Cloud services, interoperability and analytics within a ROLE-enabled personal learning environment

The ROLE project (Responsive Open Learning Environments, EU 7th Framework Programme, grant agreement no.: 231396, 2009-2013) was focused on the next generation of Personal Learning Environments (PLEs). A ROLE PLE is a bundle of interoperating widgets - often realised as cloud services - used for teaching and learning. In this paper, we first describe the creation of new ROLE widgets and widget bundles at Galileo University, Guatemala, within a cloud-based infrastructure. We introduce an initial architecture for cloud interoperability services including the means for collecting interaction data as needed for learning analytics. Furthermore, we describe the newly implemented widgets, namely a social networking tool, a mind-mapping tool and an online document editor, as well as the modification of existing widgets. The newly created and modified widgets have been combined in two different bundles that have been evaluated in two web-based courses at Galileo University, with participants from three different Latin-American countries. We measured emotional aspects, motivation, usability and attitudes towards the environment. The results demonstrated the readiness of cloud-based education solutions, and how ROLE can bring together such an environment from a PLE perspective

Container-based microservice architecture for local IoT services

Abstract. Edge services are needed to save networking and computational resources on higher tiers, enable operation during network problems, and to help limiting private data propagation to higher tiers if the function needing it can be handled locally. MEC at access network level provides most of these features but cannot help when access network is down. Local services, in addition, help alleviating the MEC load and limit the data propagation even more, on local level. This thesis focuses on the local IoT service provisioning. Local service provisioning is subject to several requirements, related to resource/energy-efficiency, performance and reliability. This thesis introduces a novel way to design and implement a Docker container-based micro-service system for gadget-free future IoT (Internet of Things) network. It introduces a use case scenario and proposes few possible required micro-services as of solution to the scenario. Some of these services deployed on different virtual platforms along with software components that can process sensor data providing storage capacity to make decisions based on their algorithm and business logic while few other services deployed with gateway components to connect rest of the devices to the system of solution. It also includes a state-of-the-art study for design, implementation, and evaluation as a Proof-of-Concept (PoC) based on container-based microservices with Docker. The used IoT devices are Raspberry Pi embedded computers along with an Ubuntu machine with a rich set of features and interfaces, capable of running virtualized services. This thesis evaluates the solution based on practical implementation. In addition, the thesis also discusses the benefits and drawbacks of the system with respect to the empirical solution. The output of the thesis shows that the virtualized microservices could be efficiently utilized at the local and resource constrained IoT using Dockers. This validates that the approach taken in this thesis is feasible for providing such services and functionalities to the micro and nanoservice architecture. Finally, this thesis proposes numerous improvements for future iterations

Bypassing Modern CPU Protections With Function-Oriented Programming

Over the years, code reuse attacks such as return-oriented programming (ROP) and jump-oriented programming (JOP) have been a primary target to gain execution on a system via buffer overflow, memory corruption, and code flow hijacking vulnerabilities. However, new CPU-level protections have introduced a variety of hurdles. ARM has designed the “Pointer Authentication” and “Branch Target Identification” mechanisms to handle the authentication of memory addresses and pointers, and Intel has followed through with its Shadow Stack and Indirect Branch Targeting mechanisms, otherwise known as Control-Flow Enforcement Technology. As intended, these protections make it nearly impossible to utilize regular code reuse methods such as ROP and JOP. The inclusion of these new protections has left gaps in the system\u27s security where the use of function-based code reuse attacks are still possible. This research demonstrates a novel approach to utilizing Function-Oriented Programming (FOP) as a technique to utilize in such environments. The design and creation of the “FOP Mythoclast” tool to identify FOP gadgets within Intel and ARM environments demonstrates not only a proof of concept (PoC) for FOP, but further cements its ability to thrive in diverse constrained environments. Additionally, the demonstration of FOP within the Linux kernel showcases the ability of FOP to excel in complex and real-world situations. This research concludes with potential solutions for mitigating FOP without adversely affecting system performance

Bluetooth Security Logical Link Control and Adaptation Protocol

The point of our work is to assess security dangers in Bluetooth-empowered frameworks. Our exploration work focuses on handy parts of Bluetooth security. It can be generally isolated into four sections. First and foremost, shortcomings of Bluetooth security are mulled over taking into account a writing survey, and a Bluetooth security research center environment for actualizing Bluetooth security assaults by and by has been manufactured. Also, distinctive sorts of assaults against Bluetooth security are researched and the possibility of some of them are shown in our exploration lab. Countermeasures against every sort of assault are likewise proposed. Thirdly, a portion of the current Bluetooth security assaults are upgraded and new assaults are proposed. To do these assaults by and by, Bluetooth security investigation devices are executed. Countermeasures that render these assaults unreasonable are likewise proposed. At long last, a relative examination of the current Man-In-The-Middle assaults on Bluetooth is displayed, a novel framework for distinguishing and forestalling interruptions in Bluetooth systems is proposed, and a further arrangement of Bluetooth-empowered specially appointed systems is give

