70,454 research outputs found
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
Video Chat Application for Facebook
This project is mainly written for the facebook users. In today’s world, there are many social networking sites available. Among those social networking web sites, facebook is widely used web site. Like all other social networking web sites, Facebook also provides many features to attract more and more users. But it lacks in providing the most important feature of social networking, i.e. video chat. I explore the different options and requirements needed to build the video chat application. I have also described the integration of the application with the facebook
A HCI principles based framework to assess the user perception of web based Virtual Research Environments. Special issue on Capacity building for post disaster infrastructure development and management
Due to various challenges and opportunities such as globalisation of research agenda and advancements in information and communication technologies, research collaborations (both international and national) have become popular during the last decade more than ever before. Within this context, the concept of Virtual Research environments(VRE) is an emerging concept looking at addressing the complex challenges associated with conducting collaborative research. Even though concept of VRE is at its infancy, it is important to assess user perception
about those, both to establish its success of uptake and future development strategies. However, to date, there is no formal method established to evaluate VREs .This paper reports a strategy adopted within an international collaborative research project (EURASIA) to evaluate
its custom built VRE, VEBER, using the well known Computer Human Interaction principles
Evaluating the SiteStory Transactional Web Archive With the ApacheBench Tool
Conventional Web archives are created by periodically crawling a web site and
archiving the responses from the Web server. Although easy to implement and
common deployed, this form of archiving typically misses updates and may not be
suitable for all preservation scenarios, for example a site that is required
(perhaps for records compliance) to keep a copy of all pages it has served. In
contrast, transactional archives work in conjunction with a Web server to
record all pages that have been served. Los Alamos National Laboratory has
developed SiteSory, an open-source transactional archive written in Java
solution that runs on Apache Web servers, provides a Memento compatible access
interface, and WARC file export features. We used the ApacheBench utility on a
pre-release version of to measure response time and content delivery time in
different environments and on different machines. The performance tests were
designed to determine the feasibility of SiteStory as a production-level
solution for high fidelity automatic Web archiving. We found that SiteStory
does not significantly affect content server performance when it is performing
transactional archiving. Content server performance slows from 0.076 seconds to
0.086 seconds per Web page access when the content server is under load, and
from 0.15 seconds to 0.21 seconds when the resource has many embedded and
changing resources.Comment: 13 pages, Technical Repor
Video Conferencing Tool
Video Conferencing Tool (VCT) is a web-based video chat application that allows users anywhere in the world to join real-time streaming video chat rooms. This product is similar to social networking sites that allow web-based video conferencing. The main advantage of VCT compared to existing tools is that it is easy to use and does not require users to download and set up additional hardware. Since this product is a browser-based solution, it allows users from multiple platforms like Windows, Linux, or Mac to join a chat room. My VCT allows users to create new public or private chat rooms or enter into existing chat rooms with the click of a button. VCT allows users to share their live audio and video to all users in the chat room. It also allows users to see the list of attendees in the chat room. VCT users can invite their friends to join video chat rooms by sending a link to their email. Friends can click the link and directly enter chat room without creating an account in VCT. The users also have the option of sending video messages to other users. Adobe Flash Media Server is used as the back end for developing this web site
- …