An analysis of BYOD architectures in relation to mitigating security risks

As the adaptation of smartphones and tablets to conduct business activities increases, enterprise mobility becomes a rising trend in business environments providing a flexible work environment that modernizes how workers accomplish their tasks. One significant part of the current enterprise mobility movement is the adoption of the Bring Your Own Device (BYOD) strategy. BYOD allows employees to use their personal mobile devices to access corporate resources and conduct business tasks while maintaining the usage of these devices for personal activities. This underlying feature of the BYOD solution presents serious concerns for enterprises in terms of securing the storage and access of the corporate data. This report will explore the BYOD strategy and analyze the business requirements that are tied to the secure storage and management of corporate data. The report will also study existing architectural approaches as they relate to the BYOD movement, and explore how these approaches attempt to minimize the security risks and challenges associated with the BYOD strategy.Electrical and Computer Engineerin

Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)

As many types of IoT devices worm their way into numerous settings and many aspects of our daily lives, awareness of their presence and functionality becomes a source of major concern. Hidden IoT devices can snoop (via sensing) on nearby unsuspecting users, and impact the environment where unaware users are present, via actuation. This prompts, respectively, privacy and security/safety issues. The dangers of hidden IoT devices have been recognized and prior research suggested some means of mitigation, mostly based on traffic analysis or using specialized hardware to uncover devices. While such approaches are partially effective, there is currently no comprehensive approach to IoT device transparency. Prompted in part by recent privacy regulations (GDPR and CCPA), this paper motivates and constructs a privacy-agile Root-of-Trust architecture for IoT devices, called PAISA: Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure announcements about IoT devices' presence and their capabilities. PAISA has two components: one on the IoT device that guarantees periodic announcements of its presence even if all device software is compromised, and the other that runs on the user device, which captures and processes announcements. Notably, PAISA requires no hardware modifications; it uses a popular off-the-shelf Trusted Execution Environment (TEE) -- ARM TrustZone. This work also comprises a fully functional (open-sourced) prototype implementation of PAISA, which includes: an IoT device that makes announcements via IEEE 802.11 WiFi beacons and an Android smartphone-based app that captures and processes announcements. Both security and performance of PAISA design and prototype are discussed.Comment: 17 pages, 11 figures. To appear at ACM CCS 202

Novel Mobile Computation Offloading Framework for Android Devices

The thesis implements an offloading framework for GoogleTM AndroidTM based on mobile devices. Today, the full potential for smartphones may be constrained by certain technical limits such as battery endurance and computational performance. Modern mobile applications own more powerful functions but need larger computation and faster frame rate, which consume more battery energy. Using the proposed offloading framework, mobile devices can offload computational intensive workload to servers to save battery energy consumption and reduce the execution time. The framework can also enable software developers to easily build and deploy services on the servers to support mobile devices to run computationally intensive jobs. Compared with other offloading schemes for android cell phones, the scheme enables developers to choose which parts of the codes are potentially offloading. As developers fully understand the data flow models of the apps, they are considered most capable of making offloading decisions. Developers can minimize communication overhead brought by offloading by carefully partitioning source code by data dependency. Experiment results and data showed that the proposed offloading scheme could significantly reduce computational time and battery energy consumption

