-
RecBayes: Recurrent Bayesian Ad Hoc Teamwork in Large Partially Observable Domains
Authors:
João G. Ribeiro,
Yaniv Oren,
Alberto Sardinha,
Matthijs Spaan,
Francisco S. Melo
Abstract:
This paper proposes RecBayes, a novel approach for ad hoc teamwork under partial observability, a setting where agents are deployed on-the-fly to environments where pre-existing teams operate, that never requires, at any stage, access to the states of the environment or the actions of its teammates. We show that by relying on a recurrent Bayesian classifier trained using past experiences, an ad ho…
▽ More
This paper proposes RecBayes, a novel approach for ad hoc teamwork under partial observability, a setting where agents are deployed on-the-fly to environments where pre-existing teams operate, that never requires, at any stage, access to the states of the environment or the actions of its teammates. We show that by relying on a recurrent Bayesian classifier trained using past experiences, an ad hoc agent is effectively able to identify known teams and tasks being performed from observations alone. Unlike recent approaches such as PO-GPL (Gu et al., 2021) and FEAT (Rahman et al., 2023), that require at some stage fully observable states of the environment, actions of teammates, or both, or approaches such as ATPO (Ribeiro et al., 2023) that require the environments to be small enough to be tabularly modelled (Ribeiro et al., 2023), in their work up to 4.8K states and 1.7K observations, we show RecBayes is both able to handle arbitrarily large spaces while never relying on either states and teammates' actions. Our results in benchmark domains from the multi-agent systems literature, adapted for partial observability and scaled up to 1M states and 2^125 observations, show that RecBayes is effective at identifying known teams and tasks being performed from partial observations alone, and as a result, is able to assist the teams in solving the tasks effectively.
△ Less
Submitted 18 June, 2025;
originally announced June 2025.
-
Bridging the Performance Gap Between Target-Free and Target-Based Reinforcement Learning With Iterated Q-Learning
Authors:
Théo Vincent,
Yogesh Tripathi,
Tim Faust,
Yaniv Oren,
Jan Peters,
Carlo D'Eramo
Abstract:
In value-based reinforcement learning, removing the target network is tempting as the boostrapped target would be built from up-to-date estimates, and the spared memory occupied by the target network could be reallocated to expand the capacity of the online network. However, eliminating the target network introduces instability, leading to a decline in performance. Removing the target network also…
▽ More
In value-based reinforcement learning, removing the target network is tempting as the boostrapped target would be built from up-to-date estimates, and the spared memory occupied by the target network could be reallocated to expand the capacity of the online network. However, eliminating the target network introduces instability, leading to a decline in performance. Removing the target network also means we cannot leverage the literature developed around target networks. In this work, we propose to use a copy of the last linear layer of the online network as a target network, while sharing the remaining parameters with the up-to-date online network, hence stepping out of the binary choice between target-based and target-free methods. It enables us to leverage the concept of iterated Q-learning, which consists of learning consecutive Bellman iterations in parallel, to reduce the performance gap between target-free and target-based approaches. Our findings demonstrate that this novel method, termed iterated Shared Q-Learning (iS-QL), improves the sample efficiency of target-free approaches across various settings. Importantly, iS-QL requires a smaller memory footprint and comparable training time to classical target-based algorithms, highlighting its potential to scale reinforcement learning research.
△ Less
Submitted 4 June, 2025;
originally announced June 2025.
-
Universal Value-Function Uncertainties
Authors:
Moritz A. Zanger,
Max Weltevrede,
Yaniv Oren,
Pascal R. Van der Vaart,
Caroline Horsch,
Wendelin Böhmer,
Matthijs T. J. Spaan
Abstract:
Estimating epistemic uncertainty in value functions is a crucial challenge for many aspects of reinforcement learning (RL), including efficient exploration, safe decision-making, and offline RL. While deep ensembles provide a robust method for quantifying value uncertainty, they come with significant computational overhead. Single-model methods, while computationally favorable, often rely on heuri…
▽ More
Estimating epistemic uncertainty in value functions is a crucial challenge for many aspects of reinforcement learning (RL), including efficient exploration, safe decision-making, and offline RL. While deep ensembles provide a robust method for quantifying value uncertainty, they come with significant computational overhead. Single-model methods, while computationally favorable, often rely on heuristics and typically require additional propagation mechanisms for myopic uncertainty estimates. In this work we introduce universal value-function uncertainties (UVU), which, similar in spirit to random network distillation (RND), quantify uncertainty as squared prediction errors between an online learner and a fixed, randomly initialized target network. Unlike RND, UVU errors reflect policy-conditional value uncertainty, incorporating the future uncertainties any given policy may encounter. This is due to the training procedure employed in UVU: the online network is trained using temporal difference learning with a synthetic reward derived from the fixed, randomly initialized target network. We provide an extensive theoretical analysis of our approach using neural tangent kernel (NTK) theory and show that in the limit of infinite network width, UVU errors are exactly equivalent to the variance of an ensemble of independent universal value functions. Empirically, we show that UVU achieves equal performance to large ensembles on challenging multi-task offline RL settings, while offering simplicity and substantial computational savings.
△ Less
Submitted 2 June, 2025; v1 submitted 27 May, 2025;
originally announced May 2025.
