18 research outputs found

    Discovering New Vulnerabilities in Computer Systems

    Get PDF
    Vulnerability research plays a key role in preventing and defending against malicious computer system exploitations. Driven by a multi-billion dollar underground economy, cyber criminals today tirelessly launch malicious exploitations, threatening every aspect of daily computing. to effectively protect computer systems from devastation, it is imperative to discover and mitigate vulnerabilities before they fall into the offensive parties\u27 hands. This dissertation is dedicated to the research and discovery of new design and deployment vulnerabilities in three very different types of computer systems.;The first vulnerability is found in the automatic malicious binary (malware) detection system. Binary analysis, a central piece of technology for malware detection, are divided into two classes, static analysis and dynamic analysis. State-of-the-art detection systems employ both classes of analyses to complement each other\u27s strengths and weaknesses for improved detection results. However, we found that the commonly seen design patterns may suffer from evasion attacks. We demonstrate attacks on the vulnerabilities by designing and implementing a novel binary obfuscation technique.;The second vulnerability is located in the design of server system power management. Technological advancements have improved server system power efficiency and facilitated energy proportional computing. However, the change of power profile makes the power consumption subjected to unaudited influences of remote parties, leaving the server systems vulnerable to energy-targeted malicious exploit. We demonstrate an energy abusing attack on a standalone open Web server, measure the extent of the damage, and present a preliminary defense strategy.;The third vulnerability is discovered in the application of server virtualization technologies. Server virtualization greatly benefits today\u27s data centers and brings pervasive cloud computing a step closer to the general public. However, the practice of physical co-hosting virtual machines with different security privileges risks introducing covert channels that seriously threaten the information security in the cloud. We study the construction of high-bandwidth covert channels via the memory sub-system, and show a practical exploit of cross-virtual-machine covert channels on virtualized x86 platforms

    Parallel and Distributed Computing

    Get PDF
    The 14 chapters presented in this book cover a wide variety of representative works ranging from hardware design to application development. Particularly, the topics that are addressed are programmable and reconfigurable devices and systems, dependability of GPUs (General Purpose Units), network topologies, cache coherence protocols, resource allocation, scheduling algorithms, peertopeer networks, largescale network simulation, and parallel routines and algorithms. In this way, the articles included in this book constitute an excellent reference for engineers and researchers who have particular interests in each of these topics in parallel and distributed computing

    Interactions between the gut microbiota, short-chain fatty acids and the immune system in pediatric patients undergoing hematopoietic stem cell transplantation

    Get PDF
    The gut microbiota (GM) is essential for human health and contributes to several diseases; indeed it can be considered an extension of the self and, together with the genetic makeup, determines the physiology of an organism. In this thesis has been studied the peripheral immune system reconstitution in pediatric patients undergoing allogeneic hematopoietic stem cell transplantation (aHSCT) in the early phase; in parallel, have been also explored the gut microbiota variations as one of the of primary factors in governing the fate of the immunological recovery, predisposing or protecting from complications such as the onset of acute graft-versus-host disease (GvHD). Has been demonstrated, to our knowledge for the first time, that aHSCT in pediatric patients is associated to a profound modification of the GM ecosystem with a disruption of its mutualistic asset. aGvHD and non-aGvHD subjects showed differences in the process of GM recovery, in members abundance of the phylum Bacteroidetes, and in propionate fecal concentration; the latter are higher in the pre-HSCT composition of non-GvHD subjects than GvHD ones. Short-chain fatty acids (SCFAs), such as acetate, butyrate and propionate, are end-products of microbial fermentation of macronutrients and distribute systemically from the gut to blood. For this reason, has been studied their effect in vitro on human DCs, the key regulators of our immune system and the main player of aGvHD onset. Has been observed that propionate and, particularly, butyrate show a strong and direct immunomodulatory activity on DCs reducing inflammatory markers such as chemokines and interleukins. This study, with the needed caution, suggests that the pre-existing GM structure can be protective against aGvHD onset, exerting its protective role through SCFAs. They, indeed, may regulate cell traffic within secondary lymphoid tissues, influence T cell development during antigen recognition, and, thus, directly shape the immune system

    Assessing the Temporal Dynamics of the Lower Urinary Tract Microbiota and the Effects of Lifestyle

