Detection and Exploitation of Information Flow Leaks

This thesis contributes to the field of language-based information flow analysis with a focus on detection and exploitation of information flow leaks in programs. To achieve this goal, this thesis presents a number of precise semi-automatic approaches that allow one to detect, exploit and judge the severity of information flow leaks in programs. The first part of the thesis develops an approach to detect and demonstrate information flow leaks in a program. This approach analyses a given program statically using symbolic execution and self-composition with the aim to generate so-called insecurity formulas whose satisfying models (obtained by SMT solvers) give rise to pairs of initial states that demonstrate insecure information flows. Based on these models, small unit test cases, so-called leak demonstrators, are created that check for the detected information flow leaks and fail if these exist. The developed approach is able to deal with unbounded loops and recursive method invocation by using program specifications like loop invariants or method contracts. This allows the approach to be fully precise (if needed) but also to abstract and allow for false positives in exchange for a higher degree of automation and simpler specifications. The approach supports several information flow security policies, namely, noninterference, delimited information release, and information erasure. The second part of the thesis builds upon the previous approach that allows the user to judge the severity of an information flow leak by exploiting the detected leaks in order to infer the secret information. This is achieved by utilizing a hybrid analysis which conducts an adaptive attack by performing a series of experiments. An experiment constitutes a concrete program run which serves to accumulate the knowledge about the secret. Each experiment is carried out with optimal low inputs deduced from the prior distribution and the knowledge of secret so that the potential leakage is maximized. We propose a novel approach to quantify information leakages as explicit functions of low inputs using symbolic execution and parametric model counting. Depending on the chosen security metric, general nonlinear optimization tools or Max-SMT solvers are used to find optimal low inputs, i.e., inputs that cause the program to leak a maximum of information. For the purpose of evaluation, both approaches have been fully implemented in the tool KEG, which is based on the state-of-the-art program verification system KeY. KEG supports a rich subset of sequential Java programs and generates executable JUnit tests as leak demonstrators. For the secret inference, KEG produces executable Java programs and runs them to perform the adaptive attack. The thesis discusses the planning, execution, and results of the evaluation. The evaluation has been performed on a collection of micro-benchmarks as well as two case studies, which are taken from the literature. The evaluation using the micro-benchmarks shows that KEG detects successfully all information flow leaks and is able to generate correct demonstrators in case the supplied specifications are correct and strong enough. With respect to secret inference, it shows that the approach presented in this thesis (which computes optimal low inputs) helps an attacker to learn the secret much more efficiently compared to approaches using arbitrary low inputs. KEG has also been evaluated in two case studies. The first case study is performed on an e-voting software which has been extracted in a simplified form from a real-world e-voting system. This case study focuses on the leak detection and demonstrator generation approach. The e-voting case study shows that KEG is able to deal with relatively complicated programs that include unbounded loops, objects, and arrays. Moreover, the case study demonstrates that KEG can be integrated with a specification generation tool to obtain both precision and full automation. The second case study is conducted on a PIN integrity checking program, adapted from a real-world ATM PIN verifying system. This case study mainly demonstrates the secret inference feature of KEG. It shows that KEG can help an attacker to learn the secret more efficiently given a good enough assumption about the prior distribution of secret

AGent: A Novel Pipeline for Automatically Creating Unanswerable Questions

The development of large high-quality datasets and high-performing models have led to significant advancements in the domain of Extractive Question Answering (EQA). This progress has sparked considerable interest in exploring unanswerable questions within the EQA domain. Training EQA models with unanswerable questions helps them avoid extracting misleading or incorrect answers for queries that lack valid responses. However, manually annotating unanswerable questions is labor-intensive. To address this, we propose AGent, a novel pipeline that automatically creates new unanswerable questions by re-matching a question with a context that lacks the necessary information for a correct answer. In this paper, we demonstrate the usefulness of this AGent pipeline by creating two sets of unanswerable questions from answerable questions in SQuAD and HotpotQA. These created question sets exhibit low error rates. Additionally, models fine-tuned on these questions show comparable performance with those fine-tuned on the SQuAD 2.0 dataset on multiple EQA benchmarks.Comment: 16 pages, 10 tables, 3 figure

