A Characterization of Undirected Graphs Admitting Optimal Cost Shares

In a seminal paper, Chen, Roughgarden and Valiant studied cost sharing protocols for network design with the objective to implement a low-cost Steiner forest as a Nash equilibrium of an induced cost-sharing game. One of the most intriguing open problems to date is to understand the power of budget-balanced and separable cost sharing protocols in order to induce low-cost Steiner forests. In this work, we focus on undirected networks and analyze topological properties of the underlying graph so that an optimal Steiner forest can be implemented as a Nash equilibrium (by some separable cost sharing protocol) independent of the edge costs. We term a graph efficient if the above stated property holds. As our main result, we give a complete characterization of efficient undirected graphs for two-player network design games: an undirected graph is efficient if and only if it does not contain (at least) one out of few forbidden subgraphs. Our characterization implies that several graph classes are efficient: generalized series-parallel graphs, fan and wheel graphs and graphs with small cycles.Comment: 60 pages, 69 figures, OR 2017 Berlin, WINE 2017 Bangalor

Harzer Roller: Linker-Based Instrumentation for Enhanced Embedded Security Testing

Due to the rise of the Internet of Things, there are many new chips and platforms available for hobbyists and industry alike to build smart devices. The SDKs for these new platforms usually include closed-source binaries containing wireless protocol implementations, cryptographic implementations, or other library functions, which are shared among all user code across the platform. Leveraging such a library vulnerability has a high impact on a given platform. However, as these platforms are often shipped ready-to-use, classic debug infrastructure like JTAG is often times not available. In this paper, we present a method, called Harzer Roller, to enhance embedded firmware security testing on resource-constrained devices. With the Harzer Roller, we hook instrumentation code into function call and return. The hooking not only applies to the user application code but to the SDK used to build firmware as well. While we keep the design of the Harzer Rollergenerally architecture independent, we provide an implementation for the ESP8266 Wi-Fi IoT chip based on the xtensa architecture. We show that the Harzer Roller can be leveraged to trace execution flow through libraries without available source code and to detect stack-based buffer-overflows. Additionally, we showcase how the overflow detection can be used to dump debugging information for later analysis. This enables better usage of a variety of software security testing methods like fuzzing of wireless protocol implementations or proof-of-concept attack development.Comment: 9 Pages, 7 Figures, ROOTS'1

A Mott-Schottky Analysis of Mesoporous Silicon in Aqueous Electrolyte by Electrochemical Impedance Spectroscopy

Nanoporosity in silicon leads to completely new functionalities of this mainstream semiconductor. In recent years, it has been shown that filling the pores with aqueous electrolytes in addition opens a particularly wide field for modifying and achieving active control of these functionalities, e.g., for electrochemo-mechanical actuation and tunable photonics, or for the design of on-chip supercapacitors. However, a mechanistic understanding of these new features has been hampered by the lack of a detailed characterization of the electrochemical behavior of mesoporous silicon in aqueous electrolytes. Here, the capacitive, potential-controlled charging of the electrical double layer in a mesoporous silicon electrode (pore diameter $7\,\mathrm{nm}$) imbibed with perchloric acid solution is studied by electrochemical impedance spectroscopy. Thorough measurements with detailed explanations of the observed phenomena lead to a comprehensive understanding of the capacitive properties of porous silicon. An analysis based on the Mott-Schottky equation allows general conclusions to be drawn about the state of the band structure within the pore walls. Essential parameters such as the flat band potential, the doping density and the width of the space charge region can be determined. A comparison with bulk silicon shows that the flat band potential in particular is significantly altered by the introduction of nanopores, as it shifts from $1.4\pm0.1\,\mathrm{V}$ to $1.9\pm0.2\,\mathrm{V}$. Overall, this study provides a unique insight into the electrochemical processes, especially the electrical double layer charging, of nanoporous semiconductor electrodes.Comment: 5 pages, 3 figure

Wafer-Scale Electroactive Nanoporous Silicon: Large and Fully Reversible Electrochemo-Mechanical Actuation in Aqueous Electrolytes

Nanoporosity in silicon results in an interface-dominated mechanics, fluidics and photonics that are often superior to the ones of the bulk material. However, their active control, e.g. as a response to electronic stimuli, is challenging due to the absence of intrinsic piezoelectricity in the base material. Here, for large-scale nanoporous silicon cantilevers wetted by aqueous electrolytes, we show electrosorption-induced mechanical stress generation of up to 600 kPa that is reversible and adjustable at will by electrical potential variations of approximately 1 V. Laser cantilever bending experiments in combination with in-operando cyclic voltammetry and step-coulombmetry allow us to quantitatively trace this large electro-actuation to the concerted action of 100 billions of parallel nanopores per square centimeter cross section and to determine the capacitive charge-stress coupling parameter upon ion ad- and desorption as well as the intimately related stress actuation dynamics for perchloric and isotonic saline solutions. A comparison with planar silicon surfaces reveals mechanistic insights on the observed electrocapillarity (electrostatic Hellmann-Feynman interactions) with respect to the importance of oxide formation and pore-wall roughness on the single-nanopore scale. The observation of robust electrochemo-mechanical actuation in a mainstream semiconductor with wafer-scale, self-organized nanoporosity opens up entirely novel opportunities for on-chip integrated stress generation and actuorics at exceptionally low operation voltages.Comment: 14 pages, 5 figures, supplementary information available as ancillary fil

