Execution Integrity with In-Place Encryption

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms such as data execution prevention (DEP) as well as code-reuse attacks became more prevalent. In this paper, we show that ISR can be extended to also protect against code-reuse attacks while at the same time offering security guarantees similar to those of software diversity, control-flow integrity, and information hiding. We present Scylla, a scheme that deploys a new technique for in-place code encryption to hide the code layout of a randomized binary, and restricts the control flow to a benign execution path. This allows us to i) implicitly restrict control-flow targets to basic block entries without requiring the extraction of a control-flow graph, ii) achieve execution integrity within legitimate basic blocks, and iii) hide the underlying code layout under malicious read access to the program. Our analysis demonstrates that Scylla is capable of preventing state-of-the-art attacks such as just-in-time return-oriented programming (JIT-ROP) and crash-resistant oriented programming (CROP). We extensively evaluate our prototype implementation of Scylla and show feasible performance overhead. We also provide details on how this overhead can be significantly reduced with dedicated hardware support

Techniques for the dynamic randomization of network attributes

Critical infrastructure control systems continue to foster predictable communication paths and static configurations that allow easy access to our networked critical infrastructure around the world. This makes them attractive and easy targets for cyber-attack. We have developed technologies that address these attack vectors by automatically reconfiguring network settings. Applying these protective measures will convert control systems into «moving targets» that proactively defend themselves against attack. This «Moving Target Defense» (MTD) revolves about the movement of network reconfiguration, securely communicating reconfiguration specifications to other network nodes as required, and ensuring that connectivity between nodes is uninterrupted. Software-defined Networking (SDN) is leveraged to meet many of these goals. Our MTD approach eliminates adversaries targeting known static attributes of network devices and systems, and consists of the following three techniques: (1) Network Randomization for TCP/UDP Ports; (2) Network Randomization for IP Addresses; (3) Network Randomization for Network Paths In this paper, we describe the implementation of the aforementioned technologies. We also discuss the individual and collective successes for the techniques, challenges for deployment, constraints and assumptions, and the performance implications for each technique

WiFi Epidemiology: Can Your Neighbors' Router Make Yours Sick?

In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attack and affect entire urban areas WiFi networks. In this paper we consider several scenarios for the deployment of malware that spreads solely over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for geo-referenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little time as two weeks, with the majority of the infections occurring in the first 24 to 48 hours. We indicate possible containment and prevention measure to limit the eventual harm of such an attack.Comment: 22 pages, 1 table, 4 figure

Improving Heart Failure Education Prior to Discharge: An Emmi Implementation Project

Background: Heart failure is one of the leading causes of hospitalizations and increased health care costs in the United States. Many patients are readmitted within 30 days of discharge, resulting in increased costs. Purpose of Capstone Project: The purpose of this capstone project was to improve heart failure education for patients admitted with heart failure to Mercy Medical Center by utilizing Emmi educational videos in order to decrease the risk of hospital readmissions, improve quality of life, and decrease costs. Methods: The project focused on educating nurses about the importance of utilizing the video. It was asked of the nurses that each patient admitted with a diagnosis of heart failure have the opportunity to watch the educational video prior to discharge. The number of patients with heart failure that were given the opportunity to watch the Emmi educational video was collected. The evaluation of this project was a comparison of the number of Emmi educational videos utilized before the implementation of the Capstone Project to the numbers of videos utilized after the implementation. Results: When comparing the ordering of the Emmi videos after implementation to before the implementation, there was a noticeable increase in Emmi usage. This included the ordering for all categories of the heart failure Emmi and the general heart failure Emmi. Unfortunately, ordering the Emmi did not mean that the video was utilized. Recommendations: It was recommend that the utilization of Emmi videos be continued. Nurses need continued encouragement to utilize the video and not just order it. It was also recommended that APRNs and PAs focus on ordering and implementing the Emmi videos. Lastly, making Emmi utilization a function of case managers, cardiac rehab nurses, and discharge nurses was recommended

Does New Zealand visitors follow the Joseph Effect? Some empirical evidence

The report departs from conventional time series analysis and investigates the existence of long memory (LRD) in the stream of daily visitors, arriving from various sources to New Zealand from 1997 to 2010, using selected estimators of the Hurst-exponent. The daily arrivals of visitors are treated as a stream of "digital signals" with the inherent noise. After minimizing the noise (i.e. the presence of short-term trends, periodicities, and cycles) we found the existence of significant long memory embedded in our data of daily visitors from all sources and in the aggregate. Strong evidence of embedded “long memory” implies that Joseph Effect – that good times beget good times and bad times beget bad – whose existence in the underlying process may have interesting implications for tourism policy makers. Our findings suggest evidence of such long term memory in tourist arrival data. Further, unless this long memory effect is taken into consideration, any traditional statistical analysis based on Gaussian and Poisson assumptions may be overly biased

Motivational Interviewing Impact on Cardiovascular Disease

abstract: Harm reduction in cardiovascular disease is a significant problem worldwide. Providers, families, and healthcare agencies are feeling the burdens imparted by these diseases. Not to mention missed days of work and caregiver strain, the losses are insurmountable. Motivational interviewing (MI) is gaining momentum as a method of stimulating change through intrinsic motivation by resolving ambivalence toward change (Ma, Zhou, Zhou, & Huang, 2014). If practitioners can find methods of educating the public in a culturally-appropriate and sensitive manner, and if they can work with community stakeholders to organize our resources to make them more accessible to the people, we may find that simple lifestyle changes can lead to risk reduction of cardiovascular diseases. By working with our community leaders and identifying barriers unique to each population, we can make positive impacts on a wide range of issues that markedly impact our healthcare systems