Theoretical and kinetic modelling study of phenol and phenoxy radical decomposition to CO and C5H6/C5H5 in pyrolysis conditions

Bio-oils from biomass fast-pyrolysis are an economically viable solution to reduce carbon footprint [1]. Lignin-derived bio-oils are a complex mixture of oxygenated species, including phenolic compounds such as phenol, anisole, guaiacol, catechol and vanillin (20-30% in weight) [2]. Hence, an accurate characterization of the pyrolysis and combustion kinetics of phenolic species, starting from phenol, is essential to assess the technical viability of these biooils. Furthermore, phenol plays a key role in the mechanism of oxidation of benzene, a building block of PAHs chemistry, precursors of soot and PM [3]. Finally, substituted phenolic species have recently gained attention for their antiknock properties and are being considered as possible octane boosters [4]. Nevertheless, the kinetics of phenol has not been systematically addressed yet, and the available experimental data are limited. Therefore, a theoretical approach for the prediction of accurate kinetics provides a major contribution to improve the current knowledge. This work investigates with ab initio methods the two main decomposition pathways of phenol: 1) the molecular pathway forming C5H6+CO, and 2) the radical pathway forming C6H5O+H. This latter pathway justifies the additional investigation of the decomposition of phenoxy radical (C6H5O) to CO and cyclopentadienyl (C5H5). For a consistent investigation of phenol kinetics, also the H-abstraction reactions from cyclopentadiene are included. The kinetic constants thus obtained are included in the CRECK kinetic model and validated with experimental data

AppGuard — fine-grained policy enforcement for untrusted android applications

Android’s success makes it a prominent target for malicious software. However, the user has very limited control over security-relevant operations. This work presents AppGuard, a powerful and flexible security system that overcomes these deficiencies. It enforces user-defined security policies on untrusted Android applications without requiring any changes to a smartphone’s firmware, root access, or the like. Finegrained and stateful security policies are expressed in a formal specification language, which also supports secrecy requirements. Our system offers complete mediation of security-relevant methods based on calleesite inline reference monitoring and supports widespread deployment. In the experimental analysis we demonstrate the removal of permissions for overly curious apps as well as how to defend against several recent real-world attacks on Android phones. Our technique exhibits very little space and runtime overhead. The utility of AppGuard has already been demonstrated by more than 1,000,000 downloads

WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive enough to protect web applications from a wide range of protocol implementation bugs and web attacks. We discuss concrete examples of attacks which can be prevented by WPSE on OAuth 2.0 and SAML 2.0, including a novel attack on the Google implementation of SAML 2.0 which we discovered by formalizing the protocol specification in WPSE. Moreover, we use WPSE to carry out an extensive experimental evaluation of OAuth 2.0 in the wild. Out of 90 tested websites, we identify security flaws in 55 websites (61.1%), including new critical vulnerabilities introduced by tracking libraries such as Facebook Pixel, all of which fixable by WPSE. Finally, we show that WPSE works flawlessly on 83 websites (92.2%), with the 7 compatibility issues being caused by custom implementations deviating from the OAuth 2.0 specification, one of which introducing a critical vulnerability

