1,812 research outputs found
On Challenges in Verifying Trusted Executable Files in Memory Forensics
Memory forensics is a fundamental step in any security incident response process, especially in computer systems where malware may be present. Thememory of the system is acquired and then analyzed, looking for facts about the security incident. To remain stealthy and undetected in computer systems, malware are abusing the code signing technology, which helps to establish trust in computer software. Intuitively, a memory forensic analyst can think of code signing as a preliminary step to prioritize the list of processes to analyze. However, amemory dump does not contain an exact copy of an executable file (the file as stored in disk) and thus code signing may be useless in this context. In this paper, we investigate the limitations that memory forensics imposes to the digital signature verification process of Windows PE signed files obtained from a memory dump. These limitations are data incompleteness, data changes caused by relocation, catalog-signed files, and executable file and process inconsistencies. We also discuss solutions to these limitations. Moreover, we have developed a Volatility plugin named sigcheck that recovers executable files from a memory dump and computes its digital signature (if feasible). We tested it on Windows 7 x86 and x64 memory dumps. Our experiments showed that the success rate is low, especially when the memory is acquired from a system that has been running for a long time
An Evaluation Framework for Comparative Analysis of Generalized Stochastic Petri Net Simulation Techniques
Availability of a common, shared benchmark to provide repeatable, quantifiable, and comparable results is an added value for any scientific community. International consortia provide benchmarks in a wide range of domains, being normally used by industry, vendors, and researchers for evaluating their software products. In this regard, a benchmark of untimed Petri net models was developed to be used in a yearly software competition driven by the Petri net community. However, to the best of our knowledge there is not a similar benchmark to evaluate solution techniques for Petri nets with timing extensions. In this paper, we propose an evaluation framework for the comparative analysis of generalized stochastic Petri nets (GSPNs) simulation techniques. Although we focus on simulation techniques, our framework provides a baseline for a comparative analysis of different GSPN solvers (e.g., simulators, numerical solvers, or other techniques). The evaluation framework encompasses a set of 50 GSPN models including test cases and case studies from the literature, and a set of evaluation guidelines for the comparative analysis. In order to show the applicability of the proposed framework, we carry out a comparative analysis of steady-state simulators implemented in three academic software tools, namely, GreatSPN, PeabraiN, and TimeNET. The results allow us to validate the trustfulness of these academic software tools, as well as to point out potential problems and algorithmic optimization opportunities
Survivability model for security and dependability analysis of a vulnerable critical system
This paper aims to analyze transient security and dependability of a vulnerable critical system, under vulnerability-related attack and two reactive defense strategies, from a severe vulnerability announcement until the vulnerability is fully removed from the system. By severe, we mean that the vulnerability-based malware could cause significant damage to the infected system in terms of security and dependability while infecting more and more new vulnerable computer systems. We propose a Markov chain-based survivability model for capturing the vulnerable critical system behaviors during the vulnerability elimination process. A high-level formalism based on Stochastic Reward Nets is applied to automatically generate and solve the survivability model. Survivability metrics are defined to quantify system attributes. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security risk and dependability, but also provide insights on the system investment decision. Numerical experiments are constructed to study the impact of key parameters on system security, dependability and profit
Long-term hurricane damage effects on tropical forest tree growth and mortality
Hurricane winds can have large impacts on forest structure and dynamics. To date, most evaluations of hurricane impacts have focused on short-term responses after a hurricane, often lacked pre-hurricane measurements, and missed responses occurring over longer time scales. Here, we use a long-term data set (1974-2009, 35 years) of tree stems ( >3 cm in diameter at 1.3 m aboveground) in four sites (0.35 ha in total) in montane rain forest (∼1600 m elevation) in Jamaica to investigate the patterns of crown damage in individual stems by Hurricane Gilbert in 1988, and how subsequent growth and mortality were affected by hurricane damage, sprouting, and the incidence of multiple stems. Topographical position on a mountain ridge was the best predictor of crown damage, followed by crown size and species identity. The average diameter growth rate of stems that survived the hurricane was greater than that pre-hurricane for the whole 21-yr post-hurricane period. Growth rates of stems with damaged crowns increased less than those with undamaged crowns; differences in growth rate between damaged and undamaged trees disappeared after 11 years. Hurricanedamaged stems had two to eight times higher mortality than undamaged stems for 19 years post hurricane. Many stems sprouted shortly after the hurricane, but few sprouts managed to establish (grow to >3 cm diameter at breast height). However, sprouting and multi-stemming were associated with reduced mortality rate, particularly in damaged trees. From an initial population of 1670 stems in 1974, 54% were still alive in 2009 (21 years after the hurricane). We conclude that despite the high frequency of hurricane damage to tree crowns and the subsequent increased mortality rate in this hurricane-prone tropical montane forest, many stems will be hit and recover from several hurricanes in their lifetimePeer reviewe
Phylogenetic relationships of the genus Kluyvera: Transfer of Enterobacter intermedius Izard et al. 1980 to the genus Kluyvera as Kluyvera intermedia comb. nov. and reclassification of Kluyvera cochleae as a later synonym of K. intermedia
