A general framework to realize an abstract machine as an ILP processor with application to java

Ph.DDOCTOR OF PHILOSOPH

What are patents revealing?

Metzger, P., Mendonça, S., Silva, J. A., & Damásio, B. (2023). Battery innovation and the Circular Economy: What are patents revealing? Renewable Energy, 209(June), 516-532. https://doi.org/10.1016/j.renene.2023.03.132---Funding: Bruno Damásio and Philipp Metzger acknowledge the financial support provided by Fundac̨ão para a Ciência e a Tecnologia, Portugal (FCT) under the project UIDB/04152/2020 — Centro de Investigação em Gestão de Informação (MagIC). Sandro Mendonça acknowledges support by FCT, Portugal, by the Business Research Unit (BRU-IUL) and by UECE-REM (Research Unit on Complexity and Economics). BRU-IUL also benefited from grants UID/GES/00315/2013, UIDB/00315/2020; UIDB/05069/2020; PTDC/EGE-ECO/30690/2017 and is part of the project PTDC/EGE-ECO/30690/2017. José Silva acknowledges FCT support under the project UIDB/50019/2020–IDL.This analysis of over 90,000 secondary battery innovations (measured by international patent families) provides a comprehensive account of the long-run progress of a knowledge base with a key role in the transition to a transformative, closed-loop, Circular Economy. Innovation accelerated globally from 2000 to 2019, a sustained dynamic mostly originating in Asia. Patterns of less toxicity and more diversity in technological trajectories are detected and found to bear evidence of pro-circularity. We find a number of emergent technological trajectories, such as solid-state, lithium-sulfur, redox-flow and sodium-ion batteries, each one with a different potential to push ahead the circularity pathway, and which allow for the detection of country clusters. Through a methodology that can be of interest for further research, we examine the extent to which batteries have circular characteristics.publishersversionpublishe

Master of Science

thesisHealthcare organizations heavily rely on networked applications. Many applications used in healthcare settings have different security, privacy, and regulatory requirements. At the same time, users may use their devices with medical applications for non-medical-related purposes. Running arbitrary applications on the same device may affect the healthcare applications in a way that violates their requirements. The ability of using the same device for multiple purposes in an enterprise network presents a challenge to healthcare IT operations. To allow the users to use the same device for both medical and non-medical-related purposes while meeting the set of requirements for medical applications, we present the design and implementation of the SeaCat, an SDN End-to-end Application Containment ArchitecTure, and evaluate the system in a testbed environment. SeaCat has two major components. First is the container technology used in the client device to securely isolate any application. Second is the software-defined networking (SDN) that provides isolated secure network resource access for each application

Container-based Continuous Delivery for Clusters

The focus of this master’s thesis was aimed at E.ON’s electricity saving project, 100koll, in collaboration with IT-consulting firm Data Ductus.The 100koll users demand high availability, which creates a complex underlaying system-infrastructure. The processes of deploying and preparing new releases to the system is presently done manually. Data Ductus is requesting an investigation on whether or not containers can facilitate the preparation processes to a point where delivery is done continuously. The solution which was introduced follows five steps of implementation which involves a programmable infrastructure, deployment strategies and a deployment pipeline with a feedback system. What the solution shows us is that containers were able to facilitate certain parts of the implementation process that previously prevented Data Ductus from achieving continuous delivery. However, the conducted research also proves with the help of the implementation processes that achieving continuous delivery is not all to do with having access to the correct tools; it also has to do with the mindset of the people involved

QUIRE: Lightweight Provenance for Smart Phone Operating Systems

Smartphone applications(apps) often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone, different apps with different privileges can communicate with one another, allowing one app to trick another into improperly exercising its privileges (a confused deputy attack). This thesis presents two new security mechanisms built into the Android operating system to address these issues. First, the call chain of all interprocess communications are tracked, allowing an app the choice of operating with the diminished privileges of its callers or to act explicitly on its own behalf. Additionally, a lightweight signature scheme allows any app to create a signed statement that can be verified anywhere inside the phone. Both of these mechanisms are reflected in network RPCs, allowing remote endpoints visibility into the state of the phone when an RPC is made

Hardware-Assisted Dependable Systems

Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations, unavailability of internet services, data losses, malfunctioning components, and consequently financial losses or even death of people. In particular, faults in microprocessors (CPUs) and memory corruption bugs are among the major unresolved issues of today. CPU faults may result in benign crashes and, more problematically, in silent data corruptions that can lead to catastrophic consequences, silently propagating from component to component and finally shutting down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may result in a benign application crash but may also be exploited by a malicious hacker to gain control over the system or leak confidential data. Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation strategy is to apply ad-hoc local patches: checksums to protect specific computations against hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend against all kinds of hardware and software errors, but are inadequately expensive in terms of resources and performance overhead. In this thesis, we examine and propose five techniques to protect against hardware CPU faults and software memory-corruption bugs. All these techniques are hardware-assisted: they use recent advancements in CPU designs and modern CPU extensions. Three of these techniques target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX extension to protect against buffer overflow bugs. Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems are implemented as compiler passes which transparently harden unmodified applications against hardware faults and software bugs. They are practical since they rely on commodity CPUs and require no specialized hardware or operating system support. Finally, they are efficient because they use hardware assistance in the form of CPU extensions to lower performance overhead

Tags: Augmenting Microkernel Messages with Lightweight Metadata

In this work, we propose Tags, an e cient mechanism that augments microkernel interprocess messages with lightweight metadata to enable the development of new, systemwide functionality without requiring the modi cation of application source code. Therefore, the technology is well suited for systems with a large legacy code base and for third-party applications such as phone and tablet applications. As examples, we detailed use cases in areas consisting of mandatory security and runtime veri cation of process interactions. In the area of mandatory security, we use tagging to assess the feasibility of implementing a mandatory integrity propagation model in the microkernel. The process interaction veri cation use case shows the utility of tagging to track and verify interaction history among system components. To demonstrate that tagging is technically feasible and practical, we implemented it in a commercial microkernel and executed multiple sets of standard benchmarks on two di erent computing architectures. The results clearly demonstrate that tagging has only negligible overhead and strong potential for many applications

Enhanced Password Security on Mobile Devices

<p>Sleek and powerful touchscreen devices with continuous access to high-bandwidth wireless data networks have transformed mobile into a first-class development platform. Many applications (i.e., "apps") written for these platforms rely on remote services such as Dropbox, Facebook, and Twitter, and require users to provide one or more passwords upon installation. Unfortunately, today's mobile platforms provide no protection for users' passwords, even as mobile devices have become attractive targets for password-stealing malware and other phishing attacks.</p><p>This dissertation explores the feasibility of providing strong protections for passwords input on mobile devices without requiring large changes to existing apps.</p><p>We propose two approaches to secure password entry on mobile devices: ScreenPass and VeriUI. ScreenPass is integrated with a device's operating system and continuously monitors the device's screen to prevent malicious apps from spoofing the system's trusted software keyboard. The trusted keyboard ensures that ScreenPass always knows when a password is input, which allows it to prevent apps from sending password data to the untrusted servers. VeriUI relies on trusted hardware to isolate password handling from a device's operating system and apps. This approach allows VeriUI to prove to remote services that a relatively small and well-known code base directly handled a user's password data.</p>Dissertatio