-
Trust-Region Twisted Policy Improvement
Authors:
Joery A. de Vries,
Jinke He,
Yaniv Oren,
Matthijs T. J. Spaan
Abstract:
Monte-Carlo tree search (MCTS) has driven many recent breakthroughs in deep reinforcement learning (RL). However, scaling MCTS to parallel compute has proven challenging in practice which has motivated alternative planners like sequential Monte-Carlo (SMC). Many of these SMC methods adopt particle filters for smoothing through a reformulation of RL as a policy inference problem. Yet, persisting de…
▽ More
Monte-Carlo tree search (MCTS) has driven many recent breakthroughs in deep reinforcement learning (RL). However, scaling MCTS to parallel compute has proven challenging in practice which has motivated alternative planners like sequential Monte-Carlo (SMC). Many of these SMC methods adopt particle filters for smoothing through a reformulation of RL as a policy inference problem. Yet, persisting design choices of these particle filters often conflict with the aim of online planning in RL, which is to obtain a policy improvement at the start of planning. Drawing inspiration from MCTS, we tailor SMC planners specifically for RL by improving data generation within the planner through constrained action sampling and explicit terminal state handling, as well as improving policy and value target estimation. This leads to our Trust-Region Twisted SMC (TRT-SMC), which shows improved runtime and sample-efficiency over baseline MCTS and SMC methods in both discrete and continuous domains.
△ Less
Submitted 24 May, 2025; v1 submitted 8 April, 2025;
originally announced April 2025.
-
RedPajama: an Open Dataset for Training Large Language Models
Authors:
Maurice Weber,
Daniel Fu,
Quentin Anthony,
Yonatan Oren,
Shane Adams,
Anton Alexandrov,
Xiaozhong Lyu,
Huu Nguyen,
Xiaozhe Yao,
Virginia Adams,
Ben Athiwaratkun,
Rahul Chalamala,
Kezhen Chen,
Max Ryabinin,
Tri Dao,
Percy Liang,
Christopher Ré,
Irina Rish,
Ce Zhang
Abstract:
Large language models are increasingly becoming a cornerstone technology in artificial intelligence, the sciences, and society as a whole, yet the optimal strategies for dataset composition and filtering remain largely elusive. Many of the top-performing models lack transparency in their dataset curation and model development processes, posing an obstacle to the development of fully open language…
▽ More
Large language models are increasingly becoming a cornerstone technology in artificial intelligence, the sciences, and society as a whole, yet the optimal strategies for dataset composition and filtering remain largely elusive. Many of the top-performing models lack transparency in their dataset curation and model development processes, posing an obstacle to the development of fully open language models. In this paper, we identify three core data-related challenges that must be addressed to advance open-source language models. These include (1) transparency in model development, including the data curation process, (2) access to large quantities of high-quality data, and (3) availability of artifacts and metadata for dataset curation and analysis. To address these challenges, we release RedPajama-V1, an open reproduction of the LLaMA training dataset. In addition, we release RedPajama-V2, a massive web-only dataset consisting of raw, unfiltered text data together with quality signals and metadata. Together, the RedPajama datasets comprise over 100 trillion tokens spanning multiple domains and with their quality signals facilitate the filtering of data, aiming to inspire the development of numerous new datasets. To date, these datasets have already been used in the training of strong language models used in production, such as Snowflake Arctic, Salesforce's XGen and AI2's OLMo. To provide insight into the quality of RedPajama, we present a series of analyses and ablation studies with decoder-only language models with up to 1.6B parameters. Our findings demonstrate how quality signals for web data can be effectively leveraged to curate high-quality subsets of the dataset, underscoring the potential of RedPajama to advance the development of transparent and high-performing language models at scale.
△ Less
Submitted 19 November, 2024;
originally announced November 2024.
-
Value Improved Actor Critic Algorithms
Authors:
Yaniv Oren,
Moritz A. Zanger,
Pascal R. van der Vaart,
Mustafa Mert Celikok,
Matthijs T. J. Spaan,
Wendelin Bohmer
Abstract:
To learn approximately optimal acting policies for decision problems, modern Actor Critic algorithms rely on deep Neural Networks (DNNs) to parameterize the acting policy and greedification operators to iteratively improve it. The reliance on DNNs suggests an improvement that is gradient based, which is per step much less greedy than the improvement possible by greedier operators such as the greed…
▽ More
To learn approximately optimal acting policies for decision problems, modern Actor Critic algorithms rely on deep Neural Networks (DNNs) to parameterize the acting policy and greedification operators to iteratively improve it. The reliance on DNNs suggests an improvement that is gradient based, which is per step much less greedy than the improvement possible by greedier operators such as the greedy update used by Q-learning algorithms. On the other hand, slow and steady changes to the policy can also be beneficial for the stability of the learning process, resulting in a tradeoff between greedification and stability. To address this tradeoff, we propose to extend the standard framework of actor critic algorithms with value-improvement: a second greedification operator applied only when updating the policy's value estimate. In this framework the agent can evaluate non-parameterized policies and perform much greedier updates while maintaining the steady gradient-based improvement to the parameterized acting policy. We prove that this approach converges in the popular analysis scheme of Generalized Policy Iteration in the finite-horizon domain. Empirically, incorporating value-improvement into the popular off-policy actor-critic algorithms TD3 and SAC significantly improves or matches performance over their respective baselines, across different environments from the DeepMind continuous control domain, with negligible compute and implementation cost.
△ Less
Submitted 11 March, 2025; v1 submitted 3 June, 2024;
originally announced June 2024.