Energy Measurement and Profiling of Internet of Things Devices

As technological improvements in hardware and software have grown in leaps and bounds, the presence of IoT devices has been increasing at a fast rate. Profiling and minimizing energy consumption on these devices remains to be an an essential step towards employing them in various application domains. Due to the large size and high cost of commercial energy measurement platforms, the research community has proposed alternative solutions that aim to be simple, accurate, and user friendly. However, these solutions are either costly, have a limited measurement range, or low accuracy. In addition, minimizing energy consumption in IoT devices is paramount to their wide deployment in various IoT scenarios. Energy saving methods such as duty-cycling aim to address this constraint by limiting the amount of time the device is powered on. This process needs to be optimized, as devices are now able to perform complex, but energy intensive tasks due to advancements in hardware. The contributions of this paper are two-fold. First we develop an energy measurement platform for IoT devices. This platform should be accurate, low-cost, easy to build, and configurable in order to scale to the high volume and varying requirements for IoT devices. The second contribution is improving the energy consumption on a Linux-based IoT device in a duty-cycled scenario. It is important to profile and optimize boot up time and shutdown time, and improve the way user applications are executed. EMPIOT is an accurate, low-cost, easy to build, and flexible power measurement platform. We present the hardware and software components that comprise EMPIOT and then study the effect of various design parameters on accuracy. In particular, we analyze the effect of driver, bus speed, input voltage, and buffering mechanisms on sampling rate, measurement accuracy, and processing demand. In addition to this, we also propose a novel calibration technique and report the calibration parameters under different settings. In order to demonstrate EMPIOT\u27s scalability, we evaluate its performance against a ground truth on five different devices. Our results show that for very low-power devices that utilize 802.15.4 wireless standard, measurement error is less than 4%. In addition, we obtain less than 3% error for 802.11-based devices that generate short and high power spikes. The second contribution is the optimization the energy consumption of IoT devices in a duty cycled scenario by reducing boot up duration, shutdown duration, and user application duration. To this end, we study and improve the amount of time a Linux-based IoT device is powered on to accomplish its tasks. We analyze the processes of system boot up and shutdown on two platforms, the Raspberry Pi 3 and Raspberry Pi Zero Wireless, and enhance duty-cycling performance by identifying and disabling time consuming or unnecessary units initialized in the userspace. We also study whether SD card speed and SD card capacity utilization affect boot up duration and energy consumption. In addition, we propose Pallex, a novel parallel execution framework built on top of the systemd init system to run a user application concurrently with userspace initialization. We validate the performance impact of Pallex when applied to various IoT application scenarios: (i) capturing an image, (ii) capturing and encrypting an image, (iii) capturing and classifying an image using the the k-nearest neighbor algorithm, and (iv) capturing images and sending them to a cloud server. Our results show that system lifetime is increased by 18.3%, 16.8%, 13.9% and 30.2%, for these application scenarios, respectively

Human Factors in Secure Software Development

While security research has made significant progress in the development of theoretically secure methods, software and algorithms, software still comes with many possible exploits, many of those using the human factor. The human factor is often called ``the weakest link'' in software security. To solve this, human factors research in security and privacy focus on the users of technology and consider their security needs. The research then asks how technology can serve users while minimizing risks and empowering them to retain control over their own data. However, these concepts have to be implemented by developers whose security errors may proliferate to all of their software's users. For example, software that stores data in an insecure way, does not secure network traffic correctly, or otherwise fails to adhere to secure programming best practices puts all of the software's users at risk. It is therefore critical that software developers implement security correctly. However, in addition to security rarely being a primary concern while producing software, developers may also not have extensive awareness, knowledge, training or experience in secure development. A lack of focus on usability in libraries, documentation, and tools that they have to use for security-critical components may exacerbate the problem by blowing up the investment of time and effort needed to "get security right". This dissertation's focus is how to support developers throughout the process of implementing software securely. This research aims to understand developers' use of resources, their mindsets as they develop, and how their background impacts code security outcomes. Qualitative, quantitative and mixed methods were employed online and in the laboratory, and large scale datasets were analyzed to conduct this research. This research found that the information sources developers use can contribute to code (in)security: copying and pasting code from online forums leads to achieving functional code quickly compared to using official documentation resources, but may introduce vulnerable code. We also compared the usability of cryptographic APIs, finding that poor usability, unsafe (possibly obsolete) defaults and unhelpful documentation also lead to insecure code. On the flip side, well-thought out documentation and abstraction levels can help improve an API's usability and may contribute to secure API usage. We found that developer experience can contribute to better security outcomes, and that studying students in lieu of professional developers can produce meaningful insights into developers' experiences with secure programming. We found that there is a multitude of online secure development advice, but that these advice sources are incomplete and may be insufficient for developers to retrieve help, which may cause them to choose un-vetted and potentially insecure resources. This dissertation supports that (a) secure development is subject to human factor challenges and (b) security can be improved by addressing these challenges and supporting developers. The work presented in this dissertation has been seminal in establishing human factors in secure development research within the security and privacy community and has advanced the dialogue about the rigorous use of empirical methods in security and privacy research. In these research projects, we repeatedly found that usability issues of security and privacy mechanisms, development practices, and operation routines are what leads to the majority of security and privacy failures that affect millions of end users

