Benefits and Effects of Interactive Gaming Exercise as Compared to Traditional Exercise Techniques: An Investigation of the Relationship Between Physical Activity Levels and Mode of Activity in College Students

Gemstone Team F.I.T.N.E.S.S. (Fun Interactive Techniques for New Exercise and Sport Styles)

IMPROVISATION AND THE CONCERT SAXOPHONIST: A SURVEY OF COMPOSITIONAL AND PERFORMANCE TECHNIQUES

Much of the contemporary concert (i.e. “classical”) saxophone literature has connections to compositional styles found in other genres like jazz, rock, or pop. Although improvisation exists as a dominant compositional device in jazz, improvisation as a performance technique is not confined to a single genre. This study looks at twelve concert saxophone pieces that are grouped into three primary categories of compositional techniques: 1) those containing unmeasured phrases, 2) those containing limited relation to improvisation but a close relationship to jazz styles, and 3) those containing jazz improvisation. In concert saxophone music, specific crossover pieces use the compositional technique of jazz improvisation. Four examples of such jazz works were composed by Dexter Morrill, Phil Woods, Bill Dobbins, and Ramon Ricker, all of which provide a foundation for this study. In addition, pieces containing varying degrees of unmeasured phrases are highlighted. As this dissertation project is based in performance, the twelve pieces were divided into three recitals that summarize a pedagogical sequence. Any concert saxophonist interested in developing jazz improvisational skills can use the pieces in this study as a method to progress toward the performance of pieces that merge jazz improvisation with the concert format. The three compositional techniques examined here will provide the performer with the necessary material to develop this individualized approach to improvisation. Specific compositional and performance techniques vary depending on the stylistic content: this study examines improvisation in the context of concert saxophone repertoire.

Security through Obscurity: Layout Obfuscation of Digital Integrated Circuits using Don't Care Conditions

Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is circuit obfuscation which seeks to modify the gate-level (or structural) description of a circuit without affecting its functionality in order to increase the complexity and cost of reverse engineering. Most of the existing circuit obfuscation methods are based on the insertion of additional logic (called “key gates”) or camouflaging existing gates in order to make it difficult for a malicious user to get the complete layout information without extensive computations to determine key-gate values. However, when the netlist or the circuit layout, although camouflaged, is available to the attacker, he/she can use advanced logic analysis and circuit simulation tools and Boolean SAT solvers to reveal the unknown gate-level information without exhaustively trying all the input vectors, thus bringing down the complexity of reverse engineering. To counter this problem, some ‘provably secure’ logic encryption algorithms that emphasize methodical selection of camouflaged gates have been proposed previously in literature [1,2,3]. The contribution of this paper is the creation and simulation of a new layout obfuscation method that uses don't care conditions. We also present proof-of-concept of a new functional or logic obfuscation technique that not only conceals, but modifies the circuit functionality in addition to the gate-level description, and can be implemented automatically during the design process. Our layout obfuscation technique utilizes don’t care conditions (namely, Observability and Satisfiability Don’t Cares) inherent in the circuit to camouflage selected gates and modify sub-circuit functionality while meeting the overall circuit specification. Here, camouflaging or obfuscating a gate means replacing the candidate gate by a 4X1 Multiplexer which can be configured to perform all possible 2-input/ 1-output functions as proposed by Bao et al. [4]. It is important to emphasize that our approach not only obfuscates but alters sub-circuit level functionality in an attempt to make IP piracy difficult. The choice of gates to obfuscate determines the effort required to reverse engineer or brute force the design. As such, we propose a method of camouflaged gate selection based on the intersection of output logic cones. By choosing these candidate gates methodically, the complexity of reverse engineering can be made exponential, thus making it computationally very expensive to determine the true circuit functionality. We propose several heuristic algorithms to maximize the RE complexity based on don’t care based obfuscation and methodical gate selection. Thus, the goal of protecting the design IP from malicious end-users is achieved. It also makes it significantly harder for rogue elements in the supply chain to use, copy or replicate the same design with a different logic. We analyze the reverse engineering complexity by applying our obfuscation algorithm on ISCAS-85 benchmarks. Our experimental results indicate that significant reverse engineering complexity can be achieved at minimal design overhead (average area overhead for the proposed layout obfuscation methods is 5.51% and average delay overhead is about 7.732%). We discuss the strengths and limitations of our approach and suggest directions that may lead to improved logic encryption algorithms in the future. References: [1] R. Chakraborty and S. Bhunia, “HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493–1502, 2009. [2] J. A. Roy, F. Koushanfar, and I. L. Markov, “EPIC: Ending Piracy of Integrated Circuits,” in 2008 Design, Automation and Test in Europe, 2008, pp. 1069–1074. [3] J. Rajendran, M. Sam, O. Sinanoglu, and R. Karri, “Security Analysis of Integrated Circuit Camouflaging,” ACM Conference on Computer Communications and Security, 2013. [4] Bao Liu, Wang, B., "Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks,"Design, Automation and Test in Europe Conference and Exhibition (DATE), 2014 , vol., no., pp.1,6, 24-28 March 2014.

