75 research outputs found
Recommended from our members
THE OBSERVATION OF SMART CAMERA SECURITY
At present, as the Internet of Thing (IoT) is increasingly widely used in human life, how to protect IoT devices from Malware attack has become an inevitable problem. This project is an analysis of two malwares and how they impact the Internet of Thing (IoT), especially the smart cameras common in people’s life and used in the enterprise. The analysis looks at the vulnerabilities of smart cameras and how Mirai malware and Persirai malware take advantage to these vulnerabilities to attack smart cameras within the network through the simulation process. Through the simulation, although both malwares were implemented using different methods, they all see smart cameras as bots that lead to a similar impact. In this analysis, the simulation process was set up to find ways to prevent smart cameras from being infected by malware. The scanning part found the target, the report part saw how malware gained access to their target and the control part examined how malware controls infected smart cameras to launch an attack. This analysis also looks at Cyber Kill Chain framework to examine how it could be when applied to the smart cameras and malicious software attack. The Cyber Kill Chain framework was used to break down the cyberattacks and aided in providing ways to prevent both malwares at every step. The framework shows that the user plays a huge role in preventing smart cameras from malware attack. The more knowledge and awareness users have, the safer the environment for their smart cameras
Spying on the Spy: Security Analysis of Hidden Cameras
Hidden cameras, also called spy cameras, are surveillance tools commonly used
to spy on people without their knowledge. Whilst previous studies largely
focused on investigating the detection of such a camera and the privacy
implications, the security of the camera itself has received limited attention.
Compared with ordinary IP cameras, spy cameras are normally sold in bulk at
cheap prices and are ubiquitously deployed in hidden places within homes and
workplaces. A security compromise of these cameras can have severe
consequences. In this paper, we analyse a generic IP camera module, which has
been packaged and re-branded for sale by several spy camera vendors. The module
is controlled by mobile phone apps. By analysing the Android app and the
traffic data, we reverse-engineered the security design of the whole system,
including the module's Linux OS environment, the file structure, the
authentication mechanism, the session management, and the communication with a
remote server. Serious vulnerabilities have been identified in every component.
Combined together, they allow an adversary to take complete control of a spy
camera from anywhere over the Internet, enabling arbitrary code execution. This
is possible even if the camera is behind a firewall. All that an adversary
needs to launch an attack is the camera's serial number, which users sometimes
unknowingly share in online reviews. We responsibly disclosed our findings to
the manufacturer. Whilst the manufacturer acknowledged our work, they showed no
intention to fix the problems. Patching or recalling the affected cameras is
infeasible due to complexities in the supply chain. However, it is prudent to
assume that bad actors have already been exploiting these flaws. We provide
details of the identified vulnerabilities in order to raise public awareness,
especially on the grave danger of disclosing a spy camera's serial number.Comment: 19 pages. Conference: NSS 2023: 17th International Conference on
Network and System Securit
A Language-Agnostic Model for Semantic Source Code Labeling
Code search and comprehension have become more difficult in recent years due
to the rapid expansion of available source code. Current tools lack a way to
label arbitrary code at scale while maintaining up-to-date representations of
new programming languages, libraries, and functionalities. Comprehensive
labeling of source code enables users to search for documents of interest and
obtain a high-level understanding of their contents. We use Stack Overflow code
snippets and their tags to train a language-agnostic, deep convolutional neural
network to automatically predict semantic labels for source code documents. On
Stack Overflow code snippets, we demonstrate a mean area under ROC of 0.957
over a long-tailed list of 4,508 tags. We also manually validate the model
outputs on a diverse set of unlabeled source code documents retrieved from
Github, and we obtain a top-1 accuracy of 86.6%. This strongly indicates that
the model successfully transfers its knowledge from Stack Overflow snippets to
arbitrary source code documents.Comment: MASES 2018 Publicatio
SoK: A Systematic Review of TEE Usage for Developing Trusted Applications
Trusted Execution Environments (TEEs) are a feature of modern central
processing units (CPUs) that aim to provide a high assurance, isolated
environment in which to run workloads that demand both confidentiality and
integrity. Hardware and software components in the CPU isolate workloads,
commonly referred to as Trusted Applications (TAs), from the main operating
system (OS). This article aims to analyse the TEE ecosystem, determine its
usability, and suggest improvements where necessary to make adoption easier. To
better understand TEE usage, we gathered academic and practical examples from a
