A Java Reference Model of Transacted Memory for Smart Cards

Transacted Memory offers persistence, undoability and auditing. We present a Java/JML Reference Model of the Transacted Memory system on the basis of our earlier separate Z model and C implementation. We conclude that Java/JML combines the advantages of a high level specification in the JML part (based on our Z model), with a detailed implementation in the Java part (based on our C implementation)

Evaluating the Fork-Awareness of Coverage-Guided Fuzzers

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the years, different approaches have been developed, and among the most popular lies the coverage-based one. It relies on the instrumentation of the system to generate inputs able to cover as much code as possible. The success of this approach is also due to its usability as fuzzing techniques research approaches that do not require (or only partial require) human interactions. Despite the efforts, devising a fully-automated fuzzer still seems to be a challenging task. Target systems may be very complex; they may integrate cryptographic primitives, compute and verify check-sums and employ forks to enhance the system security, achieve better performances or manage different connections at the same time. This paper introduces the fork-awareness property to express the fuzzer ability to manage systems using forks. This property is leveraged to evaluate 14 of the most widely coverage-guided fuzzers and highlight how current fuzzers are ineffective against systems using forks.Comment: Keywords: Fuzzing, Fork, Security Testing, Software Securit

Protocol state fuzzing of TLS implementations

We describe a largely automated and systematic analysis of TLS implementations by what we call ‘protocol state fuzzing’: we use state machine learning to infer state ma-chines from protocol implementations, using only black-box testing, and then inspect the inferred state machines to look for spurious behaviour which might be an indica-tion of flaws in the program logic. For detecting the pres-ence of spurious behaviour the approach is almost fully automatic: we automatically obtain state machines and any spurious behaviour is then trivial to see. Detecting whether the spurious behaviour introduces exploitable security weaknesses does require manual investigation. Still, we take the point of view that any spurious func-tionality in a security protocol implementation is danger-ous and should be removed. We analysed both server- and client-side implemen-tations with a test harness that supports several key ex-change algorithms and the option of client certificate au-thentication. We show that this approach can catch an interesting class of implementation flaws that is appar-ently common in security protocol implementations: in three of the TLS implementations analysed new security flaws were found (in GnuTLS, the Java Secure Socket Extension, and OpenSSL). This shows that protocol state fuzzing is a useful technique to systematically analyse security protocol implementations. As our analysis of different TLS implementations resulted in different and unique state machines for each one, the technique can also be used for fingerprinting TLS implementations.

Supervisor

Abstract. This thesis examines the current techniques in LTE-WiFi data handover. Handovers take place when a mobile device switches from one network to another. It is interesting to look at methods to offload the rather expensive mobile data connections to the cheaper WiFi (home) networks. This transition is usually not seamless. A good example is when you start a streaming video whilst on mobile data and a known WiFi network appears. Your mobile device automatically connects to the WiFi network and the streaming video stops. These so-called vertical handovers have not been made seamless yet. This thesis compares several techniques that operate on different layers of the OSI model. To facilitate vertical handover, it is useful to know how horizontal handovers work. This kind of handover occurs when, for example, a mobile phone switches from one cell tower to another. Contrary to vertical handover, horizontal handover occurs practically seamless. Horizontal handovers in both LTE and WiFi networks are discussed, to give a heads up for the problems that arise for vertical handovers. Vertical handovers can be done at different points in the OSI model. This thesis covers solutions that have been devised on a few of these layers. Th

Pretreatment with a 55-kDa Tumor Necrosis Factor Receptor-Immunoglobulin Fusion Protein Attenuates Activation of Coagulation, but not of Fibrinolysis, during Lethal Bacteremia in Baboons

Baboons (Papio anubis) receiving a lethal intravenous infusion with live Escherichia coli were pretreated with either a 55-kDa tumor necrosis factor (TNF) receptor-IgG fusion protein (TNFR55:IgG) (n = 4, 4.6 mg/kg) or placebo (n = 4). Neutralization of TNF activity in TNFR55:IgG-treated animals was associated with a complete prevention of mortality and a strong attenuation of coagulation activation as reflected by the plasma concentrations of thrombin-antithrombin III complexes (P < .05). Activation of fibrinolysis was not influenced by TNFR55:IgG (plasma tissue-type plasminogen activator and plasmin-a2-antiplasmin complexes), whereas TNFR55:IgG did inhibit the release of plasminogen activator inhibitor type I (P < .05). Furthermore, TNFR55:IgG inhibited neutrophil degranulation (plasma levels of elastase-α1-antitrypsin complexes, P < .05) and modestly reduced release of secretory phospholipase A2. These data suggest that endogenous TNF contributes to activation of coagulation, but not to stimulation of fibrinolysis, during severe bacteremi

Interaction and observation, categorically

This paper proposes to use dialgebras to specify the semantics of interactive systems in a natural way. Dialgebras are a conservative extension of coalgebras. In this categorical model, from the point of view that we provide, the notions of observation and interaction are separate features. This is useful, for example, in the specification of process equivalences, which are obtained as kernels of the homomorphisms of dialgebras. As an example we present the asynchronous semantics of the CCS.Comment: In Proceedings ICE 2011, arXiv:1108.014