-
Sunyaev-Zeldovich Signals from $L^*$ Galaxies: Observations, Analytics, and Simulations
Authors:
Yossi Oren,
Amiel Sternberg,
Christopher F. McKee,
Yakov Faerman,
Shy Genel
Abstract:
We analyze measurements of the thermal Sunyaev-Zeldovich (tSZ) effect arising in the circumgalactic medium (CGM) of $L^*$ galaxies, reported by Bregman et al. 2022 and Das et al. 2023. In our analysis we use the Faerman et al. 2017 and Faerman et al. 2020 CGM models, a new power-law model (PLM), and the TNG100 simulation. For a given $M_{\rm vir}$, our PLM has four parameters; the fraction,…
▽ More
We analyze measurements of the thermal Sunyaev-Zeldovich (tSZ) effect arising in the circumgalactic medium (CGM) of $L^*$ galaxies, reported by Bregman et al. 2022 and Das et al. 2023. In our analysis we use the Faerman et al. 2017 and Faerman et al. 2020 CGM models, a new power-law model (PLM), and the TNG100 simulation. For a given $M_{\rm vir}$, our PLM has four parameters; the fraction, $f_{\rm hCGM}$, of the halo baryon mass in hot CGM gas, the ratio, $φ_T$, of the actual gas temperature at the virial radius to the virial temperature, and the power-law indicies, $a_{P,{\rm th}}$ and $a_n$ for the thermal electron pressure and the hydrogen nucleon density. The B+22 Compton-$y$ profile implies steep electron pressure slopes ($a_{P,{\rm th}}\simeq 2$). For isothermal conditions the temperature is at least $1.1\times 10^6$ K, with a hot CGM gas mass of up to $3.5\times 10^{11}$ M$_\odot$ for a virial mass of $2.75\times 10^{12}$ M$_\odot$. However, if isothermal the gas must be expanding out of the halos. An isentropic equation of state is favored for which hydrostatic equilibrium is possible. The B+22 and D+23 results are consistent with each other and with recent (0.5-2 keV) CGM X-ray observations by Zhang et al. 2024 of Milky Way mass systems. For $M_{\rm vir}\simeq 3\times 10^{12}$ M$_\odot$, the scaled Compton pressure integrals, $E(z)^{-2/3}Y_{500}/M_{\rm vir,12}^{5/3}$, lie in the narrow range, $2.5\times 10^{-4}$ to $5.0\times 10^{-4}$ kpc$^2$, for all three sets of observations. TNG100 underpredicts the tSZ parameters by factors $\sim 0.5$ dex for the $L^*$ galaxies, suggesting that the feedback strengths and CGM gas losses are overestimated in the simulated halos at these mass scales.
△ Less
Submitted 13 August, 2024; v1 submitted 14 March, 2024;
originally announced March 2024.
-
Proving Test Set Contamination in Black Box Language Models
Authors:
Yonatan Oren,
Nicole Meister,
Niladri Chatterji,
Faisal Ladhak,
Tatsunori B. Hashimoto
Abstract:
Large language models are trained on vast amounts of internet data, prompting concerns and speculation that they have memorized public benchmarks. Going from speculation to proof of contamination is challenging, as the pretraining data used by proprietary models are often not publicly accessible. We show that it is possible to provide provable guarantees of test set contamination in language model…
▽ More
Large language models are trained on vast amounts of internet data, prompting concerns and speculation that they have memorized public benchmarks. Going from speculation to proof of contamination is challenging, as the pretraining data used by proprietary models are often not publicly accessible. We show that it is possible to provide provable guarantees of test set contamination in language models without access to pretraining data or model weights. Our approach leverages the fact that when there is no data contamination, all orderings of an exchangeable benchmark should be equally likely. In contrast, the tendency for language models to memorize example order means that a contaminated language model will find certain canonical orderings to be much more likely than others. Our test flags potential contamination whenever the likelihood of a canonically ordered benchmark dataset is significantly higher than the likelihood after shuffling the examples. We demonstrate that our procedure is sensitive enough to reliably prove test set contamination in challenging situations, including models as small as 1.4 billion parameters, on small test sets of only 1000 examples, and datasets that appear only a few times in the pretraining corpus. Using our test, we audit five popular publicly accessible language models for test set contamination and find little evidence for pervasive contamination.
△ Less
Submitted 23 November, 2023; v1 submitted 26 October, 2023;
originally announced October 2023.
-
Epistemic Monte Carlo Tree Search
Authors:
Yaniv Oren,
Villiam Vadocz,
Matthijs T. J. Spaan,
Wendelin Böhmer
Abstract:
The AlphaZero/MuZero (A/MZ) family of algorithms has achieved remarkable success across various challenging domains by integrating Monte Carlo Tree Search (MCTS) with learned models. Learned models introduce epistemic uncertainty, which is caused by learning from limited data and is useful for exploration in sparse reward environments. MCTS does not account for the propagation of this uncertainty…
▽ More
The AlphaZero/MuZero (A/MZ) family of algorithms has achieved remarkable success across various challenging domains by integrating Monte Carlo Tree Search (MCTS) with learned models. Learned models introduce epistemic uncertainty, which is caused by learning from limited data and is useful for exploration in sparse reward environments. MCTS does not account for the propagation of this uncertainty however. To address this, we introduce Epistemic MCTS (EMCTS): a theoretically motivated approach to account for the epistemic uncertainty in search and harness the search for deep exploration. In the challenging sparse-reward task of writing code in the Assembly language {\sc subleq}, AZ paired with our method achieves significantly higher sample efficiency over baseline AZ. Search with EMCTS solves variations of the commonly used hard-exploration benchmark Deep Sea - which baseline A/MZ are practically unable to solve - much faster than an otherwise equivalent method that does not use search for uncertainty estimation, demonstrating significant benefits from search for epistemic uncertainty estimation.