What's the Matter with Extended Techniques? Getting Beyond the Stigma in the Horn and Percussion Repertoire

For this project I prepared a series of recitals featuring music for horn and percussion, in which the horn part featured extended horn techniques. For this project, I considered anything beyond the open or muted horn an extended technique. These techniques range from the common hand-stopped note passages to complex new techniques involving half-valves, multi-phonics, and more, for new sounds desired by the composer. There are several pieces written for solo horn and percussion, with ensembles ranging from simple duets to solo horn with a full percussion ensemble. However, few include extended techniques for the horn. All of these select pieces are lesser known because of their difficulty, primarily because of the challenge of the extended techniques requested by the composer. In the introduction to this paper I give a brief background to the project, where the current repertoire stands, and my experiences with commissioning works for this genre. I then give a brief history and how-to on the more common extended techniques, which were found in almost every piece. I separated these techniques so that they could be referenced in the performance notes without being extremely repetitive in their description. Then follows the main performance notes of the repertoire chosen, which includes a brief description of the piece itself and a longer discussion for performers and composers who wish to learn more about these techniques. In this section my primary focus is the extended techniques used and I provide score samples with permission to further the education of the next musicians to tackle this genre. All works performed for this project were recorded and accompany this paper in the Digital Repository at the University of Maryland (DRUM). The following works were included in this project: o Howard J. Buss, Dreams from the Shadows (2015) o Howard J. Buss, Night Tide (1995) o George Crumb, An Idyll for the Misbegotten, trans. Robert Patterson (1986/1997) o Charles Fernandez, Metamorphosis: A Horn’s Life, “Prenatal and Toddler” (2016, unfinished) o Helen Gifford, Of Old Angkor (1995) o Douglas Hill, Thoughtful Wanderings… (1990) o Pierre-Yves Level, Duetto pour Cor en Fa et Percussion (1999) o David Macbride, Elegy for Horn and Timpani (2009) o Brian Prechtl, A Song of David (1995) o Verne Reynolds, HornVibes (1986) o Pablo Salazar, Cincontar (2016) o Mark Schultz, Dragons in the Sky (1989) o Faye-Ellen Silverman, Protected Sleep (2007) o Charles Taylor, Sonata for Horn and Marimba (1991) o Robert Wolk, Tessellations (2016) With this project, I intend to promote these pieces and the techniques used to encourage more works written in this style, and reveal to fellow horn players that the techniques should not prevent these great works from being performed. Due to the lack of repertoire, I successfully commissioned new pieces featuring extended techniques, which were featured in the final recital.

Active Data Collection Techniques to Understand Online Scammers and Cybercriminals

