labeling--in order to train a single visual representation. First, we provide an apples-to-apples comparison of four different self-supervised tasks using the very deep ResNet-101 architecture. We then combine tasks to jointly train a network. We also explore lasso regularization to encourage the network to factorize the information in its representation, and methods for "harmonizing" network inputs in order to learn a more unified representation. We evaluate all methods on ImageNet classification, PASCAL VOC detection, and NYU depth prediction. Our results show that deeper networks work better, and that combining tasks--even via a naive multi-head architecture--always improves performance. Our best joint network nearly matches the PASCAL performance of a model pre-trained on ImageNet classification, and matches the ImageNet network on NYU depth prediction.Comment: Published at ICCV 201