    Get PDF
    Urinary tract infections (UTIs) are among the most common bacterial infections in humans, accounting for $3.5 billion in health care expenditures yearly in the United States alone. Yet, treatments for UTI have seen little innovation over the past decade. As demonstrated in other body sites, such as the vagina and gastrointestinal (GI) tract, acute and infectious diseases often have indirect microbial contributions which serve as intriguing new targets for therapies. The recent discovery of the existence of a resident community of bacteria (i.e., microbiota) in the bladders of both women and men, represents a novel avenue for targeting UTIs. However, before targeted approaches aimed at modulating the urinary microbiota can be thoroughly investigated, it is first necessary to understand the normal modulations of these bacteria in the context of the host. Temporal dynamics in the vaginal and GI microbiota have been well described, and often linked to lifestyle factors or behaviors. Rigorous, longitudinal studies are required to study these trends. To date, few studies have assessed the urinary microbiota in such a manner -- none were comprehensive, and all were in the context of lower urinary tract symptoms. This is primarily due to the impracticality of collecting repeated transurethral catheterized urine specimens for analysis. I sought an extensive and in-depth analysis of the temporal dynamics of the lower urinary tract (LUT) microbiota in individuals without confounding urinary symptoms or disorders. Moreover, I intend to determine if any observed changes have correlations to participant-reported lifestyle factors. Through these analyses, I will aim to achieve three things. First, these data will provide the first description of the normal dynamics of the LUT microbiota. Second, our study design will serve as a framework for future research on this topic. Finally, our findings will increase our understanding of the development, risk, and prevention of UTIs by identifying patterns and potential causes of fluctuations within the LUT microbiota. In this thesis, I performed a clinical survey study as well as traditional mechanistic investigations to describe and understand the relationship between urinary microbiota dynamics and lifestyle. In the primary clinical study, I used next-generation sequencing and bacterial culture, as previously described and validated, to identify and taxonomically characterize the bacteria present in mid-stream voided urine (MSU) and peri-urethral swab specimens obtained daily from healthy, pre-menopausal women, for three months. Measures of microbiota temporal stability as well as changes in microbiota composition and alpha-diversity were obtained. I assessed for relationships between these values and various participant-reported lifestyle factors. Ultimately, I found that reporting of menstruation and sexual activity had significant impact on the microbiota of the MSU specimens in particular. The microbiota variability was observed across participants, while specific trends were very individualized but were consistent over time. I then sought to determine if the lifestyle factors were directly responsible for the observed microbiota changes. I chose to investigate sexual intercourse in particular because of the literature-documented epidemiological association with UTI risk in women. I first investigated the biological mechanism of these changes by analyzing specimens from male and female sexual partners. I determined that urinary Streptococcus isolates, which appear in elevated abundance in the MSU specimens of the female following sexual intercourse, are genomically related to isolates from the male\u27s oral flora. These data suggest that direct movement of bacteria between sexual partners results in altered female LUT microbiota following sexual intercourse. I then asked what the clinical significance of these changes were by studying the in vitro phenotypes of isolates from the normal LUT flora (i.e., Lactobacillus) as well as isolates from MSU specimens following sexual intercourse (i.e., Streptococcus). In relation to UTI risk, I found that urinary Lactobacillus isolates were bacteriostatic against strains of uropathogenic Escherichia coli (UPEC) while urinary Streptococcus isolates were not. These findings may directly relate to sexual intercourse and UTI risk, in which the normal LUT flora are protective against UTI, while the flora following sexual intercourse are not. Altogether, these data show that the LUT microbiota are dynamic and directly respond to lifestyle. Large clinical studies should be performed to further investigate the clinical significance of these findings

    The Impact of Brain Drain on Haiti\u27s Rural Communities: The Case of a Small Town in Central Haiti and Its Surroundings.

    Get PDF
    This qualitative participatory action research study investigated the causes and impacts of brain drain on Haiti’s rural communities, focusing on a small town in Central Haiti and its surrounding communities. Research shows that the brain drain has affected developing countries for many years. The pull factors from developed countries make the push factors in the home country more evident, leaving the latter depleted of educated human resources. It is particularly true in rural communities in Haiti. The researcher aimed to understand the causes through a community-based series of interviews, focus groups, and narratives. Participants expressed their views on the phenomenon and proposed workable ways to deal with their community’s brain drain issue. The interview questions were open-ended and semiformal, affording participants the liberty to freely express their opinions. During focus group sessions, individuals told their stories while answering guided questions from the researcher. Two narratives illustrated the potential of returnees to help in the transformation of conditions in communities. The study found brain drain to be a phenomenal fact in the targeted community and the country. The causes and their impact, as observed by participants, were evident, and participants shared ideas reported in chapter 5 of this paper on how to address the issue

