THE OBSERVATION OF SMART CAMERA SECURITY

At present, as the Internet of Thing (IoT) is increasingly widely used in human life, how to protect IoT devices from Malware attack has become an inevitable problem. This project is an analysis of two malwares and how they impact the Internet of Thing (IoT), especially the smart cameras common in people’s life and used in the enterprise. The analysis looks at the vulnerabilities of smart cameras and how Mirai malware and Persirai malware take advantage to these vulnerabilities to attack smart cameras within the network through the simulation process. Through the simulation, although both malwares were implemented using different methods, they all see smart cameras as bots that lead to a similar impact. In this analysis, the simulation process was set up to find ways to prevent smart cameras from being infected by malware. The scanning part found the target, the report part saw how malware gained access to their target and the control part examined how malware controls infected smart cameras to launch an attack. This analysis also looks at Cyber Kill Chain framework to examine how it could be when applied to the smart cameras and malicious software attack. The Cyber Kill Chain framework was used to break down the cyberattacks and aided in providing ways to prevent both malwares at every step. The framework shows that the user plays a huge role in preventing smart cameras from malware attack. The more knowledge and awareness users have, the safer the environment for their smart cameras

Spying on the Spy: Security Analysis of Hidden Cameras

Hidden cameras, also called spy cameras, are surveillance tools commonly used to spy on people without their knowledge. Whilst previous studies largely focused on investigating the detection of such a camera and the privacy implications, the security of the camera itself has received limited attention. Compared with ordinary IP cameras, spy cameras are normally sold in bulk at cheap prices and are ubiquitously deployed in hidden places within homes and workplaces. A security compromise of these cameras can have severe consequences. In this paper, we analyse a generic IP camera module, which has been packaged and re-branded for sale by several spy camera vendors. The module is controlled by mobile phone apps. By analysing the Android app and the traffic data, we reverse-engineered the security design of the whole system, including the module's Linux OS environment, the file structure, the authentication mechanism, the session management, and the communication with a remote server. Serious vulnerabilities have been identified in every component. Combined together, they allow an adversary to take complete control of a spy camera from anywhere over the Internet, enabling arbitrary code execution. This is possible even if the camera is behind a firewall. All that an adversary needs to launch an attack is the camera's serial number, which users sometimes unknowingly share in online reviews. We responsibly disclosed our findings to the manufacturer. Whilst the manufacturer acknowledged our work, they showed no intention to fix the problems. Patching or recalling the affected cameras is infeasible due to complexities in the supply chain. However, it is prudent to assume that bad actors have already been exploiting these flaws. We provide details of the identified vulnerabilities in order to raise public awareness, especially on the grave danger of disclosing a spy camera's serial number.Comment: 19 pages. Conference: NSS 2023: 17th International Conference on Network and System Securit

A Language-Agnostic Model for Semantic Source Code Labeling

Code search and comprehension have become more difficult in recent years due to the rapid expansion of available source code. Current tools lack a way to label arbitrary code at scale while maintaining up-to-date representations of new programming languages, libraries, and functionalities. Comprehensive labeling of source code enables users to search for documents of interest and obtain a high-level understanding of their contents. We use Stack Overflow code snippets and their tags to train a language-agnostic, deep convolutional neural network to automatically predict semantic labels for source code documents. On Stack Overflow code snippets, we demonstrate a mean area under ROC of 0.957 over a long-tailed list of 4,508 tags. We also manually validate the model outputs on a diverse set of unlabeled source code documents retrieved from Github, and we obtain a top-1 accuracy of 86.6%. This strongly indicates that the model successfully transfers its knowledge from Stack Overflow snippets to arbitrary source code documents.Comment: MASES 2018 Publicatio

