Adonis: Practical and Efficient Control Flow Recovery through OS-Level Traces

Control flow recovery is critical to promise the software quality, especially for large-scale software in production environment. However, the efficiency of most current control flow recovery techniques is compromised due to their runtime overheads along with deployment and development costs. To tackle this problem, we propose a novel solution, Adonis, which harnesses OS-level traces, such as dynamic library calls and system call traces, to efficiently and safely recover control flows in practice. Adonis operates in two steps: it first identifies the call-sites of trace entries, then it executes a pair-wise symbolic execution to recover valid execution paths. This technique has several advantages. First, Adonis does not require the insertion of any probes into existing applications, thereby minimizing runtime cost. Second, given that OS-level traces are hardware-independent, Adonis can be implemented across various hardware configurations without the need for hardware-specific engineering efforts, thus reducing deployment cost. Third, as Adonis is fully automated and does not depend on manually created logs, it circumvents additional development cost. We conducted an evaluation of Adonis on representative desktop applications and real-world IoT applications. Adonis can faithfully recover the control flow with 86.8% recall and 81.7% precision. Compared to the state-of-the-art log-based approach, Adonis can not only cover all the execution paths recovered, but also recover 74.9% of statements that cannot be covered. In addition, the runtime cost of Adonis is 18.3× lower than the instrument-based approach; the analysis time and storage cost (indicative of the deployment cost) of Adonis is 50× smaller and 443× smaller than the hardware-based approach, respectively. To facilitate future replication and extension of this work, we have made the code and data publicly available

Forensic acquisition of file systems with parallel processing of digital artifacts to generate an early case assessment report

A evolução da maneira como os seres humanos interagem e realizam tarefas rotineiras mudou nas últimas décadas e uma longa lista de atividades agora somente são possíveis com o uso de tecnologias da informação – entre essas pode-se destacar a aquisição de bens e serviços, gestão e operações de negócios e comunicações. Essas transformações são visíveis também em outras atividades menos legítimas, permitindo que crimes sejam cometidos através de meios digitais. Em linhas gerais, investigadores forenses trabalham buscando por indícios de ações criminais realizadas por meio de dispositivos digitais para finalmente, tentar identificar os autores, o nível do dano causado e a história atrás que possibilitou o crime. Na sua essência, essa atividade deve seguir normas estritas para garantir que as provas sejam admitidas em tribunal, mas quanto maior o número de novos artefatos e maior o volume de dispositivos de armazenamento disponíveis, maior o tempo necessário entre a identificação de um dispositivo de um suspeito e o momento em que o investigador começa a navegar no mar de informações alojadas no dispositivo. Esta pesquisa, tem como objetivo antecipar algumas etapas do EDRM através do uso do processamento em paralelo adjacente nas unidades de processamento (CPU) atuais para para traduzir multiplos artefactos forenses do sistema operativo Windows 10 e gerar um relatório com as informações mais cruciais sobre o dispositivo adquirido. Permitindo uma análise antecipada do caso (ECA) ao mesmo tempo em que uma aquisição completa do disco está em curso, desse modo causando um impacto mínimo no tempo geral de aquisição

Hardware-Assisted Processor Tracing for Automated Bug Finding and Exploit Prevention

The proliferation of binary-only program analysis techniques like fuzz testing and symbolic analysis have lead to an acceleration in the number of publicly disclosed vulnerabilities. Unfortunately, while bug finding has benefited from recent advances in automation and a decreasing barrier to entry, bug remediation has received less attention. Consequently, analysts are publicly disclosing bugs faster than developers and system administrators can mitigate them. Hardware-supported processor tracing within commodity processors opens new doors to observing low-level behaviors with efficiency, transparency, and integrity that can close this automation gap. Unfortunately, several trade-offs in its design raise serious technical challenges that have limited widespread adoption. Specifically, modern processor traces only capture control flow behavior, yield high volumes of data that can incur overhead to sift through, and generally introduce a semantic gap between low-level behavior and security relevant events. To solve the above challenges, I propose control-oriented record and replay, which combines concrete traces with symbolic analysis to uncover vulnerabilities and exploits. To demonstrate the efficacy and versatility of my approach, I first present a system called ARCUS, which is capable of analyzing processor traces flagged by host-based monitors to detect, localize, and provide preliminary patches to developers for memory corruption vulnerabilities. ARCUS has detected 27 previously known vulnerabilities alongside 4 novel cases, leading to the issuance of several advisories and official developer patches. Next, I present MARSARA, a system that protects the integrity of execution unit partitioning in data provenance-based forensic analysis. MARSARA prevents several expertly crafted exploits from corrupting partitioned provenance graphs while incurring little overhead compared to prior work. Finally, I present Bunkerbuster, which extends the ideas from ARCUS and MARSARA into a system capable of proactively hunting for bugs across multiple end-hosts simultaneously, resulting in the discovery and patching of 4 more novel bugs.Ph.D

