Equation of state and elastic properties of face-centered-cubic FeMg alloy at ultrahigh pressures from first-principles

We have calculated the equation of state and elastic properties of face-centered cubic Fe and Fe-rich FeMg alloy at ultrahigh pressures from first principles using the Exact Muffin-Tin Orbitals method. The results show that adding Mg into Fe influences strongly the equation of state, and cause a large degree of softening of the elastic constants, even at concentrations as small as 1-2 at. %. Moreover, the elastic anisotropy increases, and the effect is higher at higher pressures.Comment: 6 figure

First-Principles Study of Elastic Properties of Fe-Mg alloy at Earth’s core pressure

The purpose of this thesis has been to investigate the elastic properties of an fcc FeMg alloy with 10 at.% magnesium under high pressure. Recent research has shown that magnesium can be a possible candidate for light element impurities in the Earth’s inner core, something that was previously not considered possible because of the low miscibility of magnesium in iron at ambient pressure. Gaining knowledge about the composition of the Earth’s core can help us better understand such phenomena as seismic activity and the fluctuations of the Earth’s magnetic field. The elastic constants of the FeMg alloy was calculated using ab-initio methods based on Density Functional Theory. The Exact Muffin-Tin Orbitals method was used in conjunction with the Coherent Potential Approximation. The FeMg alloy was found to be overall considerably softer than pure iron, and the softening effect on the elastic constants was also found to increase with pressure. The results also showed that 10% Mg alloying increased the anisotropy with about 40% compared to pure iron

Development of a prototype taint tracing tool for security and other purposes

In recent years there has been an increasing interest in dynamic taint tracing of compiled software as a powerful analysis method for security and other purposes. Most existing approaches are highly application specific and tends to sacrifice precision in favor of performance. In this thesis project a generic taint tracing tool has been developed that can deliver high precision taint information. By allowing an arbitrary number of taint labels to be stored for every tainted byte, accurate taint propagation can be achieved for values that are derived from multiple input bytes. The tool has been developed for x86 Linux systems using the dynamic binary instrumentation framework Valgrind. The basic theory of taint tracing and multi-label taint propagation is discussed, as well as the main concepts of implementing a taint tracing tool using dynamic binary instrumentation. The impact of multi-label taint propagation on performance and precision is evaluated. While multi-label taint propagation has a considerable impact on performance, experiments carried out using the tool show that large amounts of taint information is lost with approximate methods using only one label per tainted byte

Utveckling av ett active vision system för demonstration av EDSDK++ i tillämpningar inom datorseende

Datorseende är ett snabbt växande, tvärvetenskapligt forskningsområde vars tillämpningar tar en allt mer framskjutande roll i dagens samhälle. Med ett ökat intresse för datorseende ökar också behovet av att kunna kontrollera kameror kopplade till datorseende system. Vid Linköpings tekniska högskola, på avdelningen för datorseende, har ramverket EDSDK++ utvecklats för att fjärrstyra digitala kameror tillverkade av Canon Inc. Ramverket är mycket omfattande och innehåller en stor mängd funktioner och inställningsalternativ. Systemet är därför till stor del ännu relativt oprövat. Detta examensarbete syftar till att utveckla ett demonstratorsystem till EDSDK++ i form av ett enkelt active vision system, som med hjälp av ansiktsdetektion i realtid styr en kameratilt, samt en kamera monterad på tilten, till att följa, zooma in och fokusera på ett ansikte eller en grupp av ansikten. Ett krav var att programbiblioteket OpenCV skulle användas för ansiktsdetektionen och att EDSDK++ skulle användas för att kontrollera kameran. Dessutom skulle ett API för att kontrollera kameratilten utvecklas. Under utvecklingsarbetet undersöktes bl.a. olika metoder för ansiktsdetektion. För att förbättra prestandan användes multipla ansiktsdetektorer, som med hjälp av multitrådning avsöker en bild parallellt från olika vinklar. Såväl experimentella som teoretiska ansatser gjordes för att bestämma de parametrar som behövdes för att kunna reglera kamera och kameratilt. Resultatet av arbetet blev en demonstrator, som uppfyllde samtliga krav.Computer vision is a rapidly growing, interdisciplinary field whose applications are taking an increasingly prominent role in today's society. With an increased interest in computer vision there is also an increasing need to be able to control cameras connected to computer vision systems. At the division of computer vision, at Linköping University, the framework EDSDK++ has been developed to remotely control digital cameras made by Canon Inc. The framework is very comprehensive and contains a large amount of features and configuration options. The system is therefore largely still relatively untested. This thesis aims to develop a demonstrator to EDSDK++ in the form of a simple active vision system, which utilizes real-time face detection in order to control a camera tilt, and a camera mounted on the tilt, to follow, zoom in and focus on a face or a group of faces. A requirement was that the OpenCV library would be used for face detection and EDSDK++ would be used to control the camera. Moreover, an API to control the camera tilt was to be developed. During development, different methods for face detection were investigated. In order to improve performance, multiple, parallel face detectors using multithreading, were used to scan an image from different angles. Both experimental and theoretical approaches were made to determine the parameters needed to control the camera and camera tilt. The project resulted in a fully functional demonstrator, which fulfilled all requirements

