55 research outputs found
Software-Based Techniques for Protecting Return Addresses
Protecting computing systems against cyberattacks should be put high on the
agenda. For example, Colonial Pipeline, an American oil pipeline system, suffered
a cyberattack that impacted its computerized equipment managing the pipeline,
leading to a state of emergency declared by President Joe Biden in May, 2021.
As reported by Microsoft Security Response Center, attackers are unanimously
corrupting the stack and most Control Flow Guard (CFG) improvements will provide
little value-add until stack protection loads. Shadow stacks play an important
role in protecting backward edges (return addresses on the call stack) to mitigate
Return-Oriented Programming (ROP) attacks. Control-Flow Integrity (CFI) techniques
often focus on protecting forward edges (indirect calls via function pointers
and virtual calls) and assume that backward edges are protected by shadow stacks.
However, the cruel reality is that shadow stacks are still not widely deployed due
to compatibility, performance or security deficiencies. In this thesis, we propose
three novel techniques for protecting return addresses.
First, by adding one level of indirection, we introduce BarRA, the first shadow
stack mechanism that applies continuous runtime re-randomization to abstract return
addresses for protecting their corresponding concrete return addresses (also
protected by CFI) for single-threaded programs, thus avoiding expensive pointer
tracking. As a nice side-effect, BarRA naturally combines the shadow stack, CFI
and runtime re-randomization in the same framework.
Second, without reserving any dedicated register, we propose a novel threadlocal
storage mechanism, STK-TLS, that is both efficient and free of compatibility
issues. We also present a new microsecond-level runtime re-randomization technique
(without relying on information hiding or MMU), STK-MSR, to mitigate
information disclosure attacks and protect the shadow stack with 64-bit entropy.
Based on STK-TLS and STK-MSR, we have implemented a novel stack layout
(referred to as Bustk), that is highly performant, compatible with existing code,
and provides meaningful security for single- and multi-threaded server programs.
Third, by fast-moving safe regions in the large 47-bit user space (based on
MMU), we design a practical shadow stack, FlashStack, for protecting return
addresses in single- and multi-threaded programs (including browsers) running under
64-bit Linux on x86-64. FlashStack introduces a novel lightweight instrumentation
mechanism, a continuous shuffling scheme for the shadow stack in user
space, and a new dual-prologue approach for a protected function to mitigate the
TOCTTOU attacks (constructed by Microsoft s red team), information disclosure
attacks, and crash-resistant probing attacks
Towards Accurate One-Stage Object Detection with AP-Loss
One-stage object detectors are trained by optimizing classification-loss and
localization-loss simultaneously, with the former suffering much from extreme
foreground-background class imbalance issue due to the large number of anchors.
This paper alleviates this issue by proposing a novel framework to replace the
classification task in one-stage detectors with a ranking task, and adopting
the Average-Precision loss (AP-loss) for the ranking problem. Due to its
non-differentiability and non-convexity, the AP-loss cannot be optimized
directly. For this purpose, we develop a novel optimization algorithm, which
seamlessly combines the error-driven update scheme in perceptron learning and
backpropagation algorithm in deep networks. We verify good convergence property
of the proposed algorithm theoretically and empirically. Experimental results
demonstrate notable performance improvement in state-of-the-art one-stage
detectors based on AP-loss over different kinds of classification-losses on
various benchmarks, without changing the network architectures. Code is
available at https://github.com/cccorn/AP-loss.Comment: 13 pages, 7 figures, 4 tables, main paper + supplementary material,
accepted to CVPR 201
A novel gas ionization sensor using Pd nanoparticle-capped ZnO
A novel gas ionization sensor using Pd nanoparticle-capped ZnO (Pd/ZnO) nanorods as the anode is proposed. The Pd/ZnO nanorod-based sensors, compared with the bare ZnO nanorod, show lower breakdown voltage for the detected gases with good sensitivity and selectivity. Moreover, the sensors exhibit stable performance after more than 200 tests for both inert and active gases. The simple, low-cost, Pd/ZnO nanorod-based field-ionization gas sensors presented in this study have potential applications in the field of gas sensor devices
The emergence of global phase coherence from local pairing in underdoped cuprates
In conventional metal superconductors such as aluminum, the large number of
weakly bounded Cooper pairs become phase coherent as soon as they start to
