Visible to the public Biblio

Found 142 results

Filters: Keyword is Linux  [Clear All Filters]
2023-07-13
Alqarni, Mansour, Azim, Akramul.  2022.  Mining Large Data to Create a Balanced Vulnerability Detection Dataset for Embedded Linux System. 2022 IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT). :83–91.
The security of embedded systems is particularly crucial given the prevalence of embedded devices in daily life, business, and national defense. Firmware for embedded systems poses a serious threat to the safety of society, business, and the nation because of its robust concealment, difficulty in detection, and extended maintenance cycle. This technology is now an essential part of the contemporary experience, be it in the smart office, smart restaurant, smart home, or even the smart traffic system. Despite the fact that these systems are often fairly effective, the rapid expansion of embedded systems in smart cities have led to inconsistencies and misalignments between secured and unsecured systems, necessitating the development of secure, hacker-proof embedded systems. To solve this issue, we created a sizable, original, and objective dataset that is based on the latest Linux vulnerabilities for identifying the embedded system vulnerabilities and we modified a cutting-edge machine learning model for the Linux Kernel. The paper provides an updated EVDD and analysis of an extensive dataset for embedded system based vulnerability detection and also an updated state of the art deep learning model for embedded system vulnerability detection. We kept our dataset available for all researchers for future experiments and implementation.
2023-06-09
L, Gururaj H, C, Soundarya B, V, Janhavi, H, Lakshmi, MJ, Prassan Kumar.  2022.  Analysis of Cyber Security Attacks using Kali Linux. 2022 IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE). :1—6.
In the prevailing situation, the sports like economic, industrial, cultural, social, and governmental activities are carried out in the online world. Today's international is particularly dependent on the wireless era and protective these statistics from cyber-assaults is a hard hassle. The reason for cyber-assaults is to damage thieve the credentials. In a few other cases, cyber-attacks ought to have a navy or political functions. The damages are PC viruses, facts break, DDS, and exceptional attack vectors. To this surrender, various companies use diverse answers to prevent harm because of cyberattacks. Cyber safety follows actual-time data at the modern-day-day IT data. So, far, numerous techniques have proposed with the resource of researchers around the area to prevent cyber-attacks or lessen the harm due to them. The cause of this has a look at is to survey and comprehensively evaluate the usual advances supplied around cyber safety and to analyse the traumatic situations, weaknesses, and strengths of the proposed techniques. Different sorts of attacks are taken into consideration in element. In addition, evaluation of various cyber-attacks had been finished through the platform called Kali Linux. It is predicted that the complete assessment has a have a study furnished for college students, teachers, IT, and cyber safety researchers might be beneficial.
2023-05-19
Gombos, Gergő, Mouw, Maurice, Laki, Sándor, Papagianni, Chrysa, De Schepper, Koen.  2022.  Active Queue Management on the Tofino programmable switch: The (Dual)PI2 case. ICC 2022 - IEEE International Conference on Communications. :1685—1691.
The excess buffering of packets in network elements, also referred to as bufferbloat, results in high latency. Considering the requirements of traffic generated by video conferencing systems like Zoom, cloud rendered gaming platforms like Google Stadia, or even video streaming services such as Netflix, Amazon Prime and YouTube, timeliness of such traffic is important. Ensuring low latency to IP flows with a high throughput calls for the application of Active Queue Management (AQM) schemes. This introduces yet another problem as the co-existence of scalable and classic congestion controls leads to the starvation of classic TCP flows. Technologies such as Low Latency Low Loss Scalable Throughput (L4S) and the corresponding dual queue coupled AQM, DualPI2, provide a robust solution to these problems. However, their deployment on hardware targets such as programmable switches is quite challenging due to the complexity of algorithms and architectural constraints of switching ASICs. In this study, we provide proof of concept implementations of two AQMs that enable the co-existence of scalable and traditional TCP traffic, namely DualPI2 and the preceding single-queue PI2 AQM, on an Intel Tofino switching ASIC. Given the fixed operation of the switch’s traffic manager, we investigate to what extent it is possible to implement a fully RFC-compliant version of the two AQMs on the Tofino ASIC. The study shows that an appropriate split between control and data plane operations is required while we also exploit fixed functionality of the traffic manager to support such solutions.
Lu, Jie, Ding, Yong, Li, Zhenyu, Wang, Chunhui.  2022.  A timestamp-based covert data transmission method in Industrial Control System. 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC). :526—532.
