14,529 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Technical Dimensions of Programming Systems

    Get PDF
    Programming requires much more than just writing code in a programming language. It is usually done in the context of a stateful environment, by interacting with a system through a graphical user interface. Yet, this wide space of possibilities lacks a common structure for navigation. Work on programming systems fails to form a coherent body of research, making it hard to improve on past work and advance the state of the art. In computer science, much has been said and done to allow comparison of programming languages, yet no similar theory exists for programming systems; we believe that programming systems deserve a theory too. We present a framework of technical dimensions which capture the underlying characteristics of programming systems and provide a means for conceptualizing and comparing them. We identify technical dimensions by examining past influential programming systems and reviewing their design principles, technical capabilities, and styles of user interaction. Technical dimensions capture characteristics that may be studied, compared and advanced independently. This makes it possible to talk about programming systems in a way that can be shared and constructively debated rather than relying solely on personal impressions. Our framework is derived using a qualitative analysis of past programming systems. We outline two concrete ways of using our framework. First, we show how it can analyze a recently developed novel programming system. Then, we use it to identify an interesting unexplored point in the design space of programming systems. Much research effort focuses on building programming systems that are easier to use, accessible to non-experts, moldable and/or powerful, but such efforts are disconnected. They are informal, guided by the personal vision of their authors and thus are only evaluable and comparable on the basis of individual experience using them. By providing foundations for more systematic research, we can help programming systems researchers to stand, at last, on the shoulders of giants

    A Design Science Research Approach to Smart and Collaborative Urban Supply Networks

    Get PDF
    Urban supply networks are facing increasing demands and challenges and thus constitute a relevant field for research and practical development. Supply chain management holds enormous potential and relevance for society and everyday life as the flow of goods and information are important economic functions. Being a heterogeneous field, the literature base of supply chain management research is difficult to manage and navigate. Disruptive digital technologies and the implementation of cross-network information analysis and sharing drive the need for new organisational and technological approaches. Practical issues are manifold and include mega trends such as digital transformation, urbanisation, and environmental awareness. A promising approach to solving these problems is the realisation of smart and collaborative supply networks. The growth of artificial intelligence applications in recent years has led to a wide range of applications in a variety of domains. However, the potential of artificial intelligence utilisation in supply chain management has not yet been fully exploited. Similarly, value creation increasingly takes place in networked value creation cycles that have become continuously more collaborative, complex, and dynamic as interactions in business processes involving information technologies have become more intense. Following a design science research approach this cumulative thesis comprises the development and discussion of four artefacts for the analysis and advancement of smart and collaborative urban supply networks. This thesis aims to highlight the potential of artificial intelligence-based supply networks, to advance data-driven inter-organisational collaboration, and to improve last mile supply network sustainability. Based on thorough machine learning and systematic literature reviews, reference and system dynamics modelling, simulation, and qualitative empirical research, the artefacts provide a valuable contribution to research and practice

    How European Fans in Training (EuroFIT), a lifestyle change program for men delivered in football clubs, achieved its effect: a mixed methods process evaluation embedded in a randomised controlled trial