Metafore mobilnih komunikacija ; Метафоры мобильной связи.

Mobilne komunikacije su polje informacione i komunikacione tehnologije koje karakteriše brzi razvoj i u kome se istraživanjem u analitičkim okvirima kognitivne lingvistike, zasnovanom na uzorku od 1005 odrednica, otkriva izrazito prisustvo metafore, metonimije, analogije i pojmovnog objedinjavanja. Analiza uzorka reči i izraza iz oblasti mobilnih medija, mobilnih operativnih sistema, dizajna korisničkih interfejsa, terminologije mobilnih mreža, kao i slenga i tekstizama koje upotrebljavaju korisnici mobilnih naprava ukazuje da pomenuti kognitivni mehanizmi imaju ključnu ulogu u olakšavanju interakcije između ljudi i širokog spektra mobilnih uređaja sa računarskim sposobnostima, od prenosivih računara i ličnih digitalnih asistenata (PDA), do mobilnih telefona, tableta i sprava koje se nose na telu. Ti mehanizmi predstavljaju temelj razumevanja i nalaze se u osnovi principa funkcionisanja grafičkih korisničkih interfejsa i direktne manipulacije u računarskim okruženjima. Takođe je analiziran i poseban uzorak od 660 emotikona i emođija koji pokazuju potencijal za proširenje značenja, imajući u vidu značaj piktograma za tekstualnu komunikaciju u vidu SMS poruka i razmenu tekstualnih sadržaja na društvenim mrežama kojima se redovno pristupa putem mobilnih uređaja...Mobile communications are a fast-developing field of information and communication technology whose exploration within the analytical framework of cognitive linguistics, based on a sample of 1005 entries, reveals the pervasive presence of metaphor, metonymy analogy and conceptual integration. The analysis of the sample consisting of words and phrases related to mobile media, mobile operating systems and interface design, the terminology of mobile networking, as well as the slang and textisms employed by mobile gadget users shows that the above cognitive mechanisms play a key role in facilitating interaction between people and a wide range of mobile computing devices from laptops and PDAs to mobile phones, tablets and wearables. They are the cornerstones of comprehension that are behind the principles of functioning of graphical user interfaces and direct manipulation in computing environments. A separate sample, featuring a selection of 660 emoticons and emoji, exhibiting the potential for semantic expansion was also analyzed, in view of the significance of pictograms for text-based communication in the form of text messages or exchanges on social media sites regularly accessed via mobile devices..

Spartan Daily January 30, 2012

Volume 138, Issue 2https://scholarworks.sjsu.edu/spartandaily/1001/thumbnail.jp

Forensic Analysis of the exFAT Artifacts

Although keeping some basic concepts inherited from FAT32, the exFAT file system introduces many differences, such as the new mapping scheme of directory entries. The combination of exFAT mapping scheme with the allocation of bitmap files and the use of FAT leads to new forensic possibilities. The recovery of deleted files, including fragmented ones and carving becomes more accurate compared with former forensic processes. Nowadays, the accurate and sound forensic analysis is more than ever needed, as there is a high risk of erroneous interpretation. Indeed, most of the related work in the literature on exFAT structure and forensics, is mainly based on reverse engineering research, and only few of them cover the forensic interpretation. In this paper, we propose a new methodology using of exFAT file systems features to improve the interpretation of inactive entries by using bitmap file analysis and recover the file system metadata information for carved files. Experimental results show how our approach improves the forensic interpretation accuracy