A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole application. Moreover, the analysis should take into consideration how file-system vulnerabilities might in- teract with other vulnerabilities leading an attacker to breach into the web application. In this paper, we first propose a classification of file- system vulnerabilities, and then, based on this classification, we present a formal approach that allows one to exploit file-system vulnerabilities. We give a formal representation of web applications, databases and file- systems, and show how to reason about file-system vulnerabilities. We also show how to combine file-system vulnerabilities and SQL-Injection vulnerabilities for the identification of complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing several real-world case studies, which are witness to the fact that our tool can generate, and exploit, complex attacks that, to the best of our knowledge, no other state-of-the-art-tool for the security of web applications can find

Statistical limits of supervised quantum learning

Within the framework of statistical learning theory it is possible to bound the minimum number of samples required by a learner to reach a target accuracy. We show that if the bound on the accuracy is taken into account, quantum machine learning algorithms for supervised learning—for which statistical guarantees are available—cannot achieve polylogarithmic runtimes in the input dimension. We conclude that, when no further assumptions on the problem are made, quantum machine learning algorithms for supervised learning can have at most polynomial speedups over efficient classical algorithms, even in cases where quantum access to the data is naturally available

A new approach to analysing HST spatial scans: the transmission spectrum of HD 209458 b

The Wide Field Camera 3 (WFC3) on Hubble Space Telescope (HST) is currently one of the most widely used instruments for observing exoplanetary atmospheres, especially with the use of the spatial scanning technique. An increasing number of exoplanets have been studied using this technique as it enables the observation of bright targets without saturating the sensitive detectors. In this work we present a new pipeline for analyzing the data obtained with the spatial scanning technique, starting from the raw data provided by the instrument. In addition to commonly used correction techniques, we take into account the geometric distortions of the instrument, whose impact may become important when combined to the scanning process. Our approach can improve the photometric precision for existing data and also push further the limits of the spatial scanning technique, as it allows the analysis of even longer spatial scans. As an application of our method and pipeline, we present the results from a reanalysis of the spatially scanned transit spectrum of HD 209458 b. We calculate the transit depth per wavelength channel with an average relative uncertainty of 40 ppm. We interpret the final spectrum with T-Rex, our fully Bayesian spectral retrieval code, which confirms the presence of water vapor and clouds in the atmosphere of HD 209458 b. The narrow wavelength range limits our ability to disentangle the degeneracies between the fitted atmospheric parameters. Additional data over a broader spectral range are needed to address this issue.Comment: 13 pages, 15 figures, 7 tables, Accepted for publication in Ap

Approximating Hamiltonian dynamics with the Nyström method

Simulating the time-evolution of quantum mechanical systems is BQP-hard and expected to be one of the foremost applications of quantum computers. We consider classical algorithms for the approximation of Hamiltonian dynamics using subsampling methods from randomized numerical linear algebra. We derive a simulation technique whose runtime scales polynomially in the number of qubits and the Frobenius norm of the Hamiltonian. As an immediate application, we show that sample based quantum simulation, a type of evolution where the Hamiltonian is a density matrix, can be efficiently classically simulated under specific structural conditions. Our main technical contribution is a randomized algorithm for approximating Hermitian matrix exponentials. The proof leverages a low-rank, symmetric approximation via the Nyström method. Our results suggest that under strong sampling assumptions there exist classical poly-logarithmic time simulations of quantum computations

Detection of an atmosphere around the super-Earth 55 Cancri e

We report the analysis of two new spectroscopic observations of the super-Earth 55 Cancri e, in the near infrared, obtained with the WFC3 camera onboard the HST. 55 Cancri e orbits so close to its parent star, that temperatures much higher than 2000 K are expected on its surface. Given the brightness of 55 Cancri, the observations were obtained in scanning mode, adopting a very long scanning length and a very high scanning speed. We use our specialized pipeline to take into account systematics introduced by these observational parameters when coupled with the geometrical distortions of the instrument. We measure the transit depth per wavelength channel with an average relative uncertainty of 22 ppm per visit and find modulations that depart from a straight line model with a 6$\sigma$ confidence level. These results suggest that 55 Cancri e is surrounded by an atmosphere, which is probably hydrogen-rich. Our fully Bayesian spectral retrieval code, T-REx, has identified HCN to be the most likely molecular candidate able to explain the features at 1.42 and 1.54 $\mu$m. While additional spectroscopic observations in a broader wavelength range in the infrared will be needed to confirm the HCN detection, we discuss here the implications of such result. Our chemical model, developed with combustion specialists, indicates that relatively high mixing ratios of HCN may be caused by a high C/O ratio. This result suggests this super-Earth is a carbon-rich environment even more exotic than previously thought.Comment: 10 pages, 10 figures, 4 tables, Accepted for publication in Ap

