Physical Sciences and Mathematics Commons^™

Security Applications Of Formal Language Theory, Len Sassaman, Meredith L. Patterson, Sergey Bratus, Michael E. Locasto, Anna Shubina

Computer Science Technical Reports

We present an approach to improving the security of complex, composed systems based on formal language theory, and show how this approach leads to advances in input validation, security modeling, attack surface reduction, and ultimately, software design and programming methodology. We cite examples based on real-world security flaws in common protocols representing different classes of protocol complexity. We also introduce a formalization of an exploit development technique, the parse tree differential attack, made possible by our conception of the role of formal grammars in security. These insights make possible future advances in software auditing techniques applicable to static and dynamic …

A 3-D Lighting And Shadow Analysis Of The Jfk Zapruder Film (Frame 317), Hany Farid

Computer Science Technical Reports

Claims of a broader conspiracy behind U.S. President John F. Kennedy's assassination have persisted for the past nearly five decades. The Zapruder film is considered to be the most complete recording of JFK's assassination. Many have claimed that this 8mm film was manipulated to conceal evidence of a second shooter, which would invalidate the claim that a lone gunman, Lee Harvey Oswald, was responsible for JFK's assassination. Here we consider the viability of one specific claim of postproduction tampering in the Zapruder film.

Hide-N-Sense: Privacy-Aware Secure Mhealth Sensing, Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz

Computer Science Technical Reports

As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Furthermore, individuals can become better engaged in monitoring and managing their own health. Although some work on mHealth sensing has addressed security, achieving strong privacy for low-power sensors remains a challenge.

We make three contributions. First, we propose an mHealth sensing …

Bgrep And Bdiff: Unix Tools For High-Level Languages, Gabriel A. Weaver, Sean W. Smith

Computer Science Technical Reports

The rise in high-level languages for system administrators requires us to rethink traditional UNIX tools designed for these older data formats. We propose new block-oriented tools, bgrep and bdiff, operating on syntactic blocks of code rather than the line, the traditional information container of UNIX. Transcending the line number allows us to introduce longitudinal diff, a mode of bdiff that lets us track changes across arbitrary blocks of code. We present a detailed implementation roadmap and evaluation framework for the full version of this paper. In addition we demonstrate how the design of our tools already addresses several real-wold problems …

Beyond Selinux: The Case For Behavior-Based Policy And Trust Languages, Sergey Bratus, Michael E. Locasto, Boris Otto, Rebecca Shapiro, Sean W. Smith, Gabriel Weaver

Computer Science Technical Reports

Despite the availability of powerful mechanisms for security policy and access control, real-world information security practitioners---both developers and security officers---still find themselves in need of something more. We believe that this is the case because available policy languages do not provide clear and intelligible ways to allow developers to communicate their knowledge and expectations of trustworthy behaviors and actual application requirements to IT administrators. We work to address this policy engineering gap by shifting the focus of policy language design to this communication via behavior-based policies and their motivating scenarios.

Scalable Object-Class Search Via Sparse Retrieval Models And Approximate Ranking, Mohammad Rastegari, Chen Fang, Lorenzo Torresani

Computer Science Technical Reports

In this paper we address the problem of object-class retrieval in large image data sets: given a small set of training examples defining a visual category, the objective is to efficiently retrieve images of the same class from a large database. We propose two contrasting retrieval schemes achieving good accuracy and high efficiency. The first exploits sparse classification models expressed as linear combinations of a small number of features. These sparse models can be efficiently evaluated using inverted file indexing. Furthermore, we introduce a novel ranking procedure that provides a significant speedup over inverted file indexing when the goal is …

A New Artificial Intelligence For Auralux, Edward Mcneill

Computer Science Technical Reports

This project focused on developing a more challenging artificial intelligence for the real-time strategy game Auralux. I designed and implemented an AI framework named FlexibleAI that could be configured with various parameters controlling different aspects of the overall algorithm. In this way, the AI could be tuned to be more successful. I then created a testing framework called AuraSim that simplified Auralux into an easily-simulated turn-based format. After testing various configurations and tuning the FlexibleAI's parameters to be more successful, the AI eventually achieved a victory rate several times better than its average opponent. This provides the basis for a …

Exploiting The Hard-Working Dwarf: Trojans With No Native Executable Code, James Oakley, Sergey Bratus

Computer Science Technical Reports

All binaries compiled by recent versions of GCC from C++ programs include complex data and dedicated code for exception handling support. The data structures describe the call stack frame layout in the DWARF format bytecode. The dedicated code includes an interpreter of this bytecode and logic to implement the call stack unwinding. Despite being present in a large class of programs -- and therefore potentially providing a huge attack surface -- this mechanism is not widely known or studied. Of particular interest to us is that the exception handling mechanism provides the means for fundamentally altering the flow of a …

Tr-2011002: Symbolic Lifting For Structured Linear Systems Of Equations: Numerical Initialization, Nearly Optimal Boolean Cost, Variations, And Extensions, Victor Y. Pan

Computer Science Technical Reports

No abstract provided.

Tr-2011005: First-Order Logic Of Proofs, Sergei N. Artemov, Tatiana Yavorskaya (Sidon)

Computer Science Technical Reports

No abstract provided.

Tr-2011009: Solving Linear Systems Of Equations With Randomized Augmentation And Aggregation, Victor Y. Pan, Guoliang Qian

Computer Science Technical Reports

No abstract provided.

Tr-2011010: Possible World Semantics For First Order Lp, Melvin Fitting

Computer Science Technical Reports

No abstract provided.

Tr-2011011: Randomized And Derandomized Matrix Computations Ii, Victor Y. Pan, Guoliang Qian, Ai-Long Zheng

Computer Science Technical Reports

No abstract provided.

Tr-2011003: Partial Fraction Decomposition, Sylvester Matrices, Convolution And Newton's Iteration, Victor Y. Pan

Computer Science Technical Reports

No abstract provided.

Tr-2011004: Acceleration Of Newton's Polynomial Factorization: Army Of Constraints, Convolution, Sylvester Matrices, And Partial Fraction Decomposition, Victor Y. Pan

Computer Science Technical Reports

No abstract provided.

Tr-2011007: Randomized And Derandomized Matrix Computations, Victor Y. Pan, Guoliang Qian, Ai-Long Zheng

Computer Science Technical Reports

No abstract provided.

Tr-2011008: The Ontology Of Justifications In The Logical Setting, Sergei N. Artemov

Computer Science Technical Reports

No abstract provided.

Privacy Analysis Of User Association Logs In A Large-Scale Wireless Lan, Keren Tan, Guanhua Yan, Jihwang Yeo, David Kotz

Computer Science Technical Reports

User association logs collected from a large-scale wireless LAN record where and when a user has used the network. Such information plays an important role in wireless network research. One concern of sharing these data with other researchers, however, is that the logs pose potential privacy risks for the network users. Today, the common practice in sanitizing these data before releasing them to the public is to anonymize users' sensitive information, such as their devices' MAC addresses and their exact association locations. In this work, we demonstrate that such sanitization measures are insufficient to protect user privacy because the differences …