Showing papers in "CTIT technical reports series in 2012"
TL;DR: This paper evaluates the overhead and side-effects of PIE using the SPEC CPU2006 benchmarks on an Intel Core i7 CPU with a recent Ubuntu distribution and identifies the increased register pressure as the source for most of the overhead on x86.
Abstract: Compiling an application as a Position Independent Executable (PIE) enables Address Space Layout Randomization to protect the application from security attacks by mapping the executable at a random memory location. Nevertheless most applications on current x86 Linux distributions are mapped to a static address for performance reasons. This paper evaluates the overhead and side-effects of PIE using the SPEC CPU2006 benchmarks on an Intel Core i7 CPU with a recent Ubuntu distribution. Our analysis shows that the overhead for PIE on 32bit x86 is up to 26% for some benchmarks with an (arithmetic) average of 10% and a geometric mean of 9.4%. We identify the increased register pressure as the source for most of the overhead on x86.
36 citations
Journal Article•
TL;DR: In this article, the authors reported that railway traffic has increased over the last decade and it is believed to increase further with the movement of transportation from road to rail, due to the increasing energy costs and the demand to...
Abstract: Railway traffic has increased over the last decade and it is believed to increase further with the movement of transportation from road to rail, due to the increasing energy costs and the demand to ...
18 citations
Journal Article•
TL;DR: This work presents a system that aims to recognize activities from an egocentric perspective where the prime source of information are gradient regions around the wearer’s gaze fixations, and introduces and evaluates a weighted multiple voting scheme.
Abstract: We present a system that aims to recognize activities from an egocentric perspective where the prime source of information are gradient regions around the wearer’s gaze fixations. Inspired by evidence from Vision research on the analysis of gaze patterns of people doing manual tasks, we assess how well an existing real-time method for region description performs on a dataset of about 200 video sequences recorded from a wearable gaze tracker. We evaluate the use of the traditional bag of words classification approach, however we introduce and evaluate a weighted multiple voting scheme. We model an activity as a record of fixated visual landmarks as the person progresses through the steps. Our method has shown encouraging results on 11 different classes of manual and household activities, with our multiple voting scheme increasing the hit rate by nearly twofold.
16 citations
TL;DR: The results show that devices of different models and manufacturers can be identified with high accuracy by exploiting transient-based fingerprints, and that data- based fingerprints could also be used to identify same model and manufacturer devices, although these seem to be sensitive to the device position.
Abstract: In this work, we study the physical-layer identification of GSM devices. For our exploration, we build an ad-hoc acquisition setup that collects GSM signals during voice calls. We collect signals from a population of 18 mobile devices and build fingerprints by considering both the transient and the data parts of the acquired signals. Our results show that devices of different models and manufacturers can be identified with high accuracy (0% identification error) by exploiting transient-based fingerprints. Same model and manufacturer devices could also be identified by using transient-based fingerprints: we find an identification error between 0 and 8% depending on the considered device set. We also find that the built transient-based fingerprints are sensitive to the device transmission power, but only partially to the device position with respect to our acquisition setup antenna. This possibly enables defensive (e.g., access control) applications. Although with less accuracy with respect to transient-based fingerprints, data-based fingerprints could also be used to identify same model and manufacturer devices. However, these seem to be sensitive to the device position.
13 citations
TL;DR: In this article, the authors considered the problem of coloring graphs which come as input vertex by vertex and showed that, in the case of the first two classes, essentially log2 3 advice bits per vertex are necessary and sufficient.
Abstract: We study online algorithms with advice for the problem of coloring graphs which come as input vertex by vertex. We consider the class of all 3-colorable graphs and its sub-classes of chordal and maximal outerplanar graphs, respectively. We show that, in the case of the first two classes, for coloring optimally, essentially log2 3 advice bits per vertex (bpv) are necessary and sufficient. In the case of maximal outerplanar graphs, we show a lower bound of 1.0424 bpv and an upper bound of 1.2932 bpv. Finally, we develop algorithms for 4-coloring in these graph classes. The algorithm for 3-colorable chordal and outerplanar graphs uses 0.9865 bpv, and in case of general 3-colorable graphs, we obtain an algorithm using < 1.1583 bpv.
11 citations
Journal Article•
9 citations
TL;DR: It is shown that the exact notion of near-optimum is intertwined with the proposed measure of similarity, which allows to make formal statements about the expected quality of the computed solution: if the given instances are not similar, or are too noisy, the approach will detect this.
