| 1. |
- Kehoe, Laura, et al.
(författare)
-
Make EU trade with Brazil sustainable
- 2019
-
Ingår i: Science. - : American Association for the Advancement of Science (AAAS). - 0036-8075 .- 1095-9203. ; 364:6438, s. 341-
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)
|
|
| 2. |
- Balliu, Musard, et al.
(författare)
-
Challenges of Producing Software Bill of Materials for Java
- 2023
-
Ingår i: IEEE Security and Privacy. - : Institute of Electrical and Electronics Engineers (IEEE). - 1540-7993 .- 1558-4046. ; 21:6, s. 12-23
-
Tidskriftsartikel (refereegranskat)abstract
- Software bills of materials (SBOMs) promise to become the backbone of software supply chain hardening. We deep-dive into six tools and the SBOMs they produce for complex open source Java projects, revealing challenges regarding the accurate production and usage of SBOMs.
|
|
| 3. |
- Balliu, Musard, et al.
(författare)
-
Software Bill of Materials in Java
- 2023
-
Ingår i: SCORED 2023 - Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses. - : Association for Computing Machinery (ACM). ; , s. 75-76
-
Konferensbidrag (refereegranskat)abstract
- Modern software applications are virtually never built entirely in-house. As a matter of fact, they reuse many third-party dependencies, which form the core of their software supply chain [1]. The large number of dependencies in an application has turned into a major challenge for both security and reliability. For example, to compromise a high-value application, malicious actors can choose to attack a less well-guarded dependency of the project [2]. Even when there is no malicious intent, bugs can propagate through the software supply chain and cause breakages in applications. Gathering accurate, upto- date information about all dependencies included in an application is, therefore, of vital importance.
|
|
| 4. |
- Brownstein, Catherine A., et al.
(författare)
-
An international effort towards developing standards for best practices in analysis, interpretation and reporting of clinical genome sequencing results in the CLARITY Challenge
- 2014
-
Ingår i: Genome Biology. - : Springer Science and Business Media LLC. - 1465-6906 .- 1474-760X. ; 15:3, s. R53-
-
Tidskriftsartikel (refereegranskat)abstract
- Background: There is tremendous potential for genome sequencing to improve clinical diagnosis and care once it becomes routinely accessible, but this will require formalizing research methods into clinical best practices in the areas of sequence data generation, analysis, interpretation and reporting. The CLARITY Challenge was designed to spur convergence in methods for diagnosing genetic disease starting from clinical case history and genome sequencing data. DNA samples were obtained from three families with heritable genetic disorders and genomic sequence data were donated by sequencing platform vendors. The challenge was to analyze and interpret these data with the goals of identifying disease-causing variants and reporting the findings in a clinically useful format. Participating contestant groups were solicited broadly, and an independent panel of judges evaluated their performance. Results: A total of 30 international groups were engaged. The entries reveal a general convergence of practices on most elements of the analysis and interpretation process. However, even given this commonality of approach, only two groups identified the consensus candidate variants in all disease cases, demonstrating a need for consistent fine-tuning of the generally accepted methods. There was greater diversity of the final clinical report content and in the patient consenting process, demonstrating that these areas require additional exploration and standardization. Conclusions: The CLARITY Challenge provides a comprehensive assessment of current practices for using genome sequencing to diagnose and report genetic diseases. There is remarkable convergence in bioinformatic techniques, but medical interpretation and reporting are areas that require further development by many groups.
|
|
| 5. |
- Alessandro, B., et al.
(författare)
-
Vector boson scattering : Recent experimental and theory developments
- 2018
-
Ingår i: Reviews in Physics. - : Elsevier BV. - 2405-4283. ; 3, s. 44-63
-
Tidskriftsartikel (refereegranskat)abstract
- This document summarises the talks and discussions happened during the VBSCan Split17 workshop, the first general meeting of the VBSCan COST Action network. This collaboration is aiming at a consistent and coordinated study of vector-boson scattering from the phenomenological and experimental point of view, for the best exploitation of the data that will be delivered by existing and future particle colliders.
|
|
| 6. |
- Alimena, Juliette, et al.
(författare)
-
Searching for long-lived particles beyond the Standard Model at the Large Hadron Collider
- 2020
-
Ingår i: Journal of Physics G. - : IOP Publishing. - 0954-3899 .- 1361-6471. ; 47:9
-
Tidskriftsartikel (refereegranskat)abstract
- Particles beyond the Standard Model (SM) can generically have lifetimes that are long compared to SM particles at the weak scale. When produced at experiments such as the Large Hadron Collider (LHC) at CERN, these long-lived particles (LLPs) can decay far from the interaction vertex of the primary proton-proton collision. Such LLP signatures are distinct from those of promptly decaying particles that are targeted by the majority of searches for new physics at the LHC, often requiring customized techniques to identify, for example, significantly displaced decay vertices, tracks with atypical properties, and short track segments. Given their non-standard nature, a comprehensive overview of LLP signatures at the LHC is beneficial to ensure that possible avenues of the discovery of new physics are not overlooked. Here we report on the joint work of a community of theorists and experimentalists with the ATLAS, CMS, and LHCb experiments-as well as those working on dedicated experiments such as MoEDAL, milliQan, MATHUSLA, CODEX-b, and FASER-to survey the current state of LLP searches at the LHC, and to chart a path for the development of LLP searches into the future, both in the upcoming Run 3 and at the high-luminosity LHC. The work is organized around the current and future potential capabilities of LHC experiments to generally discover new LLPs, and takes a signature-based approach to surveying classes of models that give rise to LLPs rather than emphasizing any particular theory motivation. We develop a set of simplified models; assess the coverage of current searches; document known, often unexpected backgrounds; explore the capabilities of proposed detector upgrades; provide recommendations for the presentation of search results; and look towards the newest frontiers, namely high-multiplicity 'dark showers', highlighting opportunities for expanding the LHC reach for these signals.
|
|
| 7. |
- Baudry, Benoit, et al.