zk-SNARKs from Codes with Rank Metrics

Succinct non-interactive zero-knowledge arguments of knowledge (zk-SNARKs) are a type of non-interactive proof system enabling efficient privacy-preserving proofs of membership for NP languages. A great deal of works has studied candidate constructions that are secure against quantum attackers, which are based on either lattice assumptions, or post-quantum collision-resistant hash functions. In this paper, we propose a code-based zk-SNARK scheme, whose security is based on the rank support learning (RSL) problem, a variant of the random linear code decoding problem in the rank metric. Our construction follows the general framework of Gennaro et al. (CCS\u2718), which is based on square span programs (SSPs). Due to the fundamental differences between the hardness assumptions, our proof of security cannot apply the techniques from the lattice-based constructions, and indeed, it distinguishes itself by the use of techniques from coding theory. We also provide the scheme with a set of concrete parameters

Crystal structure and Hirshfield surface analysis of 4-phenyl-3-(thio-phen-3-ylmeth-yl)-1<i>H</i>-1,2,4-triazole-5(4<i>H</i>)-thione.

In the title compound, C13H11N3S2, the phenyl ring is twisted from the 1,2,4-triazole plane by 63.35 (9)° and by 47.35 (9)° from the thio-phene plane. In the crystal, chains of mol-ecules running along the c-axis direction are formed by N-H⋯S inter-actions [graph-set motif C(4)]. The 1,2,4-triazole and phenyl rings are involved in π-π stacking inter-actions [centroid-centroid distance = 3.4553 (10) Å]. The thio-phene ring is involved in C-H⋯S and C-H⋯π inter-actions. The inter-molecular inter-actions in the crystal packing were further analysed using Hirshfield surface analysis, which indicates that the most significant contacts are H⋯H (35.8%), followed by S⋯H/H⋯S (26.7%) and C⋯H/H⋯C (18.2%)

Late Pleistocene-Holocene sequence stratigraphy of the subaqueous Red River delta and the adjacent shelf

