Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, ...CPUs will try to guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access the victim's memory and registers, and can perform operations with measurable side effects. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing and side-channel attacks. These attacks represent a serious threat to actual systems since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices. While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak.
Robotic automation has proliferated various industrial deployments including manufacturing, retail warehousing and logistics supply chains. In order for robots to advance to the next stage of ...cognitive autonomy, a robust framework for planning, execution and adaptation is needed. While there have been advances in abstract automated planning systems, they are still ill-suited to be applied within runtime robotic executions, which take place in uncertain environments. In this study, the authors provide a deliberative robotic planning and simulated execution framework called RoboPlanner that provides a pragmatic integration of automated planning, orchestration and adaptive deployments. This is coupled with an execution monitor and plan repair module, that allows reconfiguration to various template actions with runtime changes. Structured rules for re-planning in the case of state changes, unforeseen obstacles or execution failures are provided. They demonstrate their simulation framework on a realistic example of mobile pick & delivery robots in Industry 4.0 warehouses, that plan, execute, adapt and re-plan in sync with a knowledge base.
•We compared meta-analyses of movement imagery, observation, and execution.•Subcortical structures were most commonly associated with imagery and execution.•Conjunctions identified a consistent ...premotor-parietal-somatosensory network.•These data inform basic and translational work using imagery and observation.
Several models propose Motor Imagery, Action Observation, and Movement Execution recruit the same brain regions. There is, however, no quantitative synthesis of the literature that directly compares their respective networks. Here we summarized data from neuroimaging experiments examining Motor Imagery (303 experiments, 4902 participants), Action Observation (595 experiments, 11,032 participants), and related control tasks involving Movement Execution (142 experiments, 2302 participants). Comparisons across these networks showed that Motor Imagery and Action Observation recruited similar premotor-parietal cortical networks. However, while Motor Imagery recruited a similar subcortical network to Movement Execution, Action Observation did not consistently recruit any subcortical areas. These data quantify and amend previous models of the similarities in the networks for Motor Imagery, Action Observation, and Movement Execution, while highlighting key differences in their recruitment of motor cortex, parietal cortex, and subcortical structures.
Recent transient execution attacks have demonstrated that attackers may leak sensitive information across security boundaries on a shared CPU core. Up until now, it seemed possible to prevent this by ...isolating potential victims and attackers on separate cores. In this paper, we show that the situation is more serious, as transient execution attacks can leak data across different cores on many modern Intel CPUs.We do so by investigating the behavior of x86 instructions, and in particular, we focus on complex microcoded instructions which perform offcore requests. Combined with transient execution vulnerabilities such as Micro-architectural Data Sampling (MDS), these operations can reveal internal CPU state. Using performance counters, we build a profiler, CROSSTALK, to examine the number and nature of such operations for many x86 instructions, and find that some instructions read data from a staging buffer which is shared between all CPU cores.To demonstrate the security impact of this behavior, we present the first cross-core attack using transient execution, showing that even the seemingly-innocuous CPUID instruction can be used by attackers to sample the entire staging buffer containing sensitive data - most importantly, output from the hardware random number generator (RNG) - across cores. We show that this can be exploited in practice to attack SGX enclaves running on a completely different core, where an attacker can control leakage using practical performance degradation attacks, and demonstrate that we can successfully determine enclave private keys. Since existing mitigations which rely on spatial or temporal partitioning are largely ineffective to prevent our proposed attack, we also discuss potential new mitigation techniques.
Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input. If the test exercises a new and ...interesting path, it is added to the set of seeds; otherwise, it is discarded. We observe that most tests exercise the same few "high-frequency" paths and develop strategies to explore significantly more paths with the same number of tests by gravitating towards low-frequency paths. We explain the challenges and opportunities of CGF using a Markov chain model which specifies the probability that fuzzing the seed that exercises path i generates an input that exercises path j. Each state (i.e., seed) has an energy that specifies the number of inputs to be generated from that seed. We show that CGF is considerably more efficient if energy is inversely proportional to the density of the stationary distribution and increases monotonically every time that seed is chosen. Energy is controlled with a power schedule. We implemented several schedules by extending AFL. In 24 hours, AFLFast exposes 3 previously unreported CVEs that are not exposed by AFL and exposes 6 previously unreported CVEs 7x faster than AFL. AFLFast produces at least an order of magnitude more unique crashes than AFL. We compared AFLFast to the symbolic executor Klee. In terms of vulnerability detection, AFLFast is significantly more effective than Klee on the same subject programs that were discussed in the original Klee paper. In terms of code coverage, AFLFast only slightly outperforms Klee while a combination of both tools achieves best results by mitigating the individual weaknesses.