total of 223 references. We summarise the literature and provide a publication
timeline, along with insights into the evolution of TEE research and
deployment. We categorise TAs into major groups and analyse the tools available
to developers. Lastly, we evaluate trusted container projects, test
performance, and identify the requirements for migrating applications inside
them.Comment: In The 18th International Conference on Availability, Reliability and
Security (ARES 2023), August 29 -- September 01, 2023, Benevento, Italy. 15
page
Teaching how to program using automated assessment and functional glossy games (Experience Report)
Our department has long been an advocate of the functional-first school of programming and has been teaching Haskell as a first language in introductory programming course units for 20 years. Although the functional style is largely beneficial, it needs to be taught in an enthusiastic and captivating way to fight the unusually high computer science drop-out rates and appeal to a heterogeneous population of students.This paper reports our experience of restructuring, over the last 5 years, an introductory laboratory course unit that trains hands-on functional programming concepts and good software development practices. We have been using game programming to keep students motivated, and following a methodology that hinges on test-driven development and continuous bidirectional feedback. We summarise successes and missteps, and how we have learned from our experience to arrive at a model for comprehensive and interactive functional game programming assignments and a general functionally-powered automated assessment platform, that together provide a more engaging learning experience for students. In our experience, we have been able to teach increasingly more advanced functional programming concepts while improving student engagement.The authors would like to thank the precursors of the 20-year functional programming culture and FPro unit at our university, and all the instructors and TAs that have been involved in the PLab unit throughout the years. This work is financed by the ERDFs European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020 Programme within project POCI-01-0145-FEDER-006961, and by National Funds through the Portuguese funding agency, FCT s Fundacao para a Ciencia e a Tecnologia as part of project UID/EEA/50014/2013
More on Graph Rewriting With Contextual Refinement
In GRGEN , a graph rewrite generator tool, rules have the outstandingfeature that variables in their pattern and replacement graphs may be refined withmeta-rules based on contextual hyperedge replacement grammars. A refined rule maydelete, copy, and transform subgraphs of unbounded size and of variable shape. Inthis paper, we show that rules with contextual refinement can be transformed to stan-dard graph rewrite rules that perform the refinement incrementally, and are appliedaccording to a strategy called residual rewriting. With this transformation, it is possi-ble to state precisely whether refinements can be determined in finitely many steps ornot, and whether refinements are unique for every form of refined pattern or not
Cracking the Code: How to Prevent Copyright Termination From Upending the Proprietary and Open Source Software Markets
Computer software is protected by copyright law through its underlying code, which courts have interpreted as constituting a “literary work” pursuant to the Copyright Act. Prior to including software as copyrightable subject matter, Congress established a termination right which grants original authors the ability to reclaim their copyright thirty-five years after they have transferred it. Termination was intended to benefit up-and-coming authors who faced an inherent disadvantage in the market when selling the rights to their works. In the near future, many software works will reach the thirty-five-year threshold, thus presenting courts with a novel application of termination to computer software. Software’s inclusion as copyrightable subject matter has long been seen as a poor fit when compared to other copyrightable works, such as music, movies, and art. This perceived difference will soon be exacerbated because termination poses unique threats as applied to software, primarily due to the functional aspects of software that are necessarily incidental to the protected code. Problems stemming from termination will manifest differently in the two primary software markets known as proprietary software and open source software. Independent contractors may be able to terminate copyrights held in software they had previously written for a business’s proprietary ownership, whereas, in the context of open source software, exercise of termination could make void perpetual licensing agreements that serve as the foundation for the open source movement. While statutory and common law exceptions to termination, such as the work made for hire doctrine, may mitigate the effects of termination, the degree to which the doctrines may do so has yet to be determined. This Note argues that the harmful effects of termination as applied to proprietary software can be resolved through a novel interpretation of the work made for hire provision of the Copyright Act. Additionally, the harmful effects of termination on open source software can be avoided if Congress adopts a legislative amendment creating a compulsory licensing system for open source works
- …