SoK: A Systematic Review of TEE Usage for Developing Trusted Applications

Trusted Execution Environments (TEEs) are a feature of modern central processing units (CPUs) that aim to provide a high assurance, isolated environment in which to run workloads that demand both confidentiality and integrity. Hardware and software components in the CPU isolate workloads, commonly referred to as Trusted Applications (TAs), from the main operating system (OS). This article aims to analyse the TEE ecosystem, determine its usability, and suggest improvements where necessary to make adoption easier. To better understand TEE usage, we gathered academic and practical examples from a total of 223 references. We summarise the literature and provide a publication timeline, along with insights into the evolution of TEE research and deployment. We categorise TAs into major groups and analyse the tools available to developers. Lastly, we evaluate trusted container projects, test performance, and identify the requirements for migrating applications inside them.Comment: In The 18th International Conference on Availability, Reliability and Security (ARES 2023), August 29 -- September 01, 2023, Benevento, Italy. 15 page

Teaching how to program using automated assessment and functional glossy games (Experience Report)

Our department has long been an advocate of the functional-first school of programming and has been teaching Haskell as a first language in introductory programming course units for 20 years. Although the functional style is largely beneficial, it needs to be taught in an enthusiastic and captivating way to fight the unusually high computer science drop-out rates and appeal to a heterogeneous population of students.This paper reports our experience of restructuring, over the last 5 years, an introductory laboratory course unit that trains hands-on functional programming concepts and good software development practices. We have been using game programming to keep students motivated, and following a methodology that hinges on test-driven development and continuous bidirectional feedback. We summarise successes and missteps, and how we have learned from our experience to arrive at a model for comprehensive and interactive functional game programming assignments and a general functionally-powered automated assessment platform, that together provide a more engaging learning experience for students. In our experience, we have been able to teach increasingly more advanced functional programming concepts while improving student engagement.The authors would like to thank the precursors of the 20-year functional programming culture and FPro unit at our university, and all the instructors and TAs that have been involved in the PLab unit throughout the years. This work is financed by the ERDFs European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020 Programme within project POCI-01-0145-FEDER-006961, and by National Funds through the Portuguese funding agency, FCT s Fundacao para a Ciencia e a Tecnologia as part of project UID/EEA/50014/2013

More on Graph Rewriting With Contextual Refinement

In GRGEN , a graph rewrite generator tool, rules have the outstandingfeature that variables in their pattern and replacement graphs may be refined withmeta-rules based on contextual hyperedge replacement grammars. A refined rule maydelete, copy, and transform subgraphs of unbounded size and of variable shape. Inthis paper, we show that rules with contextual refinement can be transformed to stan-dard graph rewrite rules that perform the refinement incrementally, and are appliedaccording to a strategy called residual rewriting. With this transformation, it is possi-ble to state precisely whether refinements can be determined in finitely many steps ornot, and whether refinements are unique for every form of refined pattern or not

Cracking the Code: How to Prevent Copyright Termination From Upending the Proprietary and Open Source Software Markets

Computer software is protected by copyright law through its underlying code, which courts have interpreted as constituting a “literary work” pursuant to the Copyright Act. Prior to including software as copyrightable subject matter, Congress established a termination right which grants original authors the ability to reclaim their copyright thirty-five years after they have transferred it. Termination was intended to benefit up-and-coming authors who faced an inherent disadvantage in the market when selling the rights to their works. In the near future, many software works will reach the thirty-five-year threshold, thus presenting courts with a novel application of termination to computer software. Software’s inclusion as copyrightable subject matter has long been seen as a poor fit when compared to other copyrightable works, such as music, movies, and art. This perceived difference will soon be exacerbated because termination poses unique threats as applied to software, primarily due to the functional aspects of software that are necessarily incidental to the protected code. Problems stemming from termination will manifest differently in the two primary software markets known as proprietary software and open source software. Independent contractors may be able to terminate copyrights held in software they had previously written for a business’s proprietary ownership, whereas, in the context of open source software, exercise of termination could make void perpetual licensing agreements that serve as the foundation for the open source movement. While statutory and common law exceptions to termination, such as the work made for hire doctrine, may mitigate the effects of termination, the degree to which the doctrines may do so has yet to be determined. This Note argues that the harmful effects of termination as applied to proprietary software can be resolved through a novel interpretation of the work made for hire provision of the Copyright Act. Additionally, the harmful effects of termination on open source software can be avoided if Congress adopts a legislative amendment creating a compulsory licensing system for open source works