4,224 research outputs found
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
Adaptive Educational Hypermedia based on Multiple Student Characteristics
The learning process in Adaptive Educational Hypermedia (AEH) environments is complex and may be influenced by aspects of the student, including prior knowledge, learning styles, experience and preferences. Current AEH environments, however, are limited to processing only a small number of student characteristics. This paper discusses the development of an AEH system which includes a student model that can simultaneously take into account multiple student characteristics. The student model will be developed to use stereotypes, overlays and perturbation techniques. Keywords: adaptive educational hypermedia, multiple characteristics, student model
Rock falls impacting railway tracks. Detection analysis through an artificial intelligence camera prototype
During the last few years, several approaches have been proposed to improve early warning systems for managing geological risk
due to landslides, where important infrastructures (such as railways, highways, pipelines, and aqueducts) are exposed elements.
In this regard, an Artificial intelligence Camera Prototype (AiCP) for real-time monitoring has been integrated in a multisensor
monitoring system devoted to rock fall detection. An abandoned limestone quarry was chosen at Acuto (central Italy) as test-site
for verifying the reliability of the integratedmonitoring system. A portion of jointed rockmass, with dimensions suitable for optical
monitoring, was instrumented by extensometers. One meter of railway track was used as a target for fallen blocks and a weather
station was installed nearby. Main goals of the test were (i) evaluating the reliability of the AiCP and (ii) detecting rock blocks that
reach the railway track by the AiCP. At this aim, several experiments were carried out by throwing rock blocks over the railway
track. During these experiments, the AiCP detected the blocks and automatically transmitted an alarm signal
A publication database for optical long baseline interferometry
Optical long baseline interferometry is a technique that has generated almost
850 refereed papers to date. The targets span a large variety of objects from
planetary systems to extragalactic studies and all branches of stellar physics.
We have created a database hosted by the JMMC and connected to the Optical Long
Baseline Interferometry Newsletter (OLBIN) web site using MySQL and a
collection of XML or PHP scripts in order to store and classify these
publications. Each entry is defined by its ADS bibcode, includes basic ADS
informations and metadata. The metadata are specified by tags sorted in
categories: interferometric facilities, instrumentation, wavelength of
operation, spectral resolution, type of measurement, target type, and paper
category, for example. The whole OLBIN publication list has been processed and
we present how the database is organized and can be accessed. We use this tool
to generate statistical plots of interest for the community in optical long
baseline interferometry.Comment: To be published in the SPIE'2010 conference on "Optical and Infrared
Interferometry II
Seamless Integration of Group Communication into an Adaptive Online Exercise System
Distance learners in traditional online exercise and tutoring systems often get stuck with questions for which they need the help of a tutor or colleague. Learning alone can also be frustrating. In our Communication And Tutoring System CATS we have integrated the possibility to dial up a tutor and/or to setup an immediate group communication with other distance learners using Internet videoconferencing technology. To find the appropriate partner, we have implemented a measurement algorithm that keeps track of the performance level of a learner by measuring the percentage of correct answers at the current level, the reliability with which the learner answers the questions and the time he/she takes. From these measures we derive a unified performance parameter that controls the presentation of the next set of questions. These are then generated dynamically by the exercise applet. The CATS system automatically selects the most appropriate communica-tion partner(s) bas! ed on the exercises the learners are currently working on, and on their skill levels. We motivate this approach from a pedagogical point of view and present the architecture and implementation of the CATS system
A Brief History of Web Crawlers
Web crawlers visit internet applications, collect data, and learn about new
web pages from visited pages. Web crawlers have a long and interesting history.
Early web crawlers collected statistics about the web. In addition to
collecting statistics about the web and indexing the applications for search
engines, modern crawlers can be used to perform accessibility and vulnerability
checks on the application. Quick expansion of the web, and the complexity added
to web applications have made the process of crawling a very challenging one.
Throughout the history of web crawling many researchers and industrial groups
addressed different issues and challenges that web crawlers face. Different
solutions have been proposed to reduce the time and cost of crawling.
Performing an exhaustive crawl is a challenging question. Additionally
capturing the model of a modern web application and extracting data from it
automatically is another open question. What follows is a brief history of
different technique and algorithms used from the early days of crawling up to
the recent days. We introduce criteria to evaluate the relative performance of
web crawlers. Based on these criteria we plot the evolution of web crawlers and
compare their performanc
- …