CT Scanning

Since its introduction in 1972, X-ray computed tomography (CT) has evolved into an essential diagnostic imaging tool for a continually increasing variety of clinical applications. The goal of this book was not simply to summarize currently available CT imaging techniques but also to provide clinical perspectives, advances in hybrid technologies, new applications other than medicine and an outlook on future developments. Major experts in this growing field contributed to this book, which is geared to radiologists, orthopedic surgeons, engineers, and clinical and basic researchers. We believe that CT scanning is an effective and essential tools in treatment planning, basic understanding of physiology, and and tackling the ever-increasing challenge of diagnosis in our society

Beyond the Circle of Life

It seems certain to me that I will die and stay dead. By “I”, I mean me, Greg Nixon, this person, this self-identity. I am so intertwined with the chiasmus of lives, bodies, ecosystems, symbolic intersubjectivity, and life on this particular planet that I cannot imagine this identity continuing alone without them. However, one may survive one’s life by believing in universal awareness, perfection, and the peace that passes all understanding. Perhaps, we bring this back with us to the Source from which we began, changing it, enriching it. Once we have lived – if we don’t choose the eternal silence of oblivion by life denial, vanity, indifference, or simple weariness – the Source learns and we awaken within it. Awareness, consciousness, is universal – it comes with the territory – so maybe you will be one of the few prepared to become unexpectedly enlightened after the loss of body and self. You may discover your own apotheosis – something you always were, but after a lifetime of primate experience, now much more. Since you are of the Source and since you have changed from life experience and yet retained the dream of ultimate awakening, plus you have brought those chaotic emotions and memories back to the Source with you (though no longer yours), your life & memories will have mattered. Those who awaken beyond the death of self will have changed Reality

Loss of Signal: Aeromedical Lessons Learned from the STS-107 Columbia Space Shuttle Mishap

The editors of Loss of Signal wanted to document the aeromedical lessons learned from the Space Shuttle Columbia mishap. The book is intended to be an accurate and easily understood account of the entire process of recovering and analyzing the human remains, investigating and analyzing what happened to the crew, and using the resulting information to recommend ways to prevent mishaps and provide better protection to crewmembers. Our goal is to capture the passions of those who devoted their energies in responding to the Columbia mishap. We have reunited authors who were directly involved in each of these aspects. These authors tell the story of their efforts related to the Columbia mishap from their point of view. They give the reader an honest description of their responsibilities and share their challenges, their experiences, and their lessons learned on how to enhance crew safety and survival, and how to be prepared to support space mishap investigations. As a result of this approach, a few of the chapters have some redundancy of information and authors' opinions may differ. In no way did we or they intend to assign blame or criticize anyone's professional efforts. All those involved did their best to obtain the truth in the situations to which they were assigned