Abstract: We study optimization in the presence of uncertainty such as noise in measurements, and advocate a novel approach to deal with it. The main di erence to any existing approach is that we do not assume any knowledge about the nature of the uncertainty (such as for instance a probability distribution). Instead, we are given several instances of the same optimization problem as input, and, assuming they are typical w.r.t. the uncertainty, we make use of it in order to compute a solution that is good for the sample instances as well as for future (unknown) expected instances. We demonstrate our approach for the case of two typical input instances. We rst propose a measure of similarity of instances with respect to an objective. This concept allows us to assess whether instances are indeed typical . Based on this concept, we then choose a solution randomly among all solutions that are near-optimum for both instances. We show that the exact notion of near-optimum is intertwined with the proposed measure of similarity. Furthermore, we will show that our measure of similarity also allows us to make formal statements about the expected quality of the computed solution: If the given instances are not similar, or are too noisy, our approach will detect this. We demonstrate for a few optimization problems and real world data that our approach not only works well in theory, but also in practice. ? This work was supported by the Swiss National Science Foundation (SNF) under the grant 200021_138117/1.
6 citations
4 citations
Journal Article•
3 citations
Journal Article•
TL;DR: The Proxmark as mentioned in this paper is a tool for analyzing and reverse-engineering RFID security research, which can be used to analyze and reverse engineer RFID protocols de- ployed in billions of cards, tags, fobs, phones and keys.
Abstract: This paper gives a hands-on introduction to the Proxmark, a versatile tool for RFID security research. It can be used to analyze and reverse engineer RFID protocols de- ployed in billions of cards, tags, fobs, phones and keys. We give a heads up introduction on how to embed new modulation and encoding schemes into the Proxmark, which helps to get a grip on the low level RF-communication details. As example we point out several (dev- astating) weaknesses which are made at this low levels. Most notably the MIFARE Classic with its weakly encrypted parity bits, which enables an attacker to recover the secret key. Furthermore, we describe the practical cryptanalysis of several proprietary RFID protocols and ciphers. In this part we introduce the Proxmark as an effective attack tool that can perform practical attacks a hundred times faster than regular RFID readers.
3 citations
Journal Article•
TL;DR: In the western United States, one of the major drivers of disturbance in stream ecosystems is fire (Reeves and others 1995; Rieman and Clayton 1997; Gresswell 1999; Dale and others 2001), as well as the specific nature of associated effects.
Abstract: Salmonid fishes have evolved and persisted in dynamic ecosystems (Waples and others 2008) where disturbance events vary in frequency, magnitude, timing, and duration (Gresswell 1999; Dale and others 2001), as well as the specific nature of associated effects (e.g., changes in thermal or flow regimes, geomorphology, or water chemistry; Reeves and others 1995; Benda and others 2004; Bisson and others 2005). In the western United States, one of the major drivers of disturbance in stream ecosystems is fire (Reeves and others 1995; Rieman and Clayton 1997; Gresswell 1999). Although there is a growing consensus that fish populations can ultimately benefit from the productive and heterogeneous habitats created by fire (Reeves and others 1995; Benda and others 2003; Minshall 2003; Rieman and others 2003), to persist they obviously have to withstand the immediate and shorter-term effects of fire, which can reduce or even extirpate local populations (Rieman and Clayton 1997; Brown and others 2001; Burton 2005; Sestrich 2005). Movement among interconnected stream habitats is thought to be an important strategy enabling persistence during and following fire, and there is mounting concern that the extensive isolation of salmonid populations in fragmented habitats is reducing their resiliency to fire (Gresswell 1999; Dunham and others 2003; Rieman and others 2003).
Journal Article•
Journal Article•
TL;DR: All passerines were surveyed resulting in 709 records, and base line information on bird species composition, distribution and density on Nihoa was established.
Abstract: Island of Nihoa, Northwest Hawaiian Islands, Nihoa Passerine Survey, 2010. Purpose: To establish base line information on bird species composition, distribution and density on Nihoa. Supplemental Information: Point-Transect Sampling method lasting 8 minutes. Distance to each bird was estimated to the nearest meter and recorded as exact. There were no methodology anomalies. Transect 29 had station A sampled 2 times. All other stations were sampled 1 time. All passerines were surveyed resulting in 709 records. Time Period of Content:
Journal Article•
Journal Article•
TL;DR: Statically checking API Protocol Conformance with Mined Multi-Object Specifications (MOMS) has been studied in this paper, where the authors formally describe how to translate API usage protocols represented as finite state machines into a relationship-based specification language.
Abstract: This technical report provides additional details for the paper entitled Statically Checking API Protocol Conformance with Mined Multi-Object Specifications [1]. We formally describe how to translate API usage protocols represented as finite state machines into a relationship-based specification language.
TL;DR: This paper presents an encoding of abstract predicates and abstraction functions in the verification condition generator Boogie that is sound and handles recursion in a way that is suitable for automatic verification using SMT solvers.
Abstract: predicates are the primary abstraction mechanism for program logics based on access permissions, such as separation logic and implicit dynamic frames. In addition to abstract predicates, it is often useful to also support classical abstraction functions, for instance, to encode side-effect free methods of the program and use them in specifications. However, combining abstract predicates and abstraction functions in a verification condition generator leads to subtle interactions, which complicate reasoning about heap modifications. Such complications may compromise soundness or cause divergence of the prover in the context of automated verification. In this paper, we present an encoding of abstract predicates and abstraction functions in the verification condition generator Boogie. Our encoding is sound and handles recursion in a way that is suitable for automatic verification using SMT solvers. It is implemented in the automatic verifier Chalice.