Engineering complex systems such as air- and spacecraft is a multidisciplinary effort that requires the collaboration of engineers from a multitude of specializations working in concert. Typically, ...each engineer uses one or more specialized software tools to analyze some data set and passes, in an ad-hoc manner, the results on to their colleagues who require these results as input for their respective tools. This process is time-consuming, error-prone, and not replicable.
To alleviate this problem, we present RCE (Remote Component Environment), an open-source application developed primarily at DLR, that enables its users to intuitively integrate disciplinary tools, to define dependencies between them via an easy-to-use graphical interface, and to execute the resulting multidisciplinary engineering workflow. All data produced are stored centrally for provenance, subsequent analysis, and post-processing. Hence, RCE makes it easy for collaborating engineers to contribute their individual disciplinary tools to a multidisciplinary design or analysis, and simplifies the analysis of the workflow’s results.
Industry 4.0 dictates the end of traditional centralized applications for production control. Its vision of ecosystems of smart factories with intelligent and autonomous shop-floor entities is ...inherently decentralized. Responding to customer demands for tailored products, these plants fueled by technology enablers such as 3D printing, Internet of Things, Cloud computing, Mobile Devices and Big Data, among others create a totally new environment. The manufacturing systems of the future, including manufacturing execution systems (MES) will have to be built to support this paradigm shift.
This work makes a case for the integration of the increasingly popular and largely separate topics of Industry 4.0 and the circular economy (CE). The paper extends the state-of-the-art literature by ...proposing a pioneering roadmap to enhance the application of CE principles in organisations by means of Industry 4.0 approaches. Advanced and digital manufacturing technologies are able to unlock the circularity of resources within supply chains; however, the connection between CE and Industry 4.0 has not so far been explored. This article therefore contributes to the literature by unveiling how different Industry 4.0 technologies could underpin CE strategies, and to organisations by addressing those technologies as a basis for sustainable operations management decision-making. The main results of this work are: (a) a discussion on the mutually beneficial relationship between Industry 4.0 and the CE; (b) an in-depth understanding of the potential contributions of smart production technologies to the ReSOLVE model of CE business models; (c) a research agenda for future studies on the integration between Industry 4.0 and CE principles based on the most relevant management theories.
This paper presents an active learning strategy for robotic systems that takes into account task information, enables fast learning, and allows control to be readily synthesized by taking advantage ...of the Koopman operator representation. We first motivate the use of representing nonlinear systems as linear Koopman operator systems by illustrating the improved model-based control performance with an actuated Van der Pol system. Information-theoretic methods are then applied to the Koopman operator formulation of dynamical systems where we derive a controller for active learning of robot dynamics. The active learning controller is shown to increase the rate of information about the Koopman operator. In addition, our active learning controller can readily incorporate policies built on the Koopman dynamics, enabling the benefits of fast active learning and improved control. Results using a quadcopter illustrate single-execution active learning and stabilization capabilities during free fall. The results for active learning are extended for automating Koopman observables and we implement our method on real robotic systems.
A Survey on Software Fault Localization Wong, W. Eric; Ruizhi Gao; Yihao Li ...
IEEE transactions on software engineering,
2016-Aug.-1, 2016-8-1, 20160801, Volume:
42, Issue:
8
Journal Article
Peer reviewed
Open access
Software fault localization, the act of identifying the locations of faults in a program, is widely recognized to be one of the most tedious, time consuming, and expensive - yet equally critical - ...activities in program debugging. Due to the increasing scale and complexity of software today, manually locating faults when failures occur is rapidly becoming infeasible, and consequently, there is a strong demand for techniques that can guide software developers to the locations of faults in a program with minimal human intervention. This demand in turn has fueled the proposal and development of a broad spectrum of fault localization techniques, each of which aims to streamline the fault localization process and make it more effective by attacking the problem in a unique way. In this article, we catalog and provide a comprehensive overview of such techniques and discuss key issues and concerns that are pertinent to software fault localization as a whole.
PDF
