1,721,003 research outputs found
FUZZOLIC: Mixing fuzzing and concolic execution
No full textIn the last few years, a large variety of approaches and methodologies have been explored in the context of software testing, ranging from black-box techniques, such as fuzzing, to white-box techniques, such as concolic execution, with a full spectrum of instances in between. Using these techniques, developers and security researchers have been able to identify in the last decade a large number of critical vulnerabilities in thousands of software projects. In this article, we investigate how to improve the performance and effectiveness of concolic execution, proposing two main enhancements to the original approach. On one side, we devise a novel concolic executor that can analyze complex binary programs while running under QEMU and efficiently produce symbolic queries, which could generate valuable program inputs when solved. On the other side, we investigate whether techniques borrowed from the fuzzing domain can be applied to solve the symbolic queries generated by concolic execution, providing a viable alternative to accurate but expensive SMT solving techniques. We show that the combination of our concolic engine, FUZZOLIC, and our approximate solver, FUZZY-SAT, can perform better in terms of code coverage than popular state-of-the-art fuzzers on a variety of complex programs and can identify different unknown bugs in several real-world applications
SENinja: A symbolic execution plugin for Binary Ninja
Full text linkSymbolic execution is a program analysis technique that aims to automatically identify interesting inputs for an application, using them to generate program executions covering different parts of the code. It is widely used in the context of vulnerability discovery and reverse engineering. In this paper we present SENINJA, a symbolic execution plugin for the BINARYNINJA disassembler. The tool allows the user to perform symbolic execution analyses directly within the user interface of the disassembler, and can be used to support a variety of reverse engineering tasks
WEIZZ: automatic grey-box fuzzing for structured binary formats
Full text linkFuzzing technologies have evolved at a fast pace in recent years, revealing bugs in programs with ever increasing depth and speed. Applications working with complex formats are however more difficult to take on, as inputs need to meet certain format-specific characteristics to get through the initial parsing stage and reach deeper behaviors of the program. Unlike prior proposals based on manually written format specifications, we propose a technique to automatically generate and mutate inputs for unknown chunk-based binary formats. We identify dependencies between input bytes and comparison instructions, and use them to assign tags that characterize the processing logic of the program. Tags become the building block for structure-aware mutations involving chunks and fields of the input. Our technique can perform comparably to structure-aware fuzzing proposals that require human assistance. Our prototype implementation WEIZZ revealed 16 unknown bugs in widely used programs
L'approccio americano pragmatico alla tecnologia e quello compositivo e simbolico di matrice europea si fondono: una città verticale guarda da sopra quella orizzontale
Full text linkChe il grattacielo potesse essere un’ottima fonte d’ispirazione per la poesia surrealista, Alberto Savinio lo aveva già intuito potentemente nel 1943. In Savinio, il grattacielo milanese è fonte certo di intensi lampi metropolitani, ma
scanditi anche da momenti di ritiro quasi mistico e intimo. Questo fatto incontestabile per noi architetti divenne certezza quando nel 1978 Rem Koolhaas,nel suo Delirious New York, delineò l’idea che il grattacielo Downtown Athletic
Club fosse il nuovo tipo architettonico prodotto dalla bigness newyorchese,concepito come un sistema in grado di favorire uno stile di vita metropolitanoe di partecipazione a nuove forme sociali. Ma intanto, a New York era già accaduto che questo connubio tra nuove tipologie edilizie e “tecnologia del fantastico”,avesse trasformato Coney Island e poi la stessa Manhattan, in un “tappetomagico”. L’ascensore, ad esempio, venne presentato al pubblico proprio
a Coney Island, dove erano realizzate fantastiche strutture per il divertimento poi adottate nei grattacieli, che divengono veri e propri “condensatori sociali”
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Using Microgranular-Based Biostimulant in Vegetable Transplant Production to Enhance Growth and Nitrogen Uptake
No full textVegetable growers need high-quality transplants to ensure the success of their crops. Treating seedlings with protein hydrolysates and beneficial fungus Trichoderma atroviride has the potential to improve the health and quality of vegetable transplants via various biostimulant activities, but the best rates and application methods to achieve these benefits are still unclear. Therefore, the aim of the studies described in this manuscript were to: (i) identify the optimal rate of a microgranular-based biostimulant containing vegetal-derived protein hydrolysate (PH) and the beneficial fungus T. atroviride MUCL45632 on lettuce and tomato transplant production (Experiment 1); and (ii) determine whether combining the T. atroviride inoculant with the PH in microgranular or liquid form would best support the synergistic effects of these products using greenhouse and laboratory experiments (Experiments 2, 3 and 4). Mixing the microgranular-based PH directly into the substrate prior to sowing resulted in a significant dose-dependent increase in shoot fresh and dry biomass, root dry weight, root to shoot ratio, leaf N content and chlorophyll content (Soil-Plant Analysis Development index) in both lettuce and tomato transplants up to a biostimulant rate of 2 g L−1. The positive effect of the microgranular-based PH on plant growth, leaf N and chlorophyll content in both the lettuce and tomato transplants was also observed in the second experiment. However, the PH-mediated enhancement of shoot fresh biomass was more pronounced when Trichoderma was combined with the liquid instead of the microgranule PH. In contrast, the microgranule containing PH and Trichoderma was more effective in increasing the plant root to shoot ratios than the combined application of liquid PH and Trichoderma. In the laboratory experiments, the application of PH to sandy soil enhanced the number of Trichoderma colonies and stimulated Trichoderma-induced respiration for up to two and six days for the liquid and microgranular PHs, respectively. These results demonstrate that mixing microgranules containing PH and Trichoderma in the substrate prior to sowing at a rate of 2 g L−1 is the best approach to enhance shoot and especially root growth of both tomato and lettuce plantlets, while also ensuring high N uptake and leaf chlorophyll content
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
Dispelling the Myths Behind First-author Citation Counts
Full text linkWe conducted a full-scale evaluative citation analysis study of scholars in the XML research field to explore just how different from each other author rankings resulting from different citation counting methods actually are, and to demonstrate the capability of emerging data and tools on the Web in supporting more realistic citation counting methods. Our results contest some common arguments for the continued
use of first-author citation counts in the evaluation of scholars, such as high correlations between author rankings by first-author citation counts and other citation
counting methods, and high costs of using more realistic citation counting methods that are not well-supported by the ISI databases. It is argued that increasingly available digital full text research papers make it possible for citation analysis studies to go beyond what the ISI databases have directly supported and to employ more
sophisticated methods
- …