TL;DR: It is shown how a secure distance bounding protocol adapted from [2] could be used with the FMCW technology to provide the necessary security and distance estimation guarantees.
Abstract: In this work, we propose the use of Frequency Modulated Continuous Wave (FMCW) concept as a physical-layer scheme to enable the realization of accurate and secure distance bounding. We provide an overview of FMCW and propose an extension to allow up and down-link data communication for the purposes of distance bounding. We refer to it as FMCW-DB. We then show how a secure distance bounding protocol adapted from [2] could be used with the FMCW technology to provide the necessary security and distance estimation guarantees.
TL;DR: In this article, the problem of finding a nearest neighbor from a set of points in Ωd to a complex query object has attracted considerable attention due to various applications in computational geometry, bio-informatics, information retrieval, etc.
Abstract: The problem of finding a nearest neighbor from a set of points in ℝd to a complex query object has attracted considerable attention due to various applications in computational geometry, bio-informatics, information retrieval, etc. We propose a generic method that solves the problem for various classes of query objects and distance functions in a unified way. Moreover, for linear space requirements the method simplifies the known approach based on ray-shooting in the lower envelope of an arrangement.
Journal Article•
TL;DR: In this article, the authors propose a method to solve the problem of homonymity in homonym identification, i.e., homonymization, in the context of homology.
Abstract: ...............................................................................................................
Journal Article•
TL;DR: The first exact algorithms for l2- and l ∞ -metrics with linear space and sub-linear worst-case query time are presented, and a simple approximation algorithm is given that performs well on real world data.
Journal Article•
TL;DR: In this article, the authors discuss the economic impact on the state-of-the-art florist, nursery, landscaping, and forest plantation industries of a proposed rule that would ban the import of non-seed Myrtaceae plant material and require a one-year quarantine of seeds.
Abstract: Since its first documented introduction to HawaiOi in 2005, the rust fungus P. psidii has already severely damaged Syzygium jambos (Indian rose apple) trees and the federally endangered Eugenia koolauensis (nioi). Fortunately, the particular strain has yet to cause serious damage to OohiOa, which comprises roughly 80% of the stateOs native forests and covers 400,000 ha. Although the rust has affected less than 5% of HawaiiOs O?hiOa trees thus far, the introduction of more virulent strains and the genetic evolution of the current strain are still possible. Since the primary pathway of introduction is Myrtaceae plant material imported from outside the state, potential damage to OohiOa can be minimized by regulating those high-risk imports. We discuss the economic impact on the stateOs florist, nursery, landscaping, and forest plantation industries of a proposed rule that would ban the import of non-seed Myrtaceae plant material and require a one-year quarantine of seeds. Our analysis suggests that the benefits to the forest plantation industry of a complete ban on non-seed material would likely outweigh the costs to other affected sectors, even without considering the reduction in risk to OohiOa. Incorporating the value of OohiOa protection would further increase the benefit-cost ratio in favor of an import ban.
Journal Article•
TL;DR: In this article, it was shown that the class of enumerable languages is not reflexive, and that the classes of context-free, context-sensitive, and computable languages are reflexive.
Abstract: The class of regular languages can be generated from the regular expressions. These regular expressions, however, do not themselves form a regular language, as can be seen using the pumping lemma. On the other hand, the class of enumerable languages can be enumerated by a universal language that is one of its elements. We say that the enumerable languages are reflexive. In this paper we investigate what other classes of the Chomsky Hierarchy are reflexive in this sense. To make this precise we require that the decoding function is itself specified by a member of the same class. Could it be that the regular languages are reflexive, by using a different collection of codes? It turns out that this is impossible: the collection of regular languages is not reflexive. Similarly the collections of the context-free, context-sensitive, and computable languages are not reflexive. Therefore the class of enumerable languages is the only reflexive one in the Chomsky Hierarchy.
TL;DR: In this paper, privacy issues in GoogleWeb Applications is identified as a particularly vital problem and a transparent encryption layer is put between the user and the cloud service provider on a site trusted by the user.
Abstract: Everybody loves Google Apps. Google provides highly available web applications that help you communicate, organize and collaborate from anywhere using different interfaces in the most user friendly and efficient way, without being worried about any IT issues. However, some people still hesitate using Google services because of privacy and trust issues. In this paper, we identify privacy issues in GoogleWeb Applications as a particularly vital problem and propose a solution. In our solution a transparent encryption layer is put between the user and the cloud service provider on a site trusted by the user. This layer accesses the request and response messages passed between the two parties in a fine-grained manner. It applies modern cryptography techniques to encrypt the data without sacrificing functionality and portability of the cloud service. This way the trust of the end user can be reobtained and he or she will be encouraged to further enjoy using web applications such as Google Apps without having to worry about privacy issues.