Covert channels are data transmission methods that bypass the detection of security mechanisms and pose a serious threat to critical infrastructure. Meanwhile, it is also an effective way to ensure the secure transmission of private data. Therefore, research on covert channels helps us to quickly detect attacks and protect the security of data transmission. This paper proposes covert channels based on the timestamp of the Internet Control Message Protocol echo reply packet in the Linux system. By considering the concealment, we improve our proposed covert channels, ensuring that changing trends in the timestamp of modified consecutive packets are consistent with consecutive regular packets. Besides, we design an Iptables rule based on the current system time to analyze the performance of the proposed covert channels. Finally, it is shown through experiments that the channels complete the private data transmission in the industrial control network. Furthermore, the results demonstrate that the improved covert channels offer better performance in concealment, time cost, and the firewall test.
2023-05-11
Karayat, Ritik, Jadhav, Manish, Kondaka, Lakshmi Sudha, Nambiar, Ashwath.  2022.  Web Application Penetration Testing & Patch Development Using Kali Linux. 2022 8th International Conference on Advanced Computing and Communication Systems (ICACCS). 1:1392–1397.
Nowadays, safety is a first-rate subject for all applications. There has been an exponential growth year by year in the number of businesses going digital since the few decades following the birth of the Internet. In these technologically advanced times, cyber security is a must mainly for internet applications, so we have the notion of diving deeper into the Cyber security domain and are determined to make a complete project. We aim to develop a website portal for ease of communication between us and the end user. Utilizing the power of python scripting and flask server to make independent automated tools for detection of SQLI, XSS & a Spider(Content Discovery Tool). We have also integrated skipfish as a website vulnerability scanner to our project using python and Kali Linux. Since conducting a penetration test on another website without permission is not legal, we thought of building a dummy website prone to OS Command Injection in addition to the above-mentioned attacks. A well-documented report will be generated after the penetration test/ vulnerability scan. In case the website is vulnerable, patching of the website will be done with the user's consent.
ISSN: 2575-7288
2023-03-17
Lee, Sun-Jin, Shim, Hye-Yeon, Lee, Yu-Rim, Park, Tae-Rim, Park, So-Hyun, Lee, Il-Gu.  2022.  Study on Systematic Ransomware Detection Techniques. 2022 24th International Conference on Advanced Communication Technology (ICACT). :297–301.
Cyberattacks have been progressed in the fields of Internet of Things, and artificial intelligence technologies using the advanced persistent threat (APT) method recently. The damage caused by ransomware is rapidly spreading among APT attacks, and the range of the damages of individuals, corporations, public institutions, and even governments are increasing. The seriousness of the problem has increased because ransomware has been evolving into an intelligent ransomware attack that spreads over the network to infect multiple users simultaneously. This study used open source endpoint detection and response tools to build and test a framework environment that enables systematic ransomware detection at the network and system level. Experimental results demonstrate that the use of EDR tools can quickly extract ransomware attack features and respond to attacks.
ISSN: 1738-9445
Bekele, Yohannes B., Limbrick, Daniel B..  2022.  Evaluating the Impact of Hardware Faults on Program Execution in a Microkernel Environment. 2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :149–152.
Safety-critical systems require resiliency against both cyberattacks and environmental faults. Researches have shown that microkernels can isolate components and limit the capabilities of would-be attackers by confining the attack in the component that it is initiated in. This limits the propagation of faults to sensitive components in the system. Nonetheless, the isolation mechanism in microkernels is not fully investigated for its resiliency against hardware faults. This paper investigates whether microkernels provide protection against hardware faults and, if so, to what extent quantitatively. This work is part of an effort in establishing an overlap between security and reliability with the goal of maximizing both while minimizing their impact on performance. In this work, transient faults are emulated on the seL4 microkernel and Linux kernel using debugger-induced bit flips across random timestamps in benchmark applications. Results show differences in the frequency and final outcome of fault to error manifestation in the seL4 environment compared to the Linux environment, including a reduction in silent data corruptions.
ELMansy, Hossam, Metwally, Khaled, Badran, Khaled.  2022.  MPTCP-based Security Schema in Fog Computing. 2022 13th International Conference on Electrical Engineering (ICEENG). :134–138.

