Steganography Application Using Combination of Movements in a 2D Video Game Platform

Steganography represents the art of hiding information within a harmless medium such as digital images, video, audio, etc. Its purpose is to embed and transmit a message without raising suspicion to a third party or attacker who wishes to obtain that secret information. This research aims to propose a methodology with steganography using as a cover object a 2D platform video game. The experimentation model followed consists of using the combination of horizontal and vertical movements of the enemies by applying the numbering in base 5 or quinary where each character of the message is assigned a quinary digit. In the proposal for improvement the video game is set with 20 enemies per level along the map. The concealment is divided into 3 phases from the choice of the message, allocation of quinary values and generation of the videogame level. Finally, the limitations found will be presented based on experimentation

Need To Know Before Utopian Balloon Is Popped: Security Perspective Analysis of Nun-Fungible Tokens

Non-Fungible Tokens (NFTs) have exploded into the technological and blockchain worlds with millions of dollars’ worth of cryptocurrencies such as Ethereum and Bitcoin among others, being traded for with these NFTs by individuals. NFTs are utilized by most buyers and sellers to show authenticity and sole ownership of a rare piece of work which could be in the form of an art, a video, a game, an image, a collectible, or anything the individual deems to be of great value and of interest for other individuals to pay for and own. NFTs however are not immune to the security and privacy issues that are already affiliated with the blockchain. This research work therefore examines the existing vulnerabilities in the blockchain then specifically investigates vulnerabilities with NFTs. Not much of research effort has been put into this area but the ones that have been conducted centered on generic security issues related to Non-Fungible Tokens. Taxonomies are developed in this paper to classify the security threats and attacks as identified by investigating the vulnerabilities of NFTs. This work will be of great assistance to investors and developers who look to enter into the NFT market, as they will be provided with some adequate knowledge for them to be aware of the security issues related to the booming market of NFTs

Европейский и национальный контексты в научных исследованиях

В настоящем электронном сборнике «Европейский и национальный контексты в научных исследованиях. Технология» представлены работы молодых ученых по геодезии и картографии, химической технологии и машиностроению, информационным технологиям, строительству и радиотехнике. Предназначены для работников образования, науки и производства. Будут полезны студентам, магистрантам и аспирантам университетов.=In this Electronic collected materials “National and European dimension in research. Technology” works in the fields of geodesy, chemical technology, mechanical engineering, information technology, civil engineering, and radio-engineering are presented. It is intended for trainers, researchers and professionals. It can be useful for university graduate and post-graduate students

Code-Reuse Attacks and Defenses

Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almost three decades and no end seems to be in sight. In particular, code-reuse techniques such as return-oriented programming offer a robust attack technique that is extensively used to exploit memory corruption vulnerabilities in modern software programs (e.g. web browsers or document viewers). Whereas conventional control-flow attacks (runtime exploits) require the injection of malicious code, code-reuse attacks leverage code that is already present in the address space of an application to undermine the security model of data execution prevention (DEP). In addition, code-reuse attacks in conjunction with memory disclosure attack techniques circumvent the widely applied memory protection model of address space layout randomization (ASLR). To counter this ingenious attack strategy, several proposals for enforcement of control-flow integrity (CFI) and fine-grained code randomization have emerged. In this dissertation, we explore the limitations of existing defenses against code-reuse attacks. In particular, we demonstrate that various coarse-grained CFI solutions can be effectively undermined, even under weak adversarial assumptions. Moreover, we explore a new return-oriented programming attack technique that is solely based on indirect jump and call instructions to evade detection from defenses that perform integrity checks for return addresses. To tackle the limitations of existing defenses, this dissertation introduces the design and implementation of several new countermeasures. First, we present a generic and fine-grained CFI framework for mobile devices targeting ARM-based platforms. This framework preserves static code signatures by instrumenting mobile applications on-the-fly in memory. Second, we tackle the performance and security limitations of existing CFI defenses by introducing hardware-assisted CFI for embedded devices. To this end, we present a CFI-based hardware implementation for Intel Siskiyou Peak using dedicated CFI machine instructions. Lastly, we explore fine-grained code randomization techniques

