Execution Integrity with In-Place Encryption

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms such as data execution prevention (DEP) as well as code-reuse attacks became more prevalent. In this paper, we show that ISR can be extended to also protect against code-reuse attacks while at the same time offering security guarantees similar to those of software diversity, control-flow integrity, and information hiding. We present Scylla, a scheme that deploys a new technique for in-place code encryption to hide the code layout of a randomized binary, and restricts the control flow to a benign execution path. This allows us to i) implicitly restrict control-flow targets to basic block entries without requiring the extraction of a control-flow graph, ii) achieve execution integrity within legitimate basic blocks, and iii) hide the underlying code layout under malicious read access to the program. Our analysis demonstrates that Scylla is capable of preventing state-of-the-art attacks such as just-in-time return-oriented programming (JIT-ROP) and crash-resistant oriented programming (CROP). We extensively evaluate our prototype implementation of Scylla and show feasible performance overhead. We also provide details on how this overhead can be significantly reduced with dedicated hardware support

Link-time smart card code hardening

This paper presents a feasibility study to protect smart card software against fault-injection attacks by means of link-time code rewriting. This approach avoids the drawbacks of source code hardening, avoids the need for manual assembly writing, and is applicable in conjunction with closed third-party compilers. We implemented a range of cookbook code hardening recipes in a prototype link-time rewriter and evaluate their coverage and associated overhead to conclude that this approach is promising. We demonstrate that the overhead of using an automated link-time approach is not significantly higher than what can be obtained with compile-time hardening or with manual hardening of compiler-generated assembly code

Lightweight and static verification of UML executable models

Executable models play a key role in many software development methods by facilitating the (semi)automatic implementation/execution of the software system under development. This is possible because executable models promote a complete and fine-grained specification of the system behaviour. In this context, where models are the basis of the whole development process, the quality of the models has a high impact on the final quality of software systems derived from them. Therefore, the existence of methods to verify the correctness of executable models is crucial. Otherwise, the quality of the executable models (and in turn the quality of the final system generated from them) will be compromised. In this paper a lightweight and static verification method to assess the correctness of executable models is proposed. This method allows us to check whether the operations defined as part of the behavioural model are able to be executed without breaking the integrity of the structural model and returns a meaningful feedback that helps repairing the detected inconsistencies.Peer ReviewedPostprint (author's final draft

Secure Anonymous Routing for MANETs Using Distributed Dynamic Random Path Selection

Most of the MANET security research has so far focused on providing routing security and confidentiality to the data packets, but less has been done to ensure privacy and anonymity of the communicating entities. In this paper, we propose a routing protocol which ensures anonymity, privacy of the user. This is achieved by randomly selecting next hop at each intermediate. This protocol also provides data security using public key ciphers. The protocol is simulated using in-house simulator written in C with OpenSSL crypto APIs. The robustness of our protocol is evaluated against known security attacks

A 5D Building Information Model (BIM) for Potential Cost-Benefit Housing: A Case of Kingdom of Saudi Arabia (KSA)

The Saudi construction industry is going through a process of acclimatizing to a shifting fiscal environment. Due to recent fluctuations in oil prices, the Saudi construction sector decided to adjust to current trade-market demands and rigorous constitutional regulations because of competitive pressures. This quantitative study assesses and compares existing flat design vs. mid-terrace housing through cost estimation and design criteria that takes family privacy into consideration and meets the needs of Saudi Arabian families (on average consisting of seven members). Five pilot surveys were undertaken to evaluate the property preference type of Saudi families. However, Existing models did not satisfy the medium range family needs and accordingly a 5D (3D + Time + Cost) Building Information Modelling (BIM) is proposed for cost benefiting houses. Research results revealed that mid-terrace housing was the best option, as it reduced land usage and construction costs. While, 5D BIM led to estimate accurate Bill of Quantities (BOQ) and the appraisal of construction cost

Cell sorting in a Petri dish controlled by computer vision.

Fluorescence-activated cell sorting (FACS) applying flow cytometry to separate cells on a molecular basis is a widespread method. We demonstrate that both fluorescent and unlabeled live cells in a Petri dish observed with a microscope can be automatically recognized by computer vision and picked up by a computer-controlled micropipette. This method can be routinely applied as a FACS down to the single cell level with a very high selectivity. Sorting resolution, i.e., the minimum distance between two cells from which one could be selectively removed was 50-70 micrometers. Survival rate with a low number of 3T3 mouse fibroblasts and NE-4C neuroectodermal mouse stem cells was 66 +/- 12% and 88 +/- 16%, respectively. Purity of sorted cultures and rate of survival using NE-4C/NE-GFP-4C co-cultures were 95 +/- 2% and 62 +/- 7%, respectively. Hydrodynamic simulations confirmed the experimental sorting efficiency and a cell damage risk similar to that of normal FACS

Efficient design and evaluation of countermeasures against fault attacks using formal verification

This paper presents a formal verification framework and tool that evaluates the robustness of software countermeasures against fault-injection attacks. By modeling reference assembly code and its protected variant as automata, the framework can generate a set of equations for an SMT solver, the solutions of which represent possible attack paths. Using the tool we developed, we evaluated the robustness of state-of-the-art countermeasures against fault injection attacks. Based on insights gathered from this evaluation, we analyze any remaining weaknesses and propose applications of these countermeasures that are more robust

Urban Watershed/Water Body Restoration - The Driving Forces

Urban streams are used for several purposes. Some uses are conflicting and some are complementary. The use of urban water bodies and the resolution of conflicts is driven by anthropogenic and biocentric/ecocentric interests that must be optimized and the conflicts resolved. This article examines and analyzes land ethics (biocentric) and socio-economic (anthropocentric) drives for stream restoration of urban watersheds located in the Milwaukee (WI) metropolitan area. The basins experienced increased flooding, significant degradation of sediment and water quality, and loss of aquatic species, all due to urbanization. It was found that the primary drivers for restoration of urban streams are the ethical attitudes of population towards the ecocentric benefits of restoration in combination with a desire for flood control. A Contingent Valuation Survey of citizens residing in two Milwaukee watersheds revealed that those who see the watershed in ecocentric terms appear to have a greater Willingness to Pay for watershed/water body improvements than those who see the benefits solely in anthropogenic terms of reduction of flood damages