Recently, Cloud Computing became one of today’s great innovations for provisioning Information Technology (IT) resources. Moreover, a new model has been introduced named Fog Computing, which addresses Cloud Computing paradigm issues regarding time delay and high cost. However, security challenges are still a big concern about the vulnerabilities to both Cloud and Fog Computing systems. Man- in- the- Middle (MITM) is considered one of the most destructive attacks in a Fog Computing context. Moreover, it’s very complex to detect MiTM attacks as it is performed passively at the Software-Defined Networking (SDN) level, also the Fog Computing paradigm is ideally suitable for MITM attacks. In this paper, a MITM mitigation scheme will be proposed consisting of an SDN network (Fog Leaders) which controls a layer of Fog Nodes. Furthermore, Multi-Path TCP (MPTCP) has been used between all edge devices and Fog Nodes to improve resource utilization and security. The proposed solution performance evaluation has been carried out in a simulation environment using Mininet, Ryu SDN controller and Multipath TCP (MPTCP) Linux kernel. The experimental results showed that the proposed solution improves security, network resiliency and resource utilization without any significant overheads compared to the traditional TCP implementation.

2023-03-03
Zhang, Zipan, Liu, Zhaoyuan, Bai, Jiaqing.  2022.  Network attack detection model based on Linux memory forensics. 2022 14th International Conference on Measuring Technology and Mechatronics Automation (ICMTMA). :931–935.
With the rapid development of information science and technology, the role of the Internet in daily life is becoming more and more important, but while bringing speed and convenience to the experience, network security issues are endless, and fighting cybercrime will be an eternal topic. In recent years, new types of cyberattacks have made defense and analysis difficult. For example, the memory of network attacks makes some key array evidence only temporarily exist in physical memory, which puts forward higher requirements for attack detection. The traditional memory forensic analysis method for persistent data is no longer suitable for a new type of network attack analysis. The continuous development of memory forensics gives people hope. This paper proposes a network attack detection model based on memory forensic analysis to detect whether the system is under attack. Through experimental analysis, this model can effectively detect network attacks with low overhead and easy deployment, providing a new idea for network attack detection.
ISSN: 2157-1481
Dal, Deniz, Çelik, Esra.  2022.  Evaluation of the Predictability of Passwords of Computer Engineering Students. 2022 3rd International Informatics and Software Engineering Conference (IISEC). :1–6.
As information and communication technologies evolve every day, so does the use of technology in our daily lives. Along with our increasing dependence on digital information assets, security vulnerabilities are becoming more and more apparent. Passwords are a critical component of secure access to digital systems and applications. They not only prevent unauthorized access to these systems, but also distinguish the users of such systems. Research on password predictability often relies on surveys or leaked data. Therefore, there is a gap in the literature for studies that consider real data in this regard. This study investigates the password security awareness of 161 computer engineering students enrolled in a Linux-based undergraduate course at Ataturk University. The study is conducted in two phases, and in the first phase, 12 dictionaries containing also real student data are formed. In the second phase of the study, a dictionary-based brute-force attack is utilized by means of a serial and parallel version of a Bash script to crack the students’ passwords. In this respect, the /etc/shadow file of the Linux system is used as a basis to compare the hashed versions of the guessed passwords. As a result, the passwords of 23 students, accounting for 14% of the entire student group, were cracked. We believe that this is an unacceptably high prediction rate for such a group with high digital literacy. Therefore, due to this important finding of the study, we took immediate action and shared the results of the study with the instructor responsible for administering the information security course that is included in our curriculum and offered in one of the following semesters.
Brant, Christopher D., Yavuz, Tuba.  2022.  A Study on the Testing of Android Security Patches. 2022 IEEE Conference on Communications and Network Security (CNS). :217–225.
Android controls the majority of the global OS market. Android Open Source Project (AOSP) is a very complex system with many layers including the apps, the Application Framework, the middle-ware, the customized Linux kernel, and the trusted components. Although security is implemented in every layer, the Application Framework forms an important of the attack surface due to managing the user interface and permissions. Android security has evolved over the years. The security flaws that have been found in the Application Framework led to a redesign of Android permissions. Part of this evolution includes fixes to the vulnerabilities that are publicly released in the monthly Android security bulletins. In this study, we analyze the CVEs listed in the Android security bulletin within the last 6 years. We focus on the Android application framework and investigate several research questions relating to 1) the security relevant components, 2) the type and amount of testing information for the security patches, and 3) the adequacy of the tests designed to test these patches. Our findings indicate that Android security testing practices can be further improved by designing security bulletin update specific tests, and by improving code coverage of patched files.
