This 2-part presentation, "Mission Critical Security in a Post-Stuxnet World," contains slides from the Hirschmann 2011 Mission Critical Network Design Seminar. It summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security.
The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.
Efficient Reverse Engineering of Automotive FirmwareRiscure
The firmware executed by components found in a car provide a starting point for adversaries to obtain confidential information and discover potential vulnerabilities. However, the process of reverse engineering a specific component is typically considered a complex and time-consuming task. In this paper we discuss several techniques which we used to significantly increase the efficiency of reverse engineering the firmware of an instrument cluster.
Captain Hook: Pirating AVs to Bypass Exploit MitigationsenSilo
In this talk we reveal six(!) different security issues that we uncovered in various hooking engines. The vulnerabilities we found enable a threat actor to bypass the security measures of the underlying operating system. As we uncovered the vulnerabilities one-by-one we found them to impact commercial engines, such as Microsoft’s Detours, open source engines such as EasyHook and proprietary engines such as those belonging to TrendMicro, Symantec, Kaspersky and about twenty others.
Automating Analysis and Exploitation of Embedded Device FirmwareMalachi Jones
Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture.
In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...CODE BLUE
A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port.
The SBD has a security information disk only accessible to itself where it stores the access privilege information of the original disk in the PC. When the PC issues a data access request to the original disk, the SBD will reference the access privileges of that particular sector, if the sector is read-deny then returns dummy data of 0 , if the sector is write-deny then it won’t write to that sector. The SBD not only allows for sector based protection but also a file based protection. In case of a file write-deny, there were some issues with the disc related cache in memory not being synchronised or the pointer’s position to the file in regards to its directory being shifted , but I will show how it was solved.
I will also talk about the fact that a SBD is an effective protection against any malware that attempts to manipulate the boot data sector or system files, once it detects any access right violations it can shutdown the ethernet port remotely and thwart the spreading of malware.
Kenji Toda
At the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems)
http://codeblue.jp/en-speaker.html#KenjiToda
This 2-part presentation, "Mission Critical Security in a Post-Stuxnet World," contains slides from the Hirschmann 2011 Mission Critical Network Design Seminar. It summarizes a lot of information about the Stuxnet malware and discusses what it means for the future of SCADA and ICS security.
The presentation is ideal for anyone needing a crash course on Stuxnet, or as a tool for informing management about the implications of it.
Efficient Reverse Engineering of Automotive FirmwareRiscure
The firmware executed by components found in a car provide a starting point for adversaries to obtain confidential information and discover potential vulnerabilities. However, the process of reverse engineering a specific component is typically considered a complex and time-consuming task. In this paper we discuss several techniques which we used to significantly increase the efficiency of reverse engineering the firmware of an instrument cluster.
Captain Hook: Pirating AVs to Bypass Exploit MitigationsenSilo
In this talk we reveal six(!) different security issues that we uncovered in various hooking engines. The vulnerabilities we found enable a threat actor to bypass the security measures of the underlying operating system. As we uncovered the vulnerabilities one-by-one we found them to impact commercial engines, such as Microsoft’s Detours, open source engines such as EasyHook and proprietary engines such as those belonging to TrendMicro, Symantec, Kaspersky and about twenty others.
Automating Analysis and Exploitation of Embedded Device FirmwareMalachi Jones
Dynamic binary analysis tools utilize a combination of techniques that include fuzzing, symbolic execution, and concolic execution to discover exploitable code in sophisticated binaries. Much work has been dedicated to developing automated analysis tools to target mainstream processor architectures (e.g. x86 and x86_64. ). An often overlooked and inadequately addressed area is the development of tools that target embedded systems processors that include PowerPC, MIPS, and SuperH. Historically, a challenge with targeting multiple embedded architectures was that it was often necessary to write an analysis tool for each architecture.
In this talk, we'll discuss an approach for decoupling the architecture specifics from the analysis by utilizing intermediate representation (IR) languages. Intermediate representation languages provide a method to abstract out machine specifics in order to aid in the analysis of computer programs. In particular, the LLVM IR language provides an extensive set of analysis and optimization libraries, along with a JIT engine, that can be collectively utilized to develop architecture-independent automated analysis and exploitation tools.
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...CODE BLUE
A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port.
The SBD has a security information disk only accessible to itself where it stores the access privilege information of the original disk in the PC. When the PC issues a data access request to the original disk, the SBD will reference the access privileges of that particular sector, if the sector is read-deny then returns dummy data of 0 , if the sector is write-deny then it won’t write to that sector. The SBD not only allows for sector based protection but also a file based protection. In case of a file write-deny, there were some issues with the disc related cache in memory not being synchronised or the pointer’s position to the file in regards to its directory being shifted , but I will show how it was solved.
I will also talk about the fact that a SBD is an effective protection against any malware that attempts to manipulate the boot data sector or system files, once it detects any access right violations it can shutdown the ethernet port remotely and thwart the spreading of malware.
