Fingerprinting Vulnerabilities in Intelligent Electronic Device Firmware

Modern smart grid deployments heavily rely on the advanced capabilities that Intelligent Electronic Devices (IEDs) provide. Furthermore, these devices firmware often contain critical vulnerabilities that if exploited could cause large impacts on national economic security, and national safety. As such, a scalable domain specific approach is required in order to assess the security of IED firmware. In order to resolve this lack of an appropriate methodology, we present a scalable vulnerable function identification framework. It is specifically designed to analyze IED firmware and binaries that employ the ARM CPU architecture. Its core functionality revolves around a multi-stage detection methodology that is specifically designed to resolve the lack of specialization that limits other general-purpose approaches. This is achieved by compiling an extensive database of IED specific vulnerabilities and domain specific firmware that is evaluated. Its analysis approach is composed of three stages that leverage function syntactic, semantic, structural and statistical features in order to identify vulnerabilities. As such it (i) first filters out dissimilar functions based on a group of heterogeneous features, (ii) it then further filters out dissimilar functions based on their execution paths, and (iii) it finally identifies candidate functions based on fuzzy graph matching . In order to validate our methodologies capabilities, it is implemented as a binary analysis framework entitled BinArm. The resulting algorithm is then put through a rigorous set of evaluations that demonstrate its capabilities. These include the capability to identify vulnerabilities within a given IED firmware image with a total accuracy of 0.92

A better world by design? An investigation into industrial design consultants undertaking responsible design within their commercial remits

Growing recognition of the profound topics affecting society; including population changes, social issues, and environmental crisis; is emphasising the need for industrial designers to address additional goals beyond those associated with purely commercial targets. Industrial design consultants, however, have a myriad of complex and inter-related elements influencing their work. This thesis investigates those influences and offers a portrayal of what affects industrial design consultants addressing more responsible design goals within their commercial remits. It reviews the literature relating to the nature and role of industrial design, and its relationship with society s larger needs. From this, it expounds the methodology underpinning the investigation, and describes the phases involved. Two main studies were undertaken to pursue the research objectives: an explorative workshop involving 19 participants from design practice and academia; and a series of semi-structured in-depth interviews involving a total of 31 industrial design consultants, leading academics, and design-related strategic consultants. From the analysis of the data, three sets of key observations and theory are presented in the thesis. The first set of findings examines the range of influencing factors acting on the consultant and their work by depicting the characteristics of the main elements constructing the product creation context. The second and principal set of findings identifies what determines the possibility for consultants to incorporate responsible design goals within their work. Using a framework derived from the analysis, and drawing on interview data for empirical backing, it expands on six key areas, identifying a critical determining factor for each. The third set of outcomes combines the findings from the primary data with existing knowledge on design actions and behavioural theory, to depict the formation of an industrial design consultant s behaviour and their tendencies towards responsible design. In this way, the research offers a thorough investigation of what affects industrial design consultants addressing more responsible design goals, by considering the characteristics of their circumstances; the determination of their possibility to act; and what shapes their individual behaviour