5,589 research outputs found
HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement
Widespread use of memory unsafe programming languages (e.g., C and C++)
leaves many systems vulnerable to memory corruption attacks. A variety of
defenses have been proposed to mitigate attacks that exploit memory errors to
hijack the control flow of the code at run-time, e.g., (fine-grained)
randomization or Control Flow Integrity. However, recent work on data-oriented
programming (DOP) demonstrated highly expressive (Turing-complete) attacks,
even in the presence of these state-of-the-art defenses. Although multiple
real-world DOP attacks have been demonstrated, no efficient defenses are yet
available. We propose run-time scope enforcement (RSE), a novel approach
designed to efficiently mitigate all currently known DOP attacks by enforcing
compile-time memory safety constraints (e.g., variable visibility rules) at
run-time. We present HardScope, a proof-of-concept implementation of
hardware-assisted RSE for the new RISC-V open instruction set architecture. We
discuss our systematic empirical evaluation of HardScope which demonstrates
that it can mitigate all currently known DOP attacks, and has a real-world
performance overhead of 3.2% in embedded benchmarks
Consensus-based approach to peer-to-peer electricity markets with product differentiation
With the sustained deployment of distributed generation capacities and the
more proactive role of consumers, power systems and their operation are
drifting away from a conventional top-down hierarchical structure. Electricity
market structures, however, have not yet embraced that evolution. Respecting
the high-dimensional, distributed and dynamic nature of modern power systems
would translate to designing peer-to-peer markets or, at least, to using such
an underlying decentralized structure to enable a bottom-up approach to future
electricity markets. A peer-to-peer market structure based on a Multi-Bilateral
Economic Dispatch (MBED) formulation is introduced, allowing for
multi-bilateral trading with product differentiation, for instance based on
consumer preferences. A Relaxed Consensus+Innovation (RCI) approach is
described to solve the MBED in fully decentralized manner. A set of realistic
case studies and their analysis allow us showing that such peer-to-peer market
structures can effectively yield market outcomes that are different from
centralized market structures and optimal in terms of respecting consumers
preferences while maximizing social welfare. Additionally, the RCI solving
approach allows for a fully decentralized market clearing which converges with
a negligible optimality gap, with a limited amount of information being shared.Comment: Accepted for publication in IEEE Transactions on Power System
Federated Learning You May Communicate Less Often!
We investigate the generalization error of statistical learning models in a
Federated Learning (FL) setting. Specifically, we study the evolution of the
generalization error with the number of communication rounds between the
clients and the parameter server, i.e., the effect on the generalization error
of how often the local models as computed by the clients are aggregated at the
parameter server. We establish PAC-Bayes and rate-distortion theoretic bounds
on the generalization error that account explicitly for the effect of the
number of rounds, say , in addition to the number of
participating devices and individual datasets size . The bounds, which
apply in their generality for a large class of loss functions and learning
algorithms, appear to be the first of their kind for the FL setting.
Furthermore, we apply our bounds to FL-type Support Vector Machines (FSVM); and
we derive (more) explicit bounds on the generalization error in this case. In
particular, we show that the generalization error of FSVM increases with ,
suggesting that more frequent communication with the parameter server
diminishes the generalization power of such learning algorithms. Combined with
that the empirical risk generally decreases for larger values of , this
indicates that might be a parameter to optimize in order to minimize the
population risk of FL algorithms. Moreover, specialized to the case
(sometimes referred to as "one-shot" FL or distributed learning) our bounds
suggest that the generalization error of the FL setting decreases faster than
that of centralized learning by a factor of ,
thereby generalizing recent findings in this direction to arbitrary loss
functions and algorithms. The results of this paper are also validated on some
experiments
An Attribtue-Based Statistic Model for Privacy Impact Assessment
Personally Identifiable Information (PII) includes any information that can be used to distinguish or trace an individual\u27s identity such as name, social security number, date and place of birth, mother\u27s maiden name, or biometric records. It also includes other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. PII is often the target of attacks, and loss of PII could result in identity theft. According to the U.S. Department of Justice, the average number of U.S. identity fraud victims annually is 11,571,900 [1]. The total financial loss attributed to identity theft in 2013 was 21billiondollars,comparedto13.2 billion total loss in 2010[1]
An Attribute-based Statistic Model for Privacy Impact Assessment
Personally Identifiable Information (PII) includes any information that can be used to distinguish or trace an individual’s identity such as name, social security number, date and place of birth, mother’s maiden name, or biometric records. It also includes other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. PII is often the target of attacks, and loss of PII could result in identity theft. According to the U.S. Department of Justice, the average number of U.S. identity fraud victims annually is 11,571,900 [1]. The total financial loss attributed to identity theft in 2013 was 13.2 billion total loss in 2010 [1]
Combinatorial structures for anonymous database search
This thesis treats a protocol for anonymous database search (or if one prefer, a protocol for user-private information retrieval), that is based on the use of combinatorial configurations. The protocol is called P2P UPIR. It is proved that the (v,k,1)-balanced incomplete block designs (BIBD) and in particular the finite projective planes are optimal configurations for this protocol. The notion of n-anonymity is applied to the configurations for P2P UPIR protocol and the transversal designs are proved to be n-anonymous configurations for P2P UPIR, with respect to the neighborhood points of the points of the configuration. It is proved that to the configurable tuples one can associate a numerical semigroup. This theorem implies results on existence of combinatorial configurations. The proofs are constructive and can be used as algorithms for finding combinatorial configurations. It is also proved that to the triangle-free configurable tuples one can associate a numerical semigroup. This implies results on existence of triangle-free combinatorial configurations
PETL use. Summary of Court Judgments: years 2007-2011
Proyecto CCG10-UC3M/HUM-4701 "Proyección de los Principios Europeos de Responsabilidad Civil en el Derecho de Daños
- …