form. The cuprate high critical temperature () superconductors, in
contrast, belong to a distinctively different category. To account for the high
, the attractive pairing interaction is expected to be strong and the
coherence length is short. Being doped Mott insulators, the cuprates are known
to have low superfluid density, thus are susceptible to phase fluctuations. It
has been proposed that pairing and phase coherence may occur separately in
cuprates, and corresponds to the phase coherence temperature controlled
by the superfluid density. To elucidate the microscopic processes of pairing
and phase ordering in cuprates, here we use scanning tunneling microscopy to
image the evolution of electronic states in underdoped . Even in the insulating sample, we observe a
smooth crossover from the Mott insulator to superconductor-type spectra on
small islands with chequerboard order and emerging quasiparticle interference
patterns following the octet model. Each chequerboard plaquette contains
approximately two holes, and exhibits a stripy internal structure that has
strong influence on the superconducting features. Across the insulator to
superconductor boundary, the local spectra remain qualitatively the same while
the quasiparticle interferences become long-ranged. These results suggest that
the chequerboard plaquette with internal stripes plays a crucial role on local
pairing in cuprates, and the global phase coherence is established once its
spatial occupation exceeds a threshold
Emergent normal fluid in the superconducting ground state of overdoped cuprates
The microscopic mechanism for the disappearance of superconductivity in
overdoped cuprates is still under heated debate. Here we use scanning tunneling
spectroscopy to investigate the evolution of quasiparticle interference
phenomenon in over a wide range of hole densities.
We find that when the system enters the overdoped regime, a peculiar
quasiparticle interference wavevector with quarter-circle pattern starts to
emerge even at zero bias, and its intensity grows with increasing doping level.
Its energy dispersion is incompatible with the octet model for d-wave
superconductivity, but is highly consistent with the scattering interference of
gapless normal carriers. The weight of the gapless quasiparticle interference
is mainly located at the antinodes and is independent of temperature. We
propose that the normal fluid emerges from the pair-breaking scattering between
flat antinodal bands in the quantum ground state, which is the primary cause
for the reduction of superfluid density and suppression of superconductivity in
overdoped cuprates
Particle-hole asymmetric superconducting coherence peaks in overdoped cuprates
To elucidate the superconductor to metal transition at the end of
superconducting dome, the overdoped regime has stepped onto the center stage of
cuprate research recently. Here, we use scanning tunneling microscopy to
investigate the atomic-scale electronic structure of overdoped trilayer Bi-2223
and bilayer Bi-2212 cuprates. At low energies the spectroscopic maps are well
described by dispersive quasiparticle interference patterns. However, as the
bias increases to the superconducting coherence peak energy, a virtually
non-dispersive pattern with sqrt(2)*sqrt(2) periodicity emerges. Remarkably,
the position of the coherence peaks exhibits evident particle-hole asymmetry
which also modulates with the same period. We propose that this is an extreme
quasiparticle interference phenomenon, caused by pairing-breaking scattering
between flat anti-nodal Bogoliubov bands, which is ultimately responsible for
the superconductor to metal transition.Comment: 15 pages, 4 figure
Charge redistribution, charge order and plasmon in LaSrCuO/LaCuO superlattices
Interfacial superconductors have the potential to revolutionize electronics,
quantum computing, and fundamental physics due to their enhanced
superconducting properties and ability to create new types of superconductors.
The emergence of superconductivity at the interface of
LaSrCuO/LaCuO (LSCO/LCO), with a T
enhancement of 10 K compared to the LaSrCuO bulk
single crystals, provides an exciting opportunity to study quantum phenomena in
reduced dimensions. To investigate the carrier distribution and excitations in
interfacial superconductors, we combine O K-edge resonant inelastic X-ray
scattering and atomic-resolved scanning transmission electron microscopy
measurements to study LaSrCuO/LaCuO
superlattices (x=0.15, 0.45) and bulk LaSrCuO films. We
find direct evidence of charge redistribution, charge order and plasmon in
LSCO/LCO superlattices. Notably, the observed behaviors of charge order and
plasmon deviate from the anticipated properties of individual constituents or
the average doping level of the superlattice. Instead, they conform
harmoniously to the effective doping, a critical parameter governed by the
T of interfacial superconductors.Comment: 8 pages, 5 figure
- …