Automated intrusion recovery for web applications

Thesis (Ph. D.)--Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (pages 93-97).In this dissertation, we develop recovery techniques for web applications and demonstrate that automated recovery from intrusions and user mistakes is practical as well as effective. Web applications play a critical role in users' lives today, making them an attractive target for attackers. New vulnerabilities are routinely found in web application software, and even if the software is bug-free, administrators may make security mistakes such as misconfiguring permissions; these bugs and mistakes virtually guarantee that every application will eventually be compromised. To clean up after a successful attack, administrators need to find its entry point, track down its effects, and undo the attack's corruptions while preserving legitimate changes. Today this is all done manually, which results in days of wasted effort with no guarantee that all traces of the attack have been found or that no legitimate changes were lost. To address this problem, we propose that automated intrusion recovery should be an integral part of web application platforms. This work develops several ideas-retroactive patching, automated UI replay, dependency tracking, patch-based auditing, and distributed repair-that together recover from past attacks that exploited a vulnerability, by retroactively fixing the vulnerability and repairing the system state to make it appear as if the vulnerability never existed. Repair tracks down and reverts effects of the attack on other users within the same application and on other applications, while preserving legitimate changes. Using techniques resulting from these ideas, an administrator can easily recover from past attacks that exploited a bug using nothing more than a patch fixing the bug, with no manual effort on her part to find the attack or track its effects. The same techniques can also recover from attacks that exploit past configuration mistakes-the administrator only has to point out the past request that resulted in the mistake. We built three prototype systems, WARP, POIROT, and AIRE, to explore these ideas. Using these systems, we demonstrate that we can recover from challenging attacks in real distributed web applications with little or no changes to application source code; that recovery time is a fraction of the original execution time for attacks with a few affected requests; and that support for recovery adds modest runtime overhead during the application's normal operation.by Ramesh Chandra.Ph.D

Random Matrix Theory for the Hermitian Wilson Dirac Operator and the chGUE-GUE Transition

We introduce a random two-matrix model interpolating between a chiral Hermitian (2n+nu)x(2n+nu) matrix and a second Hermitian matrix without symmetries. These are taken from the chiral Gaussian Unitary Ensemble (chGUE) and Gaussian Unitary Ensemble (GUE), respectively. In the microscopic large-n limit in the vicinity of the chGUE (which we denote by weakly non-chiral limit) this theory is in one to one correspondence to the partition function of Wilson chiral perturbation theory in the epsilon regime, such as the related two matrix-model previously introduced in refs. [20,21]. For a generic number of flavours and rectangular block matrices in the chGUE part we derive an eigenvalue representation for the partition function displaying a Pfaffian structure. In the quenched case with nu=0,1 we derive all spectral correlations functions in our model for finite-n, given in terms of skew-orthogonal polynomials. The latter are expressed as Gaussian integrals over standard Laguerre polynomials. In the weakly non-chiral microscopic limit this yields all corresponding quenched eigenvalue correlation functions of the Hermitian Wilson operator.Comment: 27 pages, 4 figures; v2 typos corrected, published versio

Aging in a topological spin glass

We have examined the nonconventional spin glass phase of the 2-dimensional kagome antiferromagnet (H_3 O) Fe_3 (SO_4)_2 (OH)_6 by means of ac and dc magnetic measurements. The frequency dependence of the ac susceptibility peak is characteristic of a critical slowing down at Tg ~ 18K. At fixed temperature below Tg, aging effects are found which obey the same scaling law as in spin glasses or polymers. However, in clear contrast with conventional spin glasses, aging is remarkably insensitive to temperature changes. This particular type of dynamics is discussed in relation with theoretical predictions for highly frustrated non-disordered systems.Comment: 4 pages, 4 figure

Explicit solution of the quantum three-body Calogero-Sutherland model

Quantum integrable systems generalizing Calogero-Sutherland systems were introduced by Olshanetsky and Perelomov (1977). Recently, it was proved that for systems with trigonometric potential, the series in the product of two wave functions is a deformation of the Clebsch-Gordan series. This yields recursion relations for the wave functions of those systems. In this note, this approach is used to compute the explicit expressions for the three-body Calogero-Sutherland wave functions, which are the Jack polynomials. We conjecture that similar results are also valid for the more general two-parameters deformation introduced by Macdonald.Comment: 10 page

Finite-Temperature Transition into a Power-Law Spin Phase with an Extensive Zero-Point Entropy

We introduce an $xy$ generalization of the frustrated Ising model on a triangular lattice. The presence of continuous degrees of freedom stabilizes a {\em finite-temperature} spin state with {\em power-law} discrete spin correlations and an extensive zero-point entropy. In this phase, the unquenched degrees of freedom can be described by a fluctuating surface with logarithmic height correlations. Finite-size Monte Carlo simulations have been used to characterize the exponents of the transition and the dynamics of the low-temperature phase