Fiducia e giustizia penale: il percorso di ricerca del Progetto Euro-justis

Between 2008 and 2011, the EURO-JUSTIS project designed and tested new social indicators to measure levels of trust and confidence in justice. The aim of the project was to provide the EU institutions and Member States with a new scientifically validated instrument to collect data on the feelings of trust and confidence of the public opinion in the courts and the police. In a political context that seems to favour populistic approaches and the call for “law and order” , such indicators are precious to collect hard data on the attitudes of public opinion, especially in a comparative perspective. Based upon the assumptions of procedural justice theories, the EURO-JUSTIS consortium designed a set of 45 multiple-choice questions that immediately met the favour of the international community and were then inserted as a module in the V edition of the European Social Survey. This paper briefly outlines the foundational assumptions of the project and describe its main achievements. It also analyses some of the results of the pilot survey performed by the EURO-JUSTIS consortium in some European Countries, including Italy.Dal 2008 al 2011 il progetto EURO-JUSTIS ha elaborato e testato nuovi indicatori per misurare il livello di fiducia dei cittadini nella giustizia. Obiettivo del progetto era quello di dotare gli Stati Membri e la UE di uno strumento idoneo alla raccolta di dati sui sentimenti di fiducia rispetto al lavoro di magistratura e forze dell’ordine. In un contesto politico che privilegia istanze populistiche e il richiamo all’ “allarme sociale”, tali indicatori appaiono preziosi per fornire alle istituzioni alcuni punti fermi, anche in prospettiva comparata. Muovendo dagli assunti della procedural justice, EURO-JUSTIS ha elaborato un questionario di 45 domande a risposta multipla che ha incontrato l’immediato favore d2013-06-12ella comunità internazionale ed è stato inserito nella V edizione della European Social Survey. Questo scritto riassume i fondamenti concettuali della ricerca, ripercorrendone alcuni passaggi e descrivendo i relativi indicatori. Analizza infine alcuni risultati dell’indagine pilota svolta da EURO-JUSTIS in alcuni Paesi europei, tra cui l’Italia

Thora: Atomic and Privacy-Preserving Multi-Channel Updates

Most blockchain-based cryptocurrencies suffer from a heavily limited transaction throughput, which is a barrier to their growing adoption. Payment channel networks (PCNs) are one of the promising solutions to this problem. PCNs reduce the on-chain load of transactions and increase the throughput by processing many payments off-chain. In fact, any two users connected via a path of payment channels (i.e., joint addresses between the two channel end-points) can perform payments, and the underlying blockchain is used only when there is a dispute between users. Unfortunately, payments in PCNs can only be conducted securely along a path, which prevents the design of many interesting applications. Moreover, the most widely used implementation, the Lightning Network in Bitcoin, suffers from a collateral lock time linear in the path length, it is affected by security issues, and it relies on specific scripting features called Hash Timelock Contracts that hinders the applicability of the underlying protocol in other blockchains. In this work, we present Thora, the first Bitcoin-compatible off-chain protocol that enables the atomic update of arbitrary channels (i.e., not necessarily forming a path). This enables the design of a number of new off-chain applications, such as payments across different PCNs sharing the same blockchain, secure and trustless crowdfunding, and channel rebalancing. Our construction requires no specific scripting functionalities other than digital signatures and timelocks, thereby being applicable to a wider range of blockchains. We formally define security and privacy in the Universal Composability framework and show that our cryptographic protocol is a realization thereof. In our performance evaluation, we show that our construction requires only constant collateral, independently from the number of channels, and has only a moderate off-chain communication as well as computation overhead

Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments

Adaptor signatures (AS) are an extension of digital signatures that enable the encoding of a cryptographic hard problem (e.g., discrete logarithm) within the signature itself. An AS scheme ensures that (i) the signature can be created only by the user knowing the solution to the cryptographic problem; (ii) the signature reveals the solution itself; (iii) the signature can be verified with the standard verification algorithm. These properties have made AS a salient building block for many blockchain applications, in particular, off-chain payment systems such as payment-channel networks, payment-channel hubs, atomic swaps or discrete log contracts. Current AS constructions, however, are not secure against adversaries with access to a quantum computer. In this work, we present IAS, a construction for adaptor signatures that relies on standard cryptographic assumptions for isogenies, and builds upon the isogeny-based signature scheme CSI-FiSh. We formally prove the security of IAS against a quantum adversary. We have implemented IAS and our evaluation shows that IAS can be incorporated into current blockchains while requiring $\sim1500$ bytes of storage size on-chain and $\sim140$ milliseconds for digital signature verification. We also show how IAS can be seamlessly leveraged to build post-quantum off-chain payment applications without harming their security and privacy