Extracting Protocol Format as State Machine via Controlled Static Loop Analysis

Reverse engineering of protocol message formats is critical for many security applications. Mainstream techniques use dynamic analysis and inherit its low-coverage problem -- the inferred message formats only reflect the features of their inputs. To achieve high coverage, we choose to use static analysis to infer message formats from the implementation of protocol parsers. In this work, we focus on a class of extremely challenging protocols whose formats are described via constraint-enhanced regular expressions and parsed using finite-state machines. Such state machines are often implemented as complicated parsing loops, which are inherently difficult to analyze via conventional static analysis. Our new technique extracts a state machine by regarding each loop iteration as a state and the dependency between loop iterations as state transitions. To achieve high, i.e., path-sensitive, precision but avoid path explosion, the analysis is controlled to merge as many paths as possible based on carefully-designed rules. The evaluation results show that we can infer a state machine and, thus, the message formats, in five minutes with over 90% precision and recall, far better than state of the art. We also applied the state machines to enhance protocol fuzzers, which are improved by 20% to 230% in terms of coverage and detect ten more zero-days compared to baselines

Diurnal Cycle Model of Lake Ice Surface Albedo : A Case Study of Wuliangsuhai Lake

Ice surface albedo is an important factor in various optical remote sensing technologies used to determine the distribution of snow or melt water on the ice, and to judge the formation or melting of lake ice in winter, especially in cold and arid areas. In this study, field measurements were conducted at Wuliangsuhai Lake, a typical lake in the semi-arid cold area of China, to investigate the diurnal variation of the ice surface albedo. Observations showed that the diurnal variations of the ice surface albedo exhibit bimodal characteristics with peaks occurring after sunrise and before sunset. The curve of ice surface albedo with time is affected by weather conditions. The first peak occurs later on cloudy days compared with sunny days, whereas the second peak appears earlier on cloudy days. Four probability density distribution functions—Laplace, Gauss, Gumbel, and Cauchy—were combined linearly to model the daily variation of the lake ice albedo on a sunny day. The simulations of diurnal variation in the albedo during the period from sunrise to sunset with a solar altitude angle higher than 5° indicate that the Laplace combination is the optimal statistical model. The Laplace combination can not only describe the bimodal characteristic of the diurnal albedo cycle when the solar altitude angle is higher than 5°, but also reflect the U-shaped distribution of the diurnal albedo as the solar altitude angle exceeds 15°. The scale of the model is about half the length of the day, and the position of the two peaks is closely related to the moment of sunrise, which reflects the asymmetry of the two peaks of the ice surface albedo. This study provides a basis for the development of parameterization schemes of diurnal variation of lake ice albedo in semi-arid cold regions

Typestate-Guided Fuzzer for Discovering Use-after-Free Vulnerabilities

© 2020 Association for Computing Machinery. Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge coverage to guide the fuzzing process, which has shown great potential in finding vulnerabilities. However, CFG edge coverage is not effective in discovering vulnerabilities such as use-after-free (UaF). This is because, to trigger UaF vulnerabilities, one needs not only to cover individual edges, but also to traverse some (long) sequence of edges in a particular order, which is challenging for existing fuzzers. To this end, we propose to model UaF vulnerabilities as typestate properties, and develop a typestateguided fuzzer, named UAFL, for discovering vulnerabilities violating typestate properties. Given a typestate property, we first perform a static typestate analysis to find operation sequences potentially violating the property. Our fuzzing process is then guided by the operation sequences in order to progressively generate test cases triggering property violations. In addition, we also employ an information flow analysis to improve the efficiency of the fuzzing process. We have performed a thorough evaluation of UAFL on 14 widely-used real-world programs. The experiment results show that UAFL substantially outperforms the state-of-the-art fuzzers, including AFL, AFLFast, FairFuzz, MOpt, Angora and QSYM, in terms of the time taken to discover vulnerabilities. We have discovered 10 previously unknown vulnerabilities, and received 5 new CVEs

Under-ice metabolism in a shallow lake in a cold and arid climate

Winter is a long period of the annual cycle of many lakes in the northern hemisphere. Low irradiance, ice, and snow cover cause poor light penetration into the water column of these lakes. Therefore, in northern lakes, respiration often exceeds primary production leading to low dissolved oxygen concentrations. This study aimed to quantify under-ice metabolic processes during winter in an arid zone lake with little snow cover. This study was carried out in a mid-latitude lake in Inner Mongolia, northern China. The study lake receives relatively high incoming solar radiation on the ice in mid-winter, and radiation can penetrate down to the bottom sediment as the lake is shallow and the ice lacks snow cover. Primary production and respiration were estimated during two winters using high-frequency sensor measurements of dissolved oxygen. To quantify under-ice metabolic processes, sensors were deployed to different depths. During both winters, sensors collected data every 10 min over several weeks. The amount of solar radiation controlled photosynthesis under ice; temperature and photosynthesis together appeared to control respiration. The balance between gross primary production and ecosystem respiration was especially sensitive to changes in snow cover, and the balance between P and R decreased. Our data suggest that photosynthesis by plankton, submerged plants, and epiphytic algae may continue over winter in shallow lakes in mid-latitudes when there is no snow cover on the ice, as may occur in arid climates. The continuation of photosynthesis under ice buffers against dissolved oxygen depletion and prevents consequent harmful ecosystem effects.Peer reviewe

