FirmUSB: Vetting USB Device Firmware using Domain Informed Symbolic Execution

The USB protocol has become ubiquitous, supporting devices from high-powered computing devices to small embedded devices and control systems. USB's greatest feature, its openness and expandability, is also its weakness, and attacks such as BadUSB exploit the unconstrained functionality afforded to these devices as a vector for compromise. Fundamentally, it is virtually impossible to know whether a USB device is benign or malicious. This work introduces FirmUSB, a USB-specific firmware analysis framework that uses domain knowledge of the USB protocol to examine firmware images and determine the activity that they can produce. Embedded USB devices use microcontrollers that have not been well studied by the binary analysis community, and our work demonstrates how lifters into popular intermediate representations for analysis can be built, as well as the challenges of doing so. We develop targeting algorithms and use domain knowledge to speed up these processes by a factor of 7 compared to unconstrained fully symbolic execution. We also successfully find malicious activity in embedded 8051 firmwares without the use of source code. Finally, we provide insights into the challenges of symbolic analysis on embedded architectures and provide guidance on improving tools to better handle this important class of devices.Comment: 18 pages, CCS 201

Datalogger for UL aircraft

Diplomová práce se zabývá návrhem zapisovače letových dat pro UL letadla. V teoretické části jsou popsány základní principy měření jednotlivých veličin ve vztahu k provozu letadla, např. výšky, rychlosti. V samostatné kapitole se věnuji systémům pro určení polohy GPS. Dále jsou zde uvedeny příklady přístrojů měřících tyto veličiny. Praktická část je zaměřena na popis vybraných komponent a jejich obsluhu mikrokontrolérem PIC24FJ64GA004. Následuje popis obsluhy USB disků pomocí USB kontroléru Vinculum-II. Práce je zakončena provedením testu funkčnosti zařízení.This thesis describes the design of flight data recorder for UL aircraft. The theoretical part describes the basic principles of measurement of the quantities in relation to the operation of the aircraft, such as altitude, air speed. A separate chapter deals with systems for determining of GPS position. Furthermore, there are examples of instruments measuring these quantities. The practical part is focused on the description of selected components and their connection to PIC24FJ64GA004 microcontroller. This is followed by a description of the control of USB drives with USB Controller Vinculum-II. The work is finished by the functional test of the device.

Enhancing MB-OFDM throughput with dual circular 32-QAM

Quadrature Phase Shift Keying (QPSK) and Dual Carrier Modulation (DCM) are currently used as the modulation schemes for Multiband Orthogonal Frequency Division Multiplexing (MB-OFDM) in the ECMA-368 defined Ultra-Wideband (UWB) radio platform. ECMA-368 has been chosen as the physical radio platform for many systems including Wireless USB (W-USB), Bluetooth 3.0 and Wireless HDMI; hence ECMA-368 is an important issue to consumer electronics and the users experience of these products. To enable the transport of high-rate USB, ECMA-368 offers up to 480 Mb/s instantaneous bit rate to the Medium Access Control (MAC) layer, but depending on radio channel conditions dropped packets unfortunately result in a lower throughput. This paper presents an alternative high data rate modulation scheme that fits within the configuration of the current standard increasing system throughput by achieving 600 Mb/s (reliable to 3.1 meters) thus maintaining the high rate USB throughput even with a moderate level of dropped packets. The modulation system is termed Dual Circular 32-QAM (DC 32-QAM). The system performance for DC 32-QAM modulation is presented and compared with 16-QAM and DCM1

Manual and Practical Examples of Developing Basic Embedded USB Applications Based on MC9S08JM60

Tato práce se zabývá implementací USB myši a USB klíče na mikrokontroléru MC9S08JM60. Všechny vestavné USB aplikace pro MC9S08JM60 musí implementovat určitou část USB standardu, která je v této práci zarhnutá do USB ovladače pro mikrokontrolér. Funkčnost USB ovladače je demonstrována vyvíjenými aplikacemi.In this thesis I present implementation of USB mouse and USB flashdisk for MC9S08JM60 microcontroller. All embedded USB applications for MC9S08JM60 must implement subset of USB functionality, which is grouped to USB driver for the microcontroller. Functionality of the USB driver is demonstrated by the implemented USB applications.

Outlook for tuberculosis elimination in California: An individual-based stochastic model.

