Einstein-Podolsky-Rosen correlations between two uniformly accelerated oscillators

We consider the quantum correlations, i.e. the entanglement, between two systems uniformly accelerated with identical acceleration a in opposite Rindler quadrants which have reached thermal equilibrium with the Unruh heat bath. To this end we study an exactly soluble model consisting of two oscillators coupled to a massless scalar field in 1+1 dimensions. We find that for some values of the parameters the oscillators get entangled shortly after the moment of closest approach. Because of boost invariance there are an infinite set of pairs of positions where the oscillators are entangled. The maximal entanglement between the oscillators is found to be approximately 1.4 entanglement bits.Comment: 11 page

Path-based Access Control for Enterprise Networks

Enterprise networks are ubiquitious and increasingly complex. The mechanisms for defining security policies in these networks have not kept up with the advancements in networking technology. In most cases, system administrators must define policies on a per-application basis, and subsequently, these policies do not interact. For example, there is no mechanism that allows a firewall to communicate decisions based on its ruleset to a web server behind it, even though decisions being made at the firewall may be relevant to decisions made at the web server. In this paper, we describe a path-based access control system which allows applications in a network to pass access-control-related information to neighboring applications, as the applications process requests from outsiders and from each other. This system defends networks against a class of attacks wherein individual applications may make correct access control decisions but the resulting network behavior is incorrect. We demonstrate the system on service-oriented architecture (SOA)-style networks, in two forms, using graph-based policies, and leveraging the KeyNote trust management system

Quantum Einstein-Dirac Bianchi Universes

We study the mini--superspace quantization of spatially homogeneous (Bianchi) cosmological universes sourced by a Dirac spinor field. The quantization of the homogeneous spinor leads to a finite-dimensional fermionic Hilbert space and thereby to a multi-component Wheeler-DeWitt equation whose main features are: (i) the presence of spin-dependent Morse-type potentials, and (ii) the appearance of a q-number squared-mass term, which is of order ${\cal O}(\hbar^2)$, and which is affected by ordering ambiguities. We give the exact quantum solution of the Bianchi type-II system (which contains both scattering states and bound states), and discuss the main qualitative features of the quantum dynamics of the (classically chaotic) Bianchi type-IX system. We compare the exact quantum dynamics of fermionic cosmological billiards to previous works that described the spinor field as being either classical or Grassmann-valued.Comment: 50 page

G3-homogeneous gravitational instantons

We provide an exhaustive classification of self-dual four-dimensional gravitational instantons foliated with three-dimensional homogeneous spaces, i.e. homogeneous self-dual metrics on four-dimensional Euclidean spaces admitting a Bianchi simply transitive isometry group. The classification pattern is based on the algebra homomorphisms relating the Bianchi group and the duality group SO(3). New and general solutions are found for Bianchi III.Comment: 24 pages, few correction

Authentication on Untrusted Remote Hosts with Public-key Sudo

Two common tools in Linux- and UNIX-based environments are SSH for secure communications and sudo for performing administrative tasks. These are independent programs with substantially different purposes, but they are often used in conjunction. In this paper, we describe a weakness in their interaction and present our solution, public-key sudo. Public-key sudo1 is an extension to the sudo authentication mechanism which allows for public key authentication using the SSH public key framework. We describe our implementation of a BSD SSH authentication module and the SSH modifications required to use this module

Bloodhound: Searching Out Malicious Input in Network Flows for Automatic Repair Validation

Many current systems security research efforts focus on mechanisms for Intrusion Prevention and Self-Healing Software. Unfortunately, such systems find it difficult to gain traction in many deployment scenarios. For self-healing techniques to be realistically employed, system owners and administrators must have enough confidence in the quality of a generated fix that they are willing to allow its automatic deployment. In order to increase the level of confidence in these systems, the efficacy of a 'fix' must be tested and validated after it has been automatically developed, but before it is actually deployed. Due to the nature of attacks, such verification must proceed automatically. We call this problem Automatic Repair Validation (ARV). As a way to illustrate the difficulties faced by ARV, we propose the design of a system, Bloodhound, that tracks and stores malicious network flows for later replay in the validation phase for self-healing softwar

Bloodhound: Searching Out Malicious Input in Network Flows for Automatic Repair Validation

Many current systems security research efforts focus on mechanisms for Intrusion Prevention and Self-Healing Software. Unfortunately, such systems find it difficult to gain traction in many deployment scenarios. For self-healing techniques to be realistically employed, system owners and administrators must have enough confidence in the quality of a generated fix that they are willing to allow its automatic deployment. In order to increase the level of confidence in these systems, the efficacy of a 'fix' must be tested and validated after it has been automatically developed, but before it is actually deployed. Due to the nature of attacks, such verification must proceed automatically. We call this problem Automatic Repair Validation (ARV). As a way to illustrate the difficulties faced by ARV, we propose the design of a system, Bloodhound, that tracks and stores malicious network flows for later replay in the validation phase for self-healing softwar

Three-dimensional black holes from deformed anti-de Sitter

We present new exact three-dimensional black-string backgrounds, which contain both NS--NS and electromagnetic fields, and generalize the BTZ black holes and the black string studied by Horne and Horowitz. They are obtained as deformations of the Sl(2,R) WZW model. Black holes resulting from purely continuous deformations possess true curvature singularities. When discrete identifications are introduced, extra chronological singularities appear, which under certain circumstances turn out to be naked. The backgrounds at hand appear in the moduli space of the Sl(2,R) WZW model. Hence, they provide exact string backgrounds and allow for a more algebraical CFT description. This makes possible the determination of the spectrum of primaries.Comment: JHEP style, 33 pages, 1 figur

Novel Branches of (0,2) Theories

We show that recently proposed linear sigma models with torsion can be obtained from unconventional branches of conventional gauge theories. This observation puts models with log interactions on firm footing. If non-anomalous multiplets are integrated out, the resulting low-energy theory involves log interactions of neutral fields. For these cases, we find a sigma model geometry which is both non-toric and includes brane sources. These are heterotic sigma models with branes. Surprisingly, there are massive models with compact complex non-Kahler target spaces, which include brane/anti-brane sources. The simplest conformal models describe wrapped heterotic NS5-branes. We present examples of both types.Comment: 36 pages, LaTeX, 2 figures; typo in Appendix fixed; references added and additional minor change

Arachne: Integrated Enterprise Security Management

Security policies are a key component in protecting enterprise networks. There are many defensive options available to these policies, but current mechanically-enforced security policies are limited to traditional admission-based access control. There are defensive capabilities available that include logging, firewalls, honeypots, rollback/recovery, and intrusion detection systems, but policy enforcement is essentially limited to allow/deny semantics. Furthermore, access-control mechanisms operate independently on each service, which often leads to inconsistent or incorrect application of the intended system-wide policy. To begin to solve these problems, we propose a new system for defense-in-depth using global security policies. Under a global security policy, every policy decision is made with near-global knowledge, and re-evaluated as global knowledge changes, given an initial configuration provided by the administrator. Using a variety of actuators, we make the full array of defensive capabilities available to the global policy. We outline our proposal for enterprise-wide security policies, explore the design space, and discuss Arachne, our prototype implementation