A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole application. Moreover, the analysis should take into consideration how file-system vulnerabilities might in- teract with other vulnerabilities leading an attacker to breach into the web application. In this paper, we first propose a classification of file- system vulnerabilities, and then, based on this classification, we present a formal approach that allows one to exploit file-system vulnerabilities. We give a formal representation of web applications, databases and file- systems, and show how to reason about file-system vulnerabilities. We also show how to combine file-system vulnerabilities and SQL-Injection vulnerabilities for the identification of complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing several real-world case studies, which are witness to the fact that our tool can generate, and exploit, complex attacks that, to the best of our knowledge, no other state-of-the-art-tool for the security of web applications can find

A new approach to analysing HST spatial scans: the transmission spectrum of HD 209458 b

The Wide Field Camera 3 (WFC3) on Hubble Space Telescope (HST) is currently one of the most widely used instruments for observing exoplanetary atmospheres, especially with the use of the spatial scanning technique. An increasing number of exoplanets have been studied using this technique as it enables the observation of bright targets without saturating the sensitive detectors. In this work we present a new pipeline for analyzing the data obtained with the spatial scanning technique, starting from the raw data provided by the instrument. In addition to commonly used correction techniques, we take into account the geometric distortions of the instrument, whose impact may become important when combined to the scanning process. Our approach can improve the photometric precision for existing data and also push further the limits of the spatial scanning technique, as it allows the analysis of even longer spatial scans. As an application of our method and pipeline, we present the results from a reanalysis of the spatially scanned transit spectrum of HD 209458 b. We calculate the transit depth per wavelength channel with an average relative uncertainty of 40 ppm. We interpret the final spectrum with T-Rex, our fully Bayesian spectral retrieval code, which confirms the presence of water vapor and clouds in the atmosphere of HD 209458 b. The narrow wavelength range limits our ability to disentangle the degeneracies between the fitted atmospheric parameters. Additional data over a broader spectral range are needed to address this issue.Comment: 13 pages, 15 figures, 7 tables, Accepted for publication in Ap

Characterisation of Exoplanetary Atmospheres and Planetary Systems

The discovery of over three thousand exoplanets in the past two decades has unveiled a large and diverse population, far exceeding the diversity seen in our own Solar System. Today, research efforts need to shift from the discovery to the characterisation of exoplanetary systems, and this thesis aims to be a further step in this direction. Two different techniques are investigated to chemically characterise exoplanetary systems: atmospheric retrievals and metal-polluted white dwarfs. The study of exoplanetary atmospheres through their spectra offers a very promising way to understand not only the chemistry of exoplanets, but also their atmospheric dynam- ics, formation and evolution history. As part of this thesis, a novel retrieval tool, called TauREx, was developed to interpret exoplanetary spectra. Spectral models were created and benchmarked with existing models, and a state-of-the-art database of absorption cross sections was also developed. The uncertainties in these models, and their propagation in the retrieval stage, were analysed in detail. These methods were used to investigate the retrievability of the carbon-to-oxygen ratio in simulated exoplanet spectra, and to interpret the atmospheres of two exoplanets, HD209458 b and 55 Cnc e. Lastly, these models were used to study the effects of stellar flares on the chemistry and spectra of typical exoplanets. Complementary to the observations of exoplanetary atmospheres, metal polluted white dwarfs are today a unique laboratory to infer the chemical composition of terrestrial exo- planets, and to study evolved planetary systems. It has become clear that the metals seen at a fraction of white dwarfs result from accreted circumstellar dust, originating from the tidal disruption of rocky planetesimals. Through the analysis of these stars, it is possible to infer the composition of terrestrial planetesimals, as their photospheres, in principle, mirror the composition of the accreted material, in turn providing clues on the nature of rocky plane- tary bodies. In this thesis I will discuss this technique, and present a recent survey that has unambiguously determined the fraction of detectable planetary debris at white dwarfs