Human skeletal remains: development of DNA extraction and typing methods

Nell\u2019ambito delle indagini genetico-forensi i reperti scheletrici sono spesso il solo materiale biologico disponibile per l'identificazione individuale di soggetti scomparsi e rinvenuti in diverse circostanze quali disastri di massa, guerre, eventi socio-politici e accertamenti della paternit\ue0 biologica effettuati su soggetti deceduti a seguito di esumazione. Il DNA estratto da reperti ossei \ue8 normalmente presente in basso numero di copie (Low Copy Number) e altamente degradato a causa di alterazioni chimico-fisiche derivanti sia dalla datazione del reperto biologico stesso sia dalle condizioni ambientali alle quali il campione viene sottoposto talvolta per lunghi periodi di tempo. L\u2019adeguata procedura di estrazione cos\uec come l'amplificazione del DNA, rappresentano step fondamentali per l\u2019acquisizione di profili genetici da campioni scheletrici la cui attendibilit\ue0 \ue8 fortemente influenzata dall\u2019integrit\ue0 del campione. Per quanto riguarda i resti scheletrici, allo stato attuale non esiste un metodo di estrazione del DNA infallibile e standardizzato, idoneo per la successiva determinazione del profilo genetico, come pure l\u2019amplificazione del DNA mediante marcatori genetici tradizionali quali gli Short Tandem Repeats (STRs) risulta essere talvolta inefficace nei casi che vedono coinvolto del DNA altamente degradato. In questo studio sono state analizzate diverse tipologie di resti scheletrici umani la cui datazione variava da pochi mesi a circa 90 anni post mortem, rinvenuti in ambienti differenti e quindi caratterizzati da un variabile stato di conservazione. E\u2019 stato sviluppato un nuovo protocollo di estrazione del DNA, consistente in un primo step di purificazione del campione decalcificato e lisato, con il tradizionale metodo fenolo-cloroformio, atto a separare fisicamente il DNA da proteine e materiale contaminante quale ad esempio terriccio. Successivamente ciascun campione \ue8 stato estratto mediante kit di estrazione basati su differenti principi chimico-fisici, per valutare sulla base dei profili genetici ottenuti, quale fosse il pi\uf9 idoneo ed efficace nell\u2019estrazione del DNA e da quale distretto osseo si potesse ottenere un profilo genetico di migliore qualit\ue0. L\u2019associazione tra fenolo cloroformio e uno specifico kit basato su estrazione del DNA mediante colonne cromatografiche, si \ue8 rivelato essere il metodo pi\uf9 efficace grazie all\u2019utilizzo del fenolo cloroformio che ha permesso di purificare gli estratti impedendo che detriti di varia natura interferissero con le colonne cromatografiche, occludendole e grazie all\u2019elevata capacit\ue0 estrattiva del kit in esame. Inoltre, poich\ue9 \ue8 noto che l\u2019utilizzo di polimorfismi di dimensioni ridotte (Mini Short Tandem Repeats- MiniSTRs) rispetto agli STRs convenzionali risulta essere estremamente efficace nella determinazione di un profilo genetico da campioni di DNA altamente degradato, i primers di otto marcatori STR ampiamente validati e inclusi in numerosi kit commerciali, sono stati ridisegnati in prossimit\ue0 della regione altamente ripetuta del marcatore prescelto. Gli otto nuovi MiniSTRs sono stati quindi assemblati e suddivisi in due quadruplexes ottenendo prodotti di PCR di dimensioni inferiori a 130 paia di basi. Il protocollo di estrazione presentato in questo studio ha fornito risultati positivi nei reperti scheletrici analizzati, con elettivo riferimento ai campioni ossei quali femore, di diversa datazione e stato di conservazione. \uc8 inoltre da sottolineare come le condizioni ambientali a cui resti sono stati esposti, hanno avuto una maggiore influenza sulla stato di degradazione del DNA rispetto all'et\ue0 dei reperti scheletrici stessi. Mediante l\u2019utilizzo di kit commerciali per l\u2019amplificazione del DNA e delle due mini-STR quadruplexes sono stati ottenuti profili genetici costituiti da minimo 12 STR da tutti i campioni di femore analizzati, permettendo il riconoscimento dei soggetto deceduto, mediante la comparazione del profilo genetico ottenuto con quello dei presunti parenti. Il metodo di estrazione del DNA descritto in questo lavoro e l\u2019introduzione di nuovi MiniSTRs in aggiunta ai kit commerciali disponibili, sono risultati essere efficaci per la determinazione di profili genetici da campioni scheletrici caratterizzati da DNA altamente degradato.In forensic cases human remains are often the only biological material available for identification of missing persons or unknown remains found in different circumstances such as mass disasters, wars or socio-political events and to solve paternity issues. DNA extracted from bones is often present in low copy number (LCN) and in various states of degradation due to chemical and physical damages produced by intrinsic and extrinsic bone characteristics. Efficient DNA extraction procedures, as well as accurate DNA amplification, are critical steps involved in the process of successful DNA analysis of skeletal samples. Unfortunately, at present there is not an infallible method to recover DNA from very degraded samples due to variations in DNA yield from larger bone fragments that may be attributed to heterogeneity within a bones. In this study different types of human bones ranging in age from few months to 90 years post mortem, found in various states of preservation and conserved in different places, were analyzed. We developed a modified silica based spin columns protocol, consisting in an initial separation of DNA from proteins and waste material, by using phenol-chloroform to better purify samples. Moreover, as the recovery of information from these degraded samples is enhanced by the use of smaller PCR products (Mini Short Tandem Repeats) rather than conventional STRs, eight STR markers included in available commercial multiplex PCR kits, were redesigned by moving forward and reverse primers in close proximity to the STR repeat region. Two PCR quadruplexes were assembled to obtain PCR products less than 130 bp in size. Our modified protocol was successfully employed to extract DNA from long bones of different ages and preservation state. Importantly the use of phenol chloroform consistently increased the amount of DNA that could be extracted from long bones, because it allowed to clean samples preventing that waste material interferes with columns or magnetic beads. Environmental conditions under which remains were exposed, had stronger influence on the state of DNA quality than the age of skeletal remains. Moreover the use of miniSTRs has proposed here could be used in addition to commercial kits, to increase as much as possible the number of markers analyzed. Using amplification commercial kits and the two new mini-STR quadruplex systems we always obtained genetic profiles of at least 12 STR from DNA typing of femur samples. The improvement of DNA extraction methods and the inclusion of robust and powerful miniSTR loci in addition to the commercial available kits, are effective solutions for forensic practices of degraded DNA samples because ensure that difficult casework samples with low amounts of degraded DNA can be fully typed