The model of Late Pleistocene-Holocene sequence stratigraphy of the subaqueous Red River delta and the adjacent shelf is proposed by interpretation of high-resolution seismic documents and comparison with previous research results on Holocene sedimentary evolution on the delta plain. Four units (U1, U2, U3, and U4) and four sequence stratigraphic surfaces (SB1, TS, TRS and MFS) were determined. The formation of these units and surfaces is related to the global sea-level change in Late Pleistocene-Holocene. SB1, defined as the sequence boundary, was generated by subaerial processes during the Late Pleistocene regression and could be remolded partially or significantly by transgressive ravinement processes subsequently. The basal unit U1 (fluvial formations) within incised valleys is arranged into the lowstand systems tract (LST) formed in the early slow sea-level rise ~19-14.5 cal.kyr BP, the U2 unit is arranged into the early transgressive systems tract (E-TST) deposited mainly within incised-valleys under the tide-influenced river to estuarine conditions in the rapid sea-level rise ~14.5-9 cal.kyr BP, the U3 unit is arranged into the late transgressive systems tract (L-TST) deposited widely on the continental shelf in the fully marine condition during the late sea-level rise ~9-7 cal.kyr BP, and the U4 unit represents for the highstand systems tract (HST) with clinoform structure surrounding the modern delta coast, extending to the water depth of 25-30 m, developed by sediments from the Red River system in ~3-0 cal.kyr BP.ReferencesBadley M.E., 1985. Practical Seismic Interpretation. International Human Resources Development Corporation, Boston, 266p.Bergh  G.D. V.D., Van Weering T.C.E., Boels J.F., Duc D.M, Nhuan M.T, 2007. Acoustical facies analysis at the Ba Lat delta front (Red River delta, North Vietnam. Journal of Asian Earth Science, 29, 532-544.Boyd R., Dalrymple R., Zaitlin B.A., 1992. Classification of Elastic Coastal Depositional Environments. Sedimentary Geology, 80, 139-150.Catuneanu O., 2002. Sequence stratigraphy of clastic systems: concepts, merits, and pitfalls. Journal of African Earth Sciences, 35, 1-43.Catuneanu O., 2006. Principles of Sequence Stratigraphy. Elsevier, Amsterdam, 375p.Catuneanu O., Abreu V., Bhattacharya J.P., Blum M.D., Dalrymple R.W., Eriksson P.G., Fielding C.R., Fisher W.L., Galloway W.E., Gibling M.R., Giles K.A., Holbrook J.M., Jordan R., Kendall C.G. St. C., Macurda B., Martinsen O.J., Miall A.D., Neal J.E., Nummedal D., Pomar L., Posamentier H.W., Pratt B.R., Sarg J.F., Shanley K.W., Steel R. J., Strasser A., Tucker M.E., Winker C., 2009. Towards the standardization of sequence stratigraphy. Earth-Science Reviews, 92, 1-33.Catuneanu O., Galloway W.E., Kendall C.G. St C., Miall A.D., Posamentier H.W., Strasser A. and Tucker M.. E., 2011. Sequence Stratigraphy: Methodology and Nomenclature. Newsletters on Stratigraphy, 44(3), 173-245.Coleman J.M and Wright L.D., 1975. Modern river deltas: variability of processes and sand bodies. In: Broussard M.L (Ed), Deltas: Models for exploration. Houston Geological Society, Houston, 99-149.Doan Dinh Lam, 2003. History of Holocene sedimentary evolution of the Red River delta. PhD thesis in Vietnam, 129p (in Vietnamese).Duc D.M., Nhuan M.T, Ngoi C.V., Nghi T., Tien D.M., Weering J.C.E., Bergh G.D., 2007. Sediment distribution and transport at the nearshore zone of the Red River delta, Northern Vietnam. Journal of Asian Earth Sciences, 29, 558-565.Dung B.V., Stattegger K., Unverricht D., Phach P.V., Nguyen T.T., 2013. Late Pleistocene-Holocene seismic stratigraphy of the Southeast Vietnam Shelf. Global and Planetary Change, 110, 156-169.Embry A.F and Johannessen E.P., 1992. T-R sequence stratigraphy, facies analysis and reservoir distribution in the uppermost Triassic-Lower Jurassic succession, western Sverdrup Basin, Arctic Canada. In: Vorren T.O., Bergsager E., Dahl-Stamnes O.A., Holter E., Johansen B., Lie E., Lund T.B. (Eds.), Arctic Geology and Petroleum Potential. Special Publication. Norwegian Petroleum Society (NPF), 2, 121-146.Funabiki A., Haruyama S.,  Quy N.V., Hai P.V., Thai D.H., 2007. Holocene delta plain development in the Song Hong (Red River) delta, Vietnam. Journal of Asian Earth Sciences, 30, 518-529.General Department of Land Administration., 1996. Vietnam National Atlas. General Department of Land Administration, Hanoi, 163p.Hanebuth T.J.J. and Stattegger K., 2004. Depositional sequences on a late Pleistocene-Holocene tropical siliciclastic shelf (Sunda shelf, Southeast Asia). Journal of Asian Earth Sciences, 23, 113-126.Hanebuth T.J.J., Voris H.K.., Yokoyama Y., Saito Y., Okuno J., 2011. Formation and fate of sedimentary depocenteres on Southeast Asia’s Sunda Shelf over the past sea-level cycle and biogeographic implications. Eath-Science Reviews, 104, 92-110.Hanebuth T., Stattegger K and Grootes P. M., 2000. Rapid flooding of the Sunda Shelf: a late-glacial sea-level record. Science, 288, 1033-1035.Helland-Hansen W and Gjelberg, J.G., 1994. Conceptual basis and variability in sequence stratigraphy: a different perspective. Sedimentary Geology, 92, 31-52.Hori K., Tanabe S., Saito Y., Haruyama S., Nguyen V., Kitamura., 2004. Delta initiation and Holocene sea-level change: example from the Song Hong (Red River) delta, Vietnam. Sedimentary