Computational Soundness for Dalvik Bytecode

Automatically analyzing information flow within Android applications that rely on cryptographic operations with their computational security guarantees imposes formidable challenges that existing approaches for understanding an app's behavior struggle to meet. These approaches do not distinguish cryptographic and non-cryptographic operations, and hence do not account for cryptographic protections: f(m) is considered sensitive for a sensitive message m irrespective of potential secrecy properties offered by a cryptographic operation f. These approaches consequently provide a safe approximation of the app's behavior, but they mistakenly classify a large fraction of apps as potentially insecure and consequently yield overly pessimistic results. In this paper, we show how cryptographic operations can be faithfully included into existing approaches for automated app analysis. To this end, we first show how cryptographic operations can be expressed as symbolic abstractions within the comprehensive Dalvik bytecode language. These abstractions are accessible to automated analysis, and they can be conveniently added to existing app analysis tools using minor changes in their semantics. Second, we show that our abstractions are faithful by providing the first computational soundness result for Dalvik bytecode, i.e., the absence of attacks against our symbolically abstracted program entails the absence of any attacks against a suitable cryptographic program realization. We cast our computational soundness result in the CoSP framework, which makes the result modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape

Quantitative information flow under generic leakage functions and adaptive adversaries

We put forward a model of action-based randomization mechanisms to analyse quantitative information flow (QIF) under generic leakage functions, and under possibly adaptive adversaries. This model subsumes many of the QIF models proposed so far. Our main contributions include the following: (1) we identify mild general conditions on the leakage function under which it is possible to derive general and significant results on adaptive QIF; (2) we contrast the efficiency of adaptive and non-adaptive strategies, showing that the latter are as efficient as the former in terms of length up to an expansion factor bounded by the number of available actions; (3) we show that the maximum information leakage over strategies, given a finite time horizon, can be expressed in terms of a Bellman equation. This can be used to compute an optimal finite strategy recursively, by resorting to standard methods like backward induction.Comment: Revised and extended version of conference paper with the same title appeared in Proc. of FORTE 2014, LNC

Long term monitoring of bright TeV Blazars with the MAGIC telescope

The MAGIC telescope has performed long term monitoring observations of the bright TeV Blazars Mrk421, Mrk501 and 1ES1959+650. Up to 40 observations, 30 to 60 minutes each have been performed for each source evenly distributed over the observable period of the year. The sensitivity of MAGIC is sufficient to establish a flux level of 25% of the Crab flux for each measurement. These observations are well suited to trigger multiwavelength ToO observations and the overall collected data allow an unbiased study of the flaring statistics of the observed AGNs.Comment: 4 pages, 4 figures, to appear in the proceedings of the 30th International Cosmic Ray Conference, Merida, July 200

ADSNARK: Nearly practical and privacy-preserving proofs on authenticated data

We study the problem of privacy-preserving proofs on authenticated data, where a party receives data from a trusted source and is requested to prove computations over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is still assured that the claimed proof is valid. Our work particularly focuses on the challenging requirement that the third party should be able to verify the validity with respect to the specific data authenticated by the source — even without having access to that source. This problem is motivated by various scenarios emerging from several application areas such as wearable computing, smart metering, or general business-to-business interactions. Furthermore, these applications also demand any meaningful solution to satisfy additional properties related to usability and scalability. In this paper, we formalize the above three-party model, discuss concrete application scenarios, and then we design, build, and evaluate ADSNARK, a nearly practical system for proving arbitrary computations over authenticated data in a privacy-preserving manner. ADSNARK improves significantly over state-of-the-art solutions for this model. For instance, compared to corresponding solutions based on Pinocchio (Oakland’13), ADSNARK achieves up to 25× improvement in proof-computation time and a 20× reduction in prover storage space

Моделирование кинетики синтеза Фишера- Тропша на ультрадисперсном катализаторе

Large area pulsed laser deposition of alumina on stainless steel with Ar or Ar/O2 mixtures as processing gas in investigated using excimer laser radiation. The high area coveraging was achieved by a simultaneous movement of target and substrate in combination with the use of a certain power density distribution achieving a special angular distribution of the vapour/plasma plume. The chemical properties of the films were studied by X-ray photoelectron spectroscopy, and the morphology and uniformness by optical microscopy and ellipsometry

Quantitative information flow, with a view

We put forward a general model intended for assessment of system security against passive eavesdroppers, both quantitatively ( how much information is leaked) and qualitatively ( what properties are leaked). To this purpose, we extend information hiding systems ( ihs ), a model where the secret-observable relation is represented as a noisy channel, with views : basically, partitions of the state-space. Given a view W and n independent observations of the system, one is interested in the probability that a Bayesian adversary wrongly predicts the class of W the underlying secret belongs to. We offer results that allow one to easily characterise the behaviour of this error probability as a function of the number of observations, in terms of the channel matrices defining the ihs and the view W . In particular, we provide expressions for the limit value as n → ∞, show by tight bounds that convergence is exponential, and also characterise the rate of convergence to predefined error thresholds. We then show a few instances of statistical attacks that can be assessed by a direct application of our model: attacks against modular exponentiation that exploit timing leaks, against anonymity in mix-nets and against privacy in sparse datasets

Domain-wall depinning assisted by pure spin currents

We study the depinning of domain walls by pure diffusive spin currents in a nonlocal spin valve structure based on two ferromagnetic permalloy elements with copper as the nonmagnetic spin conduit. The injected spin current is absorbed by the second permalloy structure with a domain wall and from the dependence of the wall depinning field on the spin current density we find an efficiency of 6*10^{-14}T/(A/m^2), which is more than an order of magnitude larger than for conventional current induced domain wall motion. Theoretically we reproduce this high efficiency, which arises from the surface torques exerted by the absorbed spin current that lead to efficient depinning.Comment: 11 pages, 3 figures, accepted for publication in Phys. Rev. Let