Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that these devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Unfortunately, web security is known to be difficult, and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the vendor, device, or architecture. To achieve this goal, our framework performs full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we analyze the web interfaces within the firmware using both static and dynamic tools. We also present some interesting case-studies, and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale. We validate our framework by testing it on 1925 firmware images from 54 different vendors. We discover important vulnerabilities in 185 firmware images, affecting nearly a quarter of vendors in our dataset. These experimental results demonstrate the effectiveness of our approach

Video Chat Application for Facebook

This project is mainly written for the facebook users. In today’s world, there are many social networking sites available. Among those social networking web sites, facebook is widely used web site. Like all other social networking web sites, Facebook also provides many features to attract more and more users. But it lacks in providing the most important feature of social networking, i.e. video chat. I explore the different options and requirements needed to build the video chat application. I have also described the integration of the application with the facebook

A HCI principles based framework to assess the user perception of web based Virtual Research Environments. Special issue on Capacity building for post disaster infrastructure development and management

Due to various challenges and opportunities such as globalisation of research agenda and advancements in information and communication technologies, research collaborations (both international and national) have become popular during the last decade more than ever before. Within this context, the concept of Virtual Research environments(VRE) is an emerging concept looking at addressing the complex challenges associated with conducting collaborative research. Even though concept of VRE is at its infancy, it is important to assess user perception about those, both to establish its success of uptake and future development strategies. However, to date, there is no formal method established to evaluate VREs .This paper reports a strategy adopted within an international collaborative research project (EURASIA) to evaluate its custom built VRE, VEBER, using the well known Computer Human Interaction principles

Evaluating the SiteStory Transactional Web Archive With the ApacheBench Tool

Conventional Web archives are created by periodically crawling a web site and archiving the responses from the Web server. Although easy to implement and common deployed, this form of archiving typically misses updates and may not be suitable for all preservation scenarios, for example a site that is required (perhaps for records compliance) to keep a copy of all pages it has served. In contrast, transactional archives work in conjunction with a Web server to record all pages that have been served. Los Alamos National Laboratory has developed SiteSory, an open-source transactional archive written in Java solution that runs on Apache Web servers, provides a Memento compatible access interface, and WARC file export features. We used the ApacheBench utility on a pre-release version of to measure response time and content delivery time in different environments and on different machines. The performance tests were designed to determine the feasibility of SiteStory as a production-level solution for high fidelity automatic Web archiving. We found that SiteStory does not significantly affect content server performance when it is performing transactional archiving. Content server performance slows from 0.076 seconds to 0.086 seconds per Web page access when the content server is under load, and from 0.15 seconds to 0.21 seconds when the resource has many embedded and changing resources.Comment: 13 pages, Technical Repor

Video Conferencing Tool

Video Conferencing Tool (VCT) is a web-based video chat application that allows users anywhere in the world to join real-time streaming video chat rooms. This product is similar to social networking sites that allow web-based video conferencing. The main advantage of VCT compared to existing tools is that it is easy to use and does not require users to download and set up additional hardware. Since this product is a browser-based solution, it allows users from multiple platforms like Windows, Linux, or Mac to join a chat room. My VCT allows users to create new public or private chat rooms or enter into existing chat rooms with the click of a button. VCT allows users to share their live audio and video to all users in the chat room. It also allows users to see the list of attendees in the chat room. VCT users can invite their friends to join video chat rooms by sending a link to their email. Friends can click the link and directly enter chat room without creating an account in VCT. The users also have the option of sending video messages to other users. Adobe Flash Media Server is used as the back end for developing this web site