10,611 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Technical Dimensions of Programming Systems

    Get PDF
    Programming requires much more than just writing code in a programming language. It is usually done in the context of a stateful environment, by interacting with a system through a graphical user interface. Yet, this wide space of possibilities lacks a common structure for navigation. Work on programming systems fails to form a coherent body of research, making it hard to improve on past work and advance the state of the art. In computer science, much has been said and done to allow comparison of programming languages, yet no similar theory exists for programming systems; we believe that programming systems deserve a theory too. We present a framework of technical dimensions which capture the underlying characteristics of programming systems and provide a means for conceptualizing and comparing them. We identify technical dimensions by examining past influential programming systems and reviewing their design principles, technical capabilities, and styles of user interaction. Technical dimensions capture characteristics that may be studied, compared and advanced independently. This makes it possible to talk about programming systems in a way that can be shared and constructively debated rather than relying solely on personal impressions. Our framework is derived using a qualitative analysis of past programming systems. We outline two concrete ways of using our framework. First, we show how it can analyze a recently developed novel programming system. Then, we use it to identify an interesting unexplored point in the design space of programming systems. Much research effort focuses on building programming systems that are easier to use, accessible to non-experts, moldable and/or powerful, but such efforts are disconnected. They are informal, guided by the personal vision of their authors and thus are only evaluable and comparable on the basis of individual experience using them. By providing foundations for more systematic research, we can help programming systems researchers to stand, at last, on the shoulders of giants

    Victims' Access to Justice in Trinidad and Tobago: An exploratory study of experiences and challenges of accessing criminal justice in a post-colonial society

    Get PDF
    This thesis investigates victims' access to justice in Trinidad and Tobago, using their own narratives. It seeks to capture how their experiences affected their identities as victims and citizens, alongside their perceptions of legitimacy regarding the criminal justice system. While there have been some reforms in the administration of criminal justice in Trinidad and Tobago, such reforms have not focused on victims' accessibility to the justice system. Using grounded theory methodology, qualitative data was collected through 31 in-depth interviews with victims and victim advocates. The analysis found that victims experienced interpersonal, structural, and systemic barriers at varying levels throughout the criminal justice system, which manifested as institutionalized secondary victimization, silencing and inequality. This thesis argues that such experiences not only served to appropriate conflict but demonstrates that access is often given in a very narrow sense. Furthermore, it shows a failure to encompass access to justice as appropriated conflicts are left to stagnate in the system as there is often very little resolution. Adopting a postcolonial lens to analyse victims' experiences, the analysis identified othering practices that served to institutionalize the vulnerability and powerlessness associated with victim identities. Here, it is argued that these othering practices also affected the rights consciousness of victims, delegitimating their identities as citizens. Moreover, as a result of their experiences, victims had mixed perceptions of the justice system. It is argued that while the system is a legitimate authority victims' endorsement of the system is questionable, therefore victims' experiences suggest that there is a reinforcement of the system's legal hegemony. The findings suggest that within the legal system of Trinidad and Tobago, legacies of colonialism shape the postcolonial present as the psychology and inequalities of the past are present in the interactions and processes of justice. These findings are relevant for policymakers in Trinidad and Tobago and other regions. From this study it is recognized that, to improve access to justice for victims, there needs to be a move towards victim empowerment that promotes resilience and enhances social capital. Going forward it is noted that there is a need for further research

    Message Journal, Issue 5: COVID-19 SPECIAL ISSUE Capturing visual insights, thoughts and reflections on 2020/21 and beyond...

