Investigation of Python Variable Privacy

This study looks at the relative security of Python regarding private variables and functions used in most other programming languages. Python has only grown in popularity due to its simple syntax and developing capabilities. However, little research has been published about how secure Python code and programs compiled from Python code actually are. This research seeks to expose vulnerabilities in Python code and determine what must be done for these vulnerabilities to be exploited by hackers to abuse potentially sensitive information contained within the program. The proposed methodology includes examining the private variable concept in other programming languages and conducting experiments to determine whether Python has any vulnerabilities specific to a lack of private variables and functions. Based on the findings of these experiments, further research will be needed to explore the range of vulnerabilities in Python code and how to protect against exploiting these vulnerabilities

Computation Time Comparison Between Matlab and C++ Using Launch Windows

Processing speed between Matlab and C++ was compared by examining launch windows and handling large amounts of data found in pork chop plots. A compilation of code was generated in Matlab to produce the plots and an identical file was created in C++ that was then compiled and run in Matlab to plot the data. This file is known as a MEX-file. This report outlines some of the basics when working with MEX-files and the problems that face users. For Lambert’s solver, multi revolution cases were considered and some pork chop plots of single revolution trajectories were plotted. Three different date grids were plotted with different dimensions to determine the difference in processing speed of the two languages

Using hardware performance counters for fault localization

In this work, we leverage hardware performance counters-collected data as abstraction mechanisms for program executions and use these abstractions to identify likely causes of failures. Our approach can be summarized as follows: Hardware counters-based data is collected from both successful and failed executions, the data collected from the successful executions is used to create normal behavior models of programs, and deviations from these models observed in failed executions are scored and reported as likely causes of failures. The results of our experiments conducted on three open source projects suggest that the proposed approach can effectively prioritize the space of likely causes of failures, which can in turn improve the turn around time for defect fixes

Linguistic Reflection in Java

Reflective systems allow their own structures to be altered from within. Here we are concerned with a style of reflection, called linguistic reflection, which is the ability of a running program to generate new program fragments and to integrate these into its own execution. In particular we describe how this kind of reflection may be provided in the compiler-based, strongly typed object-oriented programming language Java. The advantages of the programming technique include attaining high levels of genericity and accommodating system evolution. These advantages are illustrated by an example taken from persistent programming which shows how linguistic reflection allows functionality (program code) to be generated on demand (Just-In-Time) from a generic specification and integrated into the evolving running program. The technique is evaluated against alternative implementation approaches with respect to efficiency, safety and ease of use.Comment: 25 pages. Source code for examples at http://www-ppg.dcs.st-and.ac.uk/Java/ReflectionExample/ Dynamic compilation package at http://www-ppg.dcs.st-and.ac.uk/Java/DynamicCompilation

CryptoKnight:generating and modelling compiled cryptographic primitives

Cryptovirological augmentations present an immediate, incomparable threat. Over the last decade, the substantial proliferation of crypto-ransomware has had widespread consequences for consumers and organisations alike. Established preventive measures perform well, however, the problem has not ceased. Reverse engineering potentially malicious software is a cumbersome task due to platform eccentricities and obfuscated transmutation mechanisms, hence requiring smarter, more efficient detection strategies. The following manuscript presents a novel approach for the classification of cryptographic primitives in compiled binary executables using deep learning. The model blueprint, a Dynamic Convolutional Neural Network (DCNN), is fittingly configured to learn from variable-length control flow diagnostics output from a dynamic trace. To rival the size and variability of equivalent datasets, and to adequately train our model without risking adverse exposure, a methodology for the procedural generation of synthetic cryptographic binaries is defined, using core primitives from OpenSSL with multivariate obfuscation, to draw a vastly scalable distribution. The library, CryptoKnight, rendered an algorithmic pool of AES, RC4, Blowfish, MD5 and RSA to synthesise combinable variants which automatically fed into its core model. Converging at 96% accuracy, CryptoKnight was successfully able to classify the sample pool with minimal loss and correctly identified the algorithm in a real-world crypto-ransomware applicatio

Strategies for protecting intellectual property when using CUDA applications on graphics processing units

Recent advances in the massively parallel computational abilities of graphical processing units (GPUs) have increased their use for general purpose computation, as companies look to take advantage of big data processing techniques. This has given rise to the potential for malicious software targeting GPUs, which is of interest to forensic investigators examining the operation of software. The ability to carry out reverse-engineering of software is of great importance within the security and forensics elds, particularly when investigating malicious software or carrying out forensic analysis following a successful security breach. Due to the complexity of the Nvidia CUDA (Compute Uni ed Device Architecture) framework, it is not clear how best to approach the reverse engineering of a piece of CUDA software. We carry out a review of the di erent binary output formats which may be encountered from the CUDA compiler, and their implications on reverse engineering. We then demonstrate the process of carrying out disassembly of an example CUDA application, to establish the various techniques available to forensic investigators carrying out black-box disassembly and reverse engineering of CUDA binaries. We show that the Nvidia compiler, using default settings, leaks useful information. Finally, we demonstrate techniques to better protect intellectual property in CUDA algorithm implementations from reverse engineering