606 research outputs found
IoTSan: Fortifying the Safety of IoT Systems
Today's IoT systems include event-driven smart applications (apps) that
interact with sensors and actuators. A problem specific to IoT systems is that
buggy apps, unforeseen bad app interactions, or device/communication failures,
can cause unsafe and dangerous physical states. Detecting flaws that lead to
such states, requires a holistic view of installed apps, component devices,
their configurations, and more importantly, how they interact. In this paper,
we design IoTSan, a novel practical system that uses model checking as a
building block to reveal "interaction-level" flaws by identifying events that
can lead the system to unsafe states. In building IoTSan, we design novel
techniques tailored to IoT systems, to alleviate the state explosion associated
with model checking. IoTSan also automatically translates IoT apps into a
format amenable to model checking. Finally, to understand the root cause of a
detected vulnerability, we design an attribution mechanism to identify
problematic and potentially malicious apps. We evaluate IoTSan on the Samsung
SmartThings platform. From 76 manually configured systems, IoTSan detects 147
vulnerabilities. We also evaluate IoTSan with malicious SmartThings apps from a
previous effort. IoTSan detects the potential safety violations and also
effectively attributes these apps as malicious.Comment: Proc. of the 14th ACM CoNEXT, 201
Afluentia: suporte à comunicação para afasia fluente
Aphasia is a language disorder caused by brain damage (eg, stroke) that affects a
person’s ability to communicate. Involves different degrees of impairment and it
can manifest by difficulties in speaking fluently or difficulty finding words (anomia),
but can also entail impairment in spoken language comprehension, inability to repeat
words or phrases, impairments in written expression (agraphia), in reading
comprehension (alexia) or a combination of any of these difficulties. It can thus
result in limitations in the way the person with aphasia interacts with others, for
instance, to express how they are feeling as well as their needs, making it hard for
them to have a more independent life or have their difficulties addressed. Additionally,
this condition also has a strong impact in the life of those around them
(e.g., family, carers) as the difficulties of communication, should anything happen,
can lead to fear of leaving these patients unattended. Several challenges arise
when addressing the communication needs of people with aphasia deriving from
the diverse and idiosyncratic nature of their condition and although assisted communication
tools have been proposed in the literature (e.g. using pictograms), the
characteristics of aphasia often render them as partial solutions. In this sense, this
project focuses on understanding the characteristics and needs of aphasic patients
and also on the proposal of technology-mediated communication tools that address
them in their daily lives. This work adopts a user-centered design and development
approach to explore how people with aphasia can be supported in their day-today
communication resorting to technology mediation. It was thus achieving an
iterative design with the development and evaluation of a proof-of-concept solution
for communication aspects, which was progressively implemented and refined
having in consideration the identified requirements and the continuous evaluation
of the proposed solutions, carried out with a focus group composed by a Speech
and Language Therapist (SLT) and a Human Computer Interaction (HCI) Expert.
After a first version of the system was achieved, an evaluation phase with Speech
and Language Therapists with a strong experience with patients with aphasia took
place in order to understand and validate the achieved application, which led to
more refinement phases. At its current stage of development, evaluation results
show a good level of usability and satisfaction and establish Afluentia as promising
ground for further evolving the research on communication mediated by technology
to support people with aphasia.A afasia é um distúrbio da linguagem provocada por danos cerebrais (por exemplo,
acidente vascular cerebral) e que afeta a capacidade de comunicação de uma pessoa.
Envolve diferentes graus de deficiência e pode-se manifestar por dificuldades
em falar fluentemente ou dificuldade em encontrar palavras (anomia), mas também
pode acarretar prejuízo na compreensão da linguagem falada, incapacidade de
repetir palavras ou frases, deficiências na expressão escrita (agrafia), na compreensão
da leitura (alexia) ou numa combinação de qualquer uma dessas dificuldades.