Nkoro, Ebuka Chinaechetam, Nwakanma, Cosmas Ifeanyi, Lee, Jae-Min, Kim, Dong-Seong.  2022.  Industrial Network Attack Vulnerability Detection and Analysis using Shodan Eye Scanning Technology. 2022 13th International Conference on Information and Communication Technology Convergence (ICTC). :886–889.
Exploring the efficient vulnerability scanning and detection technology of various tools is one fundamental aim of network security. This network security technique ameliorates the tremendous number of IoT security challenges and the threats they face daily. However, among various tools, Shodan Eye scanning technology has proven to be very helpful for network administrators and security personnel to scan, detect and analyze vulnerable ports and traffic in organizations' networks. This work presents a simulated network scanning activity and manual vulnerability analysis of an internet-connected industrial equipment of two chosen industrial networks (Industry A and B) by running Shodan on a virtually hosted (Oracle Virtual Box)-Linux-based operating system (Kali Linux). The result shows that the shodan eye is a a promising tool for network security and efficient vulnerability research.
ISSN: 2162-1241
Lin, Zhenpeng, Chen, Yueqi, Wu, Yuhang, Mu, Dongliang, Yu, Chensheng, Xing, Xinyu, Li, Kang.  2022.  GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs. 2022 IEEE Symposium on Security and Privacy (SP). :2078–2095.
Nowadays, dynamic testing tools have significantly expedited the discovery of bugs in the Linux kernel. When unveiling kernel bugs, they automatically generate reports, specifying the errors the Linux encounters. The error in the report implies the possible exploitability of the corresponding kernel bug. As a result, many security analysts use the manifested error to infer a bug’s exploitability and thus prioritize their exploit development effort. However, using the error in the report, security researchers might underestimate a bug’s exploitability. The error exhibited in the report may depend upon how the bug is triggered. Through different paths or under different contexts, a bug may manifest various error behaviors implying very different exploitation potentials. This work proposes a new kernel fuzzing technique to explore all the possible error behaviors that a kernel bug might bring about. Unlike conventional kernel fuzzing techniques concentrating on kernel code coverage, our fuzzing technique is more directed towards the buggy code fragment. It introduces an object-driven kernel fuzzing technique to explore various contexts and paths to trigger the reported bug, making the bug manifest various error behaviors. With the newly demonstrated errors, security researchers could better infer a bug’s possible exploitability. To evaluate our proposed technique’s effectiveness, efficiency, and impact, we implement our fuzzing technique as a tool GREBE and apply it to 60 real-world Linux kernel bugs. On average, GREBE could manifest 2+ additional error behaviors for each of the kernel bugs. For 26 kernel bugs, GREBE discovers higher exploitation potential. We report to kernel vendors some of the bugs – the exploitability of which was wrongly assessed and the corresponding patch has not yet been carefully applied – resulting in their rapid patch adoption.
ISSN: 2375-1207
Sikandar, Hira Shahzadi, Sikander, Usman, Anjum, Adeel, Khan, Muazzam A..  2022.  An Adversarial Approach: Comparing Windows and Linux Security Hardness Using Mitre ATT&CK Framework for Offensive Security. 2022 IEEE 19th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET). :022–027.
Operating systems are essential software components for any computer. The goal of computer system manu-facturers is to provide a safe operating system that can resist a range of assaults. APTs (Advanced Persistent Threats) are merely one kind of attack used by hackers to penetrate organisations (APT). Here, we will apply the MITRE ATT&CK approach to analyze the security of Windows and Linux. Using the results of a series of vulnerability tests conducted on Windows 7, 8, 10, and Windows Server 2012, as well as Linux 16.04, 18.04, and its most current version, we can establish which operating system offers the most protection against future assaults. In addition, we have shown adversarial reflection in response to threats. We used ATT &CK framework tools to launch attacks on both platforms.
ISSN: 1949-4106
Khant, Shailesh, Patel, Atul, Patel, Sanskruti, Ganatra, Nilay, Patel, Rachana.  2022.  Cyber Security Actionable Education during COVID19 Third Wave in India. 2022 3rd International Conference on Intelligent Engineering and Management (ICIEM). :274–278.