The frequency and infrared brightness of circumstellar discs at white dwarfs

White dwarfs whose atmospheres are polluted by terrestrial-like planetary debris have become a powerful and unique tool to study evolved planetary systems. This paper presents results for an unbiased Spitzer IRAC search for circumstellar dust orbiting a homogeneous and well-defined sample of 134 single white dwarfs. The stars were selected without regard to atmospheric metal content but were chosen to have 1) hydrogen rich atmospheres, 2) 17 000 K < T_eff < 25 000 K and correspondingly young post main-sequence ages of 15-270Myr, and 3) sufficient far-ultraviolet brightness for a corresponding Hubble Space Telescope COS Snapshot. Five white dwarfs were found to host an infrared bright dust disc, three previously known, and two reported here for the first time, yielding a nominal 3.7% of white dwarfs in this post-main sequence age range with detectable circumstellar dust. Remarkably, complementary HST observations indicate that a fraction of 27% show metals in their photosphere that can only be explained with ongoing accretion from circumstellar material, indicating that nearly 90% of discs escape detection in the infrared, likely due to small emitting surface area. This paper also presents the distribution of disc fractional luminosity as a function of cooling age for all known dusty white dwarfs, suggesting possible disc evolution scenarios and indicating an undetected population of circumstellar discs.Comment: 17 pages, 5 figures and 4 tables. Accepted for publication in MNRA

Exploring biases of atmospheric retrievals in simulated jwst transmission spectra of hot jupiters

With a scheduled launch in 2018 October, the James Webb Space Telescope (JWST) is expected to revolutionize the field of atmospheric characterization of exoplanets. The broad wavelength coverage and high sensitivity of its instruments will allow us to extract far more information from exoplanet spectra than what has been possible with current observations. In this paper, we investigate whether current retrieval methods will still be valid in the era of JWST, exploring common approximations used when retrieving transmission spectra of hot Jupiters. To assess biases, we use 1D photochemical models to simulate typical hot Jupiter cloud-free atmospheres and generate synthetic observations for a range of carbon-to-oxygen ratios. Then, we retrieve these spectra using TauREx, a Bayesian retrieval tool, using two methodologies: one assuming an isothermal atmosphere, and one assuming a parameterized temperature profile. Both methods assume constant-with-altitude abundances. We found that the isothermal approximation biases the retrieved parameters considerably, overestimating the abundances by about one order of magnitude. The retrieved abundances using the parameterized profile are usually within 1σ of the true state, and we found the retrieved uncertainties to be generally larger compared to the isothermal approximation. Interestingly, we found that by using the parameterized temperature profile we could place tight constraints on the temperature structure. This opens the possibility of characterizing the temperature profile of the terminator region of hot Jupiters. Lastly, we found that assuming a constant-with-altitude mixing ratio profile is a good approximation for most of the atmospheres under study

Detection of an atmosphere around the super-Earth 55 Cancri e

We report the analysis of two new spectroscopic observations of the super-Earth 55 Cancri e, in the near infrared, obtained with the WFC3 camera onboard the HST. 55 Cancri e orbits so close to its parent star, that temperatures much higher than 2000 K are expected on its surface. Given the brightness of 55 Cancri, the observations were obtained in scanning mode, adopting a very long scanning length and a very high scanning speed. We use our specialized pipeline to take into account systematics introduced by these observational parameters when coupled with the geometrical distortions of the instrument. We measure the transit depth per wavelength channel with an average relative uncertainty of 22 ppm per visit and find modulations that depart from a straight line model with a 6$\sigma$ confidence level. These results suggest that 55 Cancri e is surrounded by an atmosphere, which is probably hydrogen-rich. Our fully Bayesian spectral retrieval code, T-REx, has identified HCN to be the most likely molecular candidate able to explain the features at 1.42 and 1.54 $\mu$m. While additional spectroscopic observations in a broader wavelength range in the infrared will be needed to confirm the HCN detection, we discuss here the implications of such result. Our chemical model, developed with combustion specialists, indicates that relatively high mixing ratios of HCN may be caused by a high C/O ratio. This result suggests this super-Earth is a carbon-rich environment even more exotic than previously thought.Comment: 10 pages, 10 figures, 4 tables, Accepted for publication in Ap