△ Less
Submitted 2 April, 2025; v1 submitted 21 October, 2022;
originally announced October 2022.
-
DRAWNAPART: A Device Identification Technique based on Remote GPU Fingerprinting
Authors:
Tomer Laor,
Naif Mehanna,
Antonin Durey,
Vitaly Dyadyuk,
Pierre Laperdrix,
Clémentine Maurice,
Yossi Oren,
Romain Rouvoy,
Walter Rudametkin,
Yuval Yarom
Abstract:
Browser fingerprinting aims to identify users or their devices, through scripts that execute in the users' browser and collect information on software or hardware characteristics. It is used to track users or as an additional means of identification to improve security. In this paper, we report on a new technique that can significantly extend the tracking time of fingerprint-based tracking methods…
▽ More
Browser fingerprinting aims to identify users or their devices, through scripts that execute in the users' browser and collect information on software or hardware characteristics. It is used to track users or as an additional means of identification to improve security. In this paper, we report on a new technique that can significantly extend the tracking time of fingerprint-based tracking methods. Our technique, which we call DrawnApart, is a new GPU fingerprinting technique that identifies a device based on the unique properties of its GPU stack. Specifically, we show that variations in speed among the multiple execution units that comprise a GPU can serve as a reliable and robust device signature, which can be collected using unprivileged JavaScript. We investigate the accuracy of DrawnApart under two scenarios. In the first scenario, our controlled experiments confirm that the technique is effective in distinguishing devices with similar hardware and software configurations, even when they are considered identical by current state-of-the-art fingerprinting algorithms. In the second scenario, we integrate a one-shot learning version of our technique into a state-of-the-art browser fingerprint tracking algorithm. We verify our technique through a large-scale experiment involving data collected from over 2,500 crowd-sourced devices over a period of several months and show it provides a boost of up to 67% to the median tracking duration, compared to the state-of-the-art method. DrawnApart makes two contributions to the state of the art in browser fingerprinting. On the conceptual front, it is the first work that explores the manufacturing differences between identical GPUs and the first to exploit these differences in a privacy context. On the practical front, it demonstrates a robust technique for distinguishing between machines with identical hardware and software configurations.
△ Less
Submitted 24 January, 2022;
originally announced January 2022.
-
Simplifying concentration-polarization of trace-ions in pressure-driven membrane processes
Authors:
Yaeli S. Oren,
Viatcheslav Freger,
Oded Nir
Abstract:
Accounting for concentration-polarization (CP) is critical for modeling solute transport in membrane separation processes. In a mixed-electrolyte solution, ions CP is affected not only by diffusion and advection but also by electromigration. Yet, the classic film model, lacking an electromigration term, is frequently used for modeling ion CP. Often, ion CP is altogether neglected to reduce the com…
▽ More
Accounting for concentration-polarization (CP) is critical for modeling solute transport in membrane separation processes. In a mixed-electrolyte solution, ions CP is affected not only by diffusion and advection but also by electromigration. Yet, the classic film model, lacking an electromigration term, is frequently used for modeling ion CP. Often, ion CP is altogether neglected to reduce the computational load. Here, we study the CP of trace ions in a dominant salt solution, a case relevant for many reverse-osmosis and nanofiltration processes. First, we revisit the solution-diffusion-electromigration-film theory to obtain an analytical solution for the CP and membrane-transport of trace-ions in a dominant salt solution. Secondly, we consider limiting conditions relevant to reverse-osmosis and nanofiltration, from which we derive two compact equations that emerge as a seamless extension to the classic film theory. These equations can be used to account for the effect of electromigration on CP with minimal effort. Thirdly, we use our theory to quantify the effect of electromigration on ion CP in different dominant salt solutions. Finally, by analyzing two environmental membrane processes, we demonstrate how our theory deviates from the conventional one and quantify the implications on membrane scaling potential and the transport of ionic contaminants.
△ Less
Submitted 3 August, 2021;
originally announced August 2021.
-
Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses
Authors:
Anatoly Shusterman,
Ayush Agarwal,
Sioli O'Connell,
Daniel Genkin,
Yossi Oren,
Yuval Yarom
Abstract:
The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying ou…
▽ More
The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying out a cache-based attack. We develop a sequence of attacks with progressively decreasing dependency on JavaScript features, culminating in the first browser-based side-channel attack which is constructed entirely from Cascading Style Sheets (CSS) and HTML, and works even when script execution is completely blocked. We then show that avoiding JavaScript features makes our techniques architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms including Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1 architectures. As a final contribution, we evaluate our techniques in hardened browser environments including the Tor browser, Deter-Fox (Cao el al., CCS 2017), and Chrome Zero (Schwartz et al., NDSS 2018). We confirm that none of these approaches completely defend against our attacks. We further argue that the protections of Chrome Zero need to be more comprehensively applied, and that the performance and user experience of Chrome Zero will be severely degraded if this approach is taken.
△ Less
Submitted 8 March, 2021;
originally announced March 2021.
