10,405 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Countermeasures for the majority attack in blockchain distributed systems

    Get PDF
    La tecnología Blockchain es considerada como uno de los paradigmas informáticos más importantes posterior al Internet; en función a sus características únicas que la hacen ideal para registrar, verificar y administrar información de diferentes transacciones. A pesar de esto, Blockchain se enfrenta a diferentes problemas de seguridad, siendo el ataque del 51% o ataque mayoritario uno de los más importantes. Este consiste en que uno o más mineros tomen el control de al menos el 51% del Hash extraído o del cómputo en una red; de modo que un minero puede manipular y modificar arbitrariamente la información registrada en esta tecnología. Este trabajo se enfocó en diseñar e implementar estrategias de detección y mitigación de ataques mayoritarios (51% de ataque) en un sistema distribuido Blockchain, a partir de la caracterización del comportamiento de los mineros. Para lograr esto, se analizó y evaluó el Hash Rate / Share de los mineros de Bitcoin y Crypto Ethereum, seguido del diseño e implementación de un protocolo de consenso para controlar el poder de cómputo de los mineros. Posteriormente, se realizó la exploración y evaluación de modelos de Machine Learning para detectar software malicioso de tipo Cryptojacking.DoctoradoDoctor en Ingeniería de Sistemas y Computació

    Bayesian Optimization with Conformal Prediction Sets

    Full text link
    Bayesian optimization is a coherent, ubiquitous approach to decision-making under uncertainty, with applications including multi-arm bandits, active learning, and black-box optimization. Bayesian optimization selects decisions (i.e. objective function queries) with maximal expected utility with respect to the posterior distribution of a Bayesian model, which quantifies reducible, epistemic uncertainty about query outcomes. In practice, subjectively implausible outcomes can occur regularly for two reasons: 1) model misspecification and 2) covariate shift. Conformal prediction is an uncertainty quantification method with coverage guarantees even for misspecified models and a simple mechanism to correct for covariate shift. We propose conformal Bayesian optimization, which directs queries towards regions of search space where the model predictions have guaranteed validity, and investigate its behavior on a suite of black-box optimization tasks and tabular ranking tasks. In many cases we find that query coverage can be significantly improved without harming sample-efficiency.Comment: For code, see https://www.github.com/samuelstanton/conformal-bayesopt.gi

    Foundations for programming and implementing effect handlers

    Get PDF
    First-class control operators provide programmers with an expressive and efficient means for manipulating control through reification of the current control state as a first-class object, enabling programmers to implement their own computational effects and control idioms as shareable libraries. Effect handlers provide a particularly structured approach to programming with first-class control by naming control reifying operations and separating from their handling. This thesis is composed of three strands of work in which I develop operational foundations for programming and implementing effect handlers as well as exploring the expressive power of effect handlers. The first strand develops a fine-grain call-by-value core calculus of a statically typed programming language with a structural notion of effect types, as opposed to the nominal notion of effect types that dominates the literature. With the structural approach, effects need not be declared before use. The usual safety properties of statically typed programming are retained by making crucial use of row polymorphism to build and track effect signatures. The calculus features three forms of handlers: deep, shallow, and parameterised. They each offer a different approach to manipulate the control state of programs. Traditional deep handlers are defined by folds over computation trees, and are the original con-struct proposed by Plotkin and Pretnar. Shallow handlers are defined by case splits (rather than folds) over computation trees. Parameterised handlers are deep handlers extended with a state value that is threaded through the folds over computation trees. To demonstrate the usefulness of effects and handlers as a practical programming abstraction I implement the essence of a small UNIX-style operating system complete with multi-user environment, time-sharing, and file I/O. The second strand studies continuation passing style (CPS) and abstract machine semantics, which are foundational techniques that admit a unified basis for implementing deep, shallow, and parameterised effect handlers in the same environment. The CPS translation is obtained through a series of refinements of a basic first-order CPS translation for a fine-grain call-by-value language into an untyped language. Each refinement moves toward a more intensional representation of continuations eventually arriving at the notion of generalised continuation, which admit simultaneous support for deep, shallow, and parameterised handlers. The initial refinement adds support for deep handlers by representing stacks of continuations and handlers as a curried sequence of arguments. The image of the resulting translation is not properly tail-recursive, meaning some function application terms do not appear in tail position. To rectify this the CPS translation is refined once more to obtain an uncurried representation of stacks of continuations and handlers. Finally, the translation is made higher-order in order to contract administrative redexes at translation time. The generalised continuation representation is used to construct an abstract machine that provide simultaneous support for deep, shallow, and parameterised effect handlers. kinds of effect handlers. The third strand explores the expressiveness of effect handlers. First, I show that deep, shallow, and parameterised notions of handlers are interdefinable by way of typed macro-expressiveness, which provides a syntactic notion of expressiveness that affirms the existence of encodings between handlers, but it provides no information about the computational content of the encodings. Second, using the semantic notion of expressiveness I show that for a class of programs a programming language with first-class control (e.g. effect handlers) admits asymptotically faster implementations than possible in a language without first-class control