Nigerian scam, also known as advance fee fraud or 419 scam, is a prevalent form of online fraudulent activity that causes financial loss to individuals and businesses. Nigerian scam has evolved from simple non-targeted email messages to more sophisticated scams targeted at users of classifieds, dating and other websites. Even though such scams are observed and reported by users frequently, the community’s understanding of Nigerian scams is limited since the scammers operate “underground”. To better understand the underground Nigerian scam ecosystem and seek effective methods to deter Nigerian scam and cybercrime in general, we conduct a series of active and passive measurement studies. Relying upon the analysis and insight gained from the measurement studies, we make four contributions: (1) we analyze the taxonomy of Nigerian scam and derive long-term trends in scams; (2) we provide an insight on Nigerian scam and cybercrime ecosystems and their underground operation; (3) we propose a payment intervention as a potential deterrent to cybercrime operation in general and evaluate its effectiveness; and (4) we offer active and passive measurement tools and techniques that enable in-depth analysis of cybercrime ecosystems and deterrence on them. We first created and analyze a repository of more than two hundred thousand user-reported scam emails, stretching from 2006 to 2014, from four major scam reporting websites. We select ten most commonly observed scam categories and tag 2,000 scam emails randomly selected from our repository. Based upon the manually tagged dataset, we train a machine learning classifier and cluster all scam emails in the repository. From the clustering result, we find a strong and sustained upward trend for targeted scams and downward trend for non-targeted scams. We then focus on two types of targeted scams: sales scams and rental scams targeted users on Craigslist. We built an automated scam data collection system and gathered large-scale sales scam emails. Using the system we posted honeypot ads on Craigslist and conversed automatically with the scammers. Through the email conversation, the system obtained additional confirmation of likely scam activities and collected additional information such as IP addresses and shipping addresses. Our analysis revealed that around 10 groups were responsible for nearly half of the over 13,000 total scam attempts we received. These groups used IP addresses and shipping addresses in both Nigeria and the U.S. We also crawled rental ads on Craigslist, identified rental scam ads amongst the large number of benign ads and conversed with the potential scammers. Through in-depth analysis of the rental scams, we found seven major scam campaigns employing various operations and monetization methods. We also found that unlike sales scammers, most rental scammers were in the U.S. The large-scale scam data and in-depth analysis provide useful insights on how to design effective deterrence techniques against cybercrime in general. We study underground DDoS-for-hire services, also known as booters, and measure the effectiveness of undermining a payment system of DDoS Services. Our analysis shows that the payment intervention can have the desired effect of limiting cybercriminals’ ability and increasing the risk of accepting payments.

Language-based Techniques for Practical and Trustworthy Secure Multi-party Computations

Secure Multi-party Computation (MPC) enables a set of parties to collaboratively compute, using cryptographic protocols, a function over their private data in a way that the participants do not see each other's data, they only see the final output. Typical MPC examples include statistical computations over joint private data, private set intersection, and auctions. While these applications are examples of monolithic MPC, richer MPC applications move between "normal" (i.e., per-party local) and "secure" (i.e., joint, multi-party secure) modes repeatedly, resulting overall in mixed-mode computations. For example, we might use MPC to implement the role of the dealer in a game of mental poker -- the game will be divided into rounds of local decision-making (e.g. bidding) and joint interaction (e.g. dealing). Mixed-mode computations are also used to improve performance over monolithic secure computations. Starting with the Fairplay project, several MPC frameworks have been proposed in the last decade to help programmers write MPC applications in a high-level language, while the toolchain manages the low-level details. However, these frameworks are either not expressive enough to allow writing mixed-mode applications or lack formal specification, and reasoning capabilities, thereby diminishing the parties' trust in such tools, and the programs written using them. Furthermore, none of the frameworks provides a verified toolchain to run the MPC programs, leaving the potential of security holes that can compromise the privacy of parties' data. This dissertation presents language-based techniques to make MPC more practical and trustworthy. First, it presents the design and implementation of a new MPC Domain Specific Language, called Wysteria, for writing rich mixed-mode MPC applications. Wysteria provides several benefits over previous languages, including a conceptual single thread of control, generic support for more than two parties, high-level abstractions for secret shares, and a fully formalized type system and operational semantics. Using Wysteria, we have implemented several MPC applications, including, for the first time, a card dealing application. The dissertation next presents Wys*, an embedding of Wysteria in F*, a full-featured verification oriented programming language. Wys* improves on Wysteria along three lines: (a) It enables programmers to formally verify the correctness and security properties of their programs. As far as we know, Wys* is the first language to provide verification capabilities for MPC programs. (b) It provides a partially verified toolchain to run MPC programs, and finally (c) It enables the MPC programs to use, with no extra effort, standard language constructs from the host language F*, thereby making it more usable and scalable. Finally, the dissertation develops static analyses that help optimize monolithic MPC programs into mixed-mode MPC programs, while providing similar privacy guarantees as the monolithic versions.