Massive stars as thermonuclear reactors and their explosions following core collapse

Nuclear reactions transform atomic nuclei inside stars. This is the process of stellar nucleosynthesis. The basic concepts of determining nuclear reaction rates inside stars are reviewed. How stars manage to burn their fuel so slowly most of the time are also considered. Stellar thermonuclear reactions involving protons in hydrostatic burning are discussed first. Then I discuss triple alpha reactions in the helium burning stage. Carbon and oxygen survive in red giant stars because of the nuclear structure of oxygen and neon. Further nuclear burning of carbon, neon, oxygen and silicon in quiescent conditions are discussed next. In the subsequent core-collapse phase, neutronization due to electron capture from the top of the Fermi sea in a degenerate core takes place. The expected signal of neutrinos from a nearby supernova is calculated. The supernova often explodes inside a dense circumstellar medium, which is established due to the progenitor star losing its outermost envelope in a stellar wind or mass transfer in a binary system. The nature of the circumstellar medium and the ejecta of the supernova and their dynamics are revealed by observations in the optical, IR, radio, and X-ray bands, and I discuss some of these observations and their interpretations.Comment: To be published in " Principles and Perspectives in Cosmochemistry" Lecture Notes on Kodai School on Synthesis of Elements in Stars; ed. by Aruna Goswami & Eswar Reddy, Springer Verlag, 2009. Contains 21 figure

Measurement of the photon+b+b-jet production differential cross section in ppˉp\bar{p} collisions at \sqrt{s}=1.96~\TeV

We present measurements of the differential cross section dsigma/dpT_gamma for the inclusive production of a photon in association with a b-quark jet for photons with rapidities |y_gamma|< 1.0 and 30<pT_gamma <300 GeV, as well as for photons with 1.5<|y_gamma|< 2.5 and 30< pT_gamma <200 GeV, where pT_gamma is the photon transverse momentum. The b-quark jets are required to have pT>15 GeV and rapidity |y_jet| < 1.5. The results are based on data corresponding to an integrated luminosity of 8.7 fb^-1, recorded with the D0 detector at the Fermilab Tevatron $p\bar{p}$ Collider at sqrt(s)=1.96 TeV. The measured cross sections are compared with next-to-leading order perturbative QCD calculations using different sets of parton distribution functions as well as to predictions based on the kT-factorization QCD approach, and those from the Sherpa and Pythia Monte Carlo event generators.Comment: 10 pages, 9 figures, submitted to Phys. Lett.

Measurements of single top quark production cross sections and |Vtb| in ppbar collisions at sqrt{s}=1.96 TeV

We present measurements of production cross sections of single top quarks in \ppbar collisions at $\sqrt{s}=1.96\;\rm TeV$ in a data sample corresponding to an integrated luminosity of $5.4\;\rm fb^{-1}$ collected by the D0 detector at the Fermilab Tevatron Collider. We select events with an isolated electron or muon, an imbalance in transverse energy, and two, three, or four jets, with one or two of them containing a bottom hadron. We obtain an inclusive cross section of \sigma({\ppbar}{\rargap}tb+X, tqb+X) = 3.43\pm^{0.73}_{0.74}\;\rm pb and use it to extract the CKM matrix element $0.79 < |V_{tb}| \leq 1$ at the 95% C.L. We also measure \sigma({\ppbar}{\rargap}tb+X) = 0.68\pm^{0.38}_{0.35}\;\rm pb and \sigma({\ppbar}{\rargap}tqb+X) = 2.86\pm^{0.69}_{0.63}\;\rm pb when assuming, respectively, $tqb$ and $tb$ production rates as predicted by the standard model.Comment: 11 pages, 8 figures, submitted to Phys. Rev.

Search for the Higgs boson in lepton, tau and jets final states

We present a search for the standard model Higgs boson in final states with an electron or muon and a hadronically decaying tau lepton in association with two or more jets using 9.7 fb^{-1} of Run II Fermilab Tevatron Collider data collected with the D0 detector. The analysis is sensitive to Higgs boson production via gluon fusion, associated vector boson production, and vector boson fusion, followed by the Higgs boson decay to tau lepton pairs or to W boson pairs. The ratios of 95% C.L. upper limits on the cross section times branching ratio to those predicted by the standard model are obtained for orthogonal subsamples that are enriched in either H -> tau tau decays or H -> WW decays, and for the combination of these subsample limits. The observed and expected limit ratios for the combined subsamples at a Higgs boson mass of 125 GeV are 11.3 and 9.0 respectively

Measurement of the W boson mass

We present a measurement of the W boson mass in W -> ev decays using 1 fb^-1 of data collected with the D0 detector during Run II of the Fermilab Tevatron collider. With a sample of 499830 W -> ev candidate events, we measure M_W = 80.401 +- 0.043 GeV. This is the most precise measurement from a single experiment.Comment: As published in PR