Side-channel vulnerabilities in software are caused by an observable imbalance in resource usage across different program paths. We show that just-in-time (JIT) compilation, which is crucial to the runtime performance of modern interpreted languages, can introduce timing side channels in cases where the input distribution to the program is non-uniform. Such timing channels can enable an attacker to infer potentially sensitive information about predicates on the program input.We define three attack models under which such side channels are harnessable and five vulnerability templates to detect susceptible code fragments and predicates. We also propose profiling algorithms to generate the representative statistical information necessary for the attacker to perform accurate inference.We systematically evaluate the strength of these JIT-based side channels on the java.lang.String, java.lang.Math, and java.math.BigInteger classes from the Java standard library, and on the JavaScript built-in objects String, Math, and Array. We carry out our evaluation using two widely adopted, open-source, JIT-enhanced runtime engines for the Java and JavaScript languages: the Oracle HotSpot Java Virtual Machine and the Google V8 JavaScript engine, respectively.Finally, we demonstrate a few examples of JIT-based side channels in the Apache Shiro security framework and the GraphHopper route planning server, and show that they are observable over the public Internet.
White matter structures composed of myelinated axons in the living human brain are primarily studied by diffusion-weighted MRI (dMRI). These long-range projections are typically characterized in a two-step process: dMRI signal is used to estimate the orientation of axon segments within each voxel, then these local orientations are linked together to estimate the spatial extent of putative white matter bundles. Tractography, the process of tracing bundles across voxels, either requires computationally expensive (probabilistic) simulations to model uncertainty in fiber orientation or ignores it completely (deterministic). Furthermore, simulation necessarily generates a finite number of trajectories, introducing "simulation error" to trajectory estimates. Here we introduce a method to analytically (via a closed-form solution) take an orientation distribution function (ODF) from each voxel and calculate the probabilities that a trajectory projects from a voxel into each directly adjacent voxels. We validate our method by demonstrating experimentally that probabilistic simulations converge to our analytically computed transition probabilities at the voxel level as the number of simulated seeds increases. We then show that our method accurately calculates the ground-truth transition probabilities from a publicly available phantom dataset. As a demonstration, we incoroporate our analytic method for voxel transition probabilities into the Voxel Graph framework, creating a quantitative framework for assessing white matter structure, which we call "analytic tractography". The long-range connectivity problem is reduced to finding paths in a graph whose adjacency structure reflects voxel-to-voxel analytic transition probabilities. We demonstrate that this approach performs comparably to the current most widely-used probabilistic and deterministic approaches at a fraction of the computational cost. We also demonstrate that analytic tractography works on multiple diffusion sampling schemes, reconstruction method or parameters used to define paths. Open source software compatible with popular dMRI reconstruction software is provided.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.