    Get PDF
    Background A randomised trial of European Fans in Training (EuroFIT), a 12-week healthy lifestyle program delivered in 15 professional football clubs in the Netherlands, Norway, Portugal, and the United Kingdom, successfully increased physical activity and improved diet but did not reduce sedentary time. To guide future implementation, this paper investigates how those effects were achieved. We ask: 1) how was EuroFIT implemented? 2) what were the processes through which outcomes were achieved? Methods We analysed qualitative data implementation notes, observations of 29 of 180 weekly EuroFIT deliveries, semi-structured interviews with 16 coaches and 15 club representatives, and 30 focus group discussions with participants (15 post-program and 15 after 12 months). We descriptively analysed quantitative data on recruitment, attendance at sessions and logs of use of the technologies and survey data on the views of participants at baseline, post program and after 12 months. We used a triangulation protocol to investigate agreement between data from difference sources, organised around meeting 15 objectives within the two research questions. Results We successfully recruited clubs, coaches and men to EuroFIT though the draw of the football club seemed stronger in the UK and Portugal. Advertising that emphasized getting fitter, club-based deliveries, and not ‘standing out’ worked and attendance and fidelity were good, so that coaches in all countries were able to deliver EuroFIT flexibly as intended. Coaches in all 15 clubs facilitated the use of behaviour change techniques and interaction between men, which together enhanced motivation. Participants found it harder to change sedentary time than physical activity and diet. Fitting changes into daily routines, planning for setbacks and recognising the personal benefit of behaviour change were important to maintain changes. Bespoke technologies were valued, but technological hitches frustrated participants. Conclusion EuroFIT was delivered as planned by trained club coaches working flexibly in all countries. It worked as expected to attract men and support initiation and maintenance of changes in physical activity and diet but the use of bespoke, unstable, technologies was frustrating. Future deliveries should eliminate the focus on sedentary time and should use only proven technologies to support self-monitoring and social interaction

    Corporate Social Responsibility: the institutionalization of ESG

    Get PDF
    Understanding the impact of Corporate Social Responsibility (CSR) on firm performance as it relates to industries reliant on technological innovation is a complex and perpetually evolving challenge. To thoroughly investigate this topic, this dissertation will adopt an economics-based structure to address three primary hypotheses. This structure allows for each hypothesis to essentially be a standalone empirical paper, unified by an overall analysis of the nature of impact that ESG has on firm performance. The first hypothesis explores the evolution of CSR to the modern quantified iteration of ESG has led to the institutionalization and standardization of the CSR concept. The second hypothesis fills gaps in existing literature testing the relationship between firm performance and ESG by finding that the relationship is significantly positive in long-term, strategic metrics (ROA and ROIC) and that there is no correlation in short-term metrics (ROE and ROS). Finally, the third hypothesis states that if a firm has a long-term strategic ESG plan, as proxied by the publication of CSR reports, then it is more resilience to damage from controversies. This is supported by the finding that pro-ESG firms consistently fared better than their counterparts in both financial and ESG performance, even in the event of a controversy. However, firms with consistent reporting are also held to a higher standard than their nonreporting peers, suggesting a higher risk and higher reward dynamic. These findings support the theory of good management, in that long-term strategic planning is both immediately economically beneficial and serves as a means of risk management and social impact mitigation. Overall, this contributes to the literature by fillings gaps in the nature of impact that ESG has on firm performance, particularly from a management perspective

    Countermeasures for the majority attack in blockchain distributed systems

    Get PDF
    La tecnología Blockchain es considerada como uno de los paradigmas informáticos más importantes posterior al Internet; en función a sus características únicas que la hacen ideal para registrar, verificar y administrar información de diferentes transacciones. A pesar de esto, Blockchain se enfrenta a diferentes problemas de seguridad, siendo el ataque del 51% o ataque mayoritario uno de los más importantes. Este consiste en que uno o más mineros tomen el control de al menos el 51% del Hash extraído o del cómputo en una red; de modo que un minero puede manipular y modificar arbitrariamente la información registrada en esta tecnología. Este trabajo se enfocó en diseñar e implementar estrategias de detección y mitigación de ataques mayoritarios (51% de ataque) en un sistema distribuido Blockchain, a partir de la caracterización del comportamiento de los mineros. Para lograr esto, se analizó y evaluó el Hash Rate / Share de los mineros de Bitcoin y Crypto Ethereum, seguido del diseño e implementación de un protocolo de consenso para controlar el poder de cómputo de los mineros. Posteriormente, se realizó la exploración y evaluación de modelos de Machine Learning para detectar software malicioso de tipo Cryptojacking.DoctoradoDoctor en Ingeniería de Sistemas y Computació

    KHAN: Knowledge-Aware Hierarchical Attention Networks for Accurate Political Stance Prediction

