Development of a Translator from LLVM to ACL2

In our current work a library of formally verified software components is to be created, and assembled, using the Low-Level Virtual Machine (LLVM) intermediate form, into subsystems whose top-level assurance relies on the assurance of the individual components. We have thus undertaken a project to build a translator from LLVM to the applicative subset of Common Lisp accepted by the ACL2 theorem prover. Our translator produces executable ACL2 formal models, allowing us to both prove theorems about the translated models as well as validate those models by testing. The resulting models can be translated and certified without user intervention, even for code with loops, thanks to the use of the def::ung macro which allows us to defer the question of termination. Initial measurements of concrete execution for translated LLVM functions indicate that performance is nearly 2.4 million LLVM instructions per second on a typical laptop computer. In this paper we overview the translation process and illustrate the translator's capabilities by way of a concrete example, including both a functional correctness theorem as well as a validation test for that example.Comment: In Proceedings ACL2 2014, arXiv:1406.123

Attentional Bias And Training In Individuals With High Dental Anxiety

Dental anxiety is common and associated with negative outcomes. According to information-processing models, anxiety is maintained by maladaptive patterns of processing threatening information. Furthermore, attention training interventions can reduce anxiety in one session. Fifty-three individuals with high levels of dental anxiety completed a Posner reaction-time task. Participants were randomized to attention training or control using a dot-probe task, and then attentional bias was remeasured using another Posner task. Participants then completed a script-driven imaginal exposure task. Results indicated that individuals high in dental anxiety exhibit threat-relevant attentional bias. There was mixed evidence about the efficacy of attention training. On the one hand, training did not eliminate attentional bias and training condition did not predict distress during the imagery task. On the other hand, cue dependency scores in the control group were higher for dental than neutral cues, but did not differ in the training group. In addition, cue dependency scores for both dental and neutral cues predicted subjective anxiety in anticipation of the imagery task. The mixed results of training are considered in terms of the possibility that it enhanced attentional control, rather than reducing bias

Analyzing the Great Firewall of China over space and time

Abstract: A nation-scale firewall, colloquially referred to as the "Great Firewall of China," implements many different types of censorship and content filtering to control China's Internet traffic. Past work has shown that the firewall occasionally fails. In other words, sometimes clients in China are able to reach blacklisted servers outside of China. This phenomenon has not yet been characterized because it is infeasible to find a large and geographically diverse set of clients in China from which to test connectivity. In this paper, we overcome this challenge by using a hybrid idle scan technique that is able to measure connectivity between a remote client and an arbitrary server, neither of which are under the control of the researcher performing measurements. In addition to hybrid idle scans, we present and employ a novel side channel in the Linux kernel's SYN backlog. We show that both techniques are practical by measuring the reachability of the Tor network which is known to be blocked in China. Our measurements reveal that failures in the firewall occur throughout the entire country without any conspicuous geographical patterns. We give some evidence that routing plays a role, but other factors (such as how the GFW maintains its list of IP/port pairs to block) may also be important

OpenVPN is Open to VPN Fingerprinting

VPN adoption has seen steady growth over the past decade due to increased public awareness of privacy and surveillance threats. In response, certain governments are attempting to restrict VPN access by identifying connections using "dual use" DPI technology. To investigate the potential for VPN blocking, we develop mechanisms for accurately fingerprinting connections using OpenVPN, the most popular protocol for commercial VPN services. We identify three fingerprints based on protocol features such as byte pattern, packet size, and server response. Playing the role of an attacker who controls the network, we design a two-phase framework that performs passive fingerprinting and active probing in sequence. We evaluate our framework in partnership with a million-user ISP and find that we identify over 85% of OpenVPN flows with only negligible false positives, suggesting that OpenVPN-based services can be effectively blocked with little collateral damage. Although some commercial VPNs implement countermeasures to avoid detection, our framework successfully identified connections to 34 out of 41 "obfuscated" VPN configurations. We discuss the implications of the VPN fingerprintability for different threat models and propose short-term defenses. In the longer term, we urge commercial VPN providers to be more transparent about their obfuscation approaches and to adopt more principled detection countermeasures, such as those developed in censorship circumvention research.Comment: In: USENIX Security Symposium 2022 (USENIX Security '22

Effects of Thresholding on Voxel-Wise Correspondence of Breath-Hold and Resting-State Maps of Cerebrovascular Reactivity

Functional magnetic resonance imaging for presurgical brain mapping enables neurosurgeons to identify viable tissue near a site of operable pathology which might be at risk of surgery-induced damage. However, focal brain pathology (e.g., tumors) may selectively disrupt neurovascular coupling while leaving the underlying neurons functionally intact. Such neurovascular uncoupling can result in false negatives on brain activation maps thereby compromising their use for surgical planning. One way to detect potential neurovascular uncoupling is to map cerebrovascular reactivity using either an active breath-hold challenge or a passive resting-state scan. The equivalence of these two methods has yet to be fully established, especially at a voxel level of resolution. To quantitatively compare breath-hold and resting-state maps of cerebrovascular reactivity, we first identified threshold settings that optimized coverage of gray matter while minimizing false responses in white matter. When so optimized, the resting-state metric had moderately better gray matter coverage and specificity. We then assessed the spatial correspondence between the two metrics within cortical gray matter, again, across a wide range of thresholds. Optimal spatial correspondence was strongly dependent on threshold settings which if improperly set tended to produce statistically biased maps. When optimized, the two CVR maps did have moderately good correspondence with each other (mean accuracy of 73.6%). Our results show that while the breath-hold and resting-state maps may appear qualitatively similar they are not quantitatively identical at a voxel level of resolution