    Refactoring of Security Antipatterns in Distributed Java Components

    Get PDF
    The importance of JAVA as a programming and execution environment has grown steadily over the past decade. Furthermore, the IT industry has adapted JAVA as a major building block for the creation of new middleware as well as a technology facilitating the migration of existing applications towards web-driven environments. Parallel in time, the role of security in distributed environments has gained attention, as a large amount of middleware applications has replaced enterprise-level mainframe systems. The protection of confidentiality, integrity and availability are therefore critical for the market success of a product. The vulnerability level of every product is determined by the weakest embedded component, and selling vulnerable products can cause enormous economic damage to software vendors. An important goal of this work is to create the awareness that the usage of a programming language, which is designed as being secure, is not sufficient to create secure and trustworthy distributed applications. Moreover, the incorporation of the threat model of the programming language improves the risk analysis by allowing a better definition of the attack surface of the application. The evolution of a programming language leads towards common patterns for solutions for recurring quality aspects. Suboptimal solutions, also known as ´antipatterns´, are typical causes for quality weaknesses such as security vulnerabilities. Moreover, the exposure to a specific environment is an important parameter for threat analysis, as code considered secure in a specific scenario can cause unexpected risks when switching the environment. Antipatterns are a well-established means on the abstractional level of system modeling to inform about the effects of incomplete solutions, which are also important in the later stages of the software development process. Especially on the implementation level, we see a deficit of helpful examples, that would give programmers a better and holistic understanding. In our basic assumption, we link the missing experience of programmers regarding the security properties of patterns within their code to the creation of software vulnerabilities. Traditional software development models focus on security properties only on the meta layer. To transfer these efficiently to the practical level, we provide a three-stage approach: First, we focus on typical security problems within JAVA applications, and develop a standardized catalogue of ´antipatterns´ with examples from standard software products. Detecting and avoiding these antipatterns positively influences software quality. We therefore focus, as second element of our methodology, on possible enhancements to common models for the software development process. These help to control and identify the occurrence of antipatterns during development activities, i. e. during the coding phase and during the phase of component assembly, integrating one´s own and third party code. Within the third part, and emphasizing the practical focus of this research, we implement prototypical tools for support of the software development phase. The practical findings of this research helped to enhance the security of the standard JAVA platforms and JEE frameworks. We verified the relevance of our methods and tools by applying these to standard software products leading to a measurable reduction of vulnerabilities and an information exchange with middleware vendors (Sun Microsystems, JBoss) targeting runtime security. Our goal is to enable software architects and software developers developing end-user applications to apply our findings with embedded standard components on their environments. From a high-level perspective, software architects profit from this work through the projection of the quality-of-service goals to protection details. This supports their task of deriving security requirements when selecting standard components. In order to give implementation-near practitioners a helpful starting point to benefit from our research we provide tools and case-studies to achieve security improvements within their own code base.Die Bedeutung der Programmiersprache JAVA als Baustein für Softwareentwicklungs- und Produktionsinfrastrukturen ist im letzten Jahrzehnt stetig gestiegen. JAVA hat sich als bedeutender Baustein für die Programmierung von Middleware-Lösungen etabliert. Ebenfalls evident ist die Verwendung von JAVA-Technologien zur Migration von existierenden Arbeitsplatz-Anwendungen hin zu webbasierten Einsatzszenarien. Parallel zu dieser Entwicklung hat sich