    Essays on college admissions and fair team formation

    Get PDF
    The thesis consists of three Chapters. The first Chapter considers college admission process with restricted applications. Each student has heuristic beliefs about the probability of being admitted and applies to a limited number of programmes within the colleges. We find that reducing the number of applications may result in an increase in total utility. Second Chapter focuses of a team formation problem in markets with indivisible goods without transfers. Each agent is allocated equal number of goods. Since fairness notions are unattainable, we consider the relations between approximate fairness properties. We find that, contrary to general case, most approximate fairness and minimal guarantee properties are logically independent in relatively big markets. We show that when there are two agents, envy-freeness up to one good and optimality are compatible. We examine some of the well-known assignment rules and find that Round Robin and Generalised Round Robin are not efficient, although satisfy some of the approximate fairness properties. Nash Max, Utilitarian Max and Leximin procedures are efficient, but do not guarantee that any of the approximate fairness notions hold. Third chapter investigates allocating students to equal number of elective courses. Compared to Chapter 2, here we examine many-to-many markets. We show that the Deferred Acceptance (DA) mechanism may violate the quotas, and design two modifications. We show that the modifications may allow for additional profitable manipulations compared to DA. We then simulate the allocation procedures and show that, on average, there are no more than 1% of additional profitable manipulations. When considering the number of manipulable markets, we find that roughly 20% and 18% of the markets are manipulable under our two modifications, which is low compared to the similar outcomes in one-to-many markets without lower quotas

    Blockchain Use Cases and Concepts in Sports: A Systematic Review

    Get PDF
    Blockchain innovations such as digital fan tokens and non-fungible tokens (NFTs) have garnered notable attention in the sports industry, yet the wider industry is struggling to keep up with the pace of digitalization. To harness the potential of blockchain technology, sports management practitioners and information systems (IS) researchers need to gain a much better understanding. Hence, the purpose of this study is to advance the theoretical understanding of blockchain in the sports sector. Thereby, we identify, consolidate, and classify blockchain use cases in the domain through a thorough review of the literature published to date. In addition, we (1) provide an overview and classification of blockchain use cases, (2) identify various opportunities for internal and external stakeholders to benefit from blockchain technology, and (3) derive a theoretical concept for blockchain technology regarding its properties, applications, and stakeholders. Furthermore, we (4) propose beneficial directions for future research in this emerging field

