1,812 research outputs found

    On Challenges in Verifying Trusted Executable Files in Memory Forensics

    Get PDF
    Memory forensics is a fundamental step in any security incident response process, especially in computer systems where malware may be present. Thememory of the system is acquired and then analyzed, looking for facts about the security incident. To remain stealthy and undetected in computer systems, malware are abusing the code signing technology, which helps to establish trust in computer software. Intuitively, a memory forensic analyst can think of code signing as a preliminary step to prioritize the list of processes to analyze. However, amemory dump does not contain an exact copy of an executable file (the file as stored in disk) and thus code signing may be useless in this context. In this paper, we investigate the limitations that memory forensics imposes to the digital signature verification process of Windows PE signed files obtained from a memory dump. These limitations are data incompleteness, data changes caused by relocation, catalog-signed files, and executable file and process inconsistencies. We also discuss solutions to these limitations. Moreover, we have developed a Volatility plugin named sigcheck that recovers executable files from a memory dump and computes its digital signature (if feasible). We tested it on Windows 7 x86 and x64 memory dumps. Our experiments showed that the success rate is low, especially when the memory is acquired from a system that has been running for a long time

    An Evaluation Framework for Comparative Analysis of Generalized Stochastic Petri Net Simulation Techniques

    Get PDF
    Availability of a common, shared benchmark to provide repeatable, quantifiable, and comparable results is an added value for any scientific community. International consortia provide benchmarks in a wide range of domains, being normally used by industry, vendors, and researchers for evaluating their software products. In this regard, a benchmark of untimed Petri net models was developed to be used in a yearly software competition driven by the Petri net community. However, to the best of our knowledge there is not a similar benchmark to evaluate solution techniques for Petri nets with timing extensions. In this paper, we propose an evaluation framework for the comparative analysis of generalized stochastic Petri nets (GSPNs) simulation techniques. Although we focus on simulation techniques, our framework provides a baseline for a comparative analysis of different GSPN solvers (e.g., simulators, numerical solvers, or other techniques). The evaluation framework encompasses a set of 50 GSPN models including test cases and case studies from the literature, and a set of evaluation guidelines for the comparative analysis. In order to show the applicability of the proposed framework, we carry out a comparative analysis of steady-state simulators implemented in three academic software tools, namely, GreatSPN, PeabraiN, and TimeNET. The results allow us to validate the trustfulness of these academic software tools, as well as to point out potential problems and algorithmic optimization opportunities

    Survivability model for security and dependability analysis of a vulnerable critical system

    Get PDF
    This paper aims to analyze transient security and dependability of a vulnerable critical system, under vulnerability-related attack and two reactive defense strategies, from a severe vulnerability announcement until the vulnerability is fully removed from the system. By severe, we mean that the vulnerability-based malware could cause significant damage to the infected system in terms of security and dependability while infecting more and more new vulnerable computer systems. We propose a Markov chain-based survivability model for capturing the vulnerable critical system behaviors during the vulnerability elimination process. A high-level formalism based on Stochastic Reward Nets is applied to automatically generate and solve the survivability model. Survivability metrics are defined to quantify system attributes. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security risk and dependability, but also provide insights on the system investment decision. Numerical experiments are constructed to study the impact of key parameters on system security, dependability and profit

    Long-term hurricane damage effects on tropical forest tree growth and mortality

    Get PDF
    Hurricane winds can have large impacts on forest structure and dynamics. To date, most evaluations of hurricane impacts have focused on short-term responses after a hurricane, often lacked pre-hurricane measurements, and missed responses occurring over longer time scales. Here, we use a long-term data set (1974-2009, 35 years) of tree stems ( >3 cm in diameter at 1.3 m aboveground) in four sites (0.35 ha in total) in montane rain forest (∼1600 m elevation) in Jamaica to investigate the patterns of crown damage in individual stems by Hurricane Gilbert in 1988, and how subsequent growth and mortality were affected by hurricane damage, sprouting, and the incidence of multiple stems. Topographical position on a mountain ridge was the best predictor of crown damage, followed by crown size and species identity. The average diameter growth rate of stems that survived the hurricane was greater than that pre-hurricane for the whole 21-yr post-hurricane period. Growth rates of stems with damaged crowns increased less than those with undamaged crowns; differences in growth rate between damaged and undamaged trees disappeared after 11 years. Hurricanedamaged stems had two to eight times higher mortality than undamaged stems for 19 years post hurricane. Many stems sprouted shortly after the hurricane, but few sprouts managed to establish (grow to >3 cm diameter at breast height). However, sprouting and multi-stemming were associated with reduced mortality rate, particularly in damaged trees. From an initial population of 1670 stems in 1974, 54% were still alive in 2009 (21 years after the hurricane). We conclude that despite the high frequency of hurricane damage to tree crowns and the subsequent increased mortality rate in this hurricane-prone tropical montane forest, many stems will be hit and recover from several hurricanes in their lifetimePeer reviewe

    Phylogenetic relationships of the genus Kluyvera: Transfer of Enterobacter intermedius Izard et al. 1980 to the genus Kluyvera as Kluyvera intermedia comb. nov. and reclassification of Kluyvera cochleae as a later synonym of K. intermedia

