1,789 research outputs found
Timing Sensitive Dependency Analysis and its Application to Software Security
Ich prÀsentiere neue Verfahren zur statischen Analyse von
AusfĂŒhrungszeit-sensitiver Informationsflusskontrolle in Softwaresystemen.
Ich wende diese Verfahren an zur Analyse nebenlÀufiger Java
Programme, sowie zur Analyse von AusfĂŒhrungszeit-SeitenkanĂ€len in
Implementierungen kryptographischer Primitive.
Methoden der Informationsflusskontrolle zielen darauf ab, Fluss von
Informationen (z.B.: zwischen verschiedenen externen Schnittstellen
einer Software-Komponente) anhand expliziter Richtlinien einzuschrÀnken.
Solche Methoden können daher zur Einhaltung sowohl
von Vertraulichkeit als auch IntegritÀt eingesetzt werden. Der Ziel korrekter
statischer Programmanalysen in diesem Umfeld ist der Nachweis,
dass in allen AusfĂŒhrungen eines gegebenen Programms die zugehörigen
Richtlinien eingehalten werden. Ein solcher Nachweis erfordert
ein Sicherheitskriterium, welches formalisiert, unter welchen
Bedingungen dies der Fall ist.
Jedem formalen Sicherheitskriterium entspricht implizit ein
Programm- und Angreifermodell. Einfachste Nichtinterferenz-Kriterien
beschreiben beispielsweise nur nicht-interaktive Programme. Dies
sind Programme die nur bei Beginn und Ende der AusfĂŒhrung Ein- und
Ausgaben erlauben. Im zugehörigen Angreifer-Modell kennt der
Angreifer das Programm, aber beobachtet nur bestimmte (öffentliche)
Aus- und Eingaben oder stellt diese bereit. Ein Programm ist nichtinterferent,
wenn der Angreifer aus seinen Beobachtungen keinerlei
RĂŒckschlĂŒsse auf geheime Aus- und Eingaben terminierender AusfĂŒhrungen
machen kann. Aus nicht-terminierenden AusfĂŒhrungen
hingegen sind dem Angreifer in diesem Modell Schlussfolgerungen
auf geheime Eingaben erlaubt.
SeitenkanÀle entstehen, wenn einem Angreifer aus Beobachtungen realer
Systeme RĂŒckschlĂŒsse auf vertrauliche Informationen ziehen kann,
welche im formalen Modell unmöglich sind. Typische SeitenkanÀle
(also: in vielen formalen Sicherheitskriterien unmodelliert) sind neben
Nichttermination beispielsweise auch Energieverbrauch und die AusfĂŒhrungszeit
von Programmen. HĂ€ngt diese von geheimen Eingaben
ab, so kann ein Angreifer aus der beobachteten AusfĂŒhrungszeit auf
die Eingabe (z.B.: auf den Wert einzelner geheimer Parameter) schlieĂen.
In meiner Dissertation prÀsentiere ich neue AbhÀngigkeitsanalysen,
die auch Nichtterminations- und AusfĂŒhrungszeitkanĂ€le berĂŒcksichtigen.
In Hinblick auf NichtterminationskanÀle stelle ich neue Verfahren
zur Berechnung von Programm-AbhÀngigkeiten vor. Hierzu entwickle
ich ein vereinheitlichendes Rahmenwerk, in welchem sowohl
Nichttermination-sensitive als auch Nichttermination-insensitive AbhÀngigkeiten
aus zueinander dualen Postdominanz-Begriffen resultieren.
FĂŒr AusfĂŒhrungszeitkanĂ€le entwickle ich neue AbhĂ€ngigkeitsbegriffe
und dazugehörige Verfahren zu deren Berechnung. In zwei Anwendungen
untermauere ich die These:
AusfĂŒhrungszeit-sensitive AbhĂ€ngigkeiten ermöglichen korrekte statische
Informationsfluss-Analyse unter BerĂŒcksichtigung von AusfĂŒhrungszeitkanĂ€len.
Basierend auf AusfĂŒhrungszeit-sensitiven AbhĂ€ngigkeiten entwerfe
ich hierfĂŒr neue Analysen fĂŒr nebenlĂ€ufige Programme.