Geology, 164, 237-249.Hunt D. and Tucker M.E., 1992. Stranded parasequences and the forced regressive wedge systems tract: deposition during base-level fall. Sedimentology Geology, 81, 1-9.Hunt D. and Tucker M.E., 1995. Stranded parasequences and the forced regressive wedge systems tract: deposition during base-level fall-reply. Sedimentary Geology, 95, 147-160.Lam D.D. and Boyd W.E., 2000. Holocene coastal stratigraphy and model for the sedimentary development of the Hai Phong area in the Red River delta, north Vietnam. Journal of Geology (Series B), 15-16, 18-28.Lieu N.T.H., 2006. Holocene evolution of the Central Red River Delta, Northern Vietnam. PhD thesis of lithological and mineralogical in Germany, 130p.Luu T.N.M., Garnier J., Billen G., Orange D., Némery J., Le T.P.Q., Tran H.T., Le L.A., 2010. Hydrological regime and water budget of the Red River Delta (Northern Vietnam). Journal of Asian Earth Sciences, 37, 219-228.Mather S.J., Davies J., Mc Donal A., Zalasiewicz J.A., and Marsh S., 1996. The Red River Delta of Vietnam. British Geological Survey Technical Report WC/96/02, 41p.Mathers S.J. and Zalasiewicz J.A.,1999. Holocene sedimentary architecture of the Red River delta, Vietnam. Journal of Coastal Research, 15, 314-325.Milliman J.D. and Mead R.H., 1983. Worldwide delivery of river sediment to the oceans. Journal of Geology, 91, 1-21.Milliman J.D and Syvitski J.P.M., 1992. Geomorphic/tectonic control of sediment discharge to the Ocean: the importance of small mountainous rivers. Journal of Geology, 100, 525-544.Mitchum Jr. R.M., Vail P.R., 1977. Seismic stratigraphy and global changes of sea-level. Part 7: stratigraphic interpretation of seismic reflection patterns in depositional sequences. In: Payton C.E. (Ed.), Seismic Stratigraphy-Applications to Hydrocarbon Exploration, A.A.P.G. Memoir, 26, 135-144.Nguyen T.T., 2017. Late Pleistocene-Holocene sedimentary evolution of the South East Vietnam Shelf, PhD thesis (in Vietnamese), Hanoi University of Science, Vietnam, 169p.Nummedal D., Riley G.W., Templet P.T., 1993. High-resolution sequence architecture: a chronostratigraphic model based on equilibrium profile studies. In: Posamentier H.W., Summerhayes C.P., Haq B.U., Allen G.P. (Eds.), Sequence stratigraphy and Facies Associations. International Association of Sedimentologists Special Publication, 18, 55-58.Posamentier H.W. and Allen G.P., 1999. Siliciclastic sequence stratigraphy: concepts and applications. SEPM Concepts in Sedimentology and Paleontology, 7, 210p.Posamentier H.W., Jervey M.T. and Vail P.R., 1988. Eustatic controls on clastic deposition I-Conceptual framework. Sea-level changes-An Integrated Approach, The Society of Economic Paleontologists and Mineralogist. SEPM Special Publication, 42, 109-124.Reineck H.E., Singh I.B., 1980. Depositional sedimentary environments with reference to terrigenous clastics. Springer-Verlag Berlin Heidelberg New York, 551p. Ross K., 2011. Fate of Red River Sediment in the Gulf of Tonkin, Vietnam. Master Thesis. North Carolina State University, 91p.Saito Y., Katayama H., Ikehara K., Kato Y., Matsumoto E., Oguri K., Oda M., Yumoto M. 1998. Transgressive and highstand systems tracts and post-glacial transgression, the East China Sea. Sedimentary Geology, 122, 217-232.Stattegger K., Tjallingii R., Saito Y., Michelli M., Nguyen T.T., Wetzel A., 2013. Mid to late Holocene sea-level reconstruction of Southeast Vietnam using beachrock and beach-ridge deposits. Global and Planetary Change, 110, 214-222.Tanabe S., Hori K., Saito Y., Haruyama S., Doanh L.Q., Sato Y., Hiraide S., 2003a. Sedimentary facies and radiocarbon dates of the Nam Dinh-1 core from the Song Hong (Red River) delta, Vietnam. Journal of Asian Earth Sciences, 21, 503-513.Tanabe S., Hori K., Saito Y., Haruyama S., Phai V.V., Kitamura A., 2003b. Song Hong (Red River) delta evolution related to millennium-scale Holocene sea-level changes. Quaternary Science Reviews, 22(21-22), 2345-2361.Tanabe S., Saito Y., Lan V.Q., Hanebuth T.J.J., Lan N.Q., Kitamura A., 2006. Holocene evolution of the Song  Hong  (Red  River) delta system,  northern Vietnam. Sedimentary Geology, 187, 29-61.Thanh T.D. and Huy D.V., 2000. Coastal development of the modern Red River Delta. Bulletin of the Geological Survey of Japan, 5, 276.Tjallingii R., Stattegger K., Wetzel A., Phung VP., 2010. Infilling and flooding of the Mekong River incised valley during deglacial sea-level rise. Quaternary Science Reviews, 29, 1432-1444.Vail P.R., 1987. Seismic stratigraphy interpretation procedure. In: Bally, A.W. (Ed), Atlats of Seismic Stratigraphy. American Association of Petroleum Geologist Studies in Geology, 27, 1-10.Van Wagoner J.C., Posamentier H.W., Mitchum R.M., Vail P.R., Sarg P.R., Louit J.F., Hardenbol J., 1988. An overview of the fundamental of sequence stratigraphy and key definitions. An Integrated Approach, SEPM Special Publication, 42, 39-45.Veeken P.C.H., 2006. Seismic stratigraphy Basin Analysis and Reservoir Characterization. Handbook of geophysical exploration, Elsevier, Oxford, 37509p.Yoo D.G., Kim S.P., Chang T.S., Kong G.S., Kang N.K., Kwon Y.K., Nam S.L., Park S.C., 2014. Late Quaternary inner shelf deposits in response to late Pleistocene-Holocene sea-level changes: Nakdong River, SE Korea. Quaternary International, 344, 156-169.  