(författare)
-
A Software-Repair Robot Based on Continual Learning
- 2021
-
Ingår i: IEEE Software. - : Institute of Electrical and Electronics Engineers (IEEE). - 0740-7459 .- 1937-4194. ; 38:4, s. 28-35
-
Tidskriftsartikel (refereegranskat)abstract
- Software bugs are common, and correcting them accounts for a significant portion of the costs in the software development and maintenance process. In this article, we discuss R-Hero, our novel system for learning how to fix bugs based on continual training.
|
|
| 8. |
- Cabrera Arteaga, Javier, 1992-
(författare)
-
Artificial Software Diversification for WebAssembly
- 2022
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- WebAssembly has become the fourth official web language, along with HTML, CSS and JavaScript since 2019. WebAssembly allows web browsers to execute existing programs or libraries written in other languages, such as C/C++ and Rust. In addition, WebAssembly evolves to be part of edge-cloud computing platforms. Despite being designed with security as a premise, WebAssembly is not exempt from vulnerabilities. Therefore, potential vulnerabilities and flaws are included in its distribution and execution, highlighting a software monoculture problem. On the other hand, while software diversity has been shown to mitigate monoculture, no diversification approach has been proposed for WebAssembly. This work proposes software diversity as a preemptive solution to mitigate software monoculture for WebAssembly.Besides, we provide implementations for our approaches, including a generic LLVM superdiversifier that potentially extends our ideas to other programming languages. We empirically demonstrate the impact of our approach by providing Randomization and Multivariant Execution (MVE) for WebAssembly. Our results show that our approaches can provide an automated end-to-end solution for the diversification of WebAssembly programs. The main contributions of this work are:We highlight the lack of diversification techniques for WebAssembly through an exhaustive literature review.We provide randomization and multivariant execution for WebAssembly with the implementation of two tools, CROW and MEWE respectively.We include constant inferring as a new code transformation to generate software diversification for WebAssembly.We empirically demonstrate the impact of our technique by evaluating the static and dynamic behavior of the generated diversification.Our approaches harden observable properties commonly used to conduct attacks, such as static code analysis, execution traces, and execution time.
|
|
| 9. |
- Cabrera Arteaga, Javier, 1992-, et al.
(författare)
-
CROW: Code Diversification for WebAssembly
- 2021
-
Konferensbidrag (refereegranskat)abstract
- The adoption of WebAssembly increases rapidly, as it provides a fast and safe model for program execution in the browser. However, WebAssembly is not exempt from vulnerabilities that can be exploited by malicious observers. Code diversification can mitigate some of these attacks. In this paper, we present the first fully automated workflow for the diversification of WebAssembly binaries. We present CROW, an open-source tool implementing this workflow through enumerative synthesis of diverse code snippets expressed in the LLVMintermediate representation. We evaluate CROW’s capabilitieson303C programs and study its use on a real-life security-sensitive program: libsodium, a modern cryptographic library. Overall, CROW is able to generate diverse variants for239out of303 (79%)small programs. Furthermore, our experiments show that our approach and tool is able to successfully diversify off-the-shelf cryptographic software (libsodium).
|
|
| 10. |
- Cabrera Arteaga, Javier, 1992-, et al.
(författare)
-
Multi-variant Execution at the Edge
-
Annan publikation (övrigt vetenskapligt/konstnärligt)abstract
- Edge-Cloud computing offloads parts of the computations that traditionally occurs in the cloud to edge nodes. The binary format WebAssembly is increasingly used to distribute and deploy services on such platforms. Edge-Cloud computing providers let their clients deploy stateless services inthe form of WebAssembly binaries, which are then translated to machine code, sandboxed and executed at the edge.In this context, we propose atechnique that (i) automatically diversifies WebAssembly binaries that are deployed to the edge and (ii) randomizes execution paths at runtime. Thus, an attacker cannot exploit all edge nodes with the same payload. Given aservice, we automatically synthesize functionally equivalent variants for thefunctions providing the service. All the variants are then wrapped into a singlemultivariant WebAssembly binary. When the service endpoint is executed, every time a function is invoked, one of its variants is randomly selected. We implement this technique in the MEWE tool and we validate it with 7 servicesfor which MEWE generates multivariant binaries that embed hundreds of function variants. We execute the multivariant binaries on the world-wide edge platform provided by Fastly, as part as a research collaboration. We show that multivariant binaries exhibit a real diversity of execution traces across the whole edge platform distributed around the globe.
|
|