AusfĂŒhrungszeit-sensitive AbhĂ€ngigkeiten sind dort selbst fĂŒr
AusfĂŒhrungszeit-insensitive Angreifermodelle relevant, da dort interne
AusfĂŒhrungszeitkanĂ€le zwischen unterschiedlichen AusfĂŒhrungsfĂ€den
extern beobachtbar sein können. Meine Implementierung fĂŒr
nebenlÀufige Java Programme basiert auf auf dem Programmanalyse-
System JOANA.
AuĂerdem prĂ€sentiere ich neue Analysen fĂŒr AusfĂŒhrungszeitkanĂ€le
aufgrund mikro-architektureller AbhÀngigkeiten. Exemplarisch untersuche
ich Implementierungen von AES256 BlockverschlĂŒsselung. Bei einigen
Implementierungen fĂŒhren Daten-Caches dazu, dass die AusfĂŒhrungszeit
abhĂ€ngt von SchlĂŒssel und Geheimtext, wodurch diese
aus der AusfĂŒhrungszeit inferierbar sind. FĂŒr andere Implementierungen
weist meine automatische statische Analyse (unter Annahme
einer einfachen konkreten Cache-Mikroarchitektur) die Abwesenheit
solcher KanÀle nach
On Time-sensitive Control Dependencies
We present efficient algorithms for time-sensitive control dependencies (CDs). If statement y is time-sensitively control dependent on statement x, then x decides not only whether y is executed but also how many timesteps after x. If y is not standard control dependent on x, but time-sensitively control dependent, then y will always be executed after x, but the execution time between x and y varies. This allows us to discover, e.g., timing leaks in security-critical software.
We systematically develop properties and algorithms for time-sensitive CDs, as well as for nontermination-sensitive CDs. These work not only for standard control flow graphs (CFGs) but also for CFGs lacking a unique exit node (e.g., reactive systems). We show that Cytronâs efficient algorithm for dominance frontiers [10] can be generalized to allow efficient computation not just of classical CDs but also of time-sensitive and nontermination-sensitive CDs. We then use time-sensitive CDs and time-sensitive slicing to discover cache timing leaks in an AES implementation. Performance measurements demonstrate scalability of the approach
Analysis of Kapitza-Dirac diffraction patterns beyond the Raman-Nath regime
We study Kapitza-Dirac diffraction of a Bose-Einstein condensate from a
standing light wave for a square pulse with variable pulse length but constant
pulse area. We find that for sufficiently weak pulses, the usual analytical
short-pulse prediction for the Raman-Nath regime continues to hold for longer
times, albeit with a reduction of the apparent modulation depth of the standing
wave. We quantitatively relate this effect to the Fourier width of the pulse,
and draw analogies to the Rabi dynamics of a coupled two-state system. Our
findings, combined with numerical modeling for stronger pulses, are of
practical interest for the calibration of optical lattices in ultracold atomic
systems
Fractal Conductance Fluctuations in Gold--Nanowires
A detailed analysis of magneto-conductance fluctuations of quasiballistic
gold-nanowires of various lengths is presented. We find that the variance
when analyzed for much
smaller than the correlation field varies according to with indicating that the graph of
vs. is fractal. We attribute this behavior to the existence of
long-lived states arising from chaotic trajectories trapped close to regular
classical orbits. We find that decreases with increasing length of the
wires.Comment: 5 pages, Revtex with epsf, 4 Postscript figures, final version
accepted as Phys. Rev. Let
Integration of all FSSIM components within SEAMLESS-IF and a stand alone Graphical User Interface for FSSIM
Agricultural and Food Policy, Environmental Economics and Policy, Farm Management, Land Economics/Use,
Harsh discipline relates to internalizing problems and cognitive functioning: findings from a cross-sectional study with school children in Tanzania
Background: Child maltreatment poses a risk to children and adolescentsâ mental health and may also affect cognitive functioning. Also harsh discipline has been frequently associated with mental health problems. However, within societies in which harsh disciplinary methods are culturally normed and highly prevalent less is known about the association between harsh punishment, mental health problems, and cognitive functioning. Methods: In a cross-sectional study, we conducted structured clinical interviews with a sample of Tanzanian primary school students assessing exposure to harsh discipline (Maltreatment and Abuse Chronology of Exposure), internalizing problems (Strength and Difficulties Questionnaire, Childrenâs Depression Inventory), and working memory (Corsi Blocktapping Task). School performance was measured by using the exam grades in 4 core subjects. The 409 children (52 % boys) had