A New Paradigm to Address Threats for Virtualized Services

With the uptaking of virtualization technologies and the growing usage of public cloud infrastructures, an ever larger number of applications run outside of the traditional enterprise’s perimeter, and require new security paradigms that fit the typical agility and elasticity of cloud models in service creation and management. Though some recent proposals have integrated security appliances in the logical application topology, we argue that this approach is sub-optimal. Indeed, we believe that embedding security agents in virtualization containers and delegating the control logic to the software orchestrator provides a much more effective, flexible, and scalable solution to the problem. In this paper, we motivate our mindset and outline a novel framework for assessing cyber-threats of virtualized applications and services. We also review existing technologies that build the foundation of our proposal, which we are going to develop in the context of a joint research project

Analyse de maliciels sur Android par l'analyse de la mémoire vive

Les plateformes mobiles font partie intégrante du quotidien. Leur flexibilité a permis aux développeurs d’applications d’y proposer des applications de toutes sortes : productivité, jeux, messageries, etc. Devenues des outils connectés d’agrégation d’informations personnelles et professionnelles, ces plateformes sont perçues comme un écosystème lucratif par les concepteurs de maliciels. Android est un système d’exploitation libre de Google visant le marché des appareils mobiles et est l’une des cibles de ces attaques, en partie grâce à la popularité de celuici. Dans la mesure où les maliciels Android constituent une menace pour les consommateurs, il est essentiel que la recherche visant l’analyse de maliciels s’intéresse spécifiquement à cette plateforme mobile. Le travail réalisé dans le cadre de cette maîtrise s’est intéressé à cette problématique, et plus spécifiquement par l’analyse de la mémoire vive. À cette fin, il a fallu s’intéresser aux tendances actuelles en matière de maliciels sur Android et les approches d’analyses statiques et dynamiques présentes dans la littérature. Il a été, par la suite, proposé d’explorer l’analyse de la mémoire vive appliquée à l’analyse de maliciels comme un complément aux approches actuelles. Afin de démontrer l’intérêt de l’approche pour la plateforme Android, une étude de cas a été réalisée où un maliciel expérimental a été conçu pour exprimer les comportements malicieux problématiques pour la plupart des approches relevées dans la littérature. Une approche appelée l’analyse différentielle de la mémoire vive a été présentée afin de faciliter l’analyse. Cette approche utilise le résultat de la différence entre les éléments présents après et avant le déploiement du maliciel pour réduire la quantité d’éléments à analyser. Les résultats de cette étude ont permis de démontrer que l’approche est prometteuse en tant que complément aux approches actuelles. Il est recommandé qu’elle soit le sujet d’études subséquentes afin de mieux détecter les maliciels sur Android et d’en automatiser son application.Mobile devices are at the core of modern society. Their versatility has allowed third-party developers to generate a rich experience for the user through mobile apps of all types (e.g. productivity, games, communications). As mobile platforms have become connected devices that gather nearly all of our personal and professional information, they are seen as a lucrative market by malware developers. Android is an open-sourced operating system from Google targeting specifically the mobile market and has been targeted by malicious activity due the widespread adoption of the latter by the consumers. As Android malwares threaten many consumers, it is essential that research in malware analysis address specifically this mobile platform. The work conducted during this Master’s focuses on the analysis of malwares on the Android platform. This was achieved through a literature review of the current malware trends and the approaches in static and dynamic analysis that exists to mitigate them. It was also proposed to explore live memory forensics applied to the analysis of malwares as a complement to existing methods. To demonstrate the applicability of the approach and its relevance to the Android malwares, a case study was proposed where an experimental malware has been designed to express malicious behaviours difficult to detect through current methods. The approach explored is called differential live memory analysis. It consists of analyzing the difference in the content of the live memory before and after the deployment of the malware. The results of the study have shown that this approach is promising and should be explored in future studies as a complement to current approaches