Pode assim resultar em limitações na forma como a pessoa com afasia interage
com outras para, por exemplo, exprimir como se está a sentir assim como as suas
necessidades, impossibilitando que tenha uma vida mais independente ou tenha as
suas dificuldades abordadas. Além disso, a afasia também tem um forte impacto na
vida das pessoas ao redor do afásico (por exemplo, familiares, cuidadores), pois as
dificuldades de comunicação da pessoa com afasia podem levar ao medo de deixála
desacompanhada por aqueles que a rodeiam. Vários desafios surgem ao abordar
as necessidades de comunicação de pessoas com afasia decorrentes da natureza
diversa e idiossincrática da sua condição e embora ferramentas de comunicação
assistida tenham sido propostas na literatura (por exemplo, usando pictogramas),
as características da afasia geralmente tornam essas soluções parciais. Nesse sentido,
este projeto foca-se na compreensão das características e necessidades dos
pacientes afásicos e também na proposta de ferramentas de comunicação mediada
por tecnologia que os abordem, no seu cotidiano. Este trabalho adota uma
abordagem de design e desenvolvimento centrada no utilizador de modo explorar
como as pessoas com afasia podem ser apoiadas na sua comunicação quotidiana
recorrendo à mediação tecnológica. Foi assim conseguindo um design iterativo com
desenvolvimento e avaliação de uma solução de prova de conceito para aspectos
de comunicação, que foi progressivamente implementada e aperfeiçoada tendo em
consideração os requisitos identificados e a avaliação contínua das soluções propostas,
realizada com um grupo de foco composto por uma Terapeuta da Fala e
um Especialista em Interacção Humano Computador. Após a obtenção de uma
primeira versão do sistema, uma fase de avaliação com Terapeutas da Fala com
forte experiência com pacientes com afasia também ocorreu de modo a entender
e validar a aplicação alcançada, o que levou a mais fases de refinamento. Na sua
atual fase de desenvolvimento, os resultados da avaliação mostram um bom nível
de usabilidade e satisfação e definem o Afluentia como um terreno promissor para
evoluir ainda mais a pesquisa em comunicação mediada por tecnologia de suporte
a pessoas com afasia.Mestrado em Engenharia de Computadores e Telemátic
An Investigation into the Effect of Security on Performance in a VoIP Network
Voice over Internet Protocol (VoIP) is a communications technology that transmits voice over packet switched networks such as the Internet. VoIP has been widely adopted by home and business customers. When adding security to a VoIP system, the quality of service and performance of the system are at risk. This study has two main objectives, firstly it illustrates suitable methods to secure the signalling and voice traffic within a VoIP system, secondly it evaluates the performance of a VoIP system after implementing different security methods. This study is carried out on a pilot system using an asterisk based SIP (Session initiation Protocol) server (Asterisk, 2009).
Since VoIP is intended for use over the Internet, VPNs (Virtual Private Networks) have been used in a tunnel configuration to provide the service. Additionally the performance of networks level IPSec (Internet Protocol Security) and application level ZRTP (Zimmerman Real Time Transport Protocol) security have been compared with no security. Registration, call setup and voice transmission packets have been captured and analysed. The results have then been extrapolated to the Internet
Perancangan Voice Over Internet Protocol (Voip) Menggunakan Virtual Private Network (Vpn) pada PT Care Technologies
Current technological developments to make a change from several sides. As intelecommunications are now developed with incoming. One of them is VoIP. VoIP is a technologycapable of passing voice in packet form. With this VoIP technology one can make telephonecommunication melaluit internet. To use this VoIP one can use the handphones are connected tolapop or PC. However, the use of VoIP has a disadvantage that can be done tapping at the timethe conversation is being conducted. VPN (Virtual Private Network) is a way of creating a privatenetwork are using a public network / Internet. With a VPN network, a user as if connected by pointto point that they are not. Consists of VPN-management protocols that can perform encryption andtunneling as PPTP (Point to Point Protocol), L2TP (Layer 2 Tunneling Protocol) and IPSec(Internet Protocol Security). With the capabilities of the VPN is expected that the wiretapping ofconversations being conducted by the user can be prevented
Large-Scale Measurement of Real-Time Communication on the Web
Web Real-Time Communication (WebRTC) is getting wide adoptions across the browsers (Chrome, Firefox, Opera, etc.) and platforms (PC, Android, iOS). It enables application developers to add real-time communications features (text chat, audio/video calls) to web applications using W3C standard JavaScript APIs, and the end users can enjoy real-time multimedia communication experience from the browser without the complication of installing special applications or browser plug-ins.
As WebRTC based applications are getting deployed on the Internet by thousands of companies across the globe, it is very important to understand the quality of the real-time communication services provided by these applications. Important performance metrics to be considered include: whether the communication session was properly setup, what are the network delays, packet loss rate, throughput, etc.
At Callstats.io, we provide a solution to address the above concerns. By integrating an JavaScript API into WebRTC applications, Callstats.io helps application providers to measure the Quality of Experience (QoE) related metrics on the end user side. This thesis illustrates how this WebRTC performance measurement system is designed and built and we show some statistics derived from the collected data to give some insight into the performance of today’s WebRTC based real-time communication services. According to our measurement, real-time communication over the Internet are generally performing well in terms of latency and loss. The throughput are good for about 30% of the communication sessions
BaseSAFE: Baseband SAnitized Fuzzing through Emulation
Rogue base stations are an effective attack vector. Cellular basebands
represent a critical part of the smartphone's security: they parse large
amounts of data even before authentication. They can, therefore, grant an
attacker a very stealthy way to gather information about calls placed and even
to escalate to the main operating system, over-the-air. In this paper, we
discuss a novel cellular fuzzing framework that aims to help security
researchers find critical bugs in cellular basebands and similar embedded
systems. BaseSAFE allows partial rehosting of cellular basebands for fast
instrumented fuzzing off-device, even for closed-source firmware blobs.