RationaleAs part of the End TB Strategy, the World Health Organization calls for low-tuberculosis (TB) incidence settings to achieve pre-elimination (<10 cases per million) and elimination (<1 case per million) by 2035 and 2050, respectively. These targets require testing and treatment for latent tuberculosis infection (LTBI).ObjectivesTo estimate the ability and costs of testing and treatment for LTBI to reach pre-elimination and elimination targets in California.MethodsWe created an individual-based epidemic model of TB, calibrated to historical cases. We evaluated the effects of increased testing (QuantiFERON-TB Gold) and treatment (three months of isoniazid and rifapentine). We analyzed four test and treat targeting strategies: (1) individuals with medical risk factors (MRF), (2) non-USB, (3) both non-USB and MRF, and (4) all Californians. For each strategy, we estimated the effects of increasing test and treat by a factor of 2, 4, or 10 from the base case. We estimated the number of TB cases occurring and prevented, and net and incremental costs from 2017 to 2065 in 2015 U.S. dollars. Efficacy, costs, adverse events, and treatment dropout were estimated from published data. We estimated the cost per case averted and per quality-adjusted life year (QALY) gained.Measurements and main resultsIn the base case, 106,000 TB cases are predicted to 2065. Pre-elimination was achieved by 2065 in three scenarios: a 10-fold increase in the non-USB and persons with MRF (by 2052), and 4- or 10-fold increase in all Californians (by 2058 and 2035, respectively). TB elimination was not achieved by any intervention scenario. The most aggressive strategy, 10-fold in all Californians, achieved a case rate of 8 (95% UI 4-16) per million by 2050. Of scenarios that reached pre-elimination, the incremental net cost was $20 billion (non-USB and MRF) to$48 billion. These had an incremental cost per QALY of $657,000 to$3.1 million. A more efficient but somewhat less effective single-lifetime test strategy reached as low as $80,000 per QALY.ConclusionsSubstantial gains can be made in TB control in coming years by scaling-up current testing and treatment in non-USB and those with medical risks

Calculation of static longitudinal aerodynamic characteristics of STOL aircraft with upper surface blown flaps

An existing prediction method developed for EBF aircraft configurations was applied to USB configurations to determine its potential utility in predicting USB aerodynamic characteristics. An existing wing-flap vortex-lattice computer program was modified to handle multiple spanwise flap segments at different flap angles. A potential flow turbofan wake model developed for circular cross-section jets was used to model a rectangular cross-section jet wake by placing a number of circular jets side by side. The calculation procedure was evaluated by comparison of measured and predicted aerodynamic characteristics on a variety of USB configurations. The method is limited to the case where the flow and geometry of the configuration are symmetric about a vertical plane containing the wing root chord. Comparison of predicted and measured lift and pitching moment coefficients were made on swept wings with one and two engines per wing panel, various flap deflection angles, and a range of thrust coefficients. The results indicate satisfactory prediction of lift for flap deflections up to 55 and thrust coefficients less than 2. The applicability of the prediction procedure to USB configurations is evaluated, and specific recommendations for improvements are discussed

Static investigation of the circulation control wing/upper surface blowing concept applied to the quiet short haul research aircraft

Full scale static investigations were conducted on the Quiet Short Haul Research Aircraft (QSRA) to determine the thrust deflecting capabilities of the circulation control wing/upper surface blowing (CCW/USB) concept. This scheme, which combines favorable characteristics of both the A-6/CCW and QSRA, employs the flow entrainment properties of CCW to pneumatically deflect engine thrust in lieu of the mechanical USB flap system. Results show that the no moving parts blown system produced static thrust deflections in the range of 40 deg to 97 deg (depending on thrust level) with a CCW pressure of 208,900 Pa (30.3 psig). In addition, the ability to vary horizontal forces from thrust to drag while maintaining a constant vertical (or lift) value was demonstrated by varying the blowing pressure. The versatility of the CCW/USB system, if applied to a STOL aircraft, was confirmed, where rapid conversion from a high drag approach mode to a thrust recovering waveoff or takeoff configuration could be achieved by nearly instantaneous blowing pressure variation

Flash drive memory apparatus and method

A memory apparatus includes a non-volatile computer memory, a USB mass storage controller connected to the non-volatile computer memory, the USB mass storage controller including a daisy chain component, a male USB interface connected to the USB mass storage controller, and at least one other interface for a memory device, other than a USB interface, the at least one other interface being connected to the USB mass storage controller