A Framework for Verification in Contactless Secure Physical Access Control and Authentication Systems

Biometrics is one of the very popular techniques in user identification for accessing institutions and logging into attendance systems. Currently, some of the existing biometric techniques such as the use of fingerprints are unpopular due to COVID-19 challenges. This paper identifies the components of a framework for secure contactless access authentication. The researcher selected 50 journals from Google scholar which were used to analyze the various components used in a secure contactless access authentication framework. The methodology used for research was based on the scientific approach of research methodology that mainly includes data collection from the 50 selected journals, analysis of the data and assessment of results. The following components were identified: database, sensor camera, feature extraction methods, matching and decision algorithm. Out of the considered journals the most used is CASIA database at 40%, CCD Sensor camera with 56%, Gabor feature extraction method at 44%, Hamming distance for matching at 100% and PCA at 100% was used for decision making. These findings will assist the researcher in providing a guide on the best suitable components. Various researchers have proposed an improvement in the current security systems due to integrity and security problems

Cyberaide JavaScript: A Web Application Development Framework for Cyberinfrastructure

This thesis work introduces a service oriented architecture based Grid abstraction framework that allows users to access Grid infrastructure through JavaScript. Such a framework integrates well with other Web 2.0 technologies since it provides JavaScript toolkit to build web applications. The framework consists of two essential parts. A client Application Programming lnterface (API) to access the Grid via JavaScript and a full service stack in server side through which the Grid access is channeled. The framework uses commodity Web service standards and provides extended functionality such as asynchronous task management, file transfer, etc. The availability of this framework simplifies not only the development of new services, but also the development of advanced client side Grid applications that can be accessed through Web browsers. The effectiveness of the framework is demonstrated by providing an Grid portal example that integrates a variety of useful services to be accessed through a JavaScript enabled client desktop via a Web browser, as well as the opensocial gadgets for Grid task management and file transfer. Overall, Grid developers will have another tool at their disposal that projects a simpler way to distribute and maintain cyberinfrastructure related software, while simultaneously delivering advanced interfaces and integrating social services for the scientific community

Static detection of control-flow-related vulnerabilities using graph embedding

© 2019 IEEE. Static vulnerability detection has shown its effectiveness in detecting well-defined low-level memory errors. However, high-level control-flow related (CFR) vulnerabilities, such as insufficient control flow management (CWE-691), business logic errors (CWE-840), and program behavioral problems (CWE-438), which are often caused by a wide variety of bad programming practices, posing a great challenge for existing general static analysis solutions. This paper presents a new deep-learning-based graph embedding approach to accurate detection of CFR vulnerabilities. Our approach makes a new attempt by applying a recent graph convolutional network to embed code fragments in a compact and low-dimensional representation that preserves high-level control-flow information of a vulnerable program. We have conducted our experiments using 8,368 real-world vulnerable programs by comparing our approach with several traditional static vulnerability detectors and state-of-the-art machine-learning-based approaches. The experimental results show the effectiveness of our approach in terms of both accuracy and recall. Our research has shed light on the promising direction of combining program analysis with deep learning techniques to address the general static analysis challenges

Bootstrapping adoption of the Pico password replacement system

In previous work we presented Pico, an authentication sys- tem designed to be both more usable and more secure than passwords. One unsolved problem was that Pico, in its quest to explore the whole solution space without being bound by compatibility shackles, requires changes at both the prover and the verifier, which makes it hard to convince anyone to adopt it: users won’t buy an authentication gadget that doesn’t let them log into anything and service providers won’t sup- port a system that no users are equipped to log in with. In this paper we present three measures to break this vicious circle, starting with the “Pico Lens” browser add-on that rewrites websites on the fly so that they appear Pico-enabled. Our add-on offers the user most (though not all) of the usability and security benefits of Pico, thus fostering adoption from users even before service providers are on board. This will enable Pico to build up a user base. We also developed a server-side Wordpress plugin which can serve both as a reference example and as a useful enabler in its own right (as Wordpress is one of the leading content management platforms on the web). Finally, we developed a software version of the Pico client running on a smartphone, the Pico App, so that people can try out Pico (at the price of slightly reduced security) without having to acquire and carry another gadget. Having broken the vicious circle we’ll be in a stronger position to persuade providers to offer support for Pico in parallel with passwords.ERC 30722