15,061 research outputs found
Execution Integrity with In-Place Encryption
Instruction set randomization (ISR) was initially proposed with the main goal
of countering code-injection attacks. However, ISR seems to have lost its
appeal since code-injection attacks became less attractive because protection
mechanisms such as data execution prevention (DEP) as well as code-reuse
attacks became more prevalent.
In this paper, we show that ISR can be extended to also protect against
code-reuse attacks while at the same time offering security guarantees similar
to those of software diversity, control-flow integrity, and information hiding.
We present Scylla, a scheme that deploys a new technique for in-place code
encryption to hide the code layout of a randomized binary, and restricts the
control flow to a benign execution path. This allows us to i) implicitly
restrict control-flow targets to basic block entries without requiring the
extraction of a control-flow graph, ii) achieve execution integrity within
legitimate basic blocks, and iii) hide the underlying code layout under
malicious read access to the program. Our analysis demonstrates that Scylla is
capable of preventing state-of-the-art attacks such as just-in-time
return-oriented programming (JIT-ROP) and crash-resistant oriented programming
(CROP). We extensively evaluate our prototype implementation of Scylla and show
feasible performance overhead. We also provide details on how this overhead can
be significantly reduced with dedicated hardware support
Recommended from our members
Techniques for the dynamic randomization of network attributes
Critical infrastructure control systems continue to foster predictable communication paths and static configurations that allow easy access to our networked critical infrastructure around the world. This makes them attractive and easy targets for cyber-attack. We have developed technologies that address these attack vectors by automatically reconfiguring network settings. Applying these protective measures will convert control systems into «moving targets» that proactively defend themselves against attack. This «Moving Target Defense» (MTD) revolves about the movement of network reconfiguration, securely communicating reconfiguration specifications to other network nodes as required, and ensuring that connectivity between nodes is uninterrupted. Software-defined Networking (SDN) is leveraged to meet many of these goals. Our MTD approach eliminates adversaries targeting known static attributes of network devices and systems, and consists of the following three techniques: (1) Network Randomization for TCP/UDP Ports; (2) Network Randomization for IP Addresses; (3) Network Randomization for Network Paths In this paper, we describe the implementation of the aforementioned technologies. We also discuss the individual and collective successes for the techniques, challenges for deployment, constraints and assumptions, and the performance implications for each technique
WiFi Epidemiology: Can Your Neighbors' Router Make Yours Sick?
In densely populated urban areas WiFi routers form a tightly interconnected
proximity network that can be exploited as a substrate for the spreading of
malware able to launch massive fraudulent attack and affect entire urban areas
WiFi networks. In this paper we consider several scenarios for the deployment
of malware that spreads solely over the wireless channel of major urban areas
in the US. We develop an epidemiological model that takes into consideration
prevalent security flaws on these routers. The spread of such a contagion is
simulated on real-world data for geo-referenced wireless routers. We uncover a
major weakness of WiFi networks in that most of the simulated scenarios show
tens of thousands of routers infected in as little time as two weeks, with the
majority of the infections occurring in the first 24 to 48 hours. We indicate
possible containment and prevention measure to limit the eventual harm of such
an attack.Comment: 22 pages, 1 table, 4 figure
Improving Heart Failure Education Prior to Discharge: An Emmi Implementation Project
Background: Heart failure is one of the leading causes of hospitalizations and increased health care costs in the United States. Many patients are readmitted within 30 days of discharge, resulting in increased costs. Purpose of Capstone Project: The purpose of this capstone project was to improve heart failure education for patients admitted with heart failure to Mercy Medical Center by utilizing Emmi educational videos in order to decrease the risk of hospital readmissions, improve quality of life, and decrease costs. Methods: The project focused on educating nurses about the importance of utilizing the video. It was asked of the nurses that each patient admitted with a diagnosis of heart failure have the opportunity to watch the educational video prior to discharge. The number of patients with heart failure that were given the opportunity to watch the Emmi educational video was collected. The evaluation of this project was a comparison of the number of Emmi educational videos utilized before the implementation of the Capstone Project to the numbers of videos utilized after the implementation. Results: When comparing the ordering of the Emmi videos after implementation to before the implementation, there was a noticeable increase in Emmi usage. This included the ordering for all categories of the heart failure Emmi and the general heart failure Emmi. Unfortunately, ordering the Emmi did not mean that the video was utilized. Recommendations: It was recommend that the utilization of Emmi videos be continued. Nurses need continued encouragement to utilize the video and not just order it. It was also recommended that APRNs and PAs focus on ordering and implementing the Emmi videos. Lastly, making Emmi utilization a function of case managers, cardiac rehab nurses, and discharge nurses was recommended
Does New Zealand visitors follow the Joseph Effect? Some empirical evidence
The report departs from conventional time series analysis and investigates the existence of long memory (LRD) in the stream of daily visitors, arriving from various sources to New Zealand from 1997 to 2010, using selected estimators of the Hurst-exponent. The daily arrivals of visitors are treated as a stream of "digital signals" with the inherent noise. After minimizing the noise (i.e. the presence of short-term trends, periodicities, and cycles) we found the existence of significant long memory embedded in our data of daily visitors from all sources and in the aggregate. Strong evidence of embedded âlong memoryâ implies that Joseph Effect â that good times beget good times and bad times beget bad â whose existence in the underlying process may have interesting implications for tourism policy makers. Our findings suggest evidence of such long term memory in tourist arrival data. Further, unless this long memory effect is taken into consideration, any traditional statistical analysis based on Gaussian and Poisson assumptions may be overly biased
Motivational Interviewing Impact on Cardiovascular Disease
abstract: Harm reduction in cardiovascular disease is a significant problem worldwide. Providers, families, and healthcare agencies are feeling the burdens imparted by these diseases. Not to mention missed days of work and caregiver strain, the losses are insurmountable. Motivational interviewing (MI) is gaining momentum as a method of stimulating change through intrinsic motivation by resolving ambivalence toward change (Ma, Zhou, Zhou, & Huang, 2014). If practitioners can find methods of educating the public in a culturally-appropriate and sensitive manner, and if they can work with community stakeholders to organize our resources to make them more accessible to the people, we may find that simple lifestyle changes can lead to risk reduction of cardiovascular diseases. By working with our community leaders and identifying barriers unique to each population, we can make positive impacts on a wide range of issues that markedly impact our healthcare systems
- âŠ