The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Developing a remote exploit is not easy. It requires a comprehensive understanding of a vulnerability and delicate techniques to bypass defense mechanisms. As a result, attackers may prefer to reuse an existing exploit and make necessary changes over developing a new exploit from scratch. One such adaptation is the replacement of the original shellcode (i.e., the attacker-injected code that is executed...
In this paper we demonstrate the power and flexibility of extreme model-driven design using C-IME, our integrated modelling environment for C/C++ by showing how easily an application modelled in C-IME can be enhanced with hardware security features. In fact, our approach does not require any changes of the application model. Rather, C-IME provides a dedicated modelling language for code generators...
The paper is focused on increasing the security measures against malicious attacks by protecting hardware that exchange data. This is in contrast to studying or improving the existing methods that rely on only securing the data. We consider errors that may appear on a way between transmitting and receiving modules in different microelectronic devices and some of such errors may be injected by potential...
After a software system is compromised, it can be difficult to understand what vulnerabilities attackers exploited. Any information residing on that machine cannot be trusted as attackers may have tampered with it to cover their tracks. Moreover, even after an exploit is known, it can be difficult to determine whether it has been used to compromise a given machine. Aviation has long-used black boxes...
With rapidly increasing complexity of power grids in Europe, North America and Asia, liberalization of electricity markets and increasing penetration of renewable energy, the risk of large-scale emergencies and blackouts increases. This paper proposes a novel approach for development of software for modelling of decentralized intelligent systems for security monitoring and control in power systems...
Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we...
To date a number of comprehensive techniques have been proposed to defend against buffer over attacks. In spite of continuing research in this area, security vulnerabilities in software continue to be discovered and exploited. This is because the existing protection techniques suffer from one or more of the following problems: high run time overheads (often exceeding 100%), incompatibility with legacy...
The construction of new transmission facilities, or enhancing transmission network, increases the reliability and security of the power system. Enhancing transmission network increases the amount of power that can be transmitted through the system, which, in most cases, allows the increase of electricity trading volume. However, in practice there may be cases, primary due to methods used for congestion...
True randomness can't be left to chance. Adopting improved entropy sources that feed into good deterministic random bit generators, together with rigorous estimation of available entropy, will help achieve the guarantees promised by cryptography to protect sensitive information.
Code generators are important tools in software development, to automate repetitive coding tasks, facilitate portability, abstract implementation details, and reduce development costs. However, as the complexity of code generators grow, they tend to be harder to maintain, especially when there is a large amount of templates involved. This paper proposes an approach for code generation based on regular...
Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and exploit development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER reacts to observed attacks and proactively searches for never-before-seen vulnerabilities...
The increasing level of integration and decreasing size of circuit elements leads to greater probabilities of operational faults. More sensible electronic devices are also more prone to external in?uences by energizing radiation. Additionally not only natural causes of faults are a concern of today's chip designers. Especially smart cards are exposed to complex attacks through which an adversary tries...
Pseudorandom number generators (PRNGs) are used frequently in secure data processing algorithms. Randomness measuring is an essential test, performed on these generators, that help to range the security of the designed algorithm with respect to assure strong messing-up of the processed data. This paper describes a solution for accelerating statistical tests of Diehard Battery based on reconfigurable...
Developing secure wireless sensor networks (WSNs) is a complex process that involves careful design of attack test cases and security countermeasures, as well as meaningful evaluation of the impact of the attack and performance of the countermeasure. In this paper, we present the design and implementation of Sen Sec, a scalable framework that facilitates the development and evaluation of secure WSNs,...
Computers, mobile phones, embedded devices and other components of IT systems can often be easily manipulated. Therefore, in forensic use of digital evidence it is necessary to carefully check that the probative force of the evidence is sufficient. For applications where critical processes can lead to disputes and resolving disputed relies on digital evidence one open question is how to build the...
Distributed operation of microgrid architectures consists of energy management, power management, power electronics management, and fault detection and recovery. Centralized control of microgrids may be conceptually and practically infeasible due to questions of reliability and ownership. A Distributed Operating System architecture is proposed to manage power and computational resources within a smart...
UPnP network has become the mainstream in home. How to seamlessly connect and integrate devices with UPnP network to achieve ubiquitous remote control were being discussed. Some UPnP-Bridge mechanisms were developed just for specific devices. They need extra software modules and/or mapping profiles in order to connect device to the UPnP Network which brings troubles to users and developers. We propose...
This paper presents the generation of virus emerging from email to cellphones. Most of these early threats were self-replicating but not self-transporting, spreading from computer to computer via infected floppy disks. As more viruses were discovered, most known malware existed only in researchers' collections and not in users' machines. Malware was shift from virus to worm called Trojan horse. And...
One of the key issues with the practical applicability of Proof-Carrying Code (PCC) and its related methods is the difficulty in communicating and storing the proofs which are inherently large. The approaches proposed to alleviate this, suffer from drawbacks of their own especially the enlargement of the trusted computing base, in which any bug may cause an unsafe program to be accepted. We propose...
Usually, a new exploit for a single vulnerability can readily be turned into worms which compromise hundreds of thousands of machines within only a few minutes. In order to protect the host from malicious attacks, we propose a new approach for automatic defense mechanism: dataflow analysis for known vulnerability prevention system (shortly for DA-VPS), which has properties with easy deployment, accurate...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.