Current treatment strategies targeting histone deacetylase inhibitors in acute lymphocytic leukemia: a systematic review

Acute lymphocytic leukemia is a hematological malignancy that primarily affects children. Long-term chemotherapy is effective, but always causes different toxic side effects. With the application of a chemotherapy-free treatment strategy, we intend to demonstrate the most recent results of using one type of epigenetic drug, histone deacetylase inhibitors, in ALL and to provide preclinical evidence for further clinical trials. In this review, we found that panobinostat (LBH589) showed positive outcomes as a monotherapy, whereas vorinostat (SAHA) was a better choice for combinatorial use. Preclinical research has identified chidamide as a potential agent for investigation in more clinical trials in the future. In conclusion, histone deacetylase inhibitors play a significant role in the chemotherapy-free landscape in cancer treatment, particularly in acute lymphocytic leukemia

A Novel C-Type Lectin and Its Potential Role in Feeding and Feed Selection in <i>Ruditapes philippinarum</i>

In recent years, the role of lectins in the feed selection of bivalve has become hot research topic. Manila clam Ruditapes philippinarum is a species of marine bivalve with important economic value. A new C-type lectin (Rpcl) from the clam was obtained and its potential role in feeding and feed selection was studied. Rpcl cDNA was 929 bp in length and had 720 bp of open reading frame. Rpcl encoded 235 amino acids, comprising a carbohydrate recognition domain (CRD) as well as an N-terminal signal peptide. Rpcl contained a conserved CRD disulfide bond including five cysteine residues (Cys125, Cys142, Cys213, Cys219, and Cys237) and the QPN motif (GLN204-PRO205-ASN206). Phylogenetic analysis revealed that the amino acid sequence of Rpcl was closely related to that of Vpclec-1 from R. philippinarum and C-type lectin from Mercenaria. The qPCR analysis indicated that Rpcl expression was observed in all examined tissues and was the highest in gills followed by in the hepatopancreas, and to a lesser extent in the mantle and lip. The in vitro agglutination experiments showed that, the purified Rpcl protein could selectively agglutinate with different microalgae. The strongest agglutinating effect with Chlorella sp. was observed, followed by Karlodinium veneficum and Chaetoceros debilis Cleve. No agglutination with Prorocentrum minimum was observed. In the feeding experiment, compared with that of the starvation group, Rpcl expression in the lip and gill of the clam fed with C. debilis and K. veneficum showed a significant upward trend with the change of time. In addition, it was found that the changes in the expression of the Rpcl gene in the gill and lip, the main feeding tissues, were consistent with the slope of the decrease in the number of algal cells in the water body. In summary, the structure of a new C-type lectin (Rpcl) was reported in this study and its correlation with the feeding and feed selection in R. philippinarum was confirmed

A Novel C-Type Lectin and Its Potential Role in Feeding and Feed Selection in Ruditapes philippinarum

In recent years, the role of lectins in the feed selection of bivalve has become hot research topic. Manila clam Ruditapes philippinarum is a species of marine bivalve with important economic value. A new C-type lectin (Rpcl) from the clam was obtained and its potential role in feeding and feed selection was studied. Rpcl cDNA was 929 bp in length and had 720 bp of open reading frame. Rpcl encoded 235 amino acids, comprising a carbohydrate recognition domain (CRD) as well as an N-terminal signal peptide. Rpcl contained a conserved CRD disulfide bond including five cysteine residues (Cys125, Cys142, Cys213, Cys219, and Cys237) and the QPN motif (GLN204-PRO205-ASN206). Phylogenetic analysis revealed that the amino acid sequence of Rpcl was closely related to that of Vpclec-1 from R. philippinarum and C-type lectin from Mercenaria. The qPCR analysis indicated that Rpcl expression was observed in all examined tissues and was the highest in gills followed by in the hepatopancreas, and to a lesser extent in the mantle and lip. The in vitro agglutination experiments showed that, the purified Rpcl protein could selectively agglutinate with different microalgae. The strongest agglutinating effect with Chlorella sp. was observed, followed by Karlodinium veneficum and Chaetoceros debilis Cleve. No agglutination with Prorocentrum minimum was observed. In the feeding experiment, compared with that of the starvation group, Rpcl expression in the lip and gill of the clam fed with C. debilis and K. veneficum showed a significant upward trend with the change of time. In addition, it was found that the changes in the expression of the Rpcl gene in the gill and lip, the main feeding tissues, were consistent with the slope of the decrease in the number of algal cells in the water body. In summary, the structure of a new C-type lectin (Rpcl) was reported in this study and its correlation with the feeding and feed selection in R. philippinarum was confirmed