Safety and efficacy of fluoxetine on functional outcome after acute stroke (AFFINITY): a randomised, double-blind, placebo-controlled trial

Background Trials of fluoxetine for recovery after stroke report conflicting results. The Assessment oF FluoxetINe In sTroke recoverY (AFFINITY) trial aimed to show if daily oral fluoxetine for 6 months after stroke improves functional outcome in an ethnically diverse population. Methods AFFINITY was a randomised, parallel-group, double-blind, placebo-controlled trial done in 43 hospital stroke units in Australia (n=29), New Zealand (four), and Vietnam (ten). Eligible patients were adults (aged ≥18 years) with a clinical diagnosis of acute stroke in the previous 2–15 days, brain imaging consistent with ischaemic or haemorrhagic stroke, and a persisting neurological deficit that produced a modified Rankin Scale (mRS) score of 1 or more. Patients were randomly assigned 1:1 via a web-based system using a minimisation algorithm to once daily, oral fluoxetine 20 mg capsules or matching placebo for 6 months. Patients, carers, investigators, and outcome assessors were masked to the treatment allocation. The primary outcome was functional status, measured by the mRS, at 6 months. The primary analysis was an ordinal logistic regression of the mRS at 6 months, adjusted for minimisation variables. Primary and safety analyses were done according to the patient's treatment allocation. The trial is registered with the Australian New Zealand Clinical Trials Registry, ACTRN12611000774921. Findings Between Jan 11, 2013, and June 30, 2019, 1280 patients were recruited in Australia (n=532), New Zealand (n=42), and Vietnam (n=706), of whom 642 were randomly assigned to fluoxetine and 638 were randomly assigned to placebo. Mean duration of trial treatment was 167 days (SD 48·1). At 6 months, mRS data were available in 624 (97%) patients in the fluoxetine group and 632 (99%) in the placebo group. The distribution of mRS categories was similar in the fluoxetine and placebo groups (adjusted common odds ratio 0·94, 95% CI 0·76–1·15; p=0·53). Compared with patients in the placebo group, patients in the fluoxetine group had more falls (20 [3%] vs seven [1%]; p=0·018), bone fractures (19 [3%] vs six [1%]; p=0·014), and epileptic seizures (ten [2%] vs two [<1%]; p=0·038) at 6 months. Interpretation Oral fluoxetine 20 mg daily for 6 months after acute stroke did not improve functional outcome and increased the risk of falls, bone fractures, and epileptic seizures. These results do not support the use of fluoxetine to improve functional outcome after stroke