    Get PDF
    If there is a theme running through the Message Covid-19 special issue, it is one of caring. Of our own and others’ resilience and wellbeing, of friendship and community, of students, practitioners and their futures, of social justice, equality and of doing the right thing. The veins of designing with care run through the edition, wide and deep. It captures, not designers as heroes, but those with humble views, exposing the need to understand a diversity of perspectives when trying to comprehend the complexity that Covid-19 continues to generate. As graphic designers, illustrators and visual communicators, contributors have created, documented, written, visualised, reflected, shared, connected and co-created, designed for good causes and re-defined what it is to be a student, an academic and a designer during the pandemic. This poignant period in time has driven us, through isolation, towards new rules of living, and new ways of working; to see and map the world in a different light. A light that is uncertain, disjointed, and constantly being redefined. This Message issue captures responses from the graphic communication design community in their raw state, to allow contributors to communicate their experiences through both their written and visual voice. Thus, the reader can discern as much from the words as the design and visualisations. Through this issue a substantial number of contributions have focused on personal reflection, isolation, fear, anxiety and wellbeing, as well as reaching out to community, making connections and collaborating. This was not surprising in a world in which connection with others has often been remote, and where ‘normal’ social structures of support and care have been broken down. We also gain insight into those who are using graphic communication design to inspire and capture new ways of teaching and learning, developing themselves as designers, educators, and activists, responding to social justice and to do good; gaining greater insight into society, government actions and conspiracy. Introduction: Victoria Squire - Coping with Covid: Community, connection and collaboration: James Alexander & Carole Evans, Meg Davies, Matthew Frame, Chae Ho Lee, Alma Hoffmann, Holly K. Kaufman-Hill, Joshua Korenblat, Warren Lehrer, Christine Lhowe, Sara Nesteruk, Cat Normoyle & Jessica Teague, Kyuha Shim. - Coping with Covid: Isolation, wellbeing and hope: Sadia Abdisalam, Tom Ayling, Jessica Barness, Megan Culliford, Stephanie Cunningham, Sofija Gvozdeva, Hedzlynn Kamaruzzaman, Merle Karp, Erica V. P. Lewis, Kelly Salchow Macarthur, Steven McCarthy, Shelly Mayers, Elizabeth Shefrin, Angelica Sibrian, David Smart, Ane Thon Knutsen, Isobel Thomas, Darryl Westley. - Coping with Covid: Pedagogy, teaching and learning: Bernard J Canniffe, Subir Dey, Aaron Ganci, Elizabeth Herrmann, John Kilburn, Paul Nini, Emily Osborne, Gianni Sinni & Irene Sgarro, Dave Wood, Helena Gregory, Colin Raeburn & Jackie Malcolm. - Coping with Covid: Social justice, activism and doing good: Class Action Collective, Xinyi Li, Matt Soar, Junie Tang, Lisa Winstanley. - Coping with Covid: Society, control and conspiracy: Diana Bîrhală, Maria Borțoi, Patti Capaldi, Tânia A. Cardoso, Peter Gibbons, Bianca Milea, Rebecca Tegtmeyer, Danne Wo

    The temporality of rhetoric: the spatialization of time in modern criticism

    Get PDF
    Every conception of criticism conceals a notion of time which informs the manner in which the critic conceives of history, representation and criticism itself. This thesis reveals the philosophies of time inherent in certain key modern critical concepts: allegory, irony and the sublime. Each concept opens a breach in time, a disruption of chronology. In each case this gap or aporia is emphatically closed, elided or denied. Taking the philosophy of time elaborated by Giorgio Agamben as an introductory proposition, my argument turns in Chapter One to the allegorical temporality which Walter Benjamin sees as the time of photography. The second chapter examines the aesthetics of the sublime as melancholic or mournful untimeliness. In Chapter Three, Paul de Man's conception of irony provides an exemplary instance of the denial of this troubling temporal predicament. In opposition to the foreclosure of the disturbing temporalities of criticism, history and representation, the thesis proposes a fundamental rethinking of the philosophy of time as it relates to these categories of reflection. In a reading of an inaugural meditation on the nature of time, and in examining certain key contemporary philosophical and critical texts, I argue for a critical attendance to that which eludes those modes of thought that attempt to map time as a recognizable and essentially spatial field. The Confessions of Augustine provide, in the fourth chapter, a model for thinking through the problems set up earlier: Augustine affords us, precisely, a means of conceiving of the gap or the interim. In the final chapter, this concept is developed with reference to the criticism of Arnold and Eliot, the fiction of Virginia Woolf and the philosophy of cinema derived from Deleuze and Lyotard. In conclusion, the philosophical implications of the thesis are placed in relation to a conception of the untimeliness of death

