SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities

Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of an application is significantly higher than the respective average case for particular user-controlled inputs. When such conditions are met, an attacker can launch Denial-of-Service attacks against a vulnerable application by providing inputs that trigger the worst-case behavior. Such attacks have been known to have serious effects on production systems, take down entire websites, or lead to bypasses of Web Application Firewalls. Unfortunately, existing detection mechanisms for algorithmic complexity vulnerabilities are domain-specific and often require significant manual effort. In this paper, we design, implement, and evaluate SlowFuzz, a domain-independent framework for automatically finding algorithmic complexity vulnerabilities. SlowFuzz automatically finds inputs that trigger worst-case algorithmic behavior in the tested binary. SlowFuzz uses resource-usage-guided evolutionary search techniques to automatically find inputs that maximize computational resource utilization for a given application.Comment: ACM CCS '17, October 30-November 3, 2017, Dallas, TX, US

Phase oscillations in superfluid 3He-B weak links

Oscillations in quantum phase about a mean value of $\pi$, observed across micropores connecting two \helium baths, are explained in a Ginzburg-Landau phenomenology. The dynamics arises from the Josephson phase relation,the interbath continuity equation, and helium boundary conditions. The pores are shown to act as Josephson tunnel junctions, and the dynamic variables are the inter bath phase difference and fractional difference in superfluid density at micropores. The system maps onto a non-rigid, momentum-shortened pendulum, with inverted-orientation oscillations about a vertical tilt angle $\phi = \pi$, and other modes are predicted

X - Ray Flares and Their Connection With Prompt Emission in GRBs

We use a wavelet technique to investigate the time variations in the light curves from a sample of GRBs detected by Fermi and Swift. We focus primarily on the behavior of the flaring region of Swift-XRT light curves in order to explore connections between variability time scales and pulse parameters (such as rise and decay times, widths, strengths, and separation distributions) and spectral lags. Tight correlations between some of these temporal features suggest a common origin for the production of X-ray flares and the prompt emission.Comment: 7th Huntsville Gamma-Ray Burst Symposium, GRB 2013: paper 15 in eConf Proceedings C130414