Berry phase plays an important role in determining many physical properties of quantum systems. However, a Berry phase altering energy spectrum of a quantum system is comparatively rare. Here, we report an unusual tunable valley polarized energy spec
tra induced by continuously tunable Berry phase in Bernal-stacked bilayer graphene quantum dots. In our experiment, the Berry phase of electron orbital states is continuously tuned from about pi to 2pi by perpendicular magnetic fields. When the Berry phase equals pi or 2pi, the electron states in the two inequivalent valleys are energetically degenerate. By altering the Berry phase to noninteger multiples of pi, large and continuously tunable valley polarized energy spectra are detected in our experiment. The observed Berry phase-induced valley splitting, on the order of 10 meV at a magnetic field of 1 T, is about 100 times larger than Zeeman splitting for spin, shedding light on graphene-based valleytronics.
Uncertainty sets are at the heart of robust optimization (RO) because they play a key role in determining the RO models tractability, robustness, and conservativeness. Different types of uncertainty sets have been proposed that model uncertainty from
various perspectives. Among them, polyhedral uncertainty sets are widely used due to their simplicity and flexible structure to model the underlying uncertainty. However, the conventional polyhedral uncertainty sets present certain disadvantages; some are too conservative while others lead to computationally expensive RO models. This paper proposes a systematic approach to develop data-driven polyhedral uncertainty sets that mitigate these drawbacks. The proposed uncertainty sets are polytopes induced by a given set of scenarios, capture correlation information between uncertain parameters, and allow for direct trade-offs between tractability and conservativeness issue of conventional polyhedral uncertainty sets. To develop these uncertainty sets, we use principal component analysis (PCA) to transform the correlated scenarios into their uncorrelated principal components and to shrink the uncertainty space dimensionality. Thus, decision-makers can use the number of the leading principal components as a tool to trade-off tractability, conservativeness, and robustness of RO models. We quantify the quality of the lower bound of a static RO problem with a scenario-induced uncertainty set by deriving a theoretical bound on the optimality gap. Additionally, we derive probabilistic guarantees for the performance of the proposed scenario-induced uncertainty sets by developing explicit lower bounds on the number of scenarios. Finally, we demonstrate the practical applicability of the proposed uncertainty sets to trade-off tractability, robustness, and conservativeness by examining a range of knapsack and power grid problems.
We propose a universal method to detect the specular Andreev reflection taking the simple two dimensional Weyl nodal-line semimetal-superconductor double-junction structure as an example. The quasiclassical quantization conditions are established for
the energy levels of bound states formed in the middle semimetal along a closed path. The establishment of the conditions is completely based on the intrinsic character of the specularly reflected hole which has the same sign relation of its wave vector and group velocity with the incident electron. This brings about the periodic oscillation of conductance with the length of the middle semimetal, which is lack for the retro-Andreev reflected hole having the opposite sign relation with the incident electron. The positions of the conductance peaks and the oscillation period can be precisely predicted by the quantization conditions. Our detection method is irrespective of the details of the materials, which may promote the experimental detection of and further researches on the specular Andreev reflection as well as its applications in superconducting electronics.
Rowhammer attacks that corrupt level-1 page tables to gain kernel privilege are the most detrimental to system security and hard to mitigate. However, recently proposed software-only mitigations are not effective against such kernel privilege escalat
ion attacks. In this paper, we propose an effective and practical software-only defense, called SoftTRR, to protect page tables from all existing rowhammer attacks on x86. The key idea of SoftTRR is to refresh the rows occupied by page tables when a suspicious rowhammer activity is detected. SoftTRR is motivated by DRAM-chip-based target row refresh (ChipTRR) but eliminates its main security limitation (i.e., ChipTRR tracks a limited number of rows and thus can be bypassed by many-sided hammer). Specifically, SoftTRR protects an unlimited number of page tables by tracking memory accesses to the rows that are in close proximity to page-table rows and refreshing the page-table rows once the tracked access count exceeds a pre-defined threshold. We implement a prototype of SoftTRR as a loadable kernel module, and evaluate its security effectiveness, performance overhead, and memory consumption. The experimental results show that SoftTRR protects page tables from real-world rowhammer attacks and incurs small performance overhead as well as memory cost.
Graphs have become increasingly popular in modeling structures and interactions in a wide variety of problems during the last decade. Graph-based clustering and semi-supervised classification techniques have shown impressive performance. This paper p
roposes a graph learning framework to preserve both the local and global structure of data. Specifically, our method uses the self-expressiveness of samples to capture the global structure and adaptive neighbor approach to respect the local structure. Furthermore, most existing graph-based methods conduct clustering and semi-supervised classification on the graph learned from the original data matrix, which doesnt have explicit cluster structure, thus they might not achieve the optimal performance. By considering rank constraint, the achieved graph will have exactly $c$ connected components if there are $c$ clusters or classes. As a byproduct of this, graph learning and label inference are jointly and iteratively implemented in a principled way. Theoretically, we show that our model is equivalent to a combination of kernel k-means and k-means methods under certain condition. Extensive experiments on clustering and semi-supervised classification demonstrate that the proposed method outperforms other state-of-the-art methods.
