Timing Sensitive Dependency Analysis and its Application to Software Security

Ich präsentiere neue Verfahren zur statischen Analyse von Ausführungszeit-sensitiver Informationsflusskontrolle in Softwaresystemen. Ich wende diese Verfahren an zur Analyse nebenläufiger Java Programme, sowie zur Analyse von Ausführungszeit-Seitenkanälen in Implementierungen kryptographischer Primitive. Methoden der Informationsflusskontrolle zielen darauf ab, Fluss von Informationen (z.B.: zwischen verschiedenen externen Schnittstellen einer Software-Komponente) anhand expliziter Richtlinien einzuschränken. Solche Methoden können daher zur Einhaltung sowohl von Vertraulichkeit als auch Integrität eingesetzt werden. Der Ziel korrekter statischer Programmanalysen in diesem Umfeld ist der Nachweis, dass in allen Ausführungen eines gegebenen Programms die zugehörigen Richtlinien eingehalten werden. Ein solcher Nachweis erfordert ein Sicherheitskriterium, welches formalisiert, unter welchen Bedingungen dies der Fall ist. Jedem formalen Sicherheitskriterium entspricht implizit ein Programm- und Angreifermodell. Einfachste Nichtinterferenz-Kriterien beschreiben beispielsweise nur nicht-interaktive Programme. Dies sind Programme die nur bei Beginn und Ende der Ausführung Ein- und Ausgaben erlauben. Im zugehörigen Angreifer-Modell kennt der Angreifer das Programm, aber beobachtet nur bestimmte (öffentliche) Aus- und Eingaben oder stellt diese bereit. Ein Programm ist nichtinterferent, wenn der Angreifer aus seinen Beobachtungen keinerlei Rückschlüsse auf geheime Aus- und Eingaben terminierender Ausführungen machen kann. Aus nicht-terminierenden Ausführungen hingegen sind dem Angreifer in diesem Modell Schlussfolgerungen auf geheime Eingaben erlaubt. Seitenkanäle entstehen, wenn einem Angreifer aus Beobachtungen realer Systeme Rückschlüsse auf vertrauliche Informationen ziehen kann, welche im formalen Modell unmöglich sind. Typische Seitenkanäle (also: in vielen formalen Sicherheitskriterien unmodelliert) sind neben Nichttermination beispielsweise auch Energieverbrauch und die Ausführungszeit von Programmen. Hängt diese von geheimen Eingaben ab, so kann ein Angreifer aus der beobachteten Ausführungszeit auf die Eingabe (z.B.: auf den Wert einzelner geheimer Parameter) schließen. In meiner Dissertation präsentiere ich neue Abhängigkeitsanalysen, die auch Nichtterminations- und Ausführungszeitkanäle berücksichtigen. In Hinblick auf Nichtterminationskanäle stelle ich neue Verfahren zur Berechnung von Programm-Abhängigkeiten vor. Hierzu entwickle ich ein vereinheitlichendes Rahmenwerk, in welchem sowohl Nichttermination-sensitive als auch Nichttermination-insensitive Abhängigkeiten aus zueinander dualen Postdominanz-Begriffen resultieren. Für Ausführungszeitkanäle entwickle ich neue Abhängigkeitsbegriffe und dazugehörige Verfahren zu deren Berechnung. In zwei Anwendungen untermauere ich die These: Ausführungszeit-sensitive Abhängigkeiten ermöglichen korrekte statische Informationsfluss-Analyse unter Berücksichtigung von Ausführungszeitkanälen. Basierend auf Ausführungszeit-sensitiven Abhängigkeiten entwerfe ich hierfür neue Analysen für nebenläufige Programme. Ausführungszeit-sensitive Abhängigkeiten sind dort selbst für Ausführungszeit-insensitive Angreifermodelle relevant, da dort interne Ausführungszeitkanäle zwischen unterschiedlichen Ausführungsfäden extern beobachtbar sein können. Meine Implementierung für nebenläufige Java Programme basiert auf auf dem Programmanalyse- System JOANA. Außerdem präsentiere ich neue Analysen für Ausführungszeitkanäle aufgrund mikro-architektureller Abhängigkeiten. Exemplarisch untersuche ich Implementierungen von AES256 Blockverschlüsselung. Bei einigen Implementierungen führen Daten-Caches dazu, dass die Ausführungszeit abhängt von Schlüssel und Geheimtext, wodurch diese aus der Ausführungszeit inferierbar sind. Für andere Implementierungen weist meine automatische statische Analyse (unter Annahme einer einfachen konkreten Cache-Mikroarchitektur) die Abwesenheit solcher Kanäle nach