Kenji Toda
At the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems)
http://codeblue.jp/en-speaker.html#KenjiToda
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
Protected Process Light will be Protected – MemoryRanger Fills the Gap AgainIgor Korkin
Windows OS issued a newly updated security mechanism to prevent illegal access to the memory of critical processes as well as for Digital Rights Management (DRM) requirements. It is Protected Process Light (PPL). Intruders can disable PPL to access the memory content of protected processes using a kernel driver. Also, they can illegally enable PPL for the malware apps to provide self-protection and access memory of protected processes, without disabling their PPL. PatchGuard does not check the integrity of PPL. This kind of attack is crucial for OS security and has to be prevented. This paper presents some undocumented internals of PPL during the creation of the protected process as well as accessing the protected process memory to analyze how the PPL can be tampered with. In this contribution, the hypervisor-based solution called MemoryRanger is applied to prevent such type of kernel attacks on PPL. MemoryRanger can prevent both types of attacks on PPL: disabling and enabling PPL in run time. MemoryRanger has been successfully tested on the recent Windows 10, version 20H2 Build 19042.631 x64.
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
Advanced Threats are rising in the Windows 10 environment, where sophisticated attack vectors are being used to evade threat detection tools and extract privileged data from the user. This talk presents a collection of tools and techniques developed after reverse engineering and playing with Windows interfaces, aim to evade detection system (A/V or A/C) and to escalate kernel privileges.
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...Igor Korkin
Hardware virtualization technologies play a significant role in cyber security. On the one hand these technologies enhance security levels, by designing a trusted operating system. On the other hand these technologies can be taken up into modern malware which is rather hard to detect. None of the existing methods is able to efficiently detect a hypervisor in the face of countermeasures such as time cheating, temporary self uninstalling, memory hiding etc. New hypervisor detection methods which will be described in this paper can detect a hypervisor under these countermeasures and even count several nested ones. These novel approaches rely on the new statistical analysis of time discrepancies by examination of a set of instructions, which are unconditionally intercepted by a hypervisor. Reliability was achieved through the comprehensive analysis of the collected data despite its fluctuation. These offered methods were comprehensively assessed in both Intel and AMD CPUs.
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory AccessIgor Korkin
The demo is here - https://www.youtube.com/watch?v=vi9TzLrO_pE
All details and source code are here - http://www.bit.ly/MemoryMonRWX
Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis, support of multi-core CPUs and 64-bit Windows 10. MemoryMonRWX is able to protect critical kernel memory areas even when PatchGuard has been disabled by malware. Its main innovative features are as follows: guaranteed interception of every memory access, resilience, and low performance degradation.
You say SCADA, I say … mainframes. There are some remarkable - and scary - parallels between the worlds of SCADA ICS and mainframes. Each system is critical to our lives. Their worlds are insular, proprietary, and seemingly shut-off to everyone else. Except for when they aren’t. Extrapolate the future of security for mainframes based on the challenges and failures of SCADA ICS as it has evolved from sequestered to connected. SCADA serves as a cautionary tale for securing mainframes against acts of God, nature and man in this scenario of a Stuxnet for Mainframes.
Controlling PC on ARM using Fault InjectionRiscure
The slides from the presentation by Riscure's Niek Timmers, Albert Spruyt and Marc Whitteman. The paper describes an ARM specific fault injection attack strategy for exploiting embedded systems where externally controlled data is loaded in the program counter (PC) register of the processor.
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
ATMs (Automated Teller Machines) are usually weak spots in any organization that operates them. We would like to share with you how we hack ATMs. We will show GENERIC ways to attack ATMs. Specific attacks are kewl but we like GENERIC ones that work in the often complex ATM world. Join us to pwn some ATMs and learn from our vast experience in the trenches.
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
Protected Process Light will be Protected – MemoryRanger Fills the Gap AgainIgor Korkin
Windows OS issued a newly updated security mechanism to prevent illegal access to the memory of critical processes as well as for Digital Rights Management (DRM) requirements. It is Protected Process Light (PPL). Intruders can disable PPL to access the memory content of protected processes using a kernel driver. Also, they can illegally enable PPL for the malware apps to provide self-protection and access memory of protected processes, without disabling their PPL. PatchGuard does not check the integrity of PPL. This kind of attack is crucial for OS security and has to be prevented. This paper presents some undocumented internals of PPL during the creation of the protected process as well as accessing the protected process memory to analyze how the PPL can be tampered with. In this contribution, the hypervisor-based solution called MemoryRanger is applied to prevent such type of kernel attacks on PPL. MemoryRanger can prevent both types of attacks on PPL: disabling and enabling PPL in run time. MemoryRanger has been successfully tested on the recent Windows 10, version 20H2 Build 19042.631 x64.
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
Advanced Threats are rising in the Windows 10 environment, where sophisticated attack vectors are being used to evade threat detection tools and extract privileged data from the user. This talk presents a collection of tools and techniques developed after reverse engineering and playing with Windows interfaces, aim to evade detection system (A/V or A/C) and to escalate kernel privileges.