-
Distributionally Robust Language Modeling
Authors:
Yonatan Oren,
Shiori Sagawa,
Tatsunori B. Hashimoto,
Percy Liang
Abstract:
Language models are generally trained on data spanning a wide range of topics (e.g., news, reviews, fiction), but they might be applied to an a priori unknown target distribution (e.g., restaurant reviews). In this paper, we first show that training on text outside the test distribution can degrade test performance when using standard maximum likelihood (MLE) training. To remedy this without the k…
▽ More
Language models are generally trained on data spanning a wide range of topics (e.g., news, reviews, fiction), but they might be applied to an a priori unknown target distribution (e.g., restaurant reviews). In this paper, we first show that training on text outside the test distribution can degrade test performance when using standard maximum likelihood (MLE) training. To remedy this without the knowledge of the test distribution, we propose an approach which trains a model that performs well over a wide range of potential test distributions. In particular, we derive a new distributionally robust optimization (DRO) procedure which minimizes the loss of the model over the worst-case mixture of topics with sufficient overlap with the training distribution. Our approach, called topic conditional value at risk (topic CVaR), obtains a 5.5 point perplexity reduction over MLE when the language models are trained on a mixture of Yelp reviews and news and tested only on reviews.
△ Less
Submitted 4 September, 2019;
originally announced September 2019.
-
Cross-Router Covert Channels
Authors:
Adar Ovadya,
Rom Ogen,
Yakov Mallah,
Niv Gilboa,
Yossi Oren
Abstract:
Many organizations protect secure networked devices from non-secure networked devices by assigning each class of devices to a different logical network. These two logical networks, commonly called the host network and the guest network, use the same router hardware, which is designed to isolate the two networks in software.
In this work we show that logical network isolation based on host and gu…
▽ More
Many organizations protect secure networked devices from non-secure networked devices by assigning each class of devices to a different logical network. These two logical networks, commonly called the host network and the guest network, use the same router hardware, which is designed to isolate the two networks in software.
In this work we show that logical network isolation based on host and guest networks can be overcome by the use of cross-router covert channels. Using specially-crafted network traffic, these channels make it possible to leak data between the host network and the guest network, and vice versa, through the use of the router as a shared medium. We performed a survey of routers representing multiple vendors and price points, and discovered that all of the routers we surveyed are vulnerable to at least one class of covert channel. Our attack can succeed even if the attacker has very limited permissions on the infected device, and even an iframe hosting malicious JavaScript code can be used for this purpose. We provide several metrics for the effectiveness of such channels, based on their pervasiveness, rate and covertness, and discuss possible ways of identifying and preventing these leakages.
△ Less
Submitted 7 August, 2019;
originally announced August 2019.
-
Sensor Defense In-Software (SDI):Practical Software Based Detection of Spoofing Attacks on Position Sensor
Authors:
Kevin Sam Tharayil,
Benyamin Farshteindiker,
Shaked Eyal,
Nir Hasidim,
Roy Hershkovitz,
Shani Houri,
Ilia Yoffe,
Michal Oren,
Yossi Oren
Abstract:
Position sensors, such as the gyroscope, the magnetometer and the accelerometer, are found in a staggering variety of devices, from smartphones and UAVs to autonomous robots. Several works have shown how adversaries can mount spoofing attacks to remotely corrupt or even completely control the outputs of these sensors. With more and more critical applications relying on sensor readings to make impo…
▽ More
Position sensors, such as the gyroscope, the magnetometer and the accelerometer, are found in a staggering variety of devices, from smartphones and UAVs to autonomous robots. Several works have shown how adversaries can mount spoofing attacks to remotely corrupt or even completely control the outputs of these sensors. With more and more critical applications relying on sensor readings to make important decisions, defending sensors from these attacks is of prime importance.
In this work we present practical software based defenses against attacks on two common types of position sensors, specifically the gyroscope and the magnetometer. We first characterize the sensitivity of these sensors to acoustic and magnetic adversaries. Next, we present two software-only defenses: a machine learning based single sensor defense, and a sensor fusion defense which makes use of the mathematical relationship between the two sensors. We performed a detailed theoretical analysis of our defenses, and implemented them on a variety of smartphones, as well as on a resource-constrained IoT sensor node. Our defenses do not require any hardware or OS-level modifications, making it possible to use them with existing hardware. Moreover, they provide a high detection accuracy, a short detection time and a reasonable power consumption.
△ Less
Submitted 12 May, 2019;
originally announced May 2019.
-
A Retrieve-and-Edit Framework for Predicting Structured Outputs
Authors:
Tatsunori B. Hashimoto,
Kelvin Guu,
Yonatan Oren,
Percy Liang
Abstract:
For the task of generating complex outputs such as source code, editing existing outputs can be easier than generating complex outputs from scratch. With this motivation, we propose an approach that first retrieves a training example based on the input (e.g., natural language description) and then edits it to the desired output (e.g., code). Our contribution is a computationally efficient method f…
▽ More
For the task of generating complex outputs such as source code, editing existing outputs can be easier than generating complex outputs from scratch. With this motivation, we propose an approach that first retrieves a training example based on the input (e.g., natural language description) and then edits it to the desired output (e.g., code). Our contribution is a computationally efficient method for learning a retrieval model that embeds the input in a task-dependent way without relying on a hand-crafted metric or incurring the expense of jointly training the retriever with the editor. Our retrieve-and-edit framework can be applied on top of any base model. We show that on a new autocomplete task for GitHub Python code and the Hearthstone cards benchmark, retrieve-and-edit significantly boosts the performance of a vanilla sequence-to-sequence model on both tasks.
△ Less
Submitted 3 December, 2018;
originally announced December 2018.