A population study of gaseous exoplanets

We present here the analysis of 30 gaseous extrasolar planets, with temperatures between 600 and 2400 K and radii between 0.35 and 1.9 $R_\mathrm{Jup}$. The quality of the HST/WFC3 spatially scanned data combined with our specialized analysis tools allow us to study the largest and most self-consistent sample of exoplanetary transmission spectra to date and examine the collective behavior of warm and hot gaseous planets rather than isolated case-studies. We define a new metric, the Atmospheric Detectability Index (ADI) to evaluate the statistical significance of an atmospheric detection and find statistically significant atmospheres around 16 planets out of the 30 analysed. For most of the Jupiters in our sample, we find the detectability of their atmospheres to be dependent on the planetary radius but not on the planetary mass. This indicates that planetary gravity plays a secondary role in the state of gaseous planetary atmospheres. We detect the presence of water vapour in all of the statistically detectable atmospheres, and we cannot rule out its presence in the atmospheres of the others. In addition, TiO and/or VO signatures are detected with 4$\sigma$ confidence in WASP-76 b, and they are most likely present in WASP-121 b. We find no correlation between expected signal-to-noise and atmospheric detectability for most targets. This has important implications for future large-scale surveys.Comment: 14 pages, 12 figures, 3 tables, published in A

Experimental learning of quantum states

The number of parameters describing a quantum state is well known to grow exponentially with the number of particles. This scaling limits our ability to characterize and simulate the evolution of arbitrary states to systems, with no more than a few qubits. However, from a computational learning theory perspective, it can be shown that quantum states can be approximately learned using a number of measurements growing linearly with the number of qubits. Here, we experimentally demonstrate this linear scaling in optical systems with up to 6 qubits. Our results highlight the power of the computational learning theory to investigate quantum information, provide the first experimental demonstration that quantum states can be "probably approximately learned" with access to a number of copies of the state that scales linearly with the number of qubits, and pave the way to probing quantum states at new, larger scales

Transiting Exoplanet Studies and Community Targets for JWST's Early Release Science Program

The James Webb Space Telescope will revolutionize transiting exoplanet atmospheric science due to its capability for continuous, long-duration observations and its larger collecting area, spectral coverage, and spectral resolution compared to existing space-based facilities. However, it is unclear precisely how well JWST will perform and which of its myriad instruments and observing modes will be best suited for transiting exoplanet studies. In this article, we describe a prefatory JWST Early Release Science (ERS) program that focuses on testing specific observing modes to quickly give the community the data and experience it needs to plan more efficient and successful future transiting exoplanet characterization programs. We propose a multi-pronged approach wherein one aspect of the program focuses on observing transits of a single target with all of the recommended observing modes to identify and understand potential systematics, compare transmission spectra at overlapping and neighboring wavelength regions, confirm throughputs, and determine overall performances. In our search for transiting exoplanets that are well suited to achieving these goals, we identify 12 objects (dubbed "community targets") that meet our defined criteria. Currently, the most favorable target is WASP-62b because of its large predicted signal size, relatively bright host star, and location in JWST's continuous viewing zone. Since most of the community targets do not have well-characterized atmospheres, we recommend initiating preparatory observing programs to determine the presence of obscuring clouds/hazes within their atmospheres. Measurable spectroscopic features are needed to establish the optimal resolution and wavelength regions for exoplanet characterization. Other initiatives from our proposed ERS program include testing the instrument brightness limits and performing phase-curve observations.(Abridged)Comment: This is a white paper that originated from an open discussion at the Enabling Transiting Exoplanet Science with JWST workshop held November 16 - 18, 2015 at STScI (http://www.stsci.edu/jwst/science/exoplanets). Accepted for publication in PAS

ExoClock Project: An open platform for monitoring the ephemerides of Ariel targets with contributions from the public

The Ariel mission will observe spectroscopically around 1000 exoplanets to further characterise their atmospheres. For the mission to be as efficient as possible, a good knowledge of the planets' ephemerides is needed before its launch in 2028. While ephemerides for some planets are being refined on a per-case basis, an organised effort to collectively verify or update them when necessary does not exist. In this study, we introduce the ExoClock project, an open, integrated and interactive platform with the purpose of producing a confirmed list of ephemerides for the planets that will be observed by Ariel. The project has been developed in a manner to make the best use of all available resources: observations reported in the literature, observations from space instruments and, mainly, observations from ground-based telescopes, including both professional and amateur observatories. To facilitate inexperienced observers and at the same time achieve homogeneity in the results, we created data collection and validation protocols, educational material and easy to use interfaces, open to everyone. ExoClock was launched in September 2019 and now counts over 140 participants from more than 15 countries around the world. In this release, we report the results of observations obtained until the 15h of April 2020 for 119 Ariel candidate targets. In total, 632 observations were used to either verify or update the ephemerides of 83 planets. Additionally, we developed the Exoplanet Characterisation Catalogue (ECC), a catalogue built in a consistent way to assist the ephemeris refinement process. So far, the collaborative open framework of the ExoClock project has proven to be highly efficient in coordinating scientific efforts involving diverse audiences. Therefore, we believe that it is a paradigm that can be applied in the future for other research purposes, too