Microwave Components

Contains reports on three research projects

The Effect of Variability on the Estimation of Quasar Black Hole Masses

We investigate the time-dependent variations of ultraviolet (UV) black hole mass estimates of quasars in the Sloan Digital Sky Survey (SDSS). From SDSS spectra of 615 high-redshift (1.69 < z < 4.75) quasars with spectra from two epochs, we estimate black hole masses, using a single-epoch technique which employs an additional, automated night-sky-line removal, and relies on UV continuum luminosity and CIV (1549A) emission line dispersion. Mass estimates show variations between epochs at about the 30% level for the sample as a whole. We determine that, for our full sample, measurement error in the line dispersion likely plays a larger role than the inherent variability, in terms of contributing to variations in mass estimates between epochs. However, we use the variations in quasars with r-band spectral signal-to-noise ratio greater than 15 to estimate that the contribution to these variations from inherent variability is roughly 20%. We conclude that these differences in black hole mass estimates between epochs indicate variability is not a large contributer to the current factor of two scatter between mass estimates derived from low- and high-ionization emission lines.Comment: 76 pages, 15 figures, 2 (long) tables; Accepted for publication in ApJ (November 10, 2007

Spectral Variability of Quasars in the Sloan Digital Sky Survey. II: The C IV Line

We examine the variability of the high-ionizaton C IV line in a sample of 105 quasars observed at multiple epochs by the Sloan Digital Sky Survey. We find a strong correlation between the change in the C IV line flux and the change in the line width, but no correlations between the change in flux and changes in line center and skewness. The relation between line flux change and line width change is consistent with a model in which a broad line base varies with greater amplitude than the line core. The objects studied here are more luminous and at higher redshift than those normally studied for variability, ranging in redshift from 1.65 to 4.00 and in absolute r-band magnitude from roughly -24 to -28. Using moment analysis line-fitting techniques, we measure line fluxes, centers, widths and skewnesses for the C IV line at two epochs for each object. The well-known Baldwin Effect is seen for these objects, with a slope beta = -0.22. The sample has a median intrinsic Baldwin Effect slope of beta = -0.85; the C IV lines in these high-luminosity quasars appear to be less responsive to continuum variations than those in lower luminosity AGN. Additionally, we find no evidence for variability of the well known blueshift of the C IV line with respect to the low-ionization Mg II line in the highest flux objects, indicating that this blueshift might be useful as a measure of orientation.Comment: 52 pages, 14 figures, accepted for publication in Ap

Mayhem: Targeted Corruption of Register and Stack Variables

In the past decade, many vulnerabilities were discovered in microarchitectures which yielded attack vectors and motivated the study of countermeasures. Further, architectural and physical imperfections in DRAMs led to the discovery of Rowhammer attacks which give an adversary power to introduce bit flips in a victim's memory space. Numerous studies analyzed Rowhammer and proposed techniques to prevent it altogether or to mitigate its effects. In this work, we push the boundary and show how Rowhammer can be further exploited to inject faults into stack variables and even register values in a victim's process. We achieve this by targeting the register value that is stored in the process's stack, which subsequently is flushed out into the memory, where it becomes vulnerable to Rowhammer. When the faulty value is restored into the register, it will end up used in subsequent iterations. The register value can be stored in the stack via latent function calls in the source or by actively triggering signal handlers. We demonstrate the power of the findings by applying the techniques to bypass SUDO and SSH authentication. We further outline how MySQL and other cryptographic libraries can be targeted with the new attack vector. There are a number of challenges this work overcomes with extensive experimentation before coming together to yield an end-to-end attack on an OpenSSL digital signature: achieving co-location with stack and register variables, with synchronization provided via a blocking window. We show that stack and registers are no longer safe from the Rowhammer attack