-
Robust Website Fingerprinting Through the Cache Occupancy Channel
Authors:
Anatoly Shusterman,
Lachlan Kang,
Yarden Haskal,
Yosef Meltser,
Prateek Mittal,
Yossi Oren,
Yuval Yarom
Abstract:
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user's computer and the Tor…
▽ More
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user privacy, have been shown to be effective even if the traffic is sent over anonymity-preserving networks such as Tor. The classical attack model used to evaluate website fingerprinting attacks assumes an on-path adversary, who can observe all traffic traveling between the user's computer and the Tor network. In this work we investigate these attacks under a different attack model, in which the adversary is capable of running a small amount of unprivileged code on the target user's computer. Under this model, the attacker can mount cache side-channel attacks, which exploit the effects of contention on the CPU's cache, to identify the website being browsed. In an important special case of this attack model, a JavaScript attack is launched when the target user visits a website controlled by the attacker. The effectiveness of this attack scenario has never been systematically analyzed, especially in the open-world model which assumes that the user is visiting a mix of both sensitive and non-sensitive sites. In this work we show that cache website fingerprinting attacks in JavaScript are highly feasible, even when they are run from highly restrictive environments, such as the Tor Browser. Specifically, we use machine learning techniques to classify traces of cache activity. Unlike prior works, which try to identify cache conflicts, our work measures the overall occupancy of the last-level cache. We show that our approach achieves high classification accuracy in both the open-world and the closed-world models. We further show that our techniques are resilient both to network-based defenses and to side-channel countermeasures introduced to modern browsers as a response to the Spectre attack.
△ Less
Submitted 21 February, 2019; v1 submitted 17 November, 2018;
originally announced November 2018.
-
Robust Diabatic Quantum Search by Landau-Zener-Stückelberg Oscillations
Authors:
Yosi Atia,
Yonathan Oren,
Nadav Katz
Abstract:
Quantum computation by the adiabatic theorem requires a slowly varying Hamiltonian with respect to the spectral gap. We show that the Landau-Zener-Stückelberg oscillation phenomenon, that naturally occurs in quantum two level systems under non-adiabatic periodic drive, can be exploited to find the ground state of an N dimensional Grover Hamiltonian. The total runtime of this method is…
▽ More
Quantum computation by the adiabatic theorem requires a slowly varying Hamiltonian with respect to the spectral gap. We show that the Landau-Zener-Stückelberg oscillation phenomenon, that naturally occurs in quantum two level systems under non-adiabatic periodic drive, can be exploited to find the ground state of an N dimensional Grover Hamiltonian. The total runtime of this method is $O(\sqrt{2^n})$ which is equal to the computational time of the Grover algorithm in the quantum circuit model. An additional periodic drive can suppress a large subset of Hamiltonian control errors using coherent destruction of tunneling, providing superior performance compared to standard algorithms.
△ Less
Submitted 20 December, 2018; v1 submitted 12 November, 2018;
originally announced November 2018.
-
Shattered Trust: When Replacement Smartphone Components Attack
Authors:
Omer Shwartz,
Amir Cohen,
Asaf Shabtai,
Yossi Oren
Abstract:
Phone touchscreens, and other similar hardware components such as orientation sensors, wireless charging controllers, and NFC readers, are often produced by third-party manufacturers and not by the phone vendors themselves. Third-party driver source code to support these components is integrated into the vendor's source code. In contrast to 'pluggable' drivers, such as USB or network drivers, the…
▽ More
Phone touchscreens, and other similar hardware components such as orientation sensors, wireless charging controllers, and NFC readers, are often produced by third-party manufacturers and not by the phone vendors themselves. Third-party driver source code to support these components is integrated into the vendor's source code. In contrast to 'pluggable' drivers, such as USB or network drivers, the component driver's source code implicitly assumes that the component hardware is authentic and trustworthy. As a result of this trust, very few integrity checks are performed on the communications between the component and the device's main processor.
In this paper, we call this trust into question, considering the fact that touchscreens are often shattered and then replaced with aftermarket components of questionable origin. We analyze the operation of a commonly used touchscreen controller. We construct two standalone attacks, based on malicious touchscreen hardware, that function as building blocks toward a full attack: a series of touch injection attacks that allow the touchscreen to impersonate the user and exfiltrate data, and a buffer overflow attack that lets the attacker execute privileged operations. Combining the two building blocks, we present and evaluate a series of end-to-end attacks that can severely compromise a stock Android phone with standard firmware. Our results make the case for a hardware-based physical countermeasure.
△ Less
Submitted 13 May, 2018;
originally announced May 2018.
-
Generating Sentences by Editing Prototypes
Authors:
Kelvin Guu,
Tatsunori B. Hashimoto,
Yonatan Oren,
Percy Liang
Abstract:
We propose a new generative model of sentences that first samples a prototype sentence from the training corpus and then edits it into a new sentence. Compared to traditional models that generate from scratch either left-to-right or by first sampling a latent sentence vector, our prototype-then-edit model improves perplexity on language modeling and generates higher quality outputs according to hu…
▽ More
We propose a new generative model of sentences that first samples a prototype sentence from the training corpus and then edits it into a new sentence. Compared to traditional models that generate from scratch either left-to-right or by first sampling a latent sentence vector, our prototype-then-edit model improves perplexity on language modeling and generates higher quality outputs according to human evaluation. Furthermore, the model gives rise to a latent edit vector that captures interpretable semantics such as sentence similarity and sentence-level analogies.
△ Less
Submitted 7 September, 2018; v1 submitted 26 September, 2017;
originally announced September 2017.
