Transient kinetic studies and microkinetic modeling of primary olefin formation from dimethyl ether over ZSM-5 catalysts

The formation of primary olefins from dimethyl ether (DME) was studied over ZSM-5 catalysts at 300°C using a novel step response methodology in a temporal analysis of products (TAP) reactor. For the first time, the TAP reactor framework was used to conduct single- and multiple-step response cycles of DME (balance argon) over a shallow bed with the continuous flow panel. Propylene is the major primary olefin and portrays an S-shaped profile with a preceding induction period when it is not observed in the gas phase. Methanol and water portray overshoot profiles due to their different rates of generation and consumption. DME effluent shows a rapid rise halfway to its steady-state value leading to a slow rise thereafter because of its high desorption rates followed by subsequent reactions involving DME in further steps during the induction period. To analyze the experimental data quantitatively, nine reaction schemes were compared, and kinetic parameters were obtained by solving a transient plug flow reactor model with coupled dispersion, convection, adsorption, desorption, and reaction steps. The methoxymethyl pathway involving dimethoxyethane and methyl propenyl ether gives the closest match to experimental data in agreement with recent density functional theory studies. Gaseous dispersion coefficients of ca. 10−9 m2 s−1 were obtained in the TAP reactor. The novel experimental data validated against the transient kinetic model suggests that after the formation of initial species, the bottleneck in propylene formation is the transformation of the initial C–C bond, that is dimethoxyethane formed initially from DME and methoxymethyl groups. DME adsorption on ZSM-5 catalyst generates surface methoxy groups, which further react with the feed to give methoxymethyl groups. These methoxymethyl groups are regenerated through a series of reactions involving intermediates such as dimethoxymethane and methyl propenyl ether before propylene formation

Influence of precursors on the induction period and transition regime of dimethyl ether conversion to hydrocarbons over ZSM-5 catalysts

ZSM-5 catalysts were subjected to step response cycles of dimethyl ether (DME) at 300 °C in a temporal analysis of products (TAP) reactor. Propylene is the major olefin and displays an S-shaped profile. A 44-min induction period occurs before primary propylene formation and is reduced upon subsequent step response cycles. The S-shaped profile was interpreted according to induction, transition-regime and steady-state stages to investigate hydrocarbon formation from DME. The influence of precursors (carbon monoxide, hydrogen, dimethoxymethane, and 1,5-hexadiene) was studied using a novel consecutive step response methodology in the TAP reactor. Addition of dimethoxymethane, carbon monoxide, hydrogen or 1,5-hexadiene reduces the induction period of primary olefin formation. However, while dimethoxymethane, carbon monoxide and hydrogen accelerate the transition-regime towards hydrocarbon pool formation, 1,5-hexadiene attenuates it. Heavier hydrocarbons obtained from 1,5-hexadiene compete for active sites during secondary olefin formation. A phenomenological evaluation of multiple parameters is presented

VPS: Excavating high-level C++ constructs from low-level binaries to protect dynamic dispatching

Polymorphism and inheritance make C++ suitable for writing complex software, but significantly increase the attack surface because the implementation relies on virtual function tables (vtables). These vtables contain function pointers that attackers can potentially hijack and in practice, vtable hijacking is one of the most important attack vector for C++ binaries. In this paper, we present VTable Pointer Separation (vps), a practical binary-level defense against vtable hijacking in C++ applications. Unlike previous binary-level defenses, which rely on unsound static analyses to match classes to virtual callsites, vps achieves a more accurate protection by restricting virtual callsites to validly created objects. More specifically, vps ensures that virtual callsites can only use objects created at valid object construction sites, and only if those objects can reach the callsite. Moreover, vps explicitly prevents false positives (falsely identified virtual callsites) from breaking the binary, an issue existing work does not handle correctly or at all. We evaluate the prototype implementation of vps on a diverse set of complex, real-world applications (MongoDB, MySQL server, Node.js, SPEC CPU2017/CPU2006), showing that our approach protects on average 97.8% of all virtual callsites in SPEC CPU2006 and 97.4% in SPEC CPU2017 (all C++ benchmarks), with a moderate performance overhead of 11% and 9% geomean, respectively. Furthermore, our evaluation reveals 86 false negatives in VTV, a popular source-based defense which is part of GCC

Devil is Virtual: Reversing Virtual Inheritance in C++ Binaries

Complexities that arise from implementation of object-oriented concepts in C++ such as virtual dispatch and dynamic type casting have attracted the attention of attackers and defenders alike. Binary-level defenses are dependent on full and precise recovery of class inheritance tree of a given program. While current solutions focus on recovering single and multiple inheritances from the binary, they are oblivious to virtual inheritance. Conventional wisdom among binary-level defenses is that virtual inheritance is uncommon and/or support for single and multiple inheritances provides implicit support for virtual inheritance. In this paper, we show neither to be true. Specifically, (1) we present an efficient technique to detect virtual inheritance in C++ binaries and show through a study that virtual inheritance can be found in non-negligible number (more than 10\% on Linux and 12.5\% on Windows) of real-world C++ programs including Mysql and libstdc++. (2) we show that failure to handle virtual inheritance introduces both false positives and false negatives in the hierarchy tree. These false positves and negatives either introduce attack surface when the hierarchy recovered is used to enforce CFI policies, or make the hierarchy difficult to understand when it is needed for program understanding (e.g., during decompilation). (3) We present a solution to recover virtual inheritance from COTS binaries. We recover a maximum of 95\% and 95.5\% (GCC -O0) and a minimum of 77.5\% and 73.8\% (Clang -O2) of virtual and intermediate bases respectively in the virtual inheritance tree.Comment: Accepted at CCS20. This is a technical report versio