BaseSAFE's sanitizing drop-in allocator, enables spotting heap-based
buffer-overflows quickly. Using our proof-of-concept harness, we fuzzed various
parsers of the Nucleus RTOS-based MediaTek cellular baseband that are
accessible from rogue base stations. The emulator instrumentation is highly
optimized, reaching hundreds of executions per second on each core for our
complex test case, around 15k test-cases per second in total. Furthermore, we
discuss attack vectors for baseband modems. To the best of our knowledge, this
is the first use of emulation-based fuzzing for security testing of commercial
cellular basebands. Most of the tooling and approaches of BaseSAFE are also
applicable for other low-level kernels and firmware. Using BaseSAFE, we were
able to find memory corruptions including heap out-of-bounds writes using our
proof-of-concept fuzzing harness in the MediaTek cellular baseband. BaseSAFE,
the harness, and a large collection of LTE signaling message test cases will be
released open-source upon publication of this paper
Execution Offloading 기술을 사용한 모바일 기기를 위한 클라우드 보안 솔루션
학위논문 (석사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2015. 8. 백윤흥.So far, security mechanisms for mobile devices have had difficulties to protect from malicious threats due to the limited resources of mobile devices. With the prevalence of cloud computing, one of promising solutions to overcome the difficulties is to exploit cloud environments, where a remote virtual machine performs the resource-consuming security analysis instead of a mobile device. However, existing cloud-based solutions are still insufficient because of the code coverage problem and security level degradation. Therefore, this thesis proposes a static and dynamic analysis based security solution called SORCloud. For dynamic analysis, it offloads a process of a suspicious application to a remote virtual machine for dynamic security analysis, by which SORCloud resolves two problems mentioned above. Through comprehensive experiments, we show how efficiently the proposed scheme works and detects malicious behaviorContents
I. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
II. Background . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
III. RelatedWork . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.1 Androgaurd . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2 Andriod-apktool . . . . . . . . . . . . . . . . . . . . . . . . 10
3.3 Dex2Jar . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.4 Dexter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.5 APKInspector . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.6 API monitor . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.7 offloading . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
IV. SorCloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.1 System Overview . . . . . . . . . . . . . . . . . . . . . . . 16
4.2 System Modules . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3 Execution offloading . . . . . . . . . . . . . . . . . . . . . 18
4.3.1 Code Instrumentation . . . . . . . . . . . . . . . . . 18
4.3.2 Thread Migration . . . . . . . . . . . . . . . . . . . 21
4.4 Security Modules . . . . . . . . . . . . . . . . . . . . . . . 23
4.5 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . 25
4.6 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
4.6.1 Experimental setup . . . . . . . . . . . . . . . . . . 26
ii
4.6.2 Experimental results . . . . . . . . . . . . . . . . . 27
4.7 CONCLUSION . . . . . . . . . . . . . . . . . . . . . . . . 34
4.8 FUTURE WORK . . . . . . . . . . . . . . . . . . . . . . . 35
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
초록 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Maste
Independent verification of specification models for large software systems at the early phases of development lifecycle
One of the major challenges facing the software industry, in general and IV&V (Independent Verification and Validation) analysts in particular, is to find ways for analyzing dynamic behavior of requirement specifications of large software systems early in the development lifecycle. Such analysis can significantly improve the performance and reliability of the developed systems. This dissertation addresses the problem of developing an IV&V framework for extracting semantics of dynamic behavior from requirement specifications based on: (1) SART (Structured Analysis with Realtime) models, and (2) UML (Unified Modeling Language) models.;For SART, the framework presented here shows a direct mapping from SART specification models to CPN (Colored Petrinets) models. The semantics of the SART hierarchy at the individual levels are preserved in the mapping. This makes it easy for the analyst to perform the analysis and trace back to the corresponding SART model. CPN was selected because it supports rigorous dynamic analysis. A large scale case study based on a component of NASA EOS system was performed for a proof of the concept.;For UML specifications, an approach based on metamodels is presented. A special type of metamodel, called dynamic metamodel (DMM), is introduced. This approach holds several advantages over the direct mapping of UML to CPN. The mapping rules for generating DMM are not CPN specific, hence they would not change if a language other than CPN is used. Also it makes it more flexible to develop DMM because other types of models can be added to the existing UML models. A simple example of a pacemaker is used to illustrate the concepts of DMM
- …