A fourth–order derivation for smoothed particle hydrodynamics to model thermodynamically–based phase decomposition

Phase decomposition and phase separation play important roles in the preparation of precipitation membranes. Phase decomposition is a diffusion–controlled process on a short time scale. Phase separation is a convection–controlled process on a long time scale. It is necessary to describe the coarsening dynamics of different time scales in only one model, to simulate the complete preparation process of precipitation membranes. In a first step, we will present a Smoothed Particle Hydrodynamics (SPH) model to describe diffusion–controlled phase decomposition. Therefore, an approximation for the fourth–order derivation for SPH is introduced and validated with a power law for coarsening dynamics. Finally, we will present the results of pseudo–binary phase decomposition of the preparation process for polymer membranes

Outcome prediction in mathematical models of immune response to infection

Clinicians need to predict patient outcomes with high accuracy as early as possible after disease inception. In this manuscript, we show that patient-to-patient variability sets a fundamental limit on outcome prediction accuracy for a general class of mathematical models for the immune response to infection. However, accuracy can be increased at the expense of delayed prognosis. We investigate several systems of ordinary differential equations (ODEs) that model the host immune response to a pathogen load. Advantages of systems of ODEs for investigating the immune response to infection include the ability to collect data on large numbers of `virtual patients', each with a given set of model parameters, and obtain many time points during the course of the infection. We implement patient-to-patient variability $v$ in the ODE models by randomly selecting the model parameters from Gaussian distributions with variance $v$ that are centered on physiological values. We use logistic regression with one-versus-all classification to predict the discrete steady-state outcomes of the system. We find that the prediction algorithm achieves near $100\%$ accuracy for $v=0$, and the accuracy decreases with increasing $v$ for all ODE models studied. The fact that multiple steady-state outcomes can be obtained for a given initial condition, i.e. the basins of attraction overlap in the space of initial conditions, limits the prediction accuracy for $v>0$. Increasing the elapsed time of the variables used to train and test the classifier, increases the prediction accuracy, while adding explicit external noise to the ODE models decreases the prediction accuracy. Our results quantify the competition between early prognosis and high prediction accuracy that is frequently encountered by clinicians.Comment: 14 pages, 7 figure

The finite sample performance of semi- and nonparametric estimators for treatment effects and policy evaluation

This paper investigates the fi nite sample performance of a comprehensive set of semi- and nonparametric estimators for treatment and policy evaluation. In contrast to previous simulation studies which mostly considered semiparametric approaches relying on parametric propensity score estimation, we also consider more fl exible approaches based on semi- or nonparametric propensity scores, nonparametric regression, and direct covariate matching. In addition to (pair, radius, and kernel) matching, inverse probability weighting, regression, and doubly robust estimation, our studies also cover recently proposed estimators such as genetic matching, entropy balancing, and empirical likelihood estimation. We vary a range of features (sample size, selection into treatment, effect heterogeneity, and correct/misspecification) in our simulations and fi nd that several nonparametric estimators by and large outperform commonly used treatment estimators using a parametric propensity score. Nonparametric regression, nonparametric doubly robust estimation, nonparametric IPW, and one-to-many covariate matching perform best

Extracting Secrets from Encrypted Virtual Machines

AMD SEV is a hardware extension for main memory encryption on multi-tenant systems. SEV uses an on-chip coprocessor, the AMD Secure Processor, to transparently encrypt virtual machine memory with individual, ephemeral keys never leaving the coprocessor. The goal is to protect the confidentiality of the tenants' memory from a malicious or compromised hypervisor and from memory attacks, for instance via cold boot or DMA. The SEVered attack has shown that it is nevertheless possible for a hypervisor to extract memory in plaintext from SEV-encrypted virtual machines without access to their encryption keys. However, the encryption impedes traditional virtual machine introspection techniques from locating secrets in memory prior to extraction. This can require the extraction of large amounts of memory to retrieve specific secrets and thus result in a time-consuming, obvious attack. We present an approach that allows a malicious hypervisor quick identification and theft of secrets, such as TLS, SSH or FDE keys, from encrypted virtual machines on current SEV hardware. We first observe activities of a virtual machine from within the hypervisor in order to infer the memory regions most likely to contain the secrets. Then, we systematically extract those memory regions and analyze their contents on-the-fly. This allows for the efficient retrieval of targeted secrets, strongly increasing the chances of a fast, robust and stealthy theft.Comment: Accepted for publication at CODASPY 201