Still in many countries COVID19 virus is changing its structure and creating damages in terms of economy and education. In India during the period of January 2022 third wave is on its high peak. Many colleges and schools are still forced to teach online. This paper describes how cyber security actionable or practical fundamental were taught by school or college teachers. Various cyber security tools are used to explain the actionable insight of the subject. Main Topics or concepts covered are MITM (Man In the Middle Attack) using ethercap tool in Kali Linux, spoofing methods like ARP (Address Resolution Protocol) spoofing and DNS (Domain Name System) spoofing, network intrusion detection using snort , finding information about packets using wireshark tool and other tools like nmap and netcat for finding the vulnerability. Even brief details were given about how to crack password using wireshark.
Du, Mingshu, Ma, Yuan, Lv, Na, Chen, Tianyu, Jia, Shijie, Zheng, Fangyu.  2022.  An Empirical Study on the Quality of Entropy Sources in Linux Random Number Generator. ICC 2022 - IEEE International Conference on Communications. :559–564.
Random numbers are essential for communications security, as they are widely employed as secret keys and other critical parameters of cryptographic algorithms. The Linux random number generator (LRNG) is the most popular open-source software-based random number generator (RNG). The security of LRNG is influenced by the overall design, especially the quality of entropy sources. Therefore, it is necessary to assess and quantify the quality of the entropy sources which contribute the main randomness to RNGs. In this paper, we perform an empirical study on the quality of entropy sources in LRNG with Linux kernel 5.6, and provide the following two findings. We first analyze two important entropy sources: jiffies and cycles, and propose a method to predict jiffies by cycles with high accuracy. The results indicate that, the jiffies can be correctly predicted thus contain almost no entropy in the condition of knowing cycles. The other important finding is the failure of interrupt cycles during system boot. The lower bits of cycles caused by interrupts contain little entropy, which is contrary to our traditional cognition that lower bits have more entropy. We believe these findings are of great significance to improve the efficiency and security of the RNG design on software platforms.
ISSN: 1938-1883
Ma, Limei, Zhao, Dongmei.  2022.  Research on Setting of Two Firewall Rules Based on Ubuntu Linux System. 2022 International Conference on Computer Network, Electronic and Automation (ICCNEA). :178–182.
"Security first" is the most concerned issue of Linux administrators. Security refers to the integrity of data. The authentication security and integrity of data are higher than the privacy security of data. Firewall is used to realize the function of access control under Linux. It is divided into hardware or software firewall. No matter in which network, the firewall must work at the edge of the network. Our task is to define how the firewall works. This is the firewall's policies and rules, so that it can detect the IP and data in and out of the network. At present, there are three or four layers of firewalls on the market, which are called network layer firewalls, and seven layers of firewalls, which are actually the gateway of the agent layer. But for the seven layer firewall, no matter what your source port or target port, source address or target address is, it will check all your things. Therefore, the seven layer firewall is more secure, but it brings lower efficiency. Therefore, the usual firewall schemes on the market are a combination of the two. And because we all need to access from the port controlled by the firewall, the work efficiency of the firewall has become the most important control of how much data users can access. This paper introduces two types of firewalls iptables and TCP\_Wrappers. What are the differences between the use policies, rules and structures of the two firewalls? This is the problem to be discussed in this paper.
ISSN: 2770-7695
Agarwal, Shubham, Sable, Arjun, Sawant, Devesh, Kahalekar, Sunil, Hanawal, Manjesh K..  2022.  Threat Detection and Response in Linux Endpoints. 2022 14th International Conference on COMmunication Systems & NETworkS (COMSNETS). :447–449.
We demonstrate an in-house built Endpoint Detection and Response (EDR) for linux systems using open-sourced tools like Osquery and Elastic. The advantage of building an in-house EDR tools against using commercial EDR tools provides both the knowledge and the technical capability to detect and investigate security incidents. We discuss the architecture of the tools and advantages it offers. Specifically, in our method all the endpoint logs are collected at a common server which we leverage to perform correlation between events happening on different endpoints and automatically detect threats like pivoting and lateral movements. We discuss various attacks that can be detected by our tool.
ISSN: 2155-2509
2023-01-13
Ahmad, Adil, Lee, Sangho, Peinado, Marcus.  2022.  HARDLOG: Practical Tamper-Proof System Auditing Using a Novel Audit Device. 2022 IEEE Symposium on Security and Privacy (SP). :1791—1807.
