Software supply chain monitoring in containerised open-source digital forensics and incident response tools

Abstract. Legal context makes software development challenging for the tool-oriented Digital Forensics and Incident Response (DFIR) field. Digital evidence must be complete, accurate, reliable, and acquirable in reproducible methods in order to be used in court. However, the lack of sufficient software quality is a well-known problem in this context. The popularity of Open-source Software (OSS) based development has increased the tool availability on different channels, highlighting their varying quality. The lengthened software supply chain has introduced additional factors affecting the tool quality and control over the use of the exact software version. Prior research on the quality level has primarily targeted the fundamental codebase of the tool, not the underlying dependencies. There is no research about the role of the software supply chain for quality factors in the DFIR context. The research in this work focuses on the container-based package ecosystem, where the case study includes 51 maintained open-source DFIR tools published as Open Container Initiative (OCI) containers. The package ecosystem was improved, and an experimental system was implemented to monitor upstream release version information and provide it for both package maintainers and end-users. The system guarantees that the described tool version matches the actual version of the tool package, and all information about tool versions is available. The primary purpose is to bring more control over the packages and support the reproducibility and documentation requirement of the investigations while also helping with the maintenance work. The tools were also monitored and maintained for six months to observe software dependency-related factors affecting the tool functionality between different versions. After that period, the maintenance was halted for additional six months, and the tool’s current package version was rebuilt to limit gathered information for the changed dependencies. A significant amount of different built time and runtime failures were discovered, which have either prevented or hindered the tool installation or significantly affected the tool used in the investigation process. Undocumented, changed or too new environment-related dependencies were the significant factors leading to tool failures. These findings support known software dependency-related problems. The nature of the failures suggests that tool package maintainers are required to possess a prominent level of various kinds of skills for making operational tool packages, and maintenance is an effort-intensive job. If the investigator does not have similar skills and there is a dependency-related failure present in the software, the software may not be usable.Ohjelmistotoimitusketjun seuranta kontitetuissa avoimen lähdekoodin digitaaliforensiikan ja tietoturvapoikkeamien reagoinnin työkaluissa. Tiivistelmä. Oikeudellinen asiayhteys tekee ohjelmistokehityksestä haasteellista työkalupainotteiselle digitaaliforensiikalle ja tietoturvapoikkeamiin reagoinnille (DFIR). Digitaalisen todistusaineiston on oltava kokonaista, täsmällistä, luotettavaa ja hankittavissa toistettavilla menetelmillä, jotta sitä voidaan käyttää tuomioistuimessa. Laadun puute on kuitenkin tässä yhteydessä tunnettu ongelma. Avoimeen lähdekoodin perustuva ohjelmistokehitys on kasvattanut suosiotaan, mikä on luonnollisesti lisännyt työkalujen saatavuutta eri kanavilla, korostaen niiden vaihtelevaa laatua. Ohjelmistotoimitusketjun pidentyminen on tuonut mukanaan työkalujen laatuun ja täsmällisen ohjelmistoversion hallintaan vaikuttavia lisätekijöitä. Laatutasoa koskevassa aikaisemmassa tutkimuksessa on keskitytty pääasiassa työkalun olennaiseen koodipohjaan; ei sen taustalla oleviin riippuvuuksiin. Ohjelmistotoimitusketjun merkityksestä laadullisiin tekijöihin ei ole olemassa tutkimusta DFIR-asiayhteydessä. Tämän työn tutkimuksessa keskitytään konttipohjaiseen pakettiekosysteemiin, missä tapaustutkimuksen kohteena on 51 ylläpidettyä avoimen lähdekoodin DFIR-työkalua, jotka julkaistaan ns. OCI-kontteina. Työssä parannettiin pakettiekosysteemiä ja toteutettiin kokeellinen järjestelmä, jolla seurattiin julkaisuversiotietoja ja tarjottiin niitä sekä pakettien ylläpitäjille että loppukäyttäjille. Järjestelmä takaa, että kuvattu työkaluversio vastaa työkalupaketin todellista versiota, ja kaikki tieto työkaluversioista on saatavilla. Ensisijaisena tarkoituksena oli lisätä ohjelmistopakettien hallintaa ja tukea tutkintojen toistettavuus- ja dokumentointivaatimusta, kuten myös auttaa pakettien ylläpitotyössä. Työssä myös seurattiin ja ylläpidettiin työkaluja kuuden kuukauden ajan sellaisten ohjelmistoriippuvuuksien aiheuttamien tekijöiden tunnistamiseksi, jotka vaikuttavat työkalun toimivuuteen eri versioiden välillä. Lisäksi odotettiin vielä kuusi kuukautta ilman ylläpitoa, ja työkalun nykyinen pakettiversio rakennettiin uudelleen, jotta kerätty tieto voitiin rajoittaa vain muuttuneisiin riippuvuuksiin. Työn aikana löydettiin huomattava määrä erilaisia rakennusaika- ja suoritusaikavirheitä, mitkä ovat joko estäneet tai haitanneet työkalun asennusta, tai muuten vaikuttaneet merkittävästi tutkinnassa käytettyyn työkaluun. Dokumentoimattomat, muuttuneet tai liian uudet ympäristöriippuvuudet olivat merkittäviä työkaluvirheisiin johtaneita tekijöitä. Nämä löydökset tukevat ennestään tunnettuja ohjelmistoriippuvuusongelmia. Virheiden luonteesta voidaan päätellä, että työkalujen ylläpitäjiltä vaaditaan paljon erilaista osaamista toiminnallisten työkalupakettien ylläpitämisessä, ja ylläpitäminen vaatii paljon vaivaa. Jos tutkijalla ei ole vastaavia taitoja ja ohjelmistossa on riippuvuuksiin liittyvä virhe, ohjelmisto saattaa olla käyttökelvoton

Directional characteristics of lunar thermal emission

Directional characteristics and brightness temperatures of thermal lunar emissio

Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets

Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they require a large amount of training data and are not adept at detecting phishing attacks against new targets. In this paper, we begin with two core observations: (a) although phishers try to make a phishing webpage look similar to its target, they do not have unlimited freedom in structuring the phishing webpage, and (b) a webpage can be characterized by a small set of key terms, how these key terms are used in different parts of a webpage is different in the case of legitimate and phishing webpages. Based on these observations, we develop a phishing detection system with several notable properties: it requires very little training data, scales well to much larger test data, is language-independent, fast, resilient to adaptive attacks and implemented entirely on client-side. In addition, we developed a target identification component that can identify the target website that a phishing webpage is attempting to mimic. The target detection component is faster than previously reported systems and can help minimize false positives in our phishing detection system.Peer reviewe

Parodontiitti ja sepelvaltimotauti

Tiivistelmä. Tämä syventävä tutkielma on kirjallisuuskatsaus, joka perehtyy tieteellisiin julkaisuihin, jotka käsittelivät parodontiitin ja sepelvaltimotaudin välistä yhteyttä. Useat epidemiologiset tutkimukset osoittavat, että parodontiitin ja kardiovaskulaarisairauksien välillä on olemassa yhteys. Tulokset ovat osittain ristiriitaisia, sillä kaikissa tutkimuksissa yhteyttä ei ole todettu tai yhteys on hyvin pieni. Siksi tarvitaan vielä tarkempia tutkimuksia. Keskimäärin suurentunut riski sairastua oli melko matala (19–50%) tai sitä ei löytynyt, kun tutkimus käsitti myös iäkkäät henkilöt. Toisaalta silloin, kun tutkittiin erikseen alle 65-vuotiaita tai alle 50-vuotiaita, havaittiin suurempi (44–72%) riski sairastua sepelvaltimotautiin, jos sairasti parodontiittia. Tämä voi tarkoittaa sitä, että nuoremmalla ikäluokalla riski sairastua on kasvanut. Se, miten parodontiitti vaikuttaa sepelvaltimotautiin, ei ole vielä täysin selvä. Suurimmaksi osaksi se perustuu parodontiittipatogeenien aiheuttamaan matala-asteiseen krooniseen tulehdukseen elimistössä. Näitä patogeeneja voi päästä elimistöön päivittäisen hampaiden harjauksen, puremisen tai parodontiitin hoidon yhteydessä. Tulehdukseen liittyvät tekijät, kuten tulehdusvälittäjäaineet, sekä bakteerien erittämät endotoksiinit voivat suoraan aiheuttaa verisuonivaurion, mikä voi edistää sepelvaltimotaudin patogeneesia

Flexural Strength of Interlocking Compressed Earth Brick (ICEB) Unit

This paper presents the flexural strength of the ICEB unit. The flexural strength is important in determining the strength of the masonry unit. About 260 units of ICEB consist three type of unit were tested on flatwise (bed direction) and inverted direction, with the different shape at the top and bottom of the ICEB. The unit was loaded at midspan through a steel bearing plate of 6.4 mm thickness and 38.1 mm width. Specimens were supported at both ends which are free to rotate in the longitudinal and transverse directions during the test. The highest flexural strength of ICEB is Wall Brick for both flatwise and inverted direction which is 2.36 N/mm2 and 2.15 N/mm2, respectively. For flatwise direction, Beam Brick has the lowest flexural strength which is 1.55 N/mm2, and in inverted direction Column Brick flexural strength is lower than Beam Brick which is 1.65 N/mm2. ICEB can be used in construction and has the equal properties as other common brick and block at the market nowadays

Modularity and Optimality in Social Choice

Marengo and the second author have developed in the last years a geometric model of social choice when this takes place among bundles of interdependent elements, showing that by bundling and unbundling the same set of constituent elements an authority has the power of determining the social outcome. In this paper we will tie the model above to tournament theory, solving some of the mathematical problems arising in their work and opening new questions which are interesting not only from a mathematical and a social choice point of view, but also from an economic and a genetic one. In particular, we will introduce the notion of u-local optima and we will study it from both a theoretical and a numerical/probabilistic point of view; we will also describe an algorithm that computes the universal basin of attraction of a social outcome in O(M^3 logM) time (where M is the number of social outcomes).Comment: 42 pages, 4 figures, 8 tables, 1 algorithm

Characterisation of Structure-Borne Sound Source Using Reception Plate Method

A laboratory-based experiment procedure of reception platemethod for structure-borne sound source characterisation is reported in this paper. he method uses the assumption that the input power from the source installed on the plate is equal to the power dissipated by the plate. In this experiment, rectangular plates having high and low mobility relative to that of the source were used as the reception plates and a small electric fan motor was acting as the structure-borne source. he data representing the source characteristics, namely, the free velocity and the sourcemobility, were obtained and compared with those fromdirectmeasurement. Assumptions and constraints employing this method are discussed

Off-the-Hook: An Efficient and Usable Client-Side Phishing Prevention Application

Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings.Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook, exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings.Non Peer reviewe

Enhanced second harmonic generation from resonant GaAs gratings

We study second harmonic generation in nonlinear, GaAs gratings. We find large enhancement of conversion efficiency when the pump field excites the guided mode resonances of the grating. Under these circumstances the spectrum near the pump wavelength displays sharp resonances characterized by dramatic enhancements of local fields and favorable conditions for second harmonic generation, even in regimes of strong linear absorption at the harmonic wavelength. In particular, in a GaAs grating pumped at 1064nm, we predict second harmonic conversion efficiencies approximately five orders of magnitude larger than conversion rates achievable in either bulk or etalon structures of the same material.Comment: 8 page

Behaviour and design of eccentrically loaded hot-rolled steel SHS and RHS stub columns at elevated temperatures

The structural fire response of hot-rolled steel square and rectangular hollow sections (SHS and RHS) under combined compression and bending is investigated in this study through finite element (FE) modelling. The developed FE models were firstly validated against available test results on hot-rolled steel SHS/RHS subjected to combined compression and bending at elevated temperatures. Upon validation, an extensive parametric study was then carried out to examine the resistance of hot-rolled steel SHS/RHS under combined loading at elevated temperatures, covering a wide range of cross-section slendernesses, cross-section aspect ratios, combinations of loading and temperatures up to 800 °C. The numerical data, together with the experimental results, were compared with the strength predictions according to the current structural fire design rules in the European Standard EN 1993-1-2 (2002) and American Specification AISC 360–16 (2016) for hot-rolled steel SHS/RHS under combined loading. The comparisons generally indicated significant disparities in the prediction of resistance of hot-rolled steel SHS/RHS under combined loading at elevated temperatures, owing principally to inaccurate predictions of the end points of the design interaction curves. The deformation-based continuous strength method (CSM) has been shown to provide accurate strength predictions for these end points i.e. the resistances of hot-rolled steel SHS/RHS stub columns and beams at elevated temperatures. In this study, proposals are presented to extend the scope of the CSM to the structural fire design of hot-rolled steel SHS/RHS under combined compression and bending. The CSM proposals are shown to offer improved accuracy and reliability over current design methods and are therefore recommended for incorporation into future revisions of international structural fire design codes