The Impact of Experiential Education on Adolescent Development

This article summarizes the findings of a national study of 27 varied programs and concludes that experience-based educational programs can have a significant positive impact on the social, psychological, and intellectual development of adolescents

THE IMPACT OF EXPERIENTIAL EDUCATION ON ADOLESCENT DEVELOPMENT

This article summarizes the findings of a national study of 27 varied programs and concludes that experience-based educational programs can have a significant positive impact on the social, psychological, and intellectual development of adolescents

Paper Session I-B - Space Shuttle Payload Accommodations and Trends in Customer Demands

Current space policy limits the assignment of primary payloads on the Shuttle to those requiring manned presence or the unique capabilities of the Shuttle. While exceptions to these criteria have been allowed due to other compelling circumstances, it has essentially resulted in the removal of deployable satellites from the Shuttle manifest. In the pre-Challenger environment the Shuttle\u27s performance capabilities were efficiently utilized by co-manifesting NASA science experiments with commercial deployable satellites. The absence of these commercial payloads has resulted in a Shuttle manifest primarily oriented to science and technology payloads. The diverse on-orbit operational requirements of these payloads results in future shared cargo missions which are considerably lighter and more complex. This paper will review payload demands for Shuttle resources and services in the pre-Space Station Freedom (SSF) time frame. Requests for flight in both the Orbiter cargo bay and middeck will be considered. Factors limiting more efficient use of the Shuttle will also be discussed

Проблема преемственности преподавания информатики в средних учебных заведенях и медицинском вузе

ОБРАЗОВАНИЕ МЕДИЦИНСКОЕВУЗЫМЕДИЦИНСКИЕ УЧЕБНЫЕ ЗАВЕДЕНИЯСРЕДНИЕ СПЕЦИАЛЬНЫЕ УЧЕБНЫЕ ЗАВЕДЕНИЯИНФОРМАТИКА /ОБУ

Timing Aware Information Flow Security for a JavaCard-like Bytecode

AbstractCommon protection mechanisms fail to provide end-to-end security; programs with legitimate access to secret information are not prevented from leaking this to the world. Information-flow aware analyses track the flow of information through the program to prevent such leakages, but often ignore information flows through covert channels even though they pose a serious threat. A typical covert channel is to use the timing of certain events to carry information. We present a timing-aware information-flow type system for a low-level language similar to a non-trivial subset of a sequential Java bytecode. The type system is parameterized over the time model of the instructions of the language and over the algorithm enforcing low-observational equivalence, used in the prevention of implicit and timing flows

Securing Node-RED Applications

Trigger-Action Platforms (TAPs) play a vital role in fulfilling the promise of the Internet of Things (IoT) by seamlessly connecting otherwise unconnected devices and services. While enabling novel and exciting applications across a variety of services, security and privacy issues must be taken into consideration because TAPs essentially act as persons-in-the-middle between trigger and action services. The issue is further aggravated since the triggers and actions on TAPs are mostly provided by third parties extending the trust beyond the platform providers. Node-RED, an open-source JavaScript-driven TAP, provides the opportunity for users to effortlessly employ and link nodes via a graphical user interface. Being built upon Node.js, third-party developers can extend the platform’s functionality through publishing nodes and their wirings, known as flows. This paper proposes an essential model for Node-RED, suitable to reason about nodes and flows, be they benign, vulnerable, or malicious. We expand on attacks discovered in recent work, ranging from exfiltrating data from unsuspecting users to taking over the entire platform by misusing sensitive APIs within nodes. We present a formalization of a runtime monitoring framework for a core language that soundly and transparently enforces fine-grained allowlist policies at module-, API-, value-, and context-level. We introduce the monitoring framework for Node-RED that isolates nodes while permitting them to communicate via well-defined API calls complying with the policy specified for each node

SandTrap: Securing JavaScript-driven Trigger-Action Platforms

Trigger-Action Platforms (TAPs) seamlessly connect a wide variety of otherwise unconnected devices and services, ranging from IoT devices to cloud services and social networks. TAPs raise critical security and privacy concerns because a TAP is effectively a “person-in-the-middle” between trigger and action services. Third-party code, routinely deployed as “apps” on TAPs, further exacerbates these concerns. This paper focuses on JavaScript-driven TAPs. We show that the popular IFTTT and Zapier platforms and an open-source alternative Node-RED are susceptible to attacks ranging from exfiltrating data from unsuspecting users to taking over the entire platform. We report on the changes by the platforms in response to our findings and present an empirical study to assess the implications for Node-RED. Motivated by the need for a secure yet flexible way to integrate third-party JavaScript apps, we propose SandTrap, a novel JavaScript monitor that securely combines the Node.js vm module with fully structural proxy-based two-sided membranes to enforce fine-grained access control policies. To aid developers, SandTrap includes a policy generation mechanism. We instantiate SandTrap to IFTTT, Zapier, and Node-RED and illustrate on a set of benchmarks how SandTrap enforces a variety of policies while incurring a tolerable runtime overhead

Transmission through a quantum dot molecule embedded in an Aharonov-Bohm interferometer

We study theoretically the transmission through a quantum dot molecule embedded in the arms of an Aharonov-Bohm four quantum dot ring threaded by a magnetic flux. The tunable molecular coupling provides a transmission pathway between the interferometer arms in addition to those along the arms. From a decomposition of the transmission in terms of contributions from paths, we show that antiresonances in the transmission arise from the interference of the self-energy along different paths and that application of a magnetic flux can produce the suppression of such antiresonances. The occurrence of a period of twice the quantum of flux arises to the opening of transmission pathway through the dot molecule. Two different connections of the device to the leads are considered and their spectra of conductance are compared as a function of the tunable parameters of the model.Comment: 8 pages, 5 figure

A Machine-Checked Formalization of Sigma-Protocols

International audienceZero-knowledge proofs have a vast applicability in the domain of cryptography, stemming from the fact that they can be used to force potentially malicious parties to abide by the rules of a protocol, without forcing them to reveal their secrets. $\Sigma$-protocols are a class of zero-knowledge proofs that can be implemented efficiently and that suffice for a great variety of practical applications. This paper presents a first machine-checked formalization of a comprehensive theory of Sigma-protocols. The development includes basic definitions, relations between different security properties that appear in the literature, and general composability theorems. We show its usefulness by formalizing---and proving the security---of concrete instances of several well-known protocols. The formalization builds on CertiCrypt, a framework that provides support to reason about cryptographic systems in the Coq proof assistant, and that has been previously used to formalize security proofs of encryption and signature scheme