On Time-sensitive Control Dependencies

We present efficient algorithms for time-sensitive control dependencies (CDs). If statement y is time-sensitively control dependent on statement x, then x decides not only whether y is executed but also how many timesteps after x. If y is not standard control dependent on x, but time-sensitively control dependent, then y will always be executed after x, but the execution time between x and y varies. This allows us to discover, e.g., timing leaks in security-critical software. We systematically develop properties and algorithms for time-sensitive CDs, as well as for nontermination-sensitive CDs. These work not only for standard control flow graphs (CFGs) but also for CFGs lacking a unique exit node (e.g., reactive systems). We show that Cytron’s efficient algorithm for dominance frontiers [10] can be generalized to allow efficient computation not just of classical CDs but also of time-sensitive and nontermination-sensitive CDs. We then use time-sensitive CDs and time-sensitive slicing to discover cache timing leaks in an AES implementation. Performance measurements demonstrate scalability of the approach

Analysis of Kapitza-Dirac diffraction patterns beyond the Raman-Nath regime

We study Kapitza-Dirac diffraction of a Bose-Einstein condensate from a standing light wave for a square pulse with variable pulse length but constant pulse area. We find that for sufficiently weak pulses, the usual analytical short-pulse prediction for the Raman-Nath regime continues to hold for longer times, albeit with a reduction of the apparent modulation depth of the standing wave. We quantitatively relate this effect to the Fourier width of the pulse, and draw analogies to the Rabi dynamics of a coupled two-state system. Our findings, combined with numerical modeling for stronger pulses, are of practical interest for the calibration of optical lattices in ultracold atomic systems

Fractal Conductance Fluctuations in Gold--Nanowires

A detailed analysis of magneto-conductance fluctuations of quasiballistic gold-nanowires of various lengths is presented. We find that the variance $=$ when analyzed for $\Delta B$ much smaller than the correlation field $B_c$ varies according to $<(\Delta G)^2>\propto \Delta B^{\gamma}$ with $\gamma < 2$ indicating that the graph of $G$ vs. $B$ is fractal. We attribute this behavior to the existence of long-lived states arising from chaotic trajectories trapped close to regular classical orbits. We find that $\gamma$ decreases with increasing length of the wires.Comment: 5 pages, Revtex with epsf, 4 Postscript figures, final version accepted as Phys. Rev. Let

Integration of all FSSIM components within SEAMLESS-IF and a stand alone Graphical User Interface for FSSIM

Agricultural and Food Policy, Environmental Economics and Policy, Farm Management, Land Economics/Use,

Harsh discipline relates to internalizing problems and cognitive functioning: findings from a cross-sectional study with school children in Tanzania

Background: Child maltreatment poses a risk to children and adolescents’ mental health and may also affect cognitive functioning. Also harsh discipline has been frequently associated with mental health problems. However, within societies in which harsh disciplinary methods are culturally normed and highly prevalent less is known about the association between harsh punishment, mental health problems, and cognitive functioning. Methods: In a cross-sectional study, we conducted structured clinical interviews with a sample of Tanzanian primary school students assessing exposure to harsh discipline (Maltreatment and Abuse Chronology of Exposure), internalizing problems (Strength and Difficulties Questionnaire, Children’s Depression Inventory), and working memory (Corsi Blocktapping Task). School performance was measured by using the exam grades in 4 core subjects. The 409 children (52 % boys) had a mean age of 10.5 years (range: 6 – 15). Results: Using structural equation modeling, a strong relationship was found between harsh discipline and internalizing problems (β = .47), which were related to lower working memory capacity (β = −.17) and school performance (β = −.17). Conclusions: The present study suggests that harsh discipline is closely linked to children’s internalizing mental health problems, which are in turn associated with lower cognitive functioning and school performance. Given the high rates of harsh discipline experienced by children in East African homes and elsewhere, the findings of the present study emphasize the need to inform the population at large about the potentially adverse consequences associated with harsh discipline. Electronic supplementary material The online version of this article (doi:10.1186/s12888-016-0828-3) contains supplementary material, which is available to authorized users