die Rolle der IT-Sicherheit nicht zuletzt aufgrund der Verdrängung von mainframe-basierten Systemen hin zu verteilten Umgebungen verstärkt. Der Schutz von Vertraulichkeit, Integrität und Verfügbarkeit ist seit einigen Jahren ein kritisches Alleinstellungsmerkmal für den Markterfolg von Produkten. Verwundbarkeiten in Produkten wirken mittlerweile indirekt über kundenseitigen Vertrauensverlust negativ auf den wirtschaftlichen Erfolg der Softwarehersteller, zumal der Sicherheitsgrad eines Systems durch die verwundbarste Komponente bestimmt wird. Ein zentrales Ziel dieser Arbeit ist die Erkenntnis zu vermitteln, dass die alleinige Nutzung einer als ´sicher´ eingestuften Programmiersprache nicht als alleinige Grundlage zur Erstellung von sicheren und vertrauenswürdigen Anwendungen ausreicht. Vielmehr führt die Einbeziehung des Bedrohungsmodells der Programmiersprache zu einer verbesserten Risikobetrachtung, da die Angriffsfläche einer Anwendung detaillierter beschreibbar wird. Die Entwicklung und fortschreitende Akzeptanz einer Programmiersprache führt zu einer Verbreitung von allgemein anerkannten Lösungsmustern zur Erfüllung wiederkehrender Qualitätsanforderungen. Im Bereich der Dienstqualitäten fördern ´Gegenmuster´, d.h. nichtoptimale Lösungen, die Entstehung von Strukturschwächen, welche in der Domäne der IT-Sicherheit ´Verwundbarkeiten´ genannt werden. Des Weiteren ist die Einsatzumgebung einer Anwendung eine wichtige Kenngröße, um eine Bedrohungsanalyse durchzuführen, denn je nach Beschaffenheit der Bedrohungen im Zielszenario kann eine bestimmte Benutzeraktion eine Bedrohung darstellen, aber auch einen erwarteten Anwendungsfall charakterisieren. Während auf der Modellierungsebene ein breites Angebot von Beispielen zur Umsetzung von Sicherheitsmustern besteht, fehlt es den Programmierern auf der Implementierungsebene häufig an ganzheitlichem Verständnis. Dieses kann durch Beispiele, welche die Auswirkungen der Verwendung von ´Gegenmustern´ illustrieren, vermittelt werden. Unsere Kernannahme besteht darin, dass fehlende Erfahrung der Programmierer bzgl. der Sicherheitsrelevanz bei der Wahl von Implementierungsmustern zur Entstehung von Verwundbarkeiten führt. Bei der Vermittlung herkömmlicher Software-Entwicklungsmodelle wird die Integration von praktischen Ansätzen zur Umsetzung von Sicherheitsanforderungen zumeist nur in Meta-Modellen adressiert. Zur Erweiterung des Wirkungsgrades auf die praktische Ebene wird ein dreistufiger Ansatz präsentiert. Im ersten Teil stellen wir typische Sicherheitsprobleme von JAVA-Anwendungen in den Mittelpunkt der Betrachtung, und entwickeln einen standardisierten Katalog dieser ´Gegenmuster´. Die Relevanz der einzelnen Muster wird durch die Untersuchung des Auftretens dieser in Standardprodukten verifiziert. Der zweite Untersuchungsbereich widmet sich der Integration von Vorgehensweisen zur Identifikation und Vermeidung der ´Sicherheits-Gegenmuster´ innerhalb des Software-Entwicklungsprozesses. Hierfür werden zum einen Ansätze für die Analyse und Verbesserung von Implementierungsergebnissen zur Verfügung gestellt. Zum anderen wird, induziert durch die verbreitete Nutzung von Fremdkomponenten, die arbeitsintensive Auslieferungsphase mit einem Ansatz zur Erstellung ganzheitlicher Sicherheitsrichtlinien versorgt. Da bei dieser Arbeit die praktische Verwendbarkeit der Ergebnisse eine zentrale Anforderung darstellt, wird diese durch prototypische Werkzeuge und nachvollziehbare Beispiele in einer dritten Perspektive unterstützt. Die Relevanz der Anwendung der entwickelten Methoden und Werkzeuge auf Standardprodukte zeigt sich durch die im Laufe der Forschungsarbeit entdeckten Sicherheitsdefizite. Die Rückmeldung bei führenden Middleware-Herstellern (Sun Microsystems, JBoss) hat durch gegenseitigen Erfahrungsaustausch im Laufe dieser Forschungsarbeit zu einer messbaren Verringerung der Verwundbarkeit ihrer Middleware-Produkte geführt. Neben den erreichten positiven Auswirkungen bei den Herstellern der Basiskomponenten sollen Erfahrungen auch an die Architekten und Entwickler von Endprodukten, welche Standardkomponenten direkt oder indirekt nutzen, weitergereicht werden. Um auch dem praktisch interessierten Leser einen möglichst einfachen Einstieg zu bieten, stehen die Werkzeuge mit Hilfe von Fallstudien in einem praktischen Gesamtzusammenhang. Die für das Tiefenverständnis notwendigen Theoriebestandteile bieten dem Software-Architekten die Möglichkeit sicherheitsrelevante Auswirkungen einer Komponentenauswahl frühzeitig zu erkennen und bei der Systemgestaltung zu nutzen

    Design of a reference architecture for an IoT sensor network

    Get PDF
    corecore