Audit systems maintain detailed logs of security-related events on enterprise machines to forensically analyze potential incidents. In principle, these logs should be safely stored in a secure location (e.g., network storage) as soon as they are produced, but this incurs prohibitive slowdown to a monitored machine. Hence, existing audit systems protect batched logs asynchronously (e.g., after tens of seconds), but this allows attackers to tamper with unprotected logs.This paper presents HARDLOG, a practical and effective system that employs a novel audit device to provide fine-grained log protection with minimal performance slowdown. HARDLOG implements criticality-aware log protection: it ensures that logs are synchronously protected in the audit device before an infrequent security-critical event is allowed to execute, but logs are asynchronously protected on frequent non-critical events to minimize performance overhead. Importantly, even on non-critical events, HARDLOG ensures bounded-asynchronous protection: it sends log entries to the audit device within a tiny, bounded delay from their creation using well-known real-time techniques. To demonstrate HARDLOG’S effectiveness, we prototyped an audit device using commodity components and implemented a reference audit system for Linux. Our prototype achieves a bounded protection delay of 15 milliseconds at non-critical events alongside undelayed protection at critical events. We also show that, for diverse real-world programs, HARDLOG incurs a geometric mean performance slowdown of only 6.3%, hence it is suitable for many real-world deployment scenarios.
Cabral, Warren Z., Sikos, Leslie F., Valli, Craig.  2022.  Shodan Indicators Used to Detect Standard Conpot Implementations and Their Improvement Through Sophisticated Customization. 2022 IEEE Conference on Dependable and Secure Computing (DSC). :1—7.
Conpot is a low-interaction SCADA honeypot system that mimics a Siemens S7-200 proprietary device on default deployments. Honeypots operating using standard configurations can be easily detected by adversaries using scanning tools such as Shodan. This study focuses on the capabilities of the Conpot honeypot, and how these competences can be used to lure attackers. In addition, the presented research establishes a framework that enables for the customized configuration, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Shodan scanners. A comparison between the default and configured deployments is further conducted to prove the modified deployments' effectiveness. The resulting annotations can assist cybersecurity personnel to better acknowledge the effectiveness of the honeypot's artifacts and how they can be used deceptively. Lastly, it informs and educates cybersecurity audiences on how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals.
Zhao, Lutan, Li, Peinan, HOU, RUI, Huang, Michael C., Qian, Xuehai, Zhang, Lixin, Meng, Dan.  2022.  HyBP: Hybrid Isolation-Randomization Secure Branch Predictor. 2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA). :346—359.
Recently exposed vulnerabilities reveal the necessity to improve the security of branch predictors. Branch predictors record history about the execution of different processes, and such information from different processes are stored in the same structure and thus accessible to each other. This leaves the attackers with the opportunities for malicious training and malicious perception. Physical or logical isolation mechanisms such as using dedicated tables and flushing during context-switch can provide security but incur non-trivial costs in space and/or execution time. Randomization mechanisms incurs the performance cost in a different way: those with higher securities add latency to the critical path of the pipeline, while the simpler alternatives leave vulnerabilities to more sophisticated attacks.This paper proposes HyBP, a practical hybrid protection and effective mechanism for building secure branch predictors. The design applies the physical isolation and randomization in the right component to achieve the best of both worlds. We propose to protect the smaller tables with physically isolation based on (thread, privilege) combination; and protect the large tables with randomization. Surprisingly, the physical isolation also significantly enhances the security of the last-level tables by naturally filtering out accesses, reducing the information flow to these bigger tables. As a result, key changes can happen less frequently and be performed conveniently at context switches. Moreover, we propose a latency hiding design for a strong cipher by precomputing the "code book" with a validated, cryptographically strong cipher. Overall, our design incurs a performance penalty of 0.5% compared to 5.1% of physical isolation under the default context switching interval in Linux.
2023-01-06
Ham, MyungJoo, Woo, Sangjung, Jung, Jaeyun, Song, Wook, Jang, Gichan, Ahn, Yongjoo, Ahn, Hyoungjoo.  2022.  Toward Among-Device AI from On-Device AI with Stream Pipelines. 2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). :285—294.