Scalable Dynamic Analysis of Binary Code

In recent years, binary code analysis, i.e., applying program analysis directly at the machine code level, has become an increasingly important topic of study. This is driven to a large extent by the information security community, where security auditing of closed-source software and analysis of malware are important applications. Since most of the high-level semantics of the original source code are lost upon compilation to executable code, static analysis is intractable for, e.g., fine-grained information flow analysis of binary code. Dynamic analysis, however, does not suffer in the same way from reduced accuracy in the absence of high-level semantics, and is therefore also more readily applicable to binary code. Since fine-grained dynamic analysis often requires recording detailed information about every instruction execution, scalability can become a significant challenge. In this thesis, we address the scalability challenges of two powerful dynamic analysis methods whose widespread use has, so far, been impeded by their lack of scalability: dynamic slicing and instruction trace alignment. Dynamic slicing provides fine-grained information about dependencies between individual instructions, and can be used both as a powerful debugging aid and as a foundation for other dynamic analysis techniques. Instruction trace alignment provides a means for comparing executions of two similar programs and has important applications in, e.g., malware analysis, security auditing, and plagiarism detection. We also apply our work on scalable dynamic analysis in two novel approaches to improve fuzzing — a popular random testing technique that is widely used in industry to discover security vulnerabilities. To use dynamic slicing, detailed information about a program execution must first be recorded. Since the amount of information is often too large to fit in main memory, existing dynamic slicing methods apply various time-versus-space trade-offs to reduce memory requirements. However, these trade-offs result in very high time overheads, limiting the usefulness of dynamic slicing in practice. In this thesis, we show that the speed of dynamic slicing can be greatly improved by carefully designing data structures and algorithms to exploit temporal locality of programs. This allows avoidance of the expensive trade-offs used in earlier methods by accessing recorded runtime information directly from secondary storage without significant random-access overhead. In addition to being a standalone contribution, scalable dynamic slicing also forms integral parts of our contributions to fuzzing. Our first contribution uses dynamic slicing and binary code mutation to automatically turn an existing executable into a test generator. In our experiments, this new approach to fuzzing achieved about an order of magnitude better code coverage than traditional mutational fuzzing and found several bugs in popular Linux software. The second work on fuzzing presented in this thesis uses dynamic slicing to accelerate the state-of-the-art fuzzer AFL by focusing the fuzzing effort on previously unexplored parts of the input space. For the second dynamic analysis technique whose scalability we sought to improve — instruction trace alignment — we employed techniques used in speech recognition and information retrieval to design what is, to the best of our knowledge, the first general approach to aligning realistically long program traces. We show in our experiments that this method is capable of producing meaningful alignments even in the presence of significant syntactic differences stemming from, for example, the use of different compilers or optimization levels

Integrering av 3D-fysikmotor i simuleringsramverk för telekrigdueller

Syftet med det här arbetet har varit att välja ut och integrera en lämplig fysikmotor med öppen källkod i simuleringsprogramvaran EWSim på Totalförsvarets Forskningsinstitut (FOI). EWSim är ett ramverk för duellsimulering i olika telekrigsscenarier. Teorin bakom fysikmotorer och några vanliga tekniker för fysiksimulering har beskrivits kortfattat. Tre fysikmotorer har presenterats och utvärderats med avseende på lämplighet för integrering i EWSim. Fysikmotorn Bullet valdes ut och integrerades i simuleringsprogramvaran. En av de huvudsakliga slutsatserna av arbetet är att fysikmotorer som Bullet mest kan bidra med ökad visuell realism i EWSim. För att återskapa verkliga egenskaper hos exempelvis simulerade fordon med hjälp av fysikmotorn skulle förhållandevis mycket ytterligare arbete krävas

Android decompiler performance on benign and malicious apps: an empirical study

Decompilers are indispensable tools in Android malware analysis and app security auditing. Numerous academic works also employ an Android decompiler as the first step in a program analysis pipeline. In such settings, decompilation is frequently regarded as a "solved" problem, in that it is simply expected that source code can be accurately recovered from an app. On the other hand, it is known that, e.g, obfuscation can negatively impact a decompilers effectiveness. Therefore, in order to better understand potential failure modes of, e.g., automated analysis pipelines involving decompilation, it is important to characterize the performance of decompilers on both benign and malicious apps. To this end, we have performed what is, to the best of our knowledge, the first large-scale study of Android decompilation failure rates, using three sets of apps; namely, 3,018 open-source apps, 13,601 apps crawled from Google Play, and an existing collection of 24,553 malware samples. In addition to the state-of-the-art Dalvik bytecode decompiler Jadx, we also studied the performance of three popular Java decompilers. Furthermore, this paper also presents the findings from a follow-up study on 54,945 malware apps, where we additionally performed an analysis of the reasons for decompilation failures. Our study revealed that decompilers generally have very low failure rates, and that few failures on benign apps appear to be related to obfuscation. On malware, however, obfuscation appears to be a more prominent cause of failures, although the vast majority of malicious apps could still be fully decompiled by an ensemble of decompilers.Funding Agencies|Swedish Graduate School in Computer Science (CUGS); Excellence Center at Linkoeping - Lund in Information Technology (ELLIIT)</p

desync-cc: A research tool for automatically applying disassembly desynchronization during compilation

Code obfuscation is an important topic, both in terms of defense, when trying to prevent intellectual property theft, and from the offensive point of view, when trying to break obfuscation used in malware. Several recent works have discussed techniques for preventing or delaying reverse engineering of binaries. While most works focus on methods that obscure program logic, the complimentary approach of disassembly desynchronizationhas received relatively little attention, despite being often used by, for example, malware authors. The technique puts another hurdle in the way of attackers by targeting the most fundamental step of the reverse-engineering process: recovering assembly code from a program binary. In the interest of furthering research into this kind of obfuscation, we present desync-cc, a tool for automatic application of disassembly desynchronization. To facilitate maximal ease-of-use, the tool is designed as a drop-in replacement for gcc, and works by intercepting and modifying intermediate assembly-code during compilation. (c) 2023 The Authors. Published by Elsevier B.V