Detection and Exploitation of Information Flow Leaks

This thesis contributes to the field of language-based information flow analysis with a focus on detection and exploitation of information flow leaks in programs. To achieve this goal, this thesis presents a number of precise semi-automatic approaches that allow one to detect, exploit and judge the severity of information flow leaks in programs. The first part of the thesis develops an approach to detect and demonstrate information flow leaks in a program. This approach analyses a given program statically using symbolic execution and self-composition with the aim to generate so-called insecurity formulas whose satisfying models (obtained by SMT solvers) give rise to pairs of initial states that demonstrate insecure information flows. Based on these models, small unit test cases, so-called leak demonstrators, are created that check for the detected information flow leaks and fail if these exist. The developed approach is able to deal with unbounded loops and recursive method invocation by using program specifications like loop invariants or method contracts. This allows the approach to be fully precise (if needed) but also to abstract and allow for false positives in exchange for a higher degree of automation and simpler specifications. The approach supports several information flow security policies, namely, noninterference, delimited information release, and information erasure. The second part of the thesis builds upon the previous approach that allows the user to judge the severity of an information flow leak by exploiting the detected leaks in order to infer the secret information. This is achieved by utilizing a hybrid analysis which conducts an adaptive attack by performing a series of experiments. An experiment constitutes a concrete program run which serves to accumulate the knowledge about the secret. Each experiment is carried out with optimal low inputs deduced from the prior distribution and the knowledge of secret so that the potential leakage is maximized. We propose a novel approach to quantify information leakages as explicit functions of low inputs using symbolic execution and parametric model counting. Depending on the chosen security metric, general nonlinear optimization tools or Max-SMT solvers are used to find optimal low inputs, i.e., inputs that cause the program to leak a maximum of information. For the purpose of evaluation, both approaches have been fully implemented in the tool KEG, which is based on the state-of-the-art program verification system KeY. KEG supports a rich subset of sequential Java programs and generates executable JUnit tests as leak demonstrators. For the secret inference, KEG produces executable Java programs and runs them to perform the adaptive attack. The thesis discusses the planning, execution, and results of the evaluation. The evaluation has been performed on a collection of micro-benchmarks as well as two case studies, which are taken from the literature. The evaluation using the micro-benchmarks shows that KEG detects successfully all information flow leaks and is able to generate correct demonstrators in case the supplied specifications are correct and strong enough. With respect to secret inference, it shows that the approach presented in this thesis (which computes optimal low inputs) helps an attacker to learn the secret much more efficiently compared to approaches using arbitrary low inputs. KEG has also been evaluated in two case studies. The first case study is performed on an e-voting software which has been extracted in a simplified form from a real-world e-voting system. This case study focuses on the leak detection and demonstrator generation approach. The e-voting case study shows that KEG is able to deal with relatively complicated programs that include unbounded loops, objects, and arrays. Moreover, the case study demonstrates that KEG can be integrated with a specification generation tool to obtain both precision and full automation. The second case study is conducted on a PIN integrity checking program, adapted from a real-world ATM PIN verifying system. This case study mainly demonstrates the secret inference feature of KEG. It shows that KEG can help an attacker to learn the secret more efficiently given a good enough assumption about the prior distribution of secret