a mean age of 10.5 years (range: 6 â 15). Results: Using structural equation modeling, a strong relationship was found between harsh discipline and internalizing problems (ÎČ = .47), which were related to lower working memory capacity (ÎČ = â.17) and school performance (ÎČ = â.17). Conclusions: The present study suggests that harsh discipline is closely linked to childrenâs internalizing mental health problems, which are in turn associated with lower cognitive functioning and school performance. Given the high rates of harsh discipline experienced by children in East African homes and elsewhere, the findings of the present study emphasize the need to inform the population at large about the potentially adverse consequences associated with harsh discipline. Electronic supplementary material The online version of this article (doi:10.1186/s12888-016-0828-3) contains supplementary material, which is available to authorized users
Membrane remodelling triggers maturation of excitationâcontraction coupling in 3D-shaped human-induced pluripotent stem cell-derived cardiomyocytes
The prospective use of human-induced pluripotent stem cell-derived cardiomyocytes (hiPSC-CM) for cardiac regenerative medicine strongly depends on the electro-mechanical properties of these cells, especially regarding the Ca-dependent excitationâcontraction (EC) coupling mechanism. Currently, the immature structural and functional features of hiPSC-CM limit the progression towards clinical applications. Here, we show that a specific microarchitecture is essential for functional maturation of hiPSC-CM. Structural remodelling towards a cuboid cell shape and induction of BIN1, a facilitator of membrane invaginations, lead to transverse (t)-tubule-like structures. This transformation brings two Ca channels critical for EC coupling in close proximity, the L-type Ca channel at the sarcolemma and the ryanodine receptor at the sarcoplasmic reticulum. Consequently, the Ca-dependent functional interaction of these channels becomes more efficient, leading to improved spatio-temporal synchronisation of Ca transients and higher EC coupling gain. Thus, functional maturation of hiPSC-cardiomyocytes by optimised cell microarchitecture needs to be considered for future cardiac regenerative approaches
Impact of the SARS-CoV-2 pandemic on emergency surgery services-a multi-national survey among WSES members
Background: The SARS-CoV-2 pandemic is a major challenge for health care services worldwide. It's impact on oncologic therapies and elective surgery has been described recently, and the literature provides guidelines regarding appropriate elective patient treatment during the pandemic. However, the impact of SARS-CoV-2 pandemic on emergency surgery services has been poorly investigated up to now.
Methods: A 17-item web survey had been distributed to emergency surgeons in June 2020 around the world, investigating the impact of SARS-CoV-2 pandemic on patients and septic diseases both requiring emergency surgery and the time-to-intervention in emergency surgery routine, as well as experiences with surgery in COVID-19 patients.
Results: Ninety-eight collaborators from 31 countries responded to the survey. The majority (65.3%) estimated the impact of the SARS-CoV-2 pandemic on emergency surgical patient care as being strong or very strong. Due to the pandemic, 87.8% reported a decrease in the total number of patients undergoing emergency surgery and approximately 25% estimated a delay of more than 2 h in the time-to-diagnosis and another 2 h in the time-to-intervention. Fifty percent make structural problems with in-hospital logistics (e.g. transport of patients, closed normal wards etc.) mainly responsible for delayed emergency surgery and the frequent need (56.1%) for a triage of emergency surgical patients. 56.1% of the collaborators observed more severe septic abdominal diseases during the pandemic, especially for perforated appendicitis and severe septic cholecystitis (41.8% and 40.2%, respectively). 62.2% had experiences with surgery in COVID-19-infected patients.
Conclusions: The results of The WSES COVID-19 emergency surgery survey are alarming. The combination of an estimated decrease in numbers of emergency surgical patients and an observed increase in more severe septic diseases may be a result of the fear of patients from infection with COVID-19 and a consecutive delayed hospital admission and diagnosis. A critical delay in time-to-diagnosis and time-to-intervention may be a result of changes in in-hospital logistics and operating room as well as intensive care capacities. Both reflect the potentially harmful impact of SARS-CoV-2 pandemic on emergency surgery services
- âŠ