Membrane remodelling triggers maturation of excitation–contraction coupling in 3D-shaped human-induced pluripotent stem cell-derived cardiomyocytes

The prospective use of human-induced pluripotent stem cell-derived cardiomyocytes (hiPSC-CM) for cardiac regenerative medicine strongly depends on the electro-mechanical properties of these cells, especially regarding the Ca$^{2+}$-dependent excitation–contraction (EC) coupling mechanism. Currently, the immature structural and functional features of hiPSC-CM limit the progression towards clinical applications. Here, we show that a specific microarchitecture is essential for functional maturation of hiPSC-CM. Structural remodelling towards a cuboid cell shape and induction of BIN1, a facilitator of membrane invaginations, lead to transverse (t)-tubule-like structures. This transformation brings two Ca$^{2+}$ channels critical for EC coupling in close proximity, the L-type Ca$^{2+}$ channel at the sarcolemma and the ryanodine receptor at the sarcoplasmic reticulum. Consequently, the Ca$^{2+}$-dependent functional interaction of these channels becomes more efficient, leading to improved spatio-temporal synchronisation of Ca$^{2+}$ transients and higher EC coupling gain. Thus, functional maturation of hiPSC-cardiomyocytes by optimised cell microarchitecture needs to be considered for future cardiac regenerative approaches

Impact of the SARS-CoV-2 pandemic on emergency surgery services-a multi-national survey among WSES members

Background: The SARS-CoV-2 pandemic is a major challenge for health care services worldwide. It's impact on oncologic therapies and elective surgery has been described recently, and the literature provides guidelines regarding appropriate elective patient treatment during the pandemic. However, the impact of SARS-CoV-2 pandemic on emergency surgery services has been poorly investigated up to now. Methods: A 17-item web survey had been distributed to emergency surgeons in June 2020 around the world, investigating the impact of SARS-CoV-2 pandemic on patients and septic diseases both requiring emergency surgery and the time-to-intervention in emergency surgery routine, as well as experiences with surgery in COVID-19 patients. Results: Ninety-eight collaborators from 31 countries responded to the survey. The majority (65.3%) estimated the impact of the SARS-CoV-2 pandemic on emergency surgical patient care as being strong or very strong. Due to the pandemic, 87.8% reported a decrease in the total number of patients undergoing emergency surgery and approximately 25% estimated a delay of more than 2 h in the time-to-diagnosis and another 2 h in the time-to-intervention. Fifty percent make structural problems with in-hospital logistics (e.g. transport of patients, closed normal wards etc.) mainly responsible for delayed emergency surgery and the frequent need (56.1%) for a triage of emergency surgical patients. 56.1% of the collaborators observed more severe septic abdominal diseases during the pandemic, especially for perforated appendicitis and severe septic cholecystitis (41.8% and 40.2%, respectively). 62.2% had experiences with surgery in COVID-19-infected patients. Conclusions: The results of The WSES COVID-19 emergency surgery survey are alarming. The combination of an estimated decrease in numbers of emergency surgical patients and an observed increase in more severe septic diseases may be a result of the fear of patients from infection with COVID-19 and a consecutive delayed hospital admission and diagnosis. A critical delay in time-to-diagnosis and time-to-intervention may be a result of changes in in-hospital logistics and operating room as well as intensive care capacities. Both reflect the potentially harmful impact of SARS-CoV-2 pandemic on emergency surgery services