In order to assess the relationship between the genus Kluyvera and other members of the family Enterobacteriaceae, the 16S rRNA genes of type strains of the recognized Kluyvera species, Kluyvera georgiana, Kluyvera cochleae, Kluyvera ascorbata and Kluyvera cryocrescens, were sequenced. A comparative phylogenetic analysis based on these 16S rRNA gene sequences and those available for strains belonging to several genera of the family Enterobacteriaceae showed that members of the genus Kluyvera form a cluster that contains all the known Kluyvera species. However, the type strain of Enterobacter intermedius (ATCC 33110 T ) was included within this cluster in a very close relationship with the type strain of K. cochleae (ATCC 51609 T ). In addition to the phylogenetic evidence, biochemical and DNA-DNA hybridization analyses of species within this cluster indicated that the type strain of E. intermedius is in fact a member of the genus Kluyvera and, within it, of the species Kluyvera cochleae. Therefore, following the current rules for bacterial nomenclature and classification, the transfer of E. intermedius to the genus Kluyvera as Kluyvera intermedia comb. nov. is proposed (type strain, ATCC 33110 T =CIP 79.27 T =LMG 2785 T =CCUG 14183 T ). Biochemical analysis of four E. intermedius strains and one K. cochleae strain independent of the respective type strains further indicated that E. intermedius and K. cochleae represent the same species and are therefore heterotypic synonyms. Nomenclatural priority goes to the oldest legitimate epithet. Consequently, Kluyvera cochleae Müller et al. 1996 is a later synonym of Kluyvera intermedia (Izard et al. 1980) Pavan et al. 2005. © 2005 IUMS.Fil:Gadaleta, P. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales; Argentina
Quantized Skyrmion Fields in 2+1 Dimensions
A fully quantized field theory is developped for the skyrmion topological
excitations of the O(3) symmetric CP-Nonlinear Sigma Model in 2+1D. The
method allows for the obtainment of arbitrary correlation functions of quantum
skyrmion fields. The two-point function is evaluated in three different
situations: a) the pure theory; b) the case when it is coupled to fermions
which are otherwise non-interacting and c) the case when an electromagnetic
interaction among the fermions is introduced. The quantum skyrmion mass is
explicitly obtained in each case from the large distance behavior of the
two-point function and the skyrmion statistics is inferred from an analysis of
the phase of this function. The ratio between the quantum and classical
skyrmion masses is obtained, confirming the tendency, observed in semiclassical
calculations, that quantum effects will decrease the skyrmion mass. A brief
discussion of asymptotic skyrmion states, based on the short distance behavior
of the two-point function, is also presented.Comment: Accepted for Physical Review
The need for structured thoracic robotic training: the perspective of an American Association for Thoracic Surgery surgical robotic fellow
Since the initial experiences with robotic platforms in
thoracic surgery (1), the number of procedures performed
with this technique have continued to increase (2). Not
only have newer trainees demonstrated interest in the field,
but former open and VATS surgeons have also become
aware of the advantages that the robotic platform provides
(1,3). However, although some authors have implemented
robotic thoracic surgery safely (4,5) others still consider it
inefficient, citing the increased operative time (related to
the learning curve), the initial instrument cost, and the lack
of appropriate directed training (3)
Tick holocyclotoxins trigger host paralysis by presynaptic inhibition
Ticks are important vectors of pathogens and secreted neurotoxins with approximately 69 out of 692 tick species having the ability to induce severe toxicoses in their hosts. The Australian paralysis tick (Ixodes holocyclus) is known to be one of the most virulent tick species producing a flaccid paralysis and fatalities caused by a family of neurotoxins known as holocyclotoxins (HTs). The paralysis mechanism of these toxins is temperature dependent and is thought to involve inhibition of acetylcholine levels at the neuromuscular junction. However, the target and mechanism of this inhibition remain uncharacterised. Here, we report that three members of the holocyclotoxin family; HT-1 (GenBank AY766147), HT-3 (GenBank KP096303) and HT-12 (GenBank KP963967) induce muscle paralysis by inhibiting the dependence of transmitter release on extracellular calcium. Previous study was conducted using extracts from tick salivary glands, while the present study is the first to use pure toxins from I. holocyclus. Our findings provide greater insight into the mechanisms by which these toxins act to induce paralysis
Decoupling of the S=1/2 antiferromagnetic zig-zag ladder with anisotropy
The spin-1/2 antiferromagnetic zig-zag ladder is studied by exact
diagonalization of small systems in the regime of weak inter-chain coupling. A
gapless phase with quasi long-range spiral correlations has been predicted to
occur in this regime if easy-plane (XY) anisotropy is present. We find in
general that the finite zig-zag ladder shows three phases: a gapless collinear
phase, a dimer phase and a spiral phase. We study the level crossings of the
spectrum,the dimer correlation function, the structure factor and the spin
stiffness within these phases, as well as at the transition points. As the
inter-chain coupling decreases we observe a transition in the anisotropic XY
case from a phase with a gap to a gapless phase that is best described by two
decoupled antiferromagnetic chains. The isotropic and the anisotropic XY cases
are found to be qualitatively the same, however, in the regime of weak
inter-chain coupling for the small systems studied here. We attribute this to a
finite-size effect in the isotropic zig-zag case that results from
exponentially diverging antiferromagnetic correlations in the weak-coupling
limit.Comment: to appear in Physical Review
NaIrO3 - A pentavalent post-perovskite
Sodium iridium(V) oxide, NaIrO3, was synthesized by a high pressure solid
state method and recovered to ambient conditions. It is found to be
isostructural with CaIrO3, the much-studied structural analogue of the
high-pressure post-perovskite phase of MgSiO3. Among the oxide
post-perovskites, NaIrO3 is the first example with a pentavalent cation. The
structure consists of layers of corner- and edge-sharing IrO6 octahedra
separated by layers of NaO8 bicapped trigonal prisms. NaIrO3 shows no magnetic
ordering and resistivity measurements show non-metallic behavior. The crystal
structure, electrical and magnetic properties are discussed and compared to
known post-perovskites and pentavalent perovskite metal oxides.Comment: 22 pages, 5 figures. Submitted to Journal of Solid State Chemistr
- …