Automated intrusion recovery for web applications

Thesis (Ph. D.)--Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (pages 93-97).In this dissertation, we develop recovery techniques for web applications and demonstrate that automated recovery from intrusions and user mistakes is practical as well as effective. Web applications play a critical role in users' lives today, making them an attractive target for attackers. New vulnerabilities are routinely found in web application software, and even if the software is bug-free, administrators may make security mistakes such as misconfiguring permissions; these bugs and mistakes virtually guarantee that every application will eventually be compromised. To clean up after a successful attack, administrators need to find its entry point, track down its effects, and undo the attack's corruptions while preserving legitimate changes. Today this is all done manually, which results in days of wasted effort with no guarantee that all traces of the attack have been found or that no legitimate changes were lost. To address this problem, we propose that automated intrusion recovery should be an integral part of web application platforms. This work develops several ideas-retroactive patching, automated UI replay, dependency tracking, patch-based auditing, and distributed repair-that together recover from past attacks that exploited a vulnerability, by retroactively fixing the vulnerability and repairing the system state to make it appear as if the vulnerability never existed. Repair tracks down and reverts effects of the attack on other users within the same application and on other applications, while preserving legitimate changes. Using techniques resulting from these ideas, an administrator can easily recover from past attacks that exploited a bug using nothing more than a patch fixing the bug, with no manual effort on her part to find the attack or track its effects. The same techniques can also recover from attacks that exploit past configuration mistakes-the administrator only has to point out the past request that resulted in the mistake. We built three prototype systems, WARP, POIROT, and AIRE, to explore these ideas. Using these systems, we demonstrate that we can recover from challenging attacks in real distributed web applications with little or no changes to application source code; that recovery time is a fraction of the original execution time for attacks with a few affected requests; and that support for recovery adds modest runtime overhead during the application's normal operation.by Ramesh Chandra.Ph.D

Aging in a topological spin glass

We have examined the nonconventional spin glass phase of the 2-dimensional kagome antiferromagnet (H_3 O) Fe_3 (SO_4)_2 (OH)_6 by means of ac and dc magnetic measurements. The frequency dependence of the ac susceptibility peak is characteristic of a critical slowing down at Tg ~ 18K. At fixed temperature below Tg, aging effects are found which obey the same scaling law as in spin glasses or polymers. However, in clear contrast with conventional spin glasses, aging is remarkably insensitive to temperature changes. This particular type of dynamics is discussed in relation with theoretical predictions for highly frustrated non-disordered systems.Comment: 4 pages, 4 figure

Random Matrix Theory for the Hermitian Wilson Dirac Operator and the chGUE-GUE Transition

We introduce a random two-matrix model interpolating between a chiral Hermitian (2n+nu)x(2n+nu) matrix and a second Hermitian matrix without symmetries. These are taken from the chiral Gaussian Unitary Ensemble (chGUE) and Gaussian Unitary Ensemble (GUE), respectively. In the microscopic large-n limit in the vicinity of the chGUE (which we denote by weakly non-chiral limit) this theory is in one to one correspondence to the partition function of Wilson chiral perturbation theory in the epsilon regime, such as the related two matrix-model previously introduced in refs. [20,21]. For a generic number of flavours and rectangular block matrices in the chGUE part we derive an eigenvalue representation for the partition function displaying a Pfaffian structure. In the quenched case with nu=0,1 we derive all spectral correlations functions in our model for finite-n, given in terms of skew-orthogonal polynomials. The latter are expressed as Gaussian integrals over standard Laguerre polynomials. In the weakly non-chiral microscopic limit this yields all corresponding quenched eigenvalue correlation functions of the Hermitian Wilson operator.Comment: 27 pages, 4 figures; v2 typos corrected, published versio

Finite-Temperature Transition into a Power-Law Spin Phase with an Extensive Zero-Point Entropy

We introduce an $xy$ generalization of the frustrated Ising model on a triangular lattice. The presence of continuous degrees of freedom stabilizes a {\em finite-temperature} spin state with {\em power-law} discrete spin correlations and an extensive zero-point entropy. In this phase, the unquenched degrees of freedom can be described by a fluctuating surface with logarithmic height correlations. Finite-size Monte Carlo simulations have been used to characterize the exponents of the transition and the dynamics of the low-temperature phase

Explicit solution of the quantum three-body Calogero-Sutherland model

Quantum integrable systems generalizing Calogero-Sutherland systems were introduced by Olshanetsky and Perelomov (1977). Recently, it was proved that for systems with trigonometric potential, the series in the product of two wave functions is a deformation of the Clebsch-Gordan series. This yields recursion relations for the wave functions of those systems. In this note, this approach is used to compute the explicit expressions for the three-body Calogero-Sutherland wave functions, which are the Jack polynomials. We conjecture that similar results are also valid for the more general two-parameters deformation introduced by Macdonald.Comment: 10 page

