Browse
Recent Submissions
Now showing 1 - 5 of 198
- ItemThrough the Window: Exploitation and Countermeasures of the ESP32 Register Window Overflow †(Basel : MDPI, 2023) Lehniger, Kai; Langendörfer, PeterWith the increasing popularity of IoT (Internet-of-Things) devices, their security becomes an increasingly important issue. Buffer overflow vulnerabilities have been known for decades, but are still relevant, especially for embedded devices where certain security measures cannot be implemented due to hardware restrictions or simply due to their impact on performance. Therefore, many buffer overflow detection mechanisms check for overflows only before critical data are used. All data that an attacker could use for his own purposes can be considered critical. It is, therefore, essential that all critical data are checked between writing a buffer and its usage. This paper presents a vulnerability of the ESP32 microcontroller, used in millions of IoT devices, that is based on a pointer that is not protected by classic buffer overflow detection mechanisms such as Stack Canaries or Shadow Stacks. This paper discusses the implications of vulnerability and presents mitigation techniques, including a patch, that fixes the vulnerability. The overhead of the patch is evaluated using simulation as well as an ESP32-WROVER-E development board. We showed that, in the simulation with 32 general-purpose registers, the overhead for the CoreMark benchmark ranges between 0.1% and 0.4%. On the ESP32, which uses an Xtensa LX6 core with 64 general-purpose registers, the overhead went down to below 0.01%. A worst-case scenario, modeled by a synthetic benchmark, showed overheads up to 9.68%.
- ItemSLL–SMART LOGISTICS FOR LOCALS : „Schlussbericht des Projekts Smart Logistics for Locals – SLL“(2024) Hempel, Harald; Jaudszus, Anke; Haußen, TinaZiel des Forschungsprojekts "SLL – SMART LOGISTICS for LOCALS" war die Schaffung eines digitalen Marktplatzes für lokale Anbieter und lokale Kunden, inklusive der logistischen Strukturen für einen Lieferservice nach Hause. Damit sollte einerseits kleinen lokalen Einzelhändlern und Gastronomen der Einstieg ins Online-Geschäft erleichtert werden und andererseits der lokale Logistikpartner in der Erprobung einer nachhaltigen Mehrzwecklogistik mit entsprechenden Kostensenkungspotentialen unterstützt werden. Übergeordnete Ziele des Vorhabens waren die Stärkung der Wettbewerbsposition regionaler Anbieter, die Verbesserung der regionalen Wertschöpfungs- und Vermarktungsstrukturen, sowie die Unterstützung des Aufbaus einer nachhaltigen Regionallogistik. Schlussendlich sollte eine Lösung geschaffen werden, die auch auf andere Regionen übertragbar ist.
- ItemRanking facts for explaining answers to elementary science questions(Cambridge : Cambridge University Press, 2023) D’Souza, Jennifer; Mulang, Isaiah Onando; Auer, SörenIn multiple-choice exams, students select one answer from among typically four choices and can explain why they made that particular choice. Students are good at understanding natural language questions and based on their domain knowledge can easily infer the question's answer by “connecting the dots” across various pertinent facts. Considering automated reasoning for elementary science question answering, we address the novel task of generating explanations for answers from human-authored facts. For this, we examine the practically scalable framework of feature-rich support vector machines leveraging domain-targeted, hand-crafted features. Explanations are created from a human-annotated set of nearly 5000 candidate facts in the WorldTree corpus. Our aim is to obtain better matches for valid facts of an explanation for the correct answer of a question over the available fact candidates. To this end, our features offer a comprehensive linguistic and semantic unification paradigm. The machine learning problem is the preference ordering of facts, for which we test pointwise regression versus pairwise learning-to-rank. Our contributions, originating from comprehensive evaluations against nine existing systems, are (1) a case study in which two preference ordering approaches are systematically compared, and where the pointwise approach is shown to outperform the pairwise approach, thus adding to the existing survey of observations on this topic; (2) since our system outperforms a highly-effective TF-IDF-based IR technique by 3.5 and 4.9 points on the development and test sets, respectively, it demonstrates some of the further task improvement possibilities (e.g., in terms of an efficient learning algorithm, semantic features) on this task; (3) it is a practically competent approach that can outperform some variants of BERT-based reranking models; and (4) the human-engineered features make it an interpretable machine learning model for the task.
- ItemEasy Semantification of Bioassays(Heidelberg : Springer, 2022) Anteghini, Marco; D’Souza, Jennifer; dos Santos, Vitor A. P. Martins; Auer, SörenBiological data and knowledge bases increasingly rely on Semantic Web technologies and the use of knowledge graphs for data integration, retrieval and federated queries. We propose a solution for automatically semantifying biological assays. Our solution contrasts the problem of automated semantification as labeling versus clustering where the two methods are on opposite ends of the method complexity spectrum. Characteristically modeling our problem, we find the clustering solution significantly outperforms a deep neural network state-of-the-art labeling approach. This novel contribution is based on two factors: 1) a learning objective closely modeled after the data outperforms an alternative approach with sophisticated semantic modeling; 2) automatically semantifying biological assays achieves a high performance F1 of nearly 83%, which to our knowledge is the first reported standardized evaluation of the task offering a strong benchmark model.
- ItemClustering Semantic Predicates in the Open Research Knowledge Graph(Heidelberg : Springer, 2022) Arab Oghli, Omar; D’Souza, Jennifer; Auer, SörenWhen semantically describing knowledge graphs (KGs), users have to make a critical choice of a vocabulary (i.e. predicates and resources). The success of KG building is determined by the convergence of shared vocabularies so that meaning can be established. The typical lifecycle for a new KG construction can be defined as follows: nascent phases of graph construction experience terminology divergence, while later phases of graph construction experience terminology convergence and reuse. In this paper, we describe our approach tailoring two AI-based clustering algorithms for recommending predicates (in RDF statements) about resources in the Open Research Knowledge Graph (ORKG) https://orkg.org/. Such a service to recommend existing predicates to semantify new incoming data of scholarly publications is of paramount importance for fostering terminology convergence in the ORKG. Our experiments show very promising results: a high precision with relatively high recall in linear runtime performance. Furthermore, this work offers novel insights into the predicate groups that automatically accrue loosely as generic semantification patterns for semantification of scholarly knowledge spanning 44 research fields.