A population study of gaseous exoplanets

We present here the analysis of 30 gaseous extrasolar planets, with temperatures between 600 and 2400 K and radii between 0.35 and 1.9 $R_\mathrm{Jup}$. The quality of the HST/WFC3 spatially scanned data combined with our specialized analysis tools allow us to study the largest and most self-consistent sample of exoplanetary transmission spectra to date and examine the collective behavior of warm and hot gaseous planets rather than isolated case-studies. We define a new metric, the Atmospheric Detectability Index (ADI) to evaluate the statistical significance of an atmospheric detection and find statistically significant atmospheres around 16 planets out of the 30 analysed. For most of the Jupiters in our sample, we find the detectability of their atmospheres to be dependent on the planetary radius but not on the planetary mass. This indicates that planetary gravity plays a secondary role in the state of gaseous planetary atmospheres. We detect the presence of water vapour in all of the statistically detectable atmospheres, and we cannot rule out its presence in the atmospheres of the others. In addition, TiO and/or VO signatures are detected with 4$\sigma$ confidence in WASP-76 b, and they are most likely present in WASP-121 b. We find no correlation between expected signal-to-noise and atmospheric detectability for most targets. This has important implications for future large-scale surveys.Comment: 14 pages, 12 figures, 3 tables, published in A

Exploring biases of atmospheric retrievals in simulated jwst transmission spectra of hot jupiters

With a scheduled launch in 2018 October, the James Webb Space Telescope (JWST) is expected to revolutionize the field of atmospheric characterization of exoplanets. The broad wavelength coverage and high sensitivity of its instruments will allow us to extract far more information from exoplanet spectra than what has been possible with current observations. In this paper, we investigate whether current retrieval methods will still be valid in the era of JWST, exploring common approximations used when retrieving transmission spectra of hot Jupiters. To assess biases, we use 1D photochemical models to simulate typical hot Jupiter cloud-free atmospheres and generate synthetic observations for a range of carbon-to-oxygen ratios. Then, we retrieve these spectra using TauREx, a Bayesian retrieval tool, using two methodologies: one assuming an isothermal atmosphere, and one assuming a parameterized temperature profile. Both methods assume constant-with-altitude abundances. We found that the isothermal approximation biases the retrieved parameters considerably, overestimating the abundances by about one order of magnitude. The retrieved abundances using the parameterized profile are usually within 1σ of the true state, and we found the retrieved uncertainties to be generally larger compared to the isothermal approximation. Interestingly, we found that by using the parameterized temperature profile we could place tight constraints on the temperature structure. This opens the possibility of characterizing the temperature profile of the terminator region of hot Jupiters. Lastly, we found that assuming a constant-with-altitude mixing ratio profile is a good approximation for most of the atmospheres under study

Approximating Hamiltonian dynamics with the Nyström method

Simulating the time-evolution of quantum mechanical systems is BQP-hard and expected to be one of the foremost applications of quantum computers. We consider classical algorithms for the approximation of Hamiltonian dynamics using subsampling methods from randomized numerical linear algebra. We derive a simulation technique whose runtime scales polynomially in the number of qubits and the Frobenius norm of the Hamiltonian. As an immediate application, we show that sample based quantum simulation, a type of evolution where the Hamiltonian is a density matrix, can be efficiently classically simulated under specific structural conditions. Our main technical contribution is a randomized algorithm for approximating Hermitian matrix exponentials. The proof leverages a low-rank, symmetric approximation via the Nyström method. Our results suggest that under strong sampling assumptions there exist classical poly-logarithmic time simulations of quantum computations

The ExoMolOP Database: Cross-sections and k-tables for Molecules of Interest in High-Temperature Exoplanet Atmospheres

A publicly available database of opacities for molecules of astrophysical interest, ExoMolOP, has been compiled for over 80 species, based on the latest line list data from the ExoMol, HITEMP and MoLLIST databases. These data are generally suitable for characterising high temperature exoplanet or cool stellar/substellar atmospheres, and have been computed at a variety of pressures and temperatures, with a few molecules included at room-temperature only from the HITRAN database. The data are formatted in different ways for four different exoplanet atmosphere retrieval codes; ARCiS, TauREx, NEMESIS and petitRADTRANS, and include both cross-sections (at R~=~λΔλ~=~15,000) and k-tables (at R~=~λΔλ~=~1000) for the 0.3~-~50μm wavelength region. Opacity files can be downloaded and used directly for these codes. Atomic data for alkali metals Na and K are also included, using data from the NIST database and the latest line shapes for the resonance lines. Broadening parameters have been taken from the literature where available, or from those for a known molecule with similar molecular properties where no broadening data are available