    The commodification of consent

    Get PDF

    Radical ideas of political practice in 1780s and 1790s Britain

    Get PDF
    This thesis examines ideas about political tactics in 1780s and 1790s Britain. Edmund Burke characterised radicals in the aftermath of the French Revolution as speculative thinkers with no understanding of political action. This rhetorical strategy obscured the ideas of reformers who were frustrated with the rationalist bent of their movement and who, inspired by Scottish philosophy and events in Ireland, tried to work out what was to be done. James Mackintosh and Samuel Parr responded to Burke by arguing that theory could apply to practice, while David Williams outlined how political theory could direct reformers to the means to harness the general will and enact it through the sovereign. Interest in arming the people led David Steuart Erskine, Robert Watson, and John Cartwright to invoke the ideas of Andrew Fletcher. This interest in a militia was not purely theoretical; in Ireland from 1778 the Volunteers used a combination of arms and sumptuary rules to win legislative and trading rights. Francis Dobbs, Joseph Pollock and Henry Flood examined this movement to learn about political tactics. Lord George Gordon advocated for Francis Dobbs in the House of Commons and was imprisoned for his attempts to derail the Anglo-French Commercial Treaty, an issue that once again brought together Irish politics and discussions of commerce and luxury. In the 1790s, United Irishmen linked their understanding of the anti-luxury practice of the Volunteers with knowledge of the constitution they had learned from John Millar at Glasgow University. Meanwhile, Lord Buchan was using an unlikely tactic, the practice of history, to stir the Scots to pay attention to their Buchananite heritage. The tactical thought of British radicals in the 1790s was rarely concerned with discussions of the rights of man, but instead referred to ideas of arms, kings, commerce, and history

    ‘Twenty hearts beating as none’: primary education in Ireland, 1899-1922

    Get PDF
    At the dawn of the twentieth century, the Irish national school system catered for the educational needs of almost 800,000 children in 8,500 schools. Despite its manifest numerical success and its agency in the near elimination of illiteracy, issues such as clerical management, the payment by results system, inferior school conditions, the proliferation of small schools, the restricted curriculum, the teaching of Irish and the reorganisation of the inspectorate generated a confluence of challenging circumstances for all participants. This was the scenario presented to Dr William Starkie, academic and classical scholar, who was appointed Resident Commissioner of Education in 1899. This study charts the fortunes of the national school system from 1899 to 1922, a period roughly coinciding with the tenure of Dr W.J.M. Starkie as Resident Commissioner of National Education. This commenced with an active programme of curricular and administrative reform that served to modernise primary education in Ireland, which had lagged behind systems elsewhere. Parallel with this programme of change, there were strong intimations that the British government harboured plans to reform Irish education and its administration along the de facto lines recently pursued in England. As the primary education system in Ireland had evolved into a denominational one, financed by government but clerically managed, the various Churches were in the main generally satisfied. As a result, every suggestion that schools be financed by rates and under local control was stoutly resisted. Successive chief secretaries failed to progress this policy. Furthermore, Starkie’s energetic approach to administrative reform not only encountered opposition, it generated additional problems. The new system of pay, increments and promotion for teachers, introduced in tandem with the Revised Curriculum, and combined with a changed inspectoral remit proved problematic, with the result that although curricular reform was successfully introduced, progress was disrupted by financial and organisational issues. Two vice-regal inquiries, in 1913 and 1918, delved minutely into primary education provision under the National Board. These highlighted the scale of the deficiencies of the existing system and provided the impetus, had it been fully grasped, for further organisational and administrative change. The outbreak of the First World War in 1914 ensured the matter was put on the back burner for the duration, and when it was taken up again, in its immediate aftermath, it was too late. A final attempt was made in 1918 20 to address the structural deficiencies of the Irish educational system. Had this been achieved, it would have resulted in the replacement of the National Board, which was no longer fit for purpose, by a state Department of Education in the manner of that already in place in Great Britain. This was not possible in Ireland because of political and ideological developments that heralded the breakup of the Union. The rise of cultural nationalism, and with it the Gaelic League, had brought increasingly exigent calls for the introduction of a bilingual programme of education. These were addressed at first by curricular accommodation, but the 1916 Rising raised nationalist aspirations. When it came to education provision, nationalists and the Catholic Church increasingly found common cause in the late 1910s and, as a new political disposition beckoned, the alliance forged was a hallmark f or the future in which the churches and the Catholic Church in particular were permitted to retain their ascendant position in the provision of education and the state acceded to an essentially subordinate, administrative position
    corecore