Stash in a Flash

Encryption is a useful tool to protect data confidentiality. Yet it is still challenging to hide the very presence of encrypted, secret data from a powerful adversary. This paper presents a new technique to hide data in flash by manipulating the voltage level of pseudo-randomlyselected flash cells to encode two bits (rather than one) in the cell. In this model, we have one “public” bit interpreted using an SLC-style encoding, and extract a private bit using an MLC-style encoding. The locations of cells that encode hidden data is based on a secret key known only to the hiding user. Intuitively, this technique requires that the voltage level in a cell encoding data must be (1) not statistically distinguishable from a cell only storing public data, and (2) the user must be able to reliably read the hidden data from this cell. Our key insight is that there is a wide enough variation in the range of voltage levels in a typical flash device to obscure the presence of fine-grained changes to a small fraction of the cells, and that the variation is wide enough to support reliably re-reading hidden data. We demonstrate that our hidden data and underlying voltage manipulations go undetected by support vector machine based supervised learning which performs similarly to a random guess. The error rates of our scheme are low enough that the data is recoverable months after being stored. Compared to prior work, our technique provides 24x and 50x higher encoding and decoding throughput and doubles the capacity, while being 37x more power efficient

The impact of corporate philanthropy on reputation for corporate social performance

This study seeks to examine the mechanisms by which a corporation’s use of philanthropy affects its reputation for corporate social performance (CSP), which the authors conceive of as consisting of two dimensions: CSP awareness and CSP perception. Using signal detection theory (SDT), the authors model signal amplitude (the amount contributed), dispersion (number of areas supported), and consistency (presence of a corporate foundation) on CSP awareness and perception. Overall, this study finds that characteristics of firms' portfolio of philanthropic activities are a greater predictor of CSP awareness than of CSP perception. Awareness increases with signal amplitude, dispersion, and consistency. CSP perception is driven by awareness and corporate reputation. The authors’ contention that corporate philanthropy is a complex variable is upheld, as we find that CSP signal characteristics influence CSP awareness and perception independently and asymmetrically. The authors conclude by proposing avenues for future research

An Emerging Picture of Neoproterozoic Ocean Chemistry: Insights from the Chuar Group, Grand Canyon, USA

Detailed iron, sulfur and carbon chemistry through the > 742 million year old ChuarGroup reveals a marine basin dominated by anoxic and ferrous iron-rich (ferruginous) bottom waters punctuated, late in the basin's development, by an intrusion of sulfide-rich (euxinic) conditions. The observation that anoxia occurred frequently in even the shallowest of Chuar environments (10s of meters or less) suggests that global atmospheric oxygen levels were significantly lower than today. In contrast, the transition from ferruginous to euxinic subsurface water is interpreted to reflect basinal control—specifically, increased export of organic carbon from surface waters. Low fluxes of organic carbon into subsurface water masses should have been insufficient to deplete oxygen via aerobic respiration, resulting in an oxic oxygen minimum zone (OMZ). Where iron was available, larger organic carbon fluxes should have depleted oxygen and facilitated anaerobic respiration using ferric iron as the oxidant, with iron carbonate as the expected mineralogical signature in basinal shale. Even higher organic fluxes would, in turn, have depleted ferric iron and up-regulated anaerobic respiration by sulfate reduction, reflected in high pyrite abundances. Observations from the ChuarGroup are consistent with these hypotheses, and gain further support from pyrite and sulfate sulfur isotope abundances. In general, Chuar data support the hypothesis that ferruginous subsurface waters returned to the oceans, replacing euxinia, well before the Ediacaran emergence of persistently oxygenated conditions, and even predating the Sturtian glaciation. Moreover, our data suggest that the reprise of ferruginous water masses may relate to widespread rifting during the break-up of Rodinia. This environmental transition, in turn, correlates with both microfossil and biomarker evidence for an expanding eukaryotic presence in the oceans, suggesting a physiologically mediated link among tectonics, environmental chemistry and life in the dynamic Neoproterozoic Earth system.Earth and Planetary Science

A Praise for Defensive Programming: Leveraging Uncertainty for Effective Malware Mitigation

A promising avenue for improving the effectiveness of behavioral-based malware detectors would be to combine fast traditional machine learning detectors with high-accuracy, but time-consuming deep learning models. The main idea would be to place software receiving borderline classifications by traditional machine learning methods in an environment where uncertainty is added, while software is analyzed by more time-consuming deep learning models. The goal of uncertainty would be to rate-limit actions of potential malware during the time consuming deep analysis. In this paper, we present a detailed description of the analysis and implementation of CHAMELEON, a framework for realizing this uncertain environment for Linux. CHAMELEON offers two environments for software: (i) standard - for any software identified as benign by conventional machine learning methods and (ii) uncertain - for software receiving borderline classifications when analyzed by these conventional machine learning methods. The uncertain environment adds obstacles to software execution through random perturbations applied probabilistically on selected system calls. We evaluated CHAMELEON with 113 applications and 100 malware samples for Linux. Our results showed that at threshold 10%, intrusive and non-intrusive strategies caused approximately 65% of malware to fail accomplishing their tasks, while approximately 30% of the analyzed benign software to meet with various levels of disruption. With a dynamic, per-system call threshold, CHAMELEON caused 92% of the malware to fail, and only 10% of the benign software to be disrupted. We also found that I/O-bound software was three times more affected by uncertainty than CPU-bound software. Further, we analyzed the logs of software crashed with non-intrusive strategies, and found that some crashes are due to the software bugs

Stash in a Flash

Encryption is a useful tool to protect data confidentiality. Yet it is still challenging to hide the very presence of encrypted, secret data from a powerful adversary. This paper presents a new technique to hide data in flash by manipulating the voltage level of pseudo-randomlyselected flash cells to encode two bits (rather than one) in the cell. In this model, we have one “public” bit interpreted using an SLC-style encoding, and extract a private bit using an MLC-style encoding. The locations of cells that encode hidden data is based on a secret key known only to the hiding user. Intuitively, this technique requires that the voltage level in a cell encoding data must be (1) not statistically distinguishable from a cell only storing public data, and (2) the user must be able to reliably read the hidden data from this cell. Our key insight is that there is a wide enough variation in the range of voltage levels in a typical flash device to obscure the presence of fine-grained changes to a small fraction of the cells, and that the variation is wide enough to support reliably re-reading hidden data. We demonstrate that our hidden data and underlying voltage manipulations go undetected by support vector machine based supervised learning which performs similarly to a random guess. The error rates of our scheme are low enough that the data is recoverable months after being stored. Compared to prior work, our technique provides 24x and 50x higher encoding and decoding throughput and doubles the capacity, while being 37x more power efficient

Business Models in a New Digital Culture: The Open Long Tail Model

New business models are emerging in global markets. Quirky is producing new products designed and developed by the community and finally produced by the 3D printing technology. Google gives his glasses to different developers who build up their own applications. Kickstarter finds the funders by the use of the crowd, paying them back with the future products. Employees, funders, customers and partners do not play a stable role with the organization but revolve around it using different form of collaborations related to the organization’s needs. In this scenario business like Amazon find out their own achievement feeding up different customers’ needs

LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed

Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks. We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed.Comment: Accepted at ACM CCS 201