6,319 research outputs found
Lock-free Concurrent Data Structures
Concurrent data structures are the data sharing side of parallel programming.
Data structures give the means to the program to store data, but also provide
operations to the program to access and manipulate these data. These operations
are implemented through algorithms that have to be efficient. In the sequential
setting, data structures are crucially important for the performance of the
respective computation. In the parallel programming setting, their importance
becomes more crucial because of the increased use of data and resource sharing
for utilizing parallelism.
The first and main goal of this chapter is to provide a sufficient background
and intuition to help the interested reader to navigate in the complex research
area of lock-free data structures. The second goal is to offer the programmer
familiarity to the subject that will allow her to use truly concurrent methods.Comment: To appear in "Programming Multi-core and Many-core Computing
Systems", eds. S. Pllana and F. Xhafa, Wiley Series on Parallel and
Distributed Computin
Natural language processing
Beginning with the basic issues of NLP, this chapter aims to chart the major research activities in this area since the last ARIST Chapter in 1996 (Haas, 1996), including: (i) natural language text processing systems - text summarization, information extraction, information retrieval, etc., including domain-specific applications; (ii) natural language interfaces; (iii) NLP in the context of www and digital libraries ; and (iv) evaluation of NLP systems
Analyzing the Gadgets Towards a Metric to Measure Gadget Quality
Current low-level exploits often rely on code-reuse, whereby short sections
of code (gadgets) are chained together into a coherent exploit that can be
executed without the need to inject any code. Several protection mechanisms
attempt to eliminate this attack vector by applying code transformations to
reduce the number of available gadgets. Nevertheless, it has emerged that the
residual gadgets can still be sufficient to conduct a successful attack.
Crucially, the lack of a common metric for "gadget quality" hinders the
effective comparison of current mitigations. This work proposes four metrics
that assign scores to a set of gadgets, measuring quality, usefulness, and
practicality. We apply these metrics to binaries produced when compiling
programs for architectures implementing Intel's recent MPX CPU extensions. Our
results demonstrate a 17% increase in useful gadgets in MPX binaries, and a
decrease in side-effects and preconditions, making them better suited for ROP
attacks.Comment: International Symposium on Engineering Secure Software and Systems,
Apr 2016, London, United Kingdo
A Verified Information-Flow Architecture
SAFE is a clean-slate design for a highly secure computer system, with
pervasive mechanisms for tracking and limiting information flows. At the lowest
level, the SAFE hardware supports fine-grained programmable tags, with
efficient and flexible propagation and combination of tags as instructions are
executed. The operating system virtualizes these generic facilities to present
an information-flow abstract machine that allows user programs to label
sensitive data with rich confidentiality policies. We present a formal,
machine-checked model of the key hardware and software mechanisms used to
dynamically control information flow in SAFE and an end-to-end proof of
noninterference for this model.
We use a refinement proof methodology to propagate the noninterference
property of the abstract machine down to the concrete machine level. We use an
intermediate layer in the refinement chain that factors out the details of the
information-flow control policy and devise a code generator for compiling such
information-flow policies into low-level monitor code. Finally, we verify the
correctness of this generator using a dedicated Hoare logic that abstracts from
low-level machine instructions into a reusable set of verified structured code
generators
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Passwords are still a mainstay of various security systems, as well as the
cause of many usability issues. For end-users, many of these issues have been
studied extensively, highlighting problems and informing design decisions for
better policies and motivating research into alternatives. However, end-users
are not the only ones who have usability problems with passwords! Developers
who are tasked with writing the code by which passwords are stored must do so
securely. Yet history has shown that this complex task often fails due to human
error with catastrophic results. While an end-user who selects a bad password
can have dire consequences, the consequences of a developer who forgets to hash
and salt a password database can lead to far larger problems. In this paper we
present a first qualitative usability study with 20 computer science students
to discover how developers deal with password storage and to inform research
into aiding developers in the creation of secure password systems
- …