Aviation Noise Impact Management

This open access book provides a view into the state-of-the-art research on aviation noise and related annoyance. The book will primarily focus on the achievements of the ANIMA project (Aviation Noise Impact Management through Novel Approaches), but not exclusively. The content has a broader theme in order to encompass. regulation issues, the ICAO (International Civil Aviation Organization) balanced approach, progresses made on technologies and reduction of noise at source, impact of possible future civil supersonic aircraft, land-use planning issues, as well as the core topics of the ANIMA project, i.e. impact on human beings, annoyance, quality of life, health and findings of the project in this respect. This book differs from traditional research programmes on aviation noise as the authors endeavour, not to lower noise at source, but to reduce the annoyance. This book examines these non-acoustic factors in an effort to help those most affected by aviation noise – communities living close to airports, and also help airport managers, policy-makers, local authorities and researchers to deal with this issue holistically. The book concludes with some recommendations for EU, national and local policy-makers, airport and aviation authorities, and more broadly a scientifically literate audience. These recommendations may help to identify gaps for progress in terms of research but also genuine implementation actions for political and regulatory authorities

Aviation Noise Impact Management

This open access book provides a view into the state-of-the-art research on aviation noise and related annoyance. The book will primarily focus on the achievements of the ANIMA project (Aviation Noise Impact Management through Novel Approaches), but not exclusively. The content has a broader theme in order to encompass. regulation issues, the ICAO (International Civil Aviation Organization) balanced approach, progresses made on technologies and reduction of noise at source, impact of possible future civil supersonic aircraft, land-use planning issues, as well as the core topics of the ANIMA project, i.e. impact on human beings, annoyance, quality of life, health and findings of the project in this respect. This book differs from traditional research programmes on aviation noise as the authors endeavour, not to lower noise at source, but to reduce the annoyance. This book examines these non-acoustic factors in an effort to help those most affected by aviation noise – communities living close to airports, and also help airport managers, policy-makers, local authorities and researchers to deal with this issue holistically. The book concludes with some recommendations for EU, national and local policy-makers, airport and aviation authorities, and more broadly a scientifically literate audience. These recommendations may help to identify gaps for progress in terms of research but also genuine implementation actions for political and regulatory authorities

The fair dealing doctrine in respect of digital books

Copyright is essentially the right of the rightsholder of an original work to prohibit others from making or distributing unauthorised copies of his or her work. More specifically for this dissertation, when an end user deals with digital content, one of the aims of copyright becomes the balancing of the conflicting interests in ‘exclusivity’ on the one hand, and in ‘access to information’ on the other. Exclusivity is achieved by the rightsholders through technological protection measures to protect their commercial interests. Access to information is achieved where works are available to the general public without payment and technological protection measures and where the digital content is not directly marketed for commercial gain. Exclusivity and access to information are two conflicting cultures surrounding copyright in the digital era. It is submitted that unless we find a socio-economic-legal way for the dynamic coexistence of these two conflicting cultures by means of fair dealing, the culture of exclusivity will eventually dominate fair access to information. The transient nature of digital content means that rightsholders have little or no control over their works once the end user has obtained a legal digital copy of the work. The right ‘to prohibit’ end users from copying and distributing unauthorised copies is, therefore, largely meaningless unless a legal or other solution can be found to discourage end users from the unauthorised reproduction and distribution of unauthorised copies of the work. Currently, technological protection measures are used to manage such digital rights because legal permissions within the doctrine of fair dealing for works in printed (analogue) format are inadequate. It is, however, submitted that a legal solution to discourage end users from copying and distributing unauthorised copies rests on two pillars. Firstly, the solution must be embedded in state-of-the-art digital rights management systems and secondly the business model used by publishers, and academic publishers in particular, should change fundamentally from a business-to-consumer model to a business-to-business model. Empirical evidence shows that the printing of e-content will continue to be relevant far into the future. Therefore, the management of fair dealing to allow for the printing of digital content will become increasingly important at educational institutions that use e-books as prescribed course material. It is submitted that although the origination cost of print editions and e-books correspond, the relatively high retail price of e-books appears to be based on the fact that academic publishers of digital content do not have the legal or digital rights management tools to manage the challenges arising from the fair dealing doctrine. The observation that academic publishers are reluctant to grant collecting societies mandates to manage the distribution of digital content, and/or the right to manage the authorised reproduction (printing) of the digital content, supports this hypothesis. Ultimately, with technologies at our disposal, the fair use of content in digital and print format can be achieved because it should simply be cheaper to comply with copyright laws than to make unauthorised digital or printed copies of content that our society desperately needs to make South Africa a winning nation.Mercantile LawLL. M