    Get PDF
    In order to assess the relationship between the genus Kluyvera and other members of the family Enterobacteriaceae, the 16S rRNA genes of type strains of the recognized Kluyvera species, Kluyvera georgiana, Kluyvera cochleae, Kluyvera ascorbata and Kluyvera cryocrescens, were sequenced. A comparative phylogenetic analysis based on these 16S rRNA gene sequences and those available for strains belonging to several genera of the family Enterobacteriaceae showed that members of the genus Kluyvera form a cluster that contains all the known Kluyvera species. However, the type strain of Enterobacter intermedius (ATCC 33110 T ) was included within this cluster in a very close relationship with the type strain of K. cochleae (ATCC 51609 T ). In addition to the phylogenetic evidence, biochemical and DNA-DNA hybridization analyses of species within this cluster indicated that the type strain of E. intermedius is in fact a member of the genus Kluyvera and, within it, of the species Kluyvera cochleae. Therefore, following the current rules for bacterial nomenclature and classification, the transfer of E. intermedius to the genus Kluyvera as Kluyvera intermedia comb. nov. is proposed (type strain, ATCC 33110 T =CIP 79.27 T =LMG 2785 T =CCUG 14183 T ). Biochemical analysis of four E. intermedius strains and one K. cochleae strain independent of the respective type strains further indicated that E. intermedius and K. cochleae represent the same species and are therefore heterotypic synonyms. Nomenclatural priority goes to the oldest legitimate epithet. Consequently, Kluyvera cochleae Müller et al. 1996 is a later synonym of Kluyvera intermedia (Izard et al. 1980) Pavan et al. 2005. © 2005 IUMS.Fil:Gadaleta, P. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales; Argentina

    Quantized Skyrmion Fields in 2+1 Dimensions

    Full text link
    A fully quantized field theory is developped for the skyrmion topological excitations of the O(3) symmetric CP1^1-Nonlinear Sigma Model in 2+1D. The method allows for the obtainment of arbitrary correlation functions of quantum skyrmion fields. The two-point function is evaluated in three different situations: a) the pure theory; b) the case when it is coupled to fermions which are otherwise non-interacting and c) the case when an electromagnetic interaction among the fermions is introduced. The quantum skyrmion mass is explicitly obtained in each case from the large distance behavior of the two-point function and the skyrmion statistics is inferred from an analysis of the phase of this function. The ratio between the quantum and classical skyrmion masses is obtained, confirming the tendency, observed in semiclassical calculations, that quantum effects will decrease the skyrmion mass. A brief discussion of asymptotic skyrmion states, based on the short distance behavior of the two-point function, is also presented.Comment: Accepted for Physical Review

    The need for structured thoracic robotic training: the perspective of an American Association for Thoracic Surgery surgical robotic fellow

    Get PDF
    Since the initial experiences with robotic platforms in thoracic surgery (1), the number of procedures performed with this technique have continued to increase (2). Not only have newer trainees demonstrated interest in the field, but former open and VATS surgeons have also become aware of the advantages that the robotic platform provides (1,3). However, although some authors have implemented robotic thoracic surgery safely (4,5) others still consider it inefficient, citing the increased operative time (related to the learning curve), the initial instrument cost, and the lack of appropriate directed training (3)

    Tick holocyclotoxins trigger host paralysis by presynaptic inhibition

    Get PDF
    Ticks are important vectors of pathogens and secreted neurotoxins with approximately 69 out of 692 tick species having the ability to induce severe toxicoses in their hosts. The Australian paralysis tick (Ixodes holocyclus) is known to be one of the most virulent tick species producing a flaccid paralysis and fatalities caused by a family of neurotoxins known as holocyclotoxins (HTs). The paralysis mechanism of these toxins is temperature dependent and is thought to involve inhibition of acetylcholine levels at the neuromuscular junction. However, the target and mechanism of this inhibition remain uncharacterised. Here, we report that three members of the holocyclotoxin family; HT-1 (GenBank AY766147), HT-3 (GenBank KP096303) and HT-12 (GenBank KP963967) induce muscle paralysis by inhibiting the dependence of transmitter release on extracellular calcium. Previous study was conducted using extracts from tick salivary glands, while the present study is the first to use pure toxins from I. holocyclus. Our findings provide greater insight into the mechanisms by which these toxins act to induce paralysis

    Decoupling of the S=1/2 antiferromagnetic zig-zag ladder with anisotropy

    Full text link
    The spin-1/2 antiferromagnetic zig-zag ladder is studied by exact diagonalization of small systems in the regime of weak inter-chain coupling. A gapless phase with quasi long-range spiral correlations has been predicted to occur in this regime if easy-plane (XY) anisotropy is present. We find in general that the finite zig-zag ladder shows three phases: a gapless collinear phase, a dimer phase and a spiral phase. We study the level crossings of the spectrum,the dimer correlation function, the structure factor and the spin stiffness within these phases, as well as at the transition points. As the inter-chain coupling decreases we observe a transition in the anisotropic XY case from a phase with a gap to a gapless phase that is best described by two decoupled antiferromagnetic chains. The isotropic and the anisotropic XY cases are found to be qualitatively the same, however, in the regime of weak inter-chain coupling for the small systems studied here. We attribute this to a finite-size effect in the isotropic zig-zag case that results from exponentially diverging antiferromagnetic correlations in the weak-coupling limit.Comment: to appear in Physical Review

    NaIrO3 - A pentavalent post-perovskite

    Full text link
    Sodium iridium(V) oxide, NaIrO3, was synthesized by a high pressure solid state method and recovered to ambient conditions. It is found to be isostructural with CaIrO3, the much-studied structural analogue of the high-pressure post-perovskite phase of MgSiO3. Among the oxide post-perovskites, NaIrO3 is the first example with a pentavalent cation. The structure consists of layers of corner- and edge-sharing IrO6 octahedra separated by layers of NaO8 bicapped trigonal prisms. NaIrO3 shows no magnetic ordering and resistivity measurements show non-metallic behavior. The crystal structure, electrical and magnetic properties are discussed and compared to known post-perovskites and pentavalent perovskite metal oxides.Comment: 22 pages, 5 figures. Submitted to Journal of Solid State Chemistr
    • …
    corecore