Cross-Programming Language Taint Analysis for the IoT Ecosystem

The Internet of Things (IoT) is a key component for the next disruptive technologies. However, IoT merges together several diverse software layers: embedded, enterprise, and cloud programs interact with each other. In addition, security and privacy vulnerabilities of IoT software might be particularly dangerous due to the pervasiveness and physical nature of these systems. During the last decades, static analysis, and in particular taint analysis, has been widely applied to detect software vulnerabilities. Unfortunately, these analyses assume that software is entirely written in a single programming language, and they are not immediately suitable to detect IoT vulnerabilities where many different software components, written in different programming languages, interact. This paper discusses how to leverage existing static taint analyses to a cross-programming language scenario

Static analysis for discovering IoT vulnerabilities

The Open Web Application Security Project (OWASP), released the \u201cOWASP Top 10 Internet of Things 2018\u201d list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia\u2019s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies

Static analysis of android apps interaction with automotive CAN

Modern car infotainment systems allow users to connect an Android device to the vehicle. The device then interacts with the hardware of the car, hence providing new interaction mechanisms to the driver. However, this can be misused and become a major security breach into the car, with subsequent security concerns: the Android device can both read sensitive data (speed, model, airbag status) and send dangerous commands (brake, lock, airbag explosion). Moreover, this scenario is unsettling since Android devices connect to the cloud, opening the door to remote attacks by malicious users or the cyberspace. The OpenXC platform is an open-source API that allows Android apps to interact with the car’s hardware. This article studies this library and shows how it can be used to create injection attacks. Moreover, it introduces a novel static analysis that identifies such attacks before they actually occur. It has been implemented in the Julia static analyzer and finds injection vulnerabilities in actual apps from the Google Play marketplace

MODULATORY EFFECT OF SEMIPURIFIED FRACTIONS OF BAUHINIA PURPUREA L. BARK EXTRACT ON OXIDATIVE STRESS IN STZ-INDUCED DIABETIC RATS

The role of oxidative stress in the development of diabetes mellitus and its vascular complications are extensively studied. Hyperglycaemia causes oxidative damage by generation of reactive oxygen species and results in the development of complications. The present study was undertaken with the objective of exploring the anti-hyperglycaemic potential of phenolic compounds enriched semipurified extract of Bauhinia purpurea bark in streptozotocin induced (STZ) diabetic rats for four weeks and to study oxidative stress and antioxidant status. Rats were rendered diabetic by single injection of streptozotocin (60 mg/kg body wt, ip). At the end of the treatment period, the level of blood glucose, serum biochemical markers, serum cholesterol levels and liver malondialdehyde, tissue antioxidant levels were measured. A marked rise was observed in the levels of fasting blood glucose, cholesterol, lipid peroxidative products and a significant decrease in tissue antioxidants (reduced glutathione) levels in STZ treated rats. Oral administration of two semi purified extracts B1 and B2 (100 and 50 mg/kg body wt each, p.o) decreased fasting blood glucose levels of STZ-treated diabetic rats significantly (P < 0.01), when compared with control rats. In addition, the extracts showed favorable effect (P < 0.01) on the reduced tissues antioxidants level, liver glycogen level, cholesterol level, with significant (P < 0.01) reduction of elevated lipid peroxidation products. Our study showed the antioxidant effect of phenolic compounds enriched semipurified extracts of B. purpurea in STZ induced experimental diabetes. The results also suggested that this polyphenolics rich extract could be potentially useful for hyperglycaemia treatment to correct the diabetic state

Abstracts of National Conference on Research and Developments in Material Processing, Modelling and Characterization 2020

This book presents the abstracts of the papers presented to the Online National Conference on Research and Developments in Material Processing, Modelling and Characterization 2020 (RDMPMC-2020) held on 26th and 27th August 2020 organized by the Department of Metallurgical and Materials Science in Association with the Department of Production and Industrial Engineering, National Institute of Technology Jamshedpur, Jharkhand, India. Conference Title: National Conference on Research and Developments in Material Processing, Modelling and Characterization 2020Conference Acronym: RDMPMC-2020Conference Date: 26–27 August 2020Conference Location: Online (Virtual Mode)Conference Organizer: Department of Metallurgical and Materials Engineering, National Institute of Technology JamshedpurCo-organizer: Department of Production and Industrial Engineering, National Institute of Technology Jamshedpur, Jharkhand, IndiaConference Sponsor: TEQIP-