    Embodying entrepreneurship: everyday practices, processes and routines in a technology incubator

    Get PDF
    The growing interest in the processes and practices of entrepreneurship has been dominated by a consideration of temporality. Through a thirty-six-month ethnography of a technology incubator, this thesis contributes to extant understanding by exploring the effect of space. The first paper explores how class structures from the surrounding city have appropriated entrepreneurship within the incubator. The second paper adopts a more explicitly spatial analysis to reveal how the use of space influences a common understanding of entrepreneurship. The final paper looks more closely at the entrepreneurs within the incubator and how they use visual symbols to develop their identity. Taken together, the three papers reject the notion of entrepreneurship as a primarily economic endeavour as articulated through commonly understood language and propose entrepreneuring as an enigmatic attractor that is accessed through the ambiguity of the non-verbal to develop the ‘new’. The thesis therefore contributes to the understanding of entrepreneurship and proposes a distinct role for the non-verbal in that understanding

    TOWARDS AN UNDERSTANDING OF EFFORTFUL FUNDRAISING EXPERIENCES: USING INTERPRETATIVE PHENOMENOLOGICAL ANALYSIS IN FUNDRAISING RESEARCH

    Get PDF
    Physical-activity oriented community fundraising has experienced an exponential growth in popularity over the past 15 years. The aim of this study was to explore the value of effortful fundraising experiences, from the point of view of participants, and explore the impact that these experiences have on people’s lives. This study used an IPA approach to interview 23 individuals, recognising the role of participants as proxy (nonprofessional) fundraisers for charitable organisations, and the unique organisation donor dynamic that this creates. It also bought together relevant psychological theory related to physical activity fundraising experiences (through a narrative literature review) and used primary interview data to substantiate these. Effortful fundraising experiences are examined in detail to understand their significance to participants, and how such experiences influence their connection with a charity or cause. This was done with an idiographic focus at first, before examining convergences and divergences across the sample. This study found that effortful fundraising experiences can have a profound positive impact upon community fundraisers in both the short and the long term. Additionally, it found that these experiences can be opportunities for charitable organisations to create lasting meaningful relationships with participants, and foster mutually beneficial lifetime relationships with them. Further research is needed to test specific psychological theory in this context, including self-esteem theory, self determination theory, and the martyrdom effect (among others)

    Defining Service Level Agreements in Serverless Computing

    Get PDF
    The emergence of serverless computing has brought significant advancements to the delivery of computing resources to cloud users. With the abstraction of infrastructure, ecosystem, and execution environments, users could focus on their code while relying on the cloud provider to manage the abstracted layers. In addition, desirable features such as autoscaling and high availability became a provider’s responsibility and can be adopted by the user\u27s application at no extra overhead. Despite such advancements, significant challenges must be overcome as applications transition from monolithic stand-alone deployments to the ephemeral and stateless microservice model of serverless computing. These challenges pertain to the uniqueness of the conceptual and implementation models of serverless computing. One of the notable challenges is the complexity of defining Service Level Agreements (SLA) for serverless functions. As the serverless model shifts the administration of resources, ecosystem, and execution layers to the provider, users become mere consumers of the provider’s abstracted platform with no insight into its performance. Suboptimal conditions of the abstracted layers are not visible to the end-user who has no means to assess their performance. Thus, SLA in serverless computing must take into consideration the unique abstraction of its model. This work investigates the Service Level Agreement (SLA) modeling of serverless functions\u27 and serverless chains’ executions. We highlight how serverless SLA fundamentally differs from earlier cloud delivery models. We then propose an approach to define SLA for serverless functions by utilizing resource utilization fingerprints for functions\u27 executions and a method to assess if executions adhere to that SLA. We evaluate the approach’s accuracy in detecting SLA violations for a broad range of serverless application categories. Our validation results illustrate a high accuracy in detecting SLA violations resulting from resource contentions and provider’s ecosystem degradations. We conclude by presenting the empirical validation of our proposed approach, which could detect Execution-SLA violations with accuracy up to 99%
    • …
    corecore