Showing papers by "Miguel Castro published in 2006"

Securing software by enforcing data-flow integrity

Abstract: Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead.

Virtual ring routing: network routing inspired by DHTs

Abstract: This paper presents Virtual Ring Routing (VRR), a new network routing protocol that occupies a unique point in the design space. VRR is inspired by overlay routing algorithms in Distributed Hash Tables (DHTs) but it does not rely on an underlying network routing protocol. It is implemented directly on top of the link layer. VRR provides both raditional point-to-point network routing and DHT routing to the node responsible for a hash table key.VRR can be used with any link layer technology but this paper describes a design and several implementations of VRR that are tuned for wireless networks. We evaluate the performance of VRR using simulations and measurements from a sensor network and an 802.11a testbed. The experimental results show that VRR provides robust performance across a wide range of environments and workloads. It performs comparably to, or better than, the best wireless routing protocol in each experiment. VRR performs well because of its unique features: it does not require network flooding or trans-lation between fixed identifiers and location-dependent addresses.

Apertureless scanning near-field optical microscopy: a comparison between homodyne and heterodyne approaches

Abstract: In coherent homodyne apertureless scanning near-field optical microscopy (ASNOM) the background field cannot be fully suppressed because of the interference between the different collected fields, making the images difficult to interpret. We show that implementing the heterodyne version of ASNOM allows one to overcome this issue. We present a comparison between homodyne and heterodyne ASNOM through near-field analysis of gold nanowells, integrated waveguides, and a single evanescent wave generated by total internal reflection. The heterodyne approach allows for the control of the interferometric effect with the background light. In particular, the undesirable background is shown to be replaced by a controlled reference field. As a result, near-field information undetectable by a homodyne ASNOM is extracted by use of the heterodyne approach. Additionally, it is shown that field amplitude and field phase can be detected separately.

Enhanced raman spectroscopy of 2,4,6-TNT in anatase and rutile titania nanocrystals

Abstract: The majority of explosives found in antipersonnel and antitank landmines contain 2,4,6-trinitrotoluene (TNT). Chemical sensing of landmines and Improvised Explosive Devices (IED) requires detecting the chemical signatures of the explosive components in these devices. Nanotechnology is ideally suited to needs in microsensors development by providing new materials and methods that can be employed for trace explosive detection. This work is focused on modification of nano-scaled colloids of titanium dioxide (Titania: anatase, rutile and brookite) and thin layer of the oxides as substrates for use in Enhanced Raman Scattering (ERS) spectroscopy. Ultrafine particles have been generated by hydrothermally treating the sol-gel derived hydrous oxides. ERS spectra of nanocrystalline anatase Titania samples prepared with different average sizes: 38 nm (without acid), 24 nm (without acid) and 7 nm (with HCl). Bulk phase (commercial) and KBr were also used to prepare mixtures with TNT to look for Enhanced Raman Effect of the nitroaromatic explosive on the test surfaces. The studies clearly indicated that the anatase crystal size affects the enhancement of the TNT Raman signal. This enhancement was highest for the samples with Titania average crystal size of 7 nm.

Detection of chemical signatures from TNT buried in sand at various ambient conditions: phase II

Abstract: New analytical methods have been developed and existing methods have been improved for the detection of explosives and their degradation products by increasing their sensitivity and selectivity. Some of the analytical methods available for detection of explosives and degradation products are gas chromatography, mass spectrometry, high performance liquid chromatography, and gas chromatography with mass spectrometry. This work presents the design and development of the experiments for the detection of the spectroscopic signature of TNT buried in sand and its degradation products. These experiments are conducted using a series of soil tanks with controlled environmental conditions such as: temperature, soil moisture content, relative humidity and radiation (UV and VIS). Gas chromatography and solid-liquid extraction with acetonitrile were used for the analysis of explosives. Sampling of tanks was performed in three points on the surface. The results show that TNT and 2,4-DNT are the main explosives that reach the surface of tanks. Temperature and water content play a most important role in the degradation and diffusion of TNT. Finally, the tanks were disassembled and sampling in deep with the objective to obtain a concentration profile. The results demonstrated that the highest concentration was located at 5 cm from surface.

Zero servers with zero broadcasts

Abstract: To achieve the vision of networks that work without any supporting infrastructure, we need wireless ad hoc technology to replace the cabling infrastructure, but we also need self-configuring network and application services to replace the server infrastructure. Current solutions perform poorly because they either pick a single host to act as the server or they use network wide broadcasts to implement services. We need wireless ad hoc networks with zero servers and zero broadcasts!Can we use DHTs to build both network- and application-level services with zero servers and zero broadcasts? This paper starts to answer this question. It shows that it is important to remove broadcasts at all levels of the networking stack and describes how to use the Virtual Ring Routing protocol to achieve our vision.

Network coding with traffic engineering

Abstract: In network coding, a router in the network mixes information from different flows In the seminal work by Ahlswede et al [1], network coding is established as a technique to potentially increase the network capacity

Stopping Internet Epidemics

Abstract: As we become increasingly dependent on computers connected to the Internet, we must protect them from worm attacks. Worms can gain complete control of millions of hosts in a few minutes, and they can use the infected hosts for malicious activities such as distributed denial of service attacks, relaying spam, corrupting data, and disclosing confidential information. Since worms spread too fast for humans to respond, systems that strive to contain worm epidemics must be completely automatic. We propose Vigilante, a new end-to-end architecture to contain worms automatically that addresses the limitations of network-centric systems. Vigilante relies on collaborative worm detection at end hosts, but does not require hosts to trust each other. In Vigilante, hosts run instrumented software to detect worms. We introduce dynamic dataflow analysis, a broad-coverage detection algorithm, and we show how to integrate other detection mechanisms into the Vigilante architecture. Upon worm detection, hosts generate self-certifying alerts (SCAs), a new type of security alert that can be inexpensively verified by any vulnerable host. SCAs are then broadcast over a resilient overlay network that can propagate alerts with high probability, even when under active attack. Finally, hosts receiving an SCA generate protective filters with dynamic data and control flow analysis of the vulnerable software. Our results show that Vigilante can contain fast spreading worms that exploit unknown vulnerabilities without false positives. Vigilante does not require any changes to hardware, compilers, operating systems or to the source code of vulnerable programs, and therefore can be used to protect software as it exists today in binary form

Nitro explosive detection: from basic science to detection at a distance

Abstract: Standoff detection of landmines has long been central to improve quality of life in a number of countries around the world. A large body of work in the literature focuses on detection of TNT in soil as central to landmine detection. In this presentation, we summarize our efforts toward detection of TNT, from traces to bulk amounts, based on the absorption fingerprint of TNT. Light absorption by TNT is broken into three regions: (1) visible light absorption by TNT, and (2) formation and detection of NO2 upon UV irradiation of TNT and (3) formation and detection of NO following UV absorption by NO2. The absorption spectrum of TNT powder and particles has been determined from spectral analysis of backscattered visible light in traditional optical and near field optical microscopy measurements, respectively. The smallest amount of TNT detected in the near field measurements is 7 femtograms. The absorption spectra of TNT are rich in structure and similar to the one measured for gas phase NO2, with lines due to roto vibronic coupling of electronic excited states. Measurements of the backscattered visible light on samples, placed about 5 to 10 meters from the laser source, indicate a clear change in intensity as compared to samples containing TNT. Turning to the second light absorption region, NO2 is detected upon UV irradiation of solid TNT. NO can also be detected by photolysis of NO2.© (2006) COPYRIGHT SPIE--The International Society for Optical Engineering. Downloading of the abstract is permitted for personal use only.