Advanced Network Inference Techniques Based on Network Protocol Stack Information Leaks

Side channels are channels of implicit information flow that can be used to find out information that is not allowed to flow through explicit channels. This thesis focuses on network side channels, where information flow occurs in the TCP/IP network stack implementations of operating systems. I will describe three new types of idle scans: a SYN backlog idle scan, a RST rate-limit idle scan, and a hybrid idle scan. Idle scans are special types of side channels that are designed to help someone performing a network measurement (typically an attacker or a researcher) to infer something about the network that they are not otherwise able to see from their vantage point. The thesis that this dissertation tests is this: because modern network stacks have shared resources, there is a wealth of information that can be inferred off-path by both attackers and Internet measurement researchers. With respect to attackers, no matter how carefully the security model is designed, the non-interference property is unlikely to hold, i.e., an attacker can easily find side channels of information flow to learn about the network from the perspective of the system remotely. One suggestion is that trust relationships for using resources be made explicit all the way down to IP layer with the goal of dividing resources and removing sharendess to prevent advanced network reconnaissance. With respect to Internet measurement researchers, in this dissertation I show that the information flow is rich enough to test connectivity between two arbitrary hosts on the Internet and even infer in which direction any blocking is occurring. To explore this thesis, I present three research efforts: --- First, I modeled a typical TCP/IP network stack. The building process for this modeling effort led to the discovery of two new idles scans: a SYN backlog idle scan and a RST rate-limited idle scan. The SYN backlog scan is particularly interesting because it does not require whoever is performing the measurements (i.e., the attacker or researcher) to send any packets to the victim (or target) at all. --- Second, I developed a hybrid idle scan that combines elements of the SYN backlog idle scan with Antirez\u27s original IPID-based idle scan. This scan enables researchers to test whether two arbitrary machines in the world are able to communicate via TCP/IP, and, if not, in which direction the communication is being prevented. To test the efficacy of the hybrid idle scan, I tested three different kinds of servers (Tor bridges, Tor directory servers, and normal web servers) both inside and outside China. The results were congruent with published understandings of global Internet censorship, demonstrating that the hybrid idle scan is effective. --- Third, I applied the hybrid idle scan to the difficult problem of characterizing inconsistencies in the Great Firewall of China (GFW), which is the largest firewall in the world. This effort resolved many open questions about the GFW. The result of my dissertation work is an effective method for measuring Internet censorship around the world, without requiring any kind of distributed measurement platform or access to any of the machines that connectivity is tested to or from

Global Business Textbook Evaluation: Task Types in the Spotlight

Textbook evaluation, with the aim of assisting the choice of the most suitable book for a specific context, has become a needed practice in the field of English for Specific Purposes (ESP). During recent years, with the rapid spread of Communicative Language Teaching (CLT) and its concern for tasks and activities that enhance learners’ interaction, more researchers have become interested in exploring the different task types in textbooks in the field of English Language Teaching (ELT). The present study sought to evaluate the two most popular global business English textbook series (English Business Result and Market Leader) that are taught in Iranian institutes, in terms of their task types according to Nunan’s (1999) classification of tasks. The results revealed that linguistic tasks and creative tasks were respectively the most and the least common task types presented in these textbooks. The results also indicated a significant difference among the frequency of task types in the textbooks. It was evident that these ESP textbooks covered all of the macro tasks and most of the micro tasks specified by Nunan (1999), but some of them significantly focused on specific types of tasks

CELL PATTERN CLASSIFICATION OF INDIRECT IMMUNOFLUORESCENCE IMAGES

Ph.DDOCTOR OF PHILOSOPH

Weighted Opposition-Based Fuzzy Thresholding

With the rapid growth of the digital imaging, image processing techniques are widely involved in many industrial and medical applications. Image thresholding plays an essential role in image processing and computer vision applications. It has a vast domain of usage. Areas such document image analysis, scene or map processing, satellite imaging and material inspection in quality control tasks are examples of applications that employ image thresholding or segmentation to extract useful information from images. Medical image processing is another area that has extensively used image thresholding to help the experts to better interpret digital images for a more accurate diagnosis or to plan treatment procedures. Opposition-based computing, on the other hand, is a recently introduced model that can be employed to improve the performance of existing techniques. In this thesis, the idea of oppositional thresholding is explored to introduce new and better thresholding techniques. A recent method, called Opposite Fuzzy Thresholding (OFT), has involved fuzzy sets with opposition idea, and based on some preliminary experiments seems to be reasonably successful in thresholding some medical images. In this thesis, a Weighted Opposite Fuzzy Thresholding method (WOFT) will be presented that produces more accurate and reliable results compared to the parent algorithm. This claim has been verified with some experimental trials using both synthetic and real world images. Experimental evaluations were conducted on two sets of synthetic and medical images to validate the robustness of the proposed method in improving the accuracy of the thresholding process when fuzzy and oppositional ideas are combined

Measuring and Analysing the Chain of Implicit Trust: AStudy of Third-party Resources Loading

The web is a tangled mass of interconnected services, whereby websites import a range of external resources from various third-party domains. The latter can also load further resources hosted on other domains. For each website, this creates a dependency chain underpinned by a form of implicit trust between the first-party and transitively connected third parties. The chain can only be loosely controlled as first-party websites often have little, if any, visibility on where these resources are loaded from. This article performs a large-scale study of dependency chains in the web to find that around 50% of first-party websites render content that they do not directly load. Although the majority (84.91%) of websites have short dependency chains (below three levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third parties are classified as suspicious—although seemingly small, this limited set of suspicious third parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third parties, and 24.8% of first-party webpages contain at least three third parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range of activities with the majority of suspicious JavaScript codes downloading malware

Simultaneous determination of captopril and thioguanine in pharmaceutical compounds and blood using cathodic adsorptive stripping voltammetry

A reliable, highly selective and sensitive procedure is presented for simultaneous determination of captopril and thioguanine based on cathodic adsorptive stripping of Cu(I)-captopril and Cu(I)-thioguanine complexes on a hanging mercury drop electrode. Captopril and thioguanine were preconcentrated onto the surface of hanging mercury drop electrode using Cu(II) as a suitable probe, with accumulation time of 90 s. Then the preconcentrated complexes were analyzed by cathodic stripping differential pulse voltammetry. The effect of various parameters such as pH, concentration of copper, accumulation potential, accumulation time and scan rate on the sensitivity were studied. The optimum conditions for simultaneous determination of captopril and thioguanine include pH=3.5, 45.0 ng mL-1 copper(II) concentration, accumulation potential of -0.10 V and scan rate of 60 mV s-1. Under the optimum conditions and for an accumulation time of 90 s, the measured peak currents at about -0.15 V and -0.40 V (vs. Ag/AgCl) are proportional to the concentrations of thioguanine and captopril over the ranges of 0.15-180 and 0.5-100 nmol L-1, respectively. The limits of detection are 0.08 and 0.3 nmol L-1 for thioguanine and captopril, respectively. The relative standard deviations for five replicate analyses of 20.0 nmol L-1 captopril and thioguanine are 2.5% and 2.1%, respectively. The method was applied to the determination of captopril and thioguanine in synthetic mixed samples, pharmaceutical samples and human serum with satisfactory results