-
Theory of ion and water transport in reverse osmosis membranes
Authors:
Y. S. Oren,
P. M. Biesheuvel
Abstract:
We present theory for ion and water transport through reverse osmosis membranes based on a Maxwell-Stefan framework combined with hydrodynamic theory for the reduced motion of particles in thin pores. We include all driving forces and frictions both on the fluid (water), and on the ions, including ion-fluid friction as well as ion-wall friction. By including the acid-base character of the carbonic…
▽ More
We present theory for ion and water transport through reverse osmosis membranes based on a Maxwell-Stefan framework combined with hydrodynamic theory for the reduced motion of particles in thin pores. We include all driving forces and frictions both on the fluid (water), and on the ions, including ion-fluid friction as well as ion-wall friction. By including the acid-base character of the carbonic acid system, the boric acid system, H$_3$O$^+$/OH$^-$, and the membrane charge, we locally determine pH and thus the effective charge of the membrane as well as the dissociation degree of boric acid. We present calculation results for a dead end experiment with fixed feed concentration, where effluent composition is a self-consistent function of fluxes through the membrane. Comparison with experimental results from literature for fluid flow vs. pressure, and for salt and boron rejection, shows that theory agrees well with data. Our model is based on realistic assumptions for the effective sizes of the ions and for the diameter of the RO membrane pore in the polyamide toplayer ($\sim$0.75 nm).
△ Less
Submitted 21 June, 2017;
originally announced June 2017.
-
The Spy in the Sandbox -- Practical Cache Attacks in Javascript
Authors:
Yossef Oren,
Vasileios P. Kemerlis,
Simha Sethumadhavan,
Angelos D. Keromytis
Abstract:
We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim's machine -- to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extr…
▽ More
We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim's machine -- to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today's web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al., allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on other benign uses of the web browser and of the computer.
△ Less
Submitted 1 March, 2015; v1 submitted 25 February, 2015;
originally announced February 2015.
-
Discrete Self-Similarity in Ultra-Relativistic Type-II Strong Explosions
Authors:
Yonatan Oren,
Re'em Sari
Abstract:
A solution to the ultra-relativistic strong explosion problem with a non-power law density gradient is delineated. We consider a blast wave expanding into a density profile falling off as a steep radial power-law with small, spherically symmetric, and log-periodic density perturbations. We find discretely self-similar solutions to the perturbation equations and compare them to numerical simulati…
▽ More
A solution to the ultra-relativistic strong explosion problem with a non-power law density gradient is delineated. We consider a blast wave expanding into a density profile falling off as a steep radial power-law with small, spherically symmetric, and log-periodic density perturbations. We find discretely self-similar solutions to the perturbation equations and compare them to numerical simulations. These results are then generalized to encompass small spherically symmetric perturbations with arbitrary profiles.
△ Less
Submitted 19 October, 2009;
originally announced October 2009.
-
Discrete Self-Similarity in Type-II Strong Explosions
Authors:
Yonatan Oren,
Re'em Sari
Abstract:
We present new solutions to the strong explosion problem in a non-power law density profile. The unperturbed self-similar solutions discovered by Waxman & Shvarts describe strong Newtonian shocks propagating into a cold gas with a density profile falling off as $r^{-ω}$, where $ω>3$ (Type-II solutions). The perturbations we consider are spherically symmetric and log-periodic with respect to the…
▽ More
We present new solutions to the strong explosion problem in a non-power law density profile. The unperturbed self-similar solutions discovered by Waxman & Shvarts describe strong Newtonian shocks propagating into a cold gas with a density profile falling off as $r^{-ω}$, where $ω>3$ (Type-II solutions). The perturbations we consider are spherically symmetric and log-periodic with respect to the radius. While the unperturbed solutions are continuously self-similar, the log-periodicity of the density perturbations leads to a discrete self-similarity of the perturbations, i.e. the solution repeats itself up to a scaling at discrete time intervals. We discuss these solutions and verify them against numerical integrations of the time dependent hydrodynamic equations. Finally we show that this method can be generalized to treat any small, spherically symmetric density perturbation by employing Fourier decomposition.
△ Less
Submitted 10 July, 2009;
originally announced July 2009.
-
Expected Performance of the ATLAS Experiment - Detector, Trigger and Physics
Authors:
The ATLAS Collaboration,
G. Aad,
E. Abat,
B. Abbott,
J. Abdallah,
A. A. Abdelalim,
A. Abdesselam,
O. Abdinov,
B. Abi,
M. Abolins,
H. Abramowicz,
B. S. Acharya,
D. L. Adams,
T. N. Addy,
C. Adorisio,
P. Adragna,
T. Adye,
J. A. Aguilar-Saavedra,
M. Aharrouche,
S. P. Ahlen,
F. Ahles,
A. Ahmad,
H. Ahmed,
G. Aielli,
T. Akdogan
, et al. (2587 additional authors not shown)
Abstract:
A detailed study is presented of the expected performance of the ATLAS detector. The reconstruction of tracks, leptons, photons, missing energy and jets is investigated, together with the performance of b-tagging and the trigger. The physics potential for a variety of interesting physics processes, within the Standard Model and beyond, is examined. The study comprises a series of notes based on…
▽ More
A detailed study is presented of the expected performance of the ATLAS detector. The reconstruction of tracks, leptons, photons, missing energy and jets is investigated, together with the performance of b-tagging and the trigger. The physics potential for a variety of interesting physics processes, within the Standard Model and beyond, is examined. The study comprises a series of notes based on simulations of the detector and physics processes, with particular emphasis given to the data expected from the first years of operation of the LHC at CERN.
△ Less
Submitted 14 August, 2009; v1 submitted 28 December, 2008;
originally announced January 2009.
