408,767 research outputs found
Testing Against Independence with an Eavesdropper
We study a distributed binary hypothesis testing (HT) problem with
communication and security constraints, involving three parties: a remote
sensor called Alice, a legitimate decision centre called Bob, and an
eavesdropper called Eve, all having their own source observations. In this
system, Alice conveys a rate R description of her observation to Bob, and Bob
performs a binary hypothesis test on the joint distribution underlying his and
Alice's observations. The goal of Alice and Bob is to maximise the exponential
decay of Bob's miss-detection (type II-error) probability under two
constraints: Bob's false alarm-probability (type-I error) probability has to
stay below a given threshold and Eve's uncertainty (equivocation) about Alice's
observations should stay above a given security threshold even when Eve learns
Alice's message. For the special case of testing against independence, we
characterise the largest possible type-II error exponent under the described
type-I error probability and security constraints.Comment: submitted to ITW 202
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
Recommended from our members
BEGINNING THE INFORMATION SECURITY JOURNEY FOR SMALL AND MEDIUM ENTERPRISES THROUGH BUSINESS CONTINUITY PLANNING AND INFRASTRUCTURE AUTOMATION
Technology has become an essential component of enterprises, driving productivity, innovation, and defining entire processes and product categories. However, these advances come with additional risk; the devices that drive an enterprise can fail at any time or be attacked by malicious actors. Larger enterprises have learned to deal with these risks, but small and medium-sized enterprises (SMEs) have been largely left behind. This project sought to investigate the cybersecurity-related problems SMEs experience and what SMEs can do to solve them. In addition, the project examines the types of information security incidents that occur within SMEs and their financial preparedness for such security incidents. The literature findings are that SMEs lack financial preparedness for information security and natural disasters, lack an effective company culture that generates and keeps, and need a more technical or operational approach to improve information security performance. Given these observations, cost-effective solutions are presented for Incident Response Testing, Business Continuity Planning, Employee Training, and DevSecOps Automation. Suggested areas of future research include developing Infrastructure Automation strategies for SMEs, focusing on employee training and validation processes. Additional real-world data about information security breaches must also be brought forward and analyzed to assess business risk correctly
Perancangan Sistem Informasi Inventaris Barang Berbasis Web Secara Online Pada Universitas Prima Indonesia
The importance of inventory management for business success and how technology can help improve inventory management. The design of an online web-based inventory information system at Prima Indonesia University is discussed in this article. The research aims to improve inventory management business profitability at Prima Indonesia University. One of the approaches used to collect data for this project is the waterfall system development process, which also includes interviews, observations, documentation, and literature studies. Blackbox testing is a technique used to test the system in publication. Functional testing verifies that the system can operate according to the functional requirements established during the analysis and design stages. Testing the system's ability to meet non-functional criteria, such as security, speed, and performance, is known as non-functional testing. After testing, the author makes improvements and fixes to the system found during testing. The support and maintenance stages are carried out regularly to ensure the system runs well and meets user needs. The results showed that the web-based online inventory system developed for Prima Indonesia University using the waterfall model can help improve inventory management and business profitability. The system can reduce errors in inventory management and speed up the process of searching and retrieving inventory data. System testing shows that the system can function properly and meet the requirements at the analysis and design stages
Observation-Based Modeling for Testing and Verifying Highly Dependable Systems – A Practitioner’s Approach
Model-based testing (MBT) can reduce the cost of making test cases for critical applications significantly. Depending on the formality of the models, they can also be used for verification. Once the models are available model-based test case generation and verification can be seen as "push-button solutions." However, making the models is often perceived by practitioners as being extremely difficult, error prone, and overall daunting. This paper outlines an approach for generating models out of observations gathered while a system is operating. After refining the models with moderate effort, they can be used for verification and test case generation. The approach is illustrated with a concrete system from the safety and security domain
- …