Rowhammer is a hardware vulnerability in DRAM memory, where repeated access to memory can induce bit flips in neighboring memory locations. Being a hardware vulnerability, rowhammer bypasses all of the system memory protection, allowing adversaries t
o compromise the integrity and confidentiality of data. Rowhammer attacks have shown to enable privilege escalation, sandbox escape, and cryptographic key disclosures. Recently, several proposals suggest exploiting the spatial proximity between the accessed memory location and the location of the bit flip for a defense against rowhammer. These all aim to deny the attackers permission to access memory locations near sensitive data. In this paper, we question the core assumption underlying these defenses. We present PThammer, a confused-deputy attack that causes accesses to memory locations that the attacker is not allowed to access. Specifically, PThammer exploits the address translation process of modern processors, inducing the processor to generate frequent accesses to protected memory locations. We implement PThammer, demonstrating that it is a viable attack, resulting in a system compromise (e.g., kernel privilege escalation). We further evaluate the effectiveness of proposed software-only defenses showing that PThammer can overcome those.
Deep Neural Networks (DNNs) models become one of the most valuable enterprise assets due to their critical roles in all aspects of applications. With the trend of privatization deployment of DNN models, the data leakage of the DNN models is becoming
increasingly serious and widespread. All existing model-extraction attacks can only leak parts of targeted DNN models with low accuracy or high overhead. In this paper, we first identify a new attack surface -- unencrypted PCIe traffic, to leak DNN models. Based on this new attack surface, we propose a novel model-extraction attack, namely Hermes Attack, which is the first attack to fully steal the whole victim DNN model. The stolen DNN models have the same hyper-parameters, parameters, and semantically identical architecture as the original ones. It is challenging due to the closed-source CUDA runtime, driver, and GPU internals, as well as the undocumented data structures and the loss of some critical semantics in the PCIe traffic. Additionally, there are millions of PCIe packets with numerous noises and chaos orders. Our Hermes Attack addresses these issues by huge reverse engineering efforts and reliable semantic reconstruction, as well as skillful packet selection and order correction. We implement a prototype of the Hermes Attack, and evaluate two sequential DNN models (i.e., MINIST and VGG) and one consequential DNN model (i.e., ResNet) on three NVIDIA GPU platforms, i.e., NVIDIA Geforce GT 730, NVIDIA Geforce GTX 1080 Ti, and NVIDIA Geforce RTX 2080 Ti. The evaluation results indicate that our scheme is able to efficiently and completely reconstruct ALL of them with making inferences on any one image. Evaluated with Cifar10 test dataset that contains 10,000 images, the experiment results show that the stolen models have the same inference accuracy as the original ones (i.e., lossless inference accuracy).
As recently emerged rowhammer exploits require undocumented DRAM address mapping, we propose a generic knowledge-assisted tool, DRAMDig, which takes domain knowledge into consideration to efficiently and deterministically uncover the DRAM address map
pings on any Intel-based machines. We test DRAMDig on a number of machines with different combinations of DRAM chips and microarchitectures ranging from Intel Sandy Bridge to Coffee Lake. Comparing to previous works, DRAMDig deterministically reverse-engineered DRAM address mappings on all the test machines with only 7.8 minutes on average. Based on the uncovered mappings, we perform double-sided rowhammer tests and the results show that DRAMDig induced significantly more bit flips than previous works, justifying the correctness of the uncovered DRAM address mappings.
We study systematically the scattering processes and the conductance spectra in nodal-line semimetalsuperconductor junctions using the extended Blonder-Tinkham-Klapwijk theory. The coexistence of peculiar quadruple reflections are found, which are th
e specular normal reflection, the retro-normal reflection, the specular Andreev reflection and the retro-Andreev reflection. The incident angle dependence and the quasiparticle energy dependence of the double normal reflections and the double Andreev reflections are investigated under various values of parameters such as the interfacial barrier height, the chemical potentials, and the orbital coupling strength. It is found that the appearance and the disappearance of the reflections and their magnitudes can be controlled through tuning these parameters. The scattering mechanism for the reflections are analyzed in details from the viewpoint of the band structure. We also investigate the conductance spectra for the junctions, which show distinctive features and strong anisotropy about the orientation relationships of the nodal line and interface. The unique scattering processes and conductance spectra found in the junctions are helpful in designing superconducting electronic devices and searching for the nodal line in materials experimentally.
Vehicle-to-everything (V2X) is considered as one of the most important applications of future wireless communication networks. However, the Doppler effect caused by the vehicle mobility may seriously deteriorate the performance of the vehicular commu
nication links, especially when the channels exhibit a large number of Doppler frequency offsets (DFOs). Orthogonal time frequency space (OTFS) is a new waveform designed in the delay-Doppler domain, and can effectively convert a doubly dispersive channel into an almost non-fading channel, which makes it very attractive for V2X communications. In this paper, we design a novel OTFS based receiver with multi-antennas to deal with the high-mobility challenges in V2X systems. We show that the multiple DFOs associated with multipaths can be separated with the high-spatial resolution provided by multi-antennas, which leads to an enhanced sparsity of the OTFS channel in the delay-Doppler domain and bears a potential to reduce the complexity of the message passing (MP) detection algorithm. Based on this observation, we further propose a joint MP-maximum ration combining (MRC) iterative detection for OTFS, where the integration of MRC significantly improves the convergence performance of the iteration and gains an excellent system error performance. Finally, we provide numerical simulation results to corroborate the superiorities of the proposed scheme.