Research Reports: 1997 NASA/ASEE Summer Faculty Fellowship Program

For the 33rd consecutive year, a NASA/ASEE Summer Faculty Fellowship Program was conducted at the Marshall Space Flight Center (MSFC). The program was conducted by the University of Alabama in Huntsville and MSFC during the period June 2, 1997 through August 8, 1997. Operated under the auspices of the American Society for Engineering Education, the MSFC program was sponsored by the Higher Education Branch, Education Division, NASA Headquarters, Washington, D.C. The basic objectives of the program, which are in the 34th year of operation nationally, are: (1) to further the professional knowledge of qualified engineering and science faculty members; (2) to stimulate an exchange of ideas between participants and NASA; (3) to enrich and refresh the research and teaching activities of the participants' institutions; and (4) to contribute to the research objectives of the NASA centers. The Faculty Fellows spent 10 weeks at MSFC engaged in a research project compatible with their interests and background and worked in collaboration with a NASA/MSFC colleague. This document is a compilation of Fellows' reports on their research during the summer of 1997. The University of Alabama in Huntsville presents the Co-Directors' report on the administrative operations of the program. Further information can be obtained by contacting any of the editors

Mobile App Security Assessment with the MAVeriC Dynamic Analysis Module

none8noThe security assessment of mobile applications is of paramount importance for both the service providers and their customers. As a matter of fact, nowadays smartphones are the primary access mean for the internet of services. Needless to say, malicious or flawed applications can disruptively compromise the sensitive data they handle. As a major stakeholder, Poste Italiane has invested a considerable amount of resources for new analysis tools. One of them is the MAVeriC platform. The goal of MAVeriC is to implement a unified service which takes advantage of the state-of-the-art technologies for creating detailed risk profiles of mobile applications. In this paper we present the Dynamic Analysis Module (DAM) of the MAVeriC platform. Briefly, its objective is to interact with a running Android application for inferring as much information as possible about its behavior. The interaction is carried out by simulating the activity of the user. In the meanwhile, monitoring modules observe the operations executed by the application, i.e., network usage and file access. Finally, a modeling module factorizes the gathered information for providing the analysis with an abstract representation of the application behavior.Armando, Alessandro; Bocci, Gianluca; Costa, Gabriele; Mammoliti, Rocco; Merlo, Alessio; Ranise, Silvio; Traverso, Riccarto; Valenza, AndreaArmando, Alessandro; Bocci, Gianluca; Costa, Gabriele; Mammoliti, Rocco; Merlo, Alessio; Ranise, Silvio; Traverso, Riccardo; Valenza, Andre

SPICA:revealing the hearts of galaxies and forming planetary systems : approach and US contributions

How did the diversity of galaxies we see in the modern Universe come to be? When and where did stars within them forge the heavy elements that give rise to the complex chemistry of life? How do planetary systems, the Universe's home for life, emerge from interstellar material? Answering these questions requires techniques that penetrate dust to reveal the detailed contents and processes in obscured regions. The ESA-JAXA Space Infrared Telescope for Cosmology and Astrophysics (SPICA) mission is designed for this, with a focus on sensitive spectroscopy in the 12 to 230 micron range. SPICA offers massive sensitivity improvements with its 2.5-meter primary mirror actively cooled to below 8 K. SPICA one of 3 candidates for the ESA's Cosmic Visions M5 mission, and JAXA has is committed to their portion of the collaboration. ESA will provide the silicon-carbide telescope, science instrument assembly, satellite integration and testing, and the spacecraft bus. JAXA will provide the passive and active cooling system (supporting the

The Apertif Surveys:The First Six Months

Apertif is a new phased-array feed for the Westerbork Synthesis Radio Telescope (WSRT), greatly increasing its field of view and turning it into a natural survey instrument. In July 2019, the Apertif legacy surveys commenced; these are a time-domain survey and a two-tiered imaging survey, with a shallow and medium-deep component. The time-domain survey searches for new (millisecond) pulsars and fast radio bursts (FRBs). The imaging surveys provide neutral hydrogen (HI), radio continuum and polarization data products. With a bandwidth of 300 MHz, Apertif can detect HI out to a redshift of 0.26. The key science goals to be accomplished by Apertif include localization of FRBs (including real-time public alerts), the role of environment and interaction on galaxy properties and gas removal, finding the smallest galaxies, connecting cold gas to AGN, understanding the faint radio population, and studying magnetic fields in galaxies. After a proprietary period, survey data products will be publicly available through the Apertif Long Term Archive (ALTA, https://alta.astron.nl). I will review the progress of the surveys and present the first results from the Apertif surveys, including highlighting the currently available public data