    Full text link
    The political stance prediction for news articles has been widely studied to mitigate the echo chamber effect -- people fall into their thoughts and reinforce their pre-existing beliefs. The previous works for the political stance problem focus on (1) identifying political factors that could reflect the political stance of a news article and (2) capturing those factors effectively. Despite their empirical successes, they are not sufficiently justified in terms of how effective their identified factors are in the political stance prediction. Motivated by this, in this work, we conduct a user study to investigate important factors in political stance prediction, and observe that the context and tone of a news article (implicit) and external knowledge for real-world entities appearing in the article (explicit) are important in determining its political stance. Based on this observation, we propose a novel knowledge-aware approach to political stance prediction (KHAN), employing (1) hierarchical attention networks (HAN) to learn the relationships among words and sentences in three different levels and (2) knowledge encoding (KE) to incorporate external knowledge for real-world entities into the process of political stance prediction. Also, to take into account the subtle and important difference between opposite political stances, we build two independent political knowledge graphs (KG) (i.e., KG-lib and KG-con) by ourselves and learn to fuse the different political knowledge. Through extensive evaluations on three real-world datasets, we demonstrate the superiority of DASH in terms of (1) accuracy, (2) efficiency, and (3) effectiveness.Comment: 12 pages, 5 figures, 10 tables, the Web Conference 2023 (WWW

    Literacia e inclusão digital dos assistentes operacionais na Escola Superior de Educação do Instituto Politécnico de Santarém

    Get PDF
    O presente relatório centra-se num estudo aplicado em contexto real. Isto é, procurou se aplicar um modelo de capacitação em competências digitais direcionado a um público-alvo específico. Neste caso, a um grupo de técnicos assistentes operacionais que apresentava determinadas dificuldades no que toca ao uso de meios digitais no seu local de trabalho. Assim, foi possível verificar a metodologia aplicada e o planeamento traçado, acente numa ordem mudança, pois a meta deste estudo é a transformação de uma realidade social/operacional e a melhoria de vida laboral das pessoas envolvidas em contexto de trabalho, procedendo à sua posterior análise e avaliação. A metodologia aplicada neste projeto foi a Investigação Ação (IA), na medida em que se procurou estudar vários elementos tais como um grupo de trabalho com características únicas, especificas e diferentes, (Assistentes Operacionais (AO)) que, no ponto de vista deste estudo, designa concretamente a componente mais prática e interventiva deste tipo de metodologia. Os resultados demonstram que os usos efetivos das tecnologias digitais tornaram-se num fator essencial para que este público alvo compreendesse os benefícios de participarem ativamente numa formação em Literacia Digital.This report focuses on a study applied in a real context. An attempt was made to use a training model in digital skills aimed at a specific target audience. In this case, to a group of operational assistant technicians who had particular difficulties with the use of digital media in their workplace. Thus, it was possible to verify the methodology applied and the planned planning, centered on a changing order, since the goal of this study is the transformation of social/operational reality and the improvement of the working life of the people involved in the work context, proceeding with its subsequent analysis and evaluation. The methodology applied in this project was Action Research, as it sought to study various elements such as a workgroup with unique, specific, and different characteristics (Operational Assistants) which, from the point of view of this study, specifically designates the component more practical and interventional of this type of methodology. The results demonstrate that the effective uses of digital technologies have become an essential factor for this target audience to understand the benefits of actively participating in training in Digital Literacy.N/

    An Ethereum-compatible blockchain that explicates and ensures design-level safety properties for smart contracts

    Full text link
    Smart contracts are crucial elements of decentralized technologies, but they face significant obstacles to trustworthiness due to security bugs and trapdoors. To address the core issue, we propose a technology that enables programmers to focus on design-level properties rather than specific low-level attack patterns. Our proposed technology, called Theorem-Carrying-Transaction (TCT), combines the benefits of runtime checking and symbolic proof. Under the TCT protocol, every transaction must carry a theorem that proves its adherence to the safety properties in the invoked contracts, and the blockchain checks the proof before executing the transaction. The unique design of TCT ensures that the theorems are provable and checkable in an efficient manner. We believe that TCT holds a great promise for enabling provably secure smart contracts in the future. As such, we call for collaboration toward this vision
    corecore