Analyzing the Unanalyzable: an Application to Android Apps

In general, software is unreliable. Its behavior can deviate from users’ expectations because of bugs, vulnerabilities, or even malicious code. Manually vetting software is a challenging, tedious, and highly-costly task that does not scale. To alleviate excessive costs and analysts’ burdens, automated static analysis techniques have been proposed by both the research and practitioner communities making static analysis a central topic in software engineering. In the meantime, mobile apps have considerably grown in importance. Today, most humans carry software in their pockets, with the Android operating system leading the market. Millions of apps have been proposed to the public so far, targeting a wide range of activities such as games, health, banking, GPS, etc. Hence, Android apps collect and manipulate a considerable amount of sensitive information, which puts users’ security and privacy at risk. Consequently, it is paramount to ensure that apps distributed through public channels (e.g., the Google Play) are free from malicious code. Hence, the research and practitioner communities have put much effort into devising new automated techniques to vet Android apps against malicious activities over the last decade. Analyzing Android apps is, however, challenging. On the one hand, the Android framework proposes constructs that can be used to evade dynamic analysis by triggering the malicious code only under certain circumstances, e.g., if the device is not an emulator and is currently connected to power. Hence, dynamic analyses can -easily- be fooled by malicious developers by making some code fragments difficult to reach. On the other hand, static analyses are challenged by Android-specific constructs that limit the coverage of off-the-shell static analyzers. The research community has already addressed some of these constructs, including inter-component communication or lifecycle methods. However, other constructs, such as implicit calls (i.e., when the Android framework asynchronously triggers a method in the app code), make some app code fragments unreachable to the static analyzers, while these fragments are executed when the app is run. Altogether, many apps’ code parts are unanalyzable: they are either not reachable by dynamic analyses or not covered by static analyzers. In this manuscript, we describe our contributions to the research effort from two angles: ① statically detecting malicious code that is difficult to access to dynamic analyzers because they are triggered under specific circumstances; and ② statically analyzing code not accessible to existing static analyzers to improve the comprehensiveness of app analyses. More precisely, in Part I, we first present a replication study of a state-of-the-art static logic bomb detector to better show its limitations. We then introduce a novel hybrid approach for detecting suspicious hidden sensitive operations towards triaging logic bombs. We finally detail the construction of a dataset of Android apps automatically infected with logic bombs. In Part II, we present our work to improve the comprehensiveness of Android apps’ static analysis. More specifically, we first show how we contributed to account for atypical inter-component communication in Android apps. Then, we present a novel approach to unify both the bytecode and native in Android apps to account for the multi-language trend in app development. Finally, we present our work to resolve conditional implicit calls in Android apps to improve static and dynamic analyzers

High Throughput Photopatterning and Interactive Manipulation of Microparticles and Microorganisms.

Recent advances in soft material microfabrication technologies are enabling wide-ranging studies of cellular and organism behavior in vitro; however, these methods are generally time-consuming, challenging to implement by non-experts, are limited to planar features, and cannot be reconfigured within live environments. As a result, it is not possible to manufacture realistic artificial tissue constructs, nor to perform dynamic experimentation with model organisms. This thesis describes an integrated hardware and software platform, based on micro-scale light shaping and high-speed machine vision algorithms that enables real-time, dynamic photo-patterning in response to microscale environmental changes. An optofluidic lithography system designed for the purpose of in-flow polymerization of hydrogel microstructures achieved diffraction limited resolution (r = 0.7µm) with a maximum distortion of the projection of 160nm. This enables continuous production of poly(ethylene-glycol) diacrylate(PEG-DA) microparticles (20-100μm, CoV5-15%). A new pillared microfluidic device design increased throughput up to 1500-fold, capable of synthesizing 2.5×〖10〗^6 particles per minute. Biocompatibility of hydrogels was validated for model organism C. elegans, and hepatocytes. Dynamic assays where structures were built during live culture affirm that proximity of pillared structures increased the swimming speed of C. elegans and showed that worm behavior can be influenced by sequential photopatterning of free-floating structures. A software architecture was designed to enable use of machine vision to in flow, by photopolymer encapsulation in response to image-based decision events. We then evaluated the sensitivity, specificity, RMSE and computational time of candidate machine vision algorithms, and find the Speeded Up Robust Feature (SURF) method was the most robust though Thresholding was 3 orders of magnitude faster than SURF. Using this capability, we sorted poly(styrene) micro particles by size via selective encapsulation (TPR=100% and SPC=99.999%, Mean error 4.7 pixels); and print patterns of hepatocyte aggregates with single cell resolution (<20µm) onto polymer substrates. Last, the thesis describes the design and testing of a six-axis robotic dynamic lithography system for patterning large area curved surfaces. Looking forward, platforms combining micro- and nanofabrication processes with image-driven artificial intelligence algorithms could widely expand capabilities for scalable biofabrication and automation of science, including for custom fabrication of cell-based assays and in vitro organ mimics.PhDMechanical EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/110371/1/croliver_1.pd