-
GRB 051221A and Tests of Lorentz Symmetry
Authors:
Maria Rodriguez Martinez,
Tsvi Piran,
Yonatan Oren
Abstract:
Various approaches to quantum gravity suggest the possibility of violation of Lorentz symmetry at very high energies. In these cases we expect a modification at low energies of the dispersion relation of photons that contains extra powers of the momentum suppressed by a high energy scale. These terms break boost invariance and can be tested even at relatively low energies. We use the light curve…
▽ More
Various approaches to quantum gravity suggest the possibility of violation of Lorentz symmetry at very high energies. In these cases we expect a modification at low energies of the dispersion relation of photons that contains extra powers of the momentum suppressed by a high energy scale. These terms break boost invariance and can be tested even at relatively low energies. We use the light curves of the very bright short Gamma-Ray Burst GRB 051221A and compare the arrival times of photons at different energies with the expected time delay due to a modified dispersion relation. As no time delay was observed, we set a lower bound of 0.0066 E_{pl} \sim 0.66 10^{17} GeV on the scale of Lorentz invariance violation.
△ Less
Submitted 24 January, 2006;
originally announced January 2006.
-
On Choptuik's scaling in higher dimensions
Authors:
Evgeny Sorkin,
Yonatan Oren
Abstract:
We extend Choptuik's scaling phenomenon found in general relativistic critical gravitational collapse of a massless scalar field to higher dimensions. We find that in the range 4 <= D <= 11 the behavior is qualitatively similar to that discovered by Choptuik. In each dimension we obtain numerically the universal numbers associated with the critical collapse: the scaling exponent gamma and the ec…
▽ More
We extend Choptuik's scaling phenomenon found in general relativistic critical gravitational collapse of a massless scalar field to higher dimensions. We find that in the range 4 <= D <= 11 the behavior is qualitatively similar to that discovered by Choptuik. In each dimension we obtain numerically the universal numbers associated with the critical collapse: the scaling exponent gamma and the echoing period Delta. The behavior of these numbers with increasing dimension seems to indicate that gamma reaches a maximum and Delta a minimum value around 11 <= D <= 13. These results and their relation to the black hole--black string system are discussed.
△ Less
Submitted 6 June, 2005; v1 submitted 3 February, 2005;
originally announced February 2005.
-
The apparent size of GRB afterglows as a test of the Fireball model
Authors:
Yonatan Oren,
Ehud Nakar,
Tsvi Piran
Abstract:
Taylor et al. (2004) reported recently on the first direct measurement of the apparent size of a GRB afterglow. Here we confront these observations with the predictions of the fireball model. We use a simple model to study numerically the evolution of the fireball and determine its apparent size, starting at the early spherical expansion phase through the jet break and into the Newtonian regime.…
▽ More
Taylor et al. (2004) reported recently on the first direct measurement of the apparent size of a GRB afterglow. Here we confront these observations with the predictions of the fireball model. We use a simple model to study numerically the evolution of the fireball and determine its apparent size, starting at the early spherical expansion phase through the jet break and into the Newtonian regime. We perform these calculations on the background of a uniform interstellar medium and a massive stellar wind environment. We find that the calculated apparent size at the time of the measurements taken by Taylor et al. depends only weakly on the chosen parameters (the jet opening angle, the energy, and the external density profile). Thus it is reassuring that the only possible outcome of the model, within the plausible range of parameters, agrees very well with the data. These measurements therefore present us with a strong test of possible GRB models, which the fireball model passes successfully.
△ Less
Submitted 13 June, 2004; v1 submitted 11 June, 2004;
originally announced June 2004.
-
Polarization and light curve variability: the "patchy shell" model
Authors:
Ehud Nakar,
Yonatan Oren
Abstract:
Recent advances in early detection and detailed monitoring of GRB afterglows have revealed variability in some afterglow light curves. One of the leading models for this behavior is the patchy shell model. This model attributes the variability to random angular fluctuations in the relativistic jet energy. These an-axisymmetric fluctuations should also impose variations in the degree and angle of…
▽ More
Recent advances in early detection and detailed monitoring of GRB afterglows have revealed variability in some afterglow light curves. One of the leading models for this behavior is the patchy shell model. This model attributes the variability to random angular fluctuations in the relativistic jet energy. These an-axisymmetric fluctuations should also impose variations in the degree and angle of polarization that are correlated to the light curve variability. In this letter we present a solution of the light curve and polarization resulting from a given spectrum of energy fluctuations. We compare light curves produced using this solution to the variable light curve of GRB 021004 and we show that the main features in both the light curve and the polarization fluctuations are very well reproduced by this model. We use our results to draw constraints on the characteristics of the energy fluctuations that might have been present in GRB 021004.
△ Less
Submitted 5 February, 2004; v1 submitted 8 October, 2003;
originally announced October 2003.
-
On the Collapse of Charged Scalar Fields
Authors:
Yonatan Oren,
Tsvi Piran
Abstract:
We explore numerically the evolution of a collapsing spherical shell of charged, massless scalar field. We obtain an external \RN space-time, and an inner space-time that is bounded by a singularity on the Cauchy Horizon. We compare these results with previous analysis and discuss some of the numerical problems encountered.
We explore numerically the evolution of a collapsing spherical shell of charged, massless scalar field. We obtain an external \RN space-time, and an inner space-time that is bounded by a singularity on the Cauchy Horizon. We compare these results with previous analysis and discuss some of the numerical problems encountered.
△ Less
Submitted 17 June, 2003;
originally announced June 2003.