Modern consumer electronic devices often provide intelligence services with deep neural networks. We have started migrating the computing locations of intelligence services from cloud servers (traditional AI systems) to the corresponding devices (on-device AI systems). On-device AI systems generally have the advantages of preserving privacy, removing network latency, and saving cloud costs. With the emergence of on-device AI systems having relatively low computing power, the inconsistent and varying hardware resources and capabilities pose difficulties. Authors' affiliation has started applying a stream pipeline framework, NNStreamer, for on-device AI systems, saving developmental costs and hardware resources and improving performance. We want to expand the types of devices and applications with on-device AI services products of both the affiliation and second/third parties. We also want to make each AI service atomic, re-deployable, and shared among connected devices of arbitrary vendors; we now have yet another requirement introduced as it always has been. The new requirement of “among-device AI” includes connectivity between AI pipelines so that they may share computing resources and hardware capabilities across a wide range of devices regardless of vendors and manufacturers. We propose extensions of the stream pipeline framework, NNStreamer, for on-device AI so that NNStreamer may provide among-device AI capability. This work is a Linux Foundation (LF AI & Data) open source project accepting contributions from the general public.
2022-12-23
Thapa, Ria, Sehl, Bhavya, Gupta, Suryaansh, Goyal, Ankur.  2022.  Security of operating system using the Metasploit framework by creating a backdoor from remote setup. 2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE). :2618–2622.
The era of technology has seen many rising inventions and with that rise, comes the need to secure our systems. In this paper we have discussed how the old generation of people are falling behind at being updated in tandem with technology, and losing track of the knowledge required to process the same. In addition this factor leads to leakage of critical personal information. This paper throws light upon the steps taken in order to exploit the pre-existing operating system, Windows 7, Ultimate, using a ubiquitous framework used by everyone, i.e. Metasploit. It involves installation of a backdoor on the victim machine, from a remote setup, mostly Kali Linux operating machine. This backdoor allows the attackers to create executable files and deploy them in the windows system to gain access on the machine, remotely. After gaining access, manipulation of sensitive data becomes easy. Access to the admin rights of any system is a red alert because it means that some outsider has intense access to personal information of a human being and since data about someone explains a lot of things about them. It basically is exposing and human hate that. It depraves one of their personal identity. Therefore security is not something that should be taken lightly. It is supposed to be dealt with utmost care.
2022-12-02
Rethfeldt, Michael, Brockmann, Tim, Eckhardt, Richard, Beichler, Benjamin, Steffen, Lukas, Haubelt, Christian, Timmermann, Dirk.  2022.  Extending the FLExible Network Tester (Flent) for IEEE 802.11s WLAN Mesh Networks. 2022 IEEE International Symposium on Measurements & Networking (M&N). :1—6.
Mesh networks based on the wireless local area network (WLAN) technology, as specified by the standards amendment IEEE 802.11s, provide for a flexible and low-cost interconnection of devices and embedded systems for various use cases. To assess the real-world performance of WLAN mesh networks and potential optimization strategies, suitable testbeds and measurement tools are required. Designed for highly automated transport-layer throughput and latency measurements, the software FLExible Network Tester (Flent) is a promising candidate. However, so far Flent does not integrate information specific to IEEE 802.11s networks, such as peer link status data or mesh routing metrics. Consequently, we propose Flent extensions that allow to additionally capture IEEE 802.11s information as part of the automated performance tests. For the functional validation of our extensions, we conduct Flent measurements in a mesh mobility scenario using the network emulation framework Mininet-WiFi.
2022-10-20
Noman, Haitham Ameen, Al-Maatouk, Qusay, Noman, Sinan Ameen.  2021.  Design and Implementation of a Security Analysis Tool that Detects and Eliminates Code Caves in Windows Applications. 2021 International Conference on Data Analytics for Business and Industry (ICDABI). :694—698.
Process injection techniques on Windows appli-cations are considered a serious threat to software security specialists. The attackers use these techniques to exploit the targeted program or process and take advantage of it by injecting a malicious process within the address space of the hosted process. Such attacks could be carried out using the so-called reverse engineering realm” the code caves”. For that reason, detecting these code caves in a particular application/program is deemed crucial to prevent the adversary from exploiting the programs through them. Code caves are simply a sequence of null bytes inside the executable program. They form due to the unuse of uninitialized variables. This paper presents a tool that can detect code caves in Windows programs by disassembling the program and looking for the code caves inside it; additionally, the tool will also eliminate those code caves without affecting the program’s functionality. The tool has proven reliable and accurate when tested on various types of programs under the Windows operating system.