Proof-Producing Symbolic Execution for Binary Code Verification

We propose a proof-producing symbolic execution for verification of machine-level programs. The analysis is based on a set of core inference rules that are designed to give control over the tradeoff between preservation of precision and the introduction of overapproximation to make the application to real world code useful and tractable. We integrate our symbolic execution in a binary analysis platform that features a low-level intermediate language enabling the application of analyses to many different processor architectures. The overall framework is implemented in the theorem prover HOL4 to be able to obtain highly trustworthy verification results. We demonstrate our approach to establish sound execution time bounds for a control loop program implemented for an ARM Cortex-M0 processor

SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing

Confidential computing allows processing sensitive workloads in securely isolated spaces. Following earlier adop- tion of process-based approaches to isolation, vendors are now enabling hardware and firmware support for virtualization-based confidential computing on several server platforms. Due to variations in the technology stack, threat model, implemen-tation and functionality, the available solutions offer somewhat different capabilities, trade-offs and security guarantees. In this paper we review, compare and contextualize four virtualization-based confidential computing technologies for enterprise server platforms - AMD SEV, ARM CCA, IBM PEF and Intel TDX

Обнаружение дефектов подшипников электрических машин с помощью современных методов контроля

Материалы XIII Междунар. науч.-техн. конф. (науч. чтения, посвящ. 125-летию со дня рождения П. О. Сухого), Гомель, 22 окт. 2020 г

NS-Raubgut und Restitution in Bibliotheken - Ausbildungsinhalte für Informationsfachleute

60 Jahre nach Ende des Zweiten Weltkrieges und der nationalsozialistischen Herrschaft befindet sich noch immer NS-Raubgut im Bestand deutscher Bibliotheken. In der vorliegenden Bachelorarbeit wird eine Übersicht zur Thematik „NS-Raubgut und Restitution in Bibliotheken“ erarbeitet. Dies geschieht mit dem Ziel, im weiteren Verlauf der Arbeit aufzuzeigen, wie diese Inhalte in die Ausbildung von Informationsfachleuten integriert werden können. Nach einer Einführung in den Themenkomplex erfolgt zunächst eine Statusermittlung des derzeitigen Umgangs mit der Thematik innerhalb der Ausbildung von Informationsfachleuten an deutschen Hochschulen. Darauf aufbauend werden Vorlesungsinhalte erarbeitet, die sich für die Vermittlung in der Ausbildung eignen. Die Betrachtung möglicher Vermittlungsformen ist ebenfalls enthalten

On Compositional Information Flow Aware Refinement

The concepts of information flow security and refinement are known to have had a troubled relationship ever since the seminal work of McLean. In this work we study refinements that support changes in data representation and semantics, including the addition of state variables that may induce new observational power or side channels. We propose a new epistemic approach to ignorance-preserving refinement where an abstract model is used as a specification of a system’s permitted information flows, that may include the declassification of secret information. The core idea is to require that refinement steps must not induce observer knowledge that is not already available in the abstract model. Our study is set in the context of a class of shared variable multi-agent models similar to interpreted systems in epistemic logic. We demonstrate the expressiveness of our framework through a series of small examples and compare our approach to existing, stricter notions of information-flow secure refinement based on bisimulations and noninterference preservation. Interestingly, noninterference preservation is not supported “out of the box” in our setting, because refinement steps may introduce new secrets that are independent of secrets already present at abstract level. To support verification, we first introduce a “cube-shaped” unwinding condition related to conditions recently studied in the context of value-dependent noninterference, kernel verification, and secure compilation. A fundamental problem with ignorance-preserving refinement, caused by the support for general data and observation refinement, is that sequential composability is lost. We propose a solution based on relational pre- and post-conditions and illustrate its use together with unwinding on the oblivious RAM construction of Chung and Pass