Detection of circumstellar material in a normal Type Ia Supernova

Type Ia supernovae are thought to be thermonuclear explosions of accreting white dwarfs that reach a critical mass limit. Despite their importance as cosmological distance indicators, the nature of their progenitors has remained controversial. Here we report the detection of circumstellar material in a normal Type Ia supernova. The expansion velocities, densities and dimensions of the circumstellar envelope indicate that this material was ejected from the progenitor system. The relatively low expansion velocities appear to favor a progenitor system where a white dwarf accretes material from a companion star which is in the red-giant phase at the time of explosion.Comment: 25 pages, 7 figures. Accepted for publication in Science. Full resolution version at http://www.hq.eso.org/~fpatat/science/sn06X/preprint.pdf . The original paper can be found at http://www.sciencemag.org/cgi/content/abstract/114300

DMD #22277 1 Metabolism, Pharmacokinetics and Excretion of a Cholesteryl Ester Transfer Protein Inhibitor, Torcetrapib, in Rats, Monkeys, and Mice: Characterization of Unusual and Novel Metabolites by High Resolution LC-MS/MS and 1 H NMR DMD #22277 2 IN V

Abstract 233 Introduction 51

A case of absent right and persistent left superior vena cava

BACKGROUND AND PURPOSE: Our case report deals with the importance of detailed echocardiographic examination for differential diagnosis of coronary sinus dilation and development of abnormalities of great thoracic veins. CASE PRESENTATION: A 49-year-old man underwent transthoracic echocardiography for atypical chest pain. A dilated coronary sinus was found and venous contrast echocardiography raised the suspicion of absent right and persistent left superior vena cava. Transesophageal echocardiography showed absence of right superior vena cava. The echocardiographic findings were confirmed by upper venous digital subtraction cavography. CONCLUSION: combination of agenesia of right SVC and isolated persistent left SVC in adult patients is a very rare abnormality. Both clinicians and sonographers should be alerted to the possible presence of this combined venous anomaly. Transthoracic echocardiograpy – including agitated saline infusion to the antecubital vein – is an important diagnostic tool for accurate diagnosis of this congenital thoracic venous malformation

Massive stars as thermonuclear reactors and their explosions following core collapse

Nuclear reactions transform atomic nuclei inside stars. This is the process of stellar nucleosynthesis. The basic concepts of determining nuclear reaction rates inside stars are reviewed. How stars manage to burn their fuel so slowly most of the time are also considered. Stellar thermonuclear reactions involving protons in hydrostatic burning are discussed first. Then I discuss triple alpha reactions in the helium burning stage. Carbon and oxygen survive in red giant stars because of the nuclear structure of oxygen and neon. Further nuclear burning of carbon, neon, oxygen and silicon in quiescent conditions are discussed next. In the subsequent core-collapse phase, neutronization due to electron capture from the top of the Fermi sea in a degenerate core takes place. The expected signal of neutrinos from a nearby supernova is calculated. The supernova often explodes inside a dense circumstellar medium, which is established due to the progenitor star losing its outermost envelope in a stellar wind or mass transfer in a binary system. The nature of the circumstellar medium and the ejecta of the supernova and their dynamics are revealed by observations in the optical, IR, radio, and X-ray bands, and I discuss some of these observations and their interpretations.Comment: To be published in " Principles and Perspectives in Cosmochemistry" Lecture Notes on Kodai School on Synthesis of Elements in Stars; ed. by Aruna Goswami & Eswar Reddy, Springer Verlag, 2009. Contains 21 figure

Safe distances between groundwater-based water wells and pit latrines at different hydrogeological conditions in the Ganges Atrai floodplains of Bangladesh.

BACKGROUND: Groundwater drawn from shallow tubewells in Bangladesh is often polluted by nearby pit latrines, which are commonly used toilets in rural and sub-urban areas of the country. METHODS: To determine the minimum safe distance of a tubewell from a pit latrine in different hydrogeological conditions of Bangladesh, 20 monitoring wells were installed at three study sites (Manda, Mohanpur and Bagmara) with the vertical and horizontal distances ranging from 18-47 to 2-15 m, respectively. Water samples were collected three times in three seasons and tested for faecal coliforms (FC) and faecal streptococci (FS) as indicators of contamination. Soil samples were analysed for texture, bulk density and hydraulic conductivity following standard procedures. Sediment samples were collected to prepare lithological logs. RESULTS: When the shallow aquifers at one of the three sites (Mohanpur) were overlained by 18-23-m-thick aquitards, the groundwater of the monitoring wells was found contaminated with a lateral and vertical distances of 2 and 31 m, respectively. However, where the aquitard was only 9 m thick, contamination was found up to lateral and vertical distances of 4.5 and 40.5 m, respectively. The soil textures of all the sites were mainly composed of loam and sandy loam. The hydraulic conductivities in the first aquifer at Manda, Mohanpur and Bagmara were 5.2-7.3, 8.2 and 1.4-15.7 m/h, respectively. CONCLUSIONS: The results showed that the safe distance from the tubewell to the pit latrine varied from site to site depending on the horizontal and vertical distances of the tubewell as well as hydrogeological conditions of a particular area