TechNews digests: Jan - Nov 2009

TechNews is a technology, news and analysis service aimed at anyone in the education sector keen to stay informed about technology developments, trends and issues. TechNews focuses on emerging technologies and other technology news. TechNews service : digests september 2004 till May 2010 Analysis pieces and News combined publish every 2 to 3 month

The Collective Consciousness of Information Technology Research: Ways of seeing Information Technology Research: Its Objects and Territories

The collective consciousness of effective groups of researchers is characterised by shared understandings of their research object or territory. In the relatively new field of information technology research, rapid expansion and fragmentation of the territory has led to different perceptions about what constitutes information technology research. This project explores a facet of the collective consciousness of disparate groups of researchers and lays a foundation for constructing shared research objects. Making IT researchers’ ways of seeing explicit may help us understand some of the complexities associated with inter and intra disciplinary collaboration amongst research groups, and the complexities associated with technology transfer to industry. This report analyses IT research, its objects and territories, as they are constituted by IT researchers associated with the sub-disciplines of information systems, computer science and information security. A phenomenographic approach is used to elicit data from a diverse range of IT researchers in semistructured interviews. This data is analysed to show (1) the variation in meaning associated with the idea of IT research and (2) the awareness structures through which participants experience variation in ways of seeing the object and territories of IT research. An Outcome Space represents the interrelation between different ways of seeing the territory. Eight ways of seeing IT research, its objects and territories, were found: The Technology Conception, The Information Conception, The Information and Technology Conception, The Communication Conception, The Ubiquitous Conception, The Sanctioned Conception, The Dialectic Conception and The Constructed Conception. These are described in detail and illustrated with participants’ quotes. Finally, some recommendations for further research are made

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime