Biblio

In this paper, we present our ongoing work to develop an efficient and scalable verification method to achieve runtime security of real-time applications with strict performance requirements. The method allows to specify (functional and non-functional) behaviour of a real-time application and a set of known attacks/threats. The challenge here is to prove that the runtime application execution is at the same time (i) correct w.r.t. the functional specification and (ii) protected against the specified set of attacks, without violating any non-functional specification (e.g., real-time performance). To address the challenge, first we classify the set of attacks into computational, data integrity and communication attacks. Second, we decompose each class into its declarative properties and definitive properties. A declarative property specifies an attack as a one big-step relation between initial and final state without considering intermediate states, while a definitive property specifies an attack as a composition of many small-step relations considering all intermediate states between initial and final state. Semantically, the declarative property of an attack is equivalent to its corresponding definitive property. Based on the decomposition and the adequate specification of underlying runtime environment (e.g., compiler, processor and operating system), we prove rigorously that the application execution in a particular runtime environment is protected against declarative properties without violating runtime performance specification of the application. Furthermore, from the specification, we generate a security monitor that assures that the application execution is secure against each class of attacks at runtime without hindering real-time performance of the application.

Mobile security remains a concern for multiple stakeholders. Safe user behavior is crucial key to avoid and mitigate mobile threats. The research used a survey design to capture key constructs of mobile user threat avoidance behavior. Analysis revealed that there is no significant difference between the two key drivers of secure behavior, threat appraisal and coping appraisal, for Android and iOS users. However, statistically significant differences in avoidance motivation and avoidance behavior of users of the two operating systems were displayed. This indicates that existing threat avoidance models may be insufficient to comprehensively deal with factors that affect mobile user behavior. A newly introduced variable, perceived security, shows a difference in the perceptions of their level of protection among the users of the two operating systems, providing a new direction for research into mobile security.

In order to improve the security and reliability of information system and reduce the risk of vulnerability intrusion and attack, an automatic patch installation method of operating systems based on deep learning is proposed, If the installation is successful, the basic information of the system will be returned to the visualization server. If the installation fails, it is recommended to upgrading manually and display it on the patch detection visualization server. Through the practical application of statistical analysis, the statistical results show that the proposed method is significantly better than the original and traditional installation methods, which can effectively avoid the problem of client repeated download, and greatly improve the success rate of patch automatic upgrades. It effectively saves the upgrade cost and ensures the security and reliability of the information system.

The popularity of Unmanned Aerial Vehicles (UAV) or more commonly known as Drones is increasing recently. UAVs have tremendous potential in various industries, e.g., military, agriculture, transportation, movie, supply chain, and surveillance. UAVs are also popular among hobbyists for photography, racing, etc. Despite the possibilities, many UAV related security incidents are reported nowadays. UAVs can be targeted by malicious parties and if compromised, life-threatening activities can be performed using them. As a result, governments around the world have started to regulate the use of UAVs. We believe that UAVs need an intelligent and automated defense mechanism to ensure the safety of humans, properties, and the UAVs themselves. A major component where we can incorporate the defense mechanism is the operating system. In this paper, we investigate the security of existing operating systems used in consumer and commercial UAVs. We then survey various security issues of UAV operating systems and possible solutions. Finally, we discuss several research challenges for developing a secure operating system for UAVs.

In the continuously evolving environment, computer security has become a convenient challenge because of the rapid rise and expansion of the Internet. One of the most significant challenges to networks is attacks on network resources caused by inadequate network security. DHCP is defenseless to a number of attacks, such as DHCP rogue server attacks. This work is focused on developing a method of detecting these attacks and granting active host protection on GNU/Linux operating systems. Unauthorized DHCP servers can be easily arranged and compete with the legitimate server on the local network that can be the result of distributing incorrect IP addresses, malicious DNS server addresses, invalid routing information to unsuspecting clients, intercepting and eavesdropping on communications, and so on. The goal is to prevent the situations described above by recognizing untrusted DHCP servers and providing active host protection on the local network.

The Internet, originally an academic network for the rapid exchange of information, has moved over time into the commercial media, business and later industrial communications environment. Recently, it has been included as a part of cyberspace as a combat domain. Any device connected to the unprotected Internet is thus exposed to possible attacks by various groups and individuals pursuing various criminal, security and political objectives. Therefore, each such device must be set up to be as resistant as possible to these attacks. For the implementation of small home, academic or industrial systems, people very often use small computing system Raspberry PI, which is usually equipped with the operating system Raspbian Linux. Such a device is often connected to an unprotected Internet environment and if successfully attacked, can act as a gateway for an attacker to enter the internal network of an organization or home. This paper deals with security configuration of Raspbian Linux operating system for operation on public IP addresses in an unprotected Internet environment. The content of this paper is the conduction and analysis of an experiment in which five Raspbian Linux/Raspberry PI accounts were created with varying security levels; the easiest to attack is a simulation of the device of a user who has left the system without additional security. The accounts that follow gradually add further protection and security. These accounts are used to simulate a variety of experienced users, and in a practical experiment the effects of these security measures are evaluated; such as the number of successful / unsuccessful attacks; where the attacks are from; the type and intensity of the attacks; and the target of the attack. The results of this experiment lead to formulated conclusions containing an analysis of the attack and subsequent design recommendations and settings to secure such a device. The subsequent section of the paper discusses the implementation of a simple TCP server that is configured to listen to incoming traffic on preset ports; it simulates the behaviour of selected services on these ports. This server's task is to intercept unauthorized connection attempts to these ports and intercepting attempts to communicate or attack these services. These recorded attack attempts are analyzed in detail and formulated in the conclusion, including implications for the security settings of such a device. The overall result of this paper is the recommended set up of operating system Raspbian Linux to work on public IP addresses in an unfiltered Internet environment.

The course of operating system's labs usually fall behind the state of art technology. In this paper, we propose a Software Diversity-Assisted Defense (SDAD) lab based on software diversity, mainly targeting for students majoring in cyber security and computer science. This lab is consisted of multiple modules and covers most of the important concepts and principles in operating systems. Thus, the knowledge learned from the theoretical course will be deepened with the lab. For students majoring in cyber security, they can learn this new software diversity-based defense technology and understand how an exploit works from the attacker's side. The experiment is also quite stretchable, which can fit all level students.

Along with technological developments in the mobile environment, mobile devices are used in many areas like banking, social media and communication. The common characteristic of applications in these fields is that they contain personal or financial information of users. These types of applications are developed for Android or IOS operating systems and have become the target of attackers. To detect weakness, security analysts, perform mobile penetration tests using security analysis tools. These analysis tools have advantages and disadvantages to each other. Some tools can prioritize static or dynamic analysis, others not including these types of tests. Within the scope of the current model, we are aim to gather security analysis tools under the penetration testing framework, also contributing analysis results by data fusion algorithm. With the suggested model, security analysts will be able to use these types of analysis tools in addition to using the advantage of fusion algorithms fed by analysis tools outputs.

A Quick Response (QR) Code is a type of barcode that can be read by the digital devices and which stores the information in a square-shaped. The QR Code readers can extract data from the patterns which are presented in the QR Code matrix. A QR Code can be acting as an attack vector that can harm indirectly. In such case a QR Code can carry malicious or phishing URLs and redirect users to a site which is well conceived by the attacker and pretends to be an authorized one. Once the QR Code is decoded the commands are triggered and executed, causing damage to information, operating system and other possible sequence the attacker expects to gain. In this paper, a new model for QR Code authentication and phishing detection has been presented. The proposed model will be able to detect the phishing and malicious URLs in the process of the QR Code validation as well as to prevent the user from validating it. The development of this application will help to prevent users from being tricked by the harmful QR Codes.

Edge computing promises higher bandwidth and lower latency to end-users. However, edge servers usually have limited computing resources and are geographically distributed over the edge. This imposes new challenges for efficient system monitoring and control of edge servers.In this paper, we propose EdgeVMI, a framework to monitor and control services running on edge servers with lightweight virtual machine introspection(VMI). The key of our technique is to run the monitor in a lightweight virtual machine which can leverage hardware events for monitoring memory read and writes. In addition, the small binary size and memory footprints of the monitor could reduce the start/stop time of service, the runtime overhead, as well as the deployment efforts.Inspired by unikernels, we build our monitor with only the necessary system modules, libraries, and functionalities of a specific monitor task. To reduce the security risk of the monitoring behavior, we separate the monitor into two isolated modules: one acts as a sensor to collect security information and another acts as an actuator to conduct control commands. Our evaluation shows the effectiveness and the efficiency of the monitoring system, with an average performance overhead of 2.7%.

Cloud computing is one of the greatest innovations and emerging technologies of the century. It incorporates networks, databases, operating systems, and virtualization technologies thereby bringing the security challenges associated with these technologies. Security Measures such as two-factor authentication, intrusion detection systems, and data backup are already in place to handle most of the security threats and vulnerabilities associated with these technologies but there are still other threats that may not be easily detected. Such a threat is a malicious user gaining access to the Virtual Machines (VMs) of other genuine users and using the Virtual Machine resources for their benefits without the knowledge of the user or the cloud service provider. This research proposes a model for proactive monitoring and detection of anomalies in VM resource usage. The proposed model can detect and pinpoint the time such anomaly occurred. Isolation Forest and One-Class Support Vector Machine (OCSVM) machine learning algorithms were used to train and test the model on sampled virtual machine workload trace using a combination of VM resource metrics together. OCSVM recorded an average F1-score of 0.97 and 0.89 for hourly and daily time series respectively while Isolation Forest has an average of 0.93 and 0.80 for hourly and daily time series. This result shows that both algorithms work for the model however OCSVM had a higher classification success rate than Isolation Forest.

TCP SYN Flood is one of the most widespread DoS attack types performed on computer networks nowadays. As a possible countermeasure, we implemented and deployed modified versions of three network-based mitigation techniques for TCP SYN authentication. All of them utilize the TCP three-way handshake mechanism to establish a security association with a client before forwarding its SYN data. These algorithms are especially effective against regular attacks with spoofed IP addresses. However, our modifications allow deflecting even more sophisticated SYN floods able to bypass most of the conventional approaches. This comes at the cost of the delayed first connection attempt, but all subsequent SYN segments experience no significant additional latency (\textbackslashtextless; 0.2ms). This paper provides a detailed description and analysis of the approaches, as well as implementation details with enhanced security tweaks. The discussed implementations are built on top of the hardware-accelerated FPGA-based DDoS protection solution developed by CESNET and are about to be deployed in its backbone network and Internet exchange point at NIX.CZ.

Linux is one of the operating systems to support the increasingly rapid development of internet technology. Apart from the speed of the process, security also needs to be considered. Center for Internet Security (CIS) Benchmark is an example of a security standard. This study implements the CIS Benchmark using the Chef Inspec application. This research focuses on building a tool to perform security audits on the Ubuntu 20.04 operating system. 232 controls on CIS Benchmark were successfully implemented using Chef Inspec application. The results of this study were 87 controls succeeded, 118 controls failed, and 27 controls were skipped. This research is expected to be a reference for information system managers in managing system security.

Security baseline hardening is a baseline configuration framework aims to improve the robustness of the operating system, lowering the risk and impact of breach incidents. In typical best practice, the security baseline hardening requires to have regular check and follow-up to keep the system in-check, this set of activities are called "Security Baseline Audit". The Security Baseline Audit process is responsible by the IT department. In terms of business, this process consumes a fair number of resources such as man-hour, time, and technical knowledge. In a huge production environment, the resources mentioned can be multiplied by the system's amount in the production environment. This research proposes improving the process with automation while maintaining the quality and security level at the standard. Robot Framework, a useful and flexible opensource automation framework, is being utilized in this research following with a very successful result where the configuration is aligned with CIS (Center for Internet Security) run by the automation process. A tremendous amount of time and process are decreased while the configuration is according to this tool's standard.

The pervasive presence of smart objects in almost every corner of our everyday life urges the security of such embedded systems to be the point of attention. Memory vulnerabilities in the embedded program code, such as buffer overflow, are the entry point for powerful attack paradigms such as Code-Reuse Attacks (CRAs), in which attackers corrupt systems’ execution flow and maliciously alter their behavior. Control-Flow Integrity (CFI) has been proven to be the most promising approach against such kinds of attacks, and in the literature, a wide range of flow monitors are proposed, both hardware-based and software-based. While the formers are hardly applicable as they impose design alteration of underlying hardware modules, on the contrary, software solutions are more flexible and also portable to the existing devices. Real-Time Operating Systems (RTOS) and their key role in application development for embedded systems is the main concern regarding the application of the CFI solutions.This paper discusses the still open challenges and issues regarding the implementation of control-flow integrity policies on operating systems for embedded systems, analyzing the solutions proposed so far in the literature, highlighting possible limits in terms of performance, applicability, and protection coverage, and proposing possible improvement directions.

Nowadays, exploits often rely on a code-reuse approach. Short pieces of code called gadgets are chained together to execute some payload. Code-reuse attacks can exploit vul-nerabilities in the presence of operating system protection that prohibits data memory execution. The ROP chain construction task is the code generation for the virtual machine defined by an exploited executable. It is crucial to understand how powerful ROP attacks can be. Such knowledge can be used to improve software security. We implement MAJORCA that generates ROP and JOP payloads in an architecture agnostic manner and thoroughly consider restricted symbols such as null bytes that terminate data copying via strcpy. The paper covers the whole code-reuse payloads construction pipeline: cataloging gadgets, chaining them in DAG, scheduling, linearizing to the ready-to-run payload. MAJORCA automatically generates both ROP and JOP payloads for x86 and MIPS. MAJORCA constructs payloads respecting restricted symbols both in gadget addresses and data. We evaluate MAJORCA performance and accuracy with rop-benchmark and compare it with open-source compilers. We show that MAJORCA outperforms open-source tools. We propose a ROP chaining metric and use it to estimate the probabilities of successful ROP chaining for different operating systems with MAJORCA as well as other ROP compilers to show that ROP chaining is still feasible. This metric can estimate the efficiency of OS defences.

In this paper we propose to combine the safe C dialect Checked C with concolic testing to obtain an effective methodology for attaining safer C code. Checked C is a modern and backward compatible extension to the C programming language which provides facilities for writing memory-safe C code. We utilize incremental conversions of unsafe C software to Checked C. After each increment, we leverage concolic testing, an effective test generation technique, to support the conversion process by searching for newly introduced and existing bugs.Our RISC-V experiments using the RIOT Operating System (OS) demonstrate the effectiveness of our approach. We uncovered 4 previously unknown bugs and 3 bugs accidentally introduced through our conversion process.

Intelligent gadgets for example smartphones, tablet phones, and personal digital assistants play an increasingly important part in our lives and have become indispensable in our everyday routines. As a result, the market for mobile apps tends to grow at a rapid rate, and mobile app utilization has long eclipsed that of desktop software. The applications based on these smartphones are becoming vulnerable due to the use of open-source operating systems in these smart devices. These applications are vulnerable to smartphones because of memory leaks; they can steal personal data, hack our smartphones, and monitor our private activity, giving anyone significant financial loss. Because of these issues, smartphone security plays a vital role in our daily lives. The Play Store contains unrated applications which any unprofessional developer can develop, and these applications do not pass through the rigorous process of testing and analysis of code leaks. The existing developed system does not include a stringent procedure to examine and investigate source code to detect such vulnerabilities among mobile applications. This paper presented a dynamic analysis-based robust system for Source Code Analysis of Mobile Applications for Privacy Leaks using a machine learning algorithm. Furthermore, our framework is called Source Code Analysis of Mobile Applications (SCA-MA), which combines DynaLog and our machine learning-based classifier for Source Code Analysis of Mobile Applications. Our dataset will contain around 20000 applications to test and analyze vulnerabilities. We will perform dynamic analysis and separate the classification of vulnerable applications and safe applications. Our results show that we can detect vulnerabilities through our proposed system while reviewing code and provide better results than other existing frameworks. We have evaluated our large dataset with the pervasive way so we can detect even small privacy leak which can harm our app. Finally, we have compared results with existing methods, and framework performance is better than other methods.

This Innovative Practice full paper describes a technical innovation for scalable teaching of cybersecurity hands-on classes using interactive learning environments. Hands-on experience significantly improves the practical skills of learners. However, the preparation and delivery of hands-on classes usually do not scale. Teaching even small groups of students requires a substantial effort to prepare the class environment and practical assignments. Further issues are associated with teaching large classes, providing feedback, and analyzing learning gains. We present our research effort and practical experience in designing and using learning environments that scale up hands-on cybersecurity classes. The environments support virtual networks with full-fledged operating systems and devices that emulate realworld systems. The classes are organized as simultaneous training sessions with cybersecurity assignments and learners' assessment. For big classes, with the goal of developing learners' skills and providing formative assessment, we run the environment locally, either in a computer lab or at learners' own desktops or laptops. For classes that exercise the developed skills and feature summative assessment, we use an on-premises cloud environment. Our approach is unique in supporting both types of deployment. The environment is described as code using open and standard formats, defining individual hosts and their networking, configuration of the hosts, and tasks that the students have to solve. The environment can be repeatedly created for different classes on a massive scale or for each student on-demand. Moreover, the approach enables learning analytics and educational data mining of learners' interactions with the environment. These analyses inform the instructor about the student's progress during the class and enable the learner to reflect on a finished training. Thanks to this, we can improve the student class experience and motivation for further learning. Using the presented environments KYPO Cyber Range Platform and Cyber Sandbox Creator, we delivered the classes on-site or remotely for various target groups of learners (K-12, university students, and professional learners). The learners value the realistic nature of the environments that enable exercising theoretical concepts and tools. The instructors value time-efficiency when preparing and deploying the hands-on activities. Engineering and computing educators can freely use our software, which we have released under an open-source license. We also provide detailed documentation and exemplary hands-on training to help other educators adopt our teaching innovations and enable sharing of reusable components within the community.

As Internet of Things(IOT) devices become intelli-gent, more powerful computing capability is required. Multi-core processors are widely used in IoT devices because they provide more powerful computing capability while ensuring low power consumption. Therefore, it requires the operating system on IoT devices to support and optimize the scheduling algorithm for multi-core processors. Nowadays, microkernel-based operating systems, such as QNX Neutrino RTOS and HUAWEI Harmony OS, are widely used in IoT devices because of their real-time and security feature. However, research on multi-core scheduling for microkernel operating systems is relatively limited, especially for load balancing mechanisms. Related research is still mainly focused on the traditional monolithic operating systems, such as Linux. Therefore, this paper proposes a low-latency, high- performance, and high real-time centralized global dynamic multi-core load balancing method for the microkernel operating system. It has been implemented and tested on our own microkernel operating system named Mginkgo. The test results show that when there is load imbalance in the system, load balancing can be performed automatically so that all processors in the system can try to achieve the maximum throughput and resource utilization. And the latency brought by load balancing to the system is very low, about 4882 cycles (about 6.164us) triggered by new task creation and about 6596 cycles (about 8.328us) triggered by timing. In addition, we also tested the improvement of system throughput and CPU utilization. The results show that load balancing can improve the CPU utilization by 20% under the preset case, while the CPU utilization occupied by load balancing is negligibly low, about 0.0082%.

Multi-processors System-on-Chip (MPSoC) are a key enabling technology for different applications characterized by hyper-connectivity and multi-tenant requirements, where resources are shared and communication is ubiquitous. In such an environment, security plays a major role. To cope with these security needs, MPSoCs usually integrate cryptographic functionalities deployed as software and/or hardware solutions. Quantum computing represents a threat for the current cryptography. To overcome such a threat, Post-quantum cryptography (PQC) can be used, thus ensuring the long term security of different applications. Since 2017, NIST is running a PQC standardization process. While the focus has been the security analysis of the different PQC candidates and the software implementation, the MPSoC PQC implementation has been neglected. To this end, this work presents two contributions. First, the exploration of the multicore capabilities for developing optimized PQC implementations. As a use case, NTRU lattice-based PQC, finalist for the NIST standardization process, is discussed. Second, NTRU was deployed on an AURIX microcontroller of Infineon Technologies AG with the Real-Time Operating System PXROS-HR from HighTec EDV-Systeme GmbH. Results show that NTRU can be efficiently implemented and optimized on a multicore architecture, improving the performance up to 43% when compared to single core solutions.

In order to meet the actual needs of operating system localization and high-security operating system, this paper proposes a multi-core embedded high-security operating system inter-core communication mechanism centered on private memory on the core based on the cache mechanism of DSP processors such as Feiteng design. In order to apply it to the multi-core embedded high-security operating system, this paper also combines the priority scheduling scheme used in the design of our actual operating system to analyze the certainty of inter-core communication. The analysis result is: under this communication mechanism There is an upper limit for end-to-end delay, so the certainty of the communication mechanism is guaranteed and can be applied to multi-core high-security embedded operating systems.

In-Network Computing is a promising field that can be explored to leverage programmable network devices to offload computing towards the edge of the network. This has created great interest in supporting a wide range of network functionality in the data plane. Considering a networked robotics domain, this brings new opportunities to tackle the communication latency challenges. However, this approach opens a room for hardware-level exploits, with the possibility to add a malicious code to the network device in a hidden fashion, compromising the entire communication in the robotic facilities. In this work, we expose vulnerabilities that are exploitable in the most widely used flexible framework for writing robot software, Robot Operating System (ROS). We focus on ROS protocol crossing a programmable SmartNIC as a use case for In-Network Hijacking and In-Network Replay attacks, that can be easily implemented using the P4 language, exposing security vulnerabilities for hackers to take control of the robots or simply breaking the entire system.

Surveillance systems involve a camera module (at a fixed location) connected/streaming video via Internet Protocol to a (video) server. In our IMPRINT consortium project, by mounting miniaturised camera module/s on mobile quadruped-lizard like robots, we developed a stealth surveillance system, which could be very useful as a monitoring system in hostage situations. In this paper, we report about the communication system that enables secure transmission of: Live-video from robots to a server, GPS-coordinates of robots to the server and Navigation-commands from server to robots. Since the end application is for stealth surveillance, often can involve sensitive data, data security is a crucial concern, especially when data is transmitted through the internet. We use the RC4 algorithm for video transmission; while the AES algorithm is used for GPS data and other commands’ data transmission. Advantages of the developed system is easy to use for its web interface which is provided on the control station. This communication system, because of its internet-based communication, it is compatible with any operating system environment. The lightweight program runs on the control station (on the server side) and robot body that leads to less memory consumption and faster processing. An important requirement in such hostage surveillance systems is fast data processing and data-transmission rate. We have implemented this communication systems with a single-board computer having GPU that performs better in terms of speed of transmission and processing of data.

Increasingly, the transportation industry has moved towards automation to improve safety, fuel efficiency, and system productivity. However, the increased scrutiny that automated vehicles (AV) face over functional safety has hindered the industry's unbridled confidence in self-driving technologies. As AVs are cyber-physical systems, they utilize distributed control to accomplish a range of safety-critical driving tasks. The Operation Systems (OS) serve as the core of these control systems. Therefore, their designs and implementation must incorporate ways to protect AVs against what must be assumed to be inevitable cyberattacks to meet the overall AV functional safety requirements. This paper investigates the connection between functional safety and cybersecurity in the context of OS. This study finds that risks due to delays can worsen by potential cybersecurity vulnerabilities through a case example of an automated vehicle following. Furthermore, attack surfaces and cybersecurity countermeasures for protecting OSs from security breaches are addressed.