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...Igor Korkin
Hardware virtualization technologies play a significant role in cyber security. On the one hand these technologies enhance security levels, by designing a trusted operating system. On the other hand these technologies can be taken up into modern malware which is rather hard to detect. None of the existing methods is able to efficiently detect a hypervisor in the face of countermeasures such as time cheating, temporary self uninstalling, memory hiding etc. New hypervisor detection methods which will be described in this paper can detect a hypervisor under these countermeasures and even count several nested ones. These novel approaches rely on the new statistical analysis of time discrepancies by examination of a set of instructions, which are unconditionally intercepted by a hypervisor. Reliability was achieved through the comprehensive analysis of the collected data despite its fluctuation. These offered methods were comprehensively assessed in both Intel and AMD CPUs.
Detect Kernel-Mode Rootkits via Real Time Logging & Controlling Memory AccessIgor Korkin
The demo is here - https://www.youtube.com/watch?v=vi9TzLrO_pE
All details and source code are here - http://www.bit.ly/MemoryMonRWX
Modern malware and spyware platforms attack existing antivirus solutions and even Microsoft PatchGuard. To protect users and business systems new technologies developed by Intel and AMD CPUs may be applied. To deal with the new malware we propose monitoring and controlling access to the memory in real time using Intel VT-x with EPT. We have checked this concept by developing MemoryMonRWX, which is a bare-metal hypervisor. MemoryMonRWX is able to track and trap all types of memory access: read, write, and execute. MemoryMonRWX also has the following competitive advantages: fine-grained analysis, support of multi-core CPUs and 64-bit Windows 10. MemoryMonRWX is able to protect critical kernel memory areas even when PatchGuard has been disabled by malware. Its main innovative features are as follows: guaranteed interception of every memory access, resilience, and low performance degradation.
You say SCADA, I say … mainframes. There are some remarkable - and scary - parallels between the worlds of SCADA ICS and mainframes. Each system is critical to our lives. Their worlds are insular, proprietary, and seemingly shut-off to everyone else. Except for when they aren’t. Extrapolate the future of security for mainframes based on the challenges and failures of SCADA ICS as it has evolved from sequestered to connected. SCADA serves as a cautionary tale for securing mainframes against acts of God, nature and man in this scenario of a Stuxnet for Mainframes.
Controlling PC on ARM using Fault InjectionRiscure
The slides from the presentation by Riscure's Niek Timmers, Albert Spruyt and Marc Whitteman. The paper describes an ARM specific fault injection attack strategy for exploiting embedded systems where externally controlled data is loaded in the program counter (PC) register of the processor.
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
ATMs (Automated Teller Machines) are usually weak spots in any organization that operates them. We would like to share with you how we hack ATMs. We will show GENERIC ways to attack ATMs. Specific attacks are kewl but we like GENERIC ones that work in the often complex ATM world. Join us to pwn some ATMs and learn from our vast experience in the trenches.
Cisco forecasts that by 2020 there will be 50 billion connected devices on the planet spanning everything from entertainment and information to the industrial and medical markets. The benefits are obvious. The risks are significant with catastrophic consequences. Internet of Things (IoT) security is a broad issue with many dimensions.
Security experts from RTI, Texas Instruments, Thingworx, and Wibu-Systems describe risks and solutions for securing IoT devices.
Topics include:
• Secure software updates via integrity protection
• Data centric security for the IoT
• Protecting Internet communications in IoT devices
• Secure IoT deployments
Watch webinar recording: https://youtu.be/ra0Ii7Y2EyA
Piratng Avs to bypass exploit mitigationPriyanka Aash
"Put a low-level security researcher in front of hooking mechanisms and you get industry-wide vulnerability notifications, affecting security tools such as Anti-Virus, Anti-Exploitations and DLP, as well as non-security applications such as gaming and productivity tools. In this talk we reveal six(!) different security issues that we uncovered in various hooking engines. The vulnerabilities we found enable a threat actor to bypass the security measures of the underlying operating system. As we uncovered the vulnerabilities one-by-one we found them to impact commercial engines, such as Microsoft's Detours, open source engines such as EasyHook and proprietary engines such as those belonging to TrendMicro, Symantec, Kaspersky and about twenty others.
In this talk we'll survey the different vulnerabilities, and deep dive into a couple of those. In particular, we'll take a close look at a vulnerability appearing in the most popular commercial hooking engine of a large vendor. This vulnerability affects the most widespread productivity applications and forced the vendor to not only fix their engine, but also that their customers fix their applications prior to releasing the patch to the public. Finally, we'll demonstrate how security tools can be used as an intrusion channel for threat actors, ironically defeating security measures."
(Source: Black Hat USA 2016, Las Vegas)
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
Companies and researchers are exploring ways to make software and hardware development easier for the masses. Soon you will be able to build your own autonomous drone, create a sensor that assess the watering needs of your plants, and develop a cat tracking device with minimal coding and hardware skills.
What is the place of security and privacy in this exciting development?
Are we building the next generation of Internet security vulnerabilities right now?
In his talk Hannes Tschofenig will highlight challenges with Internet of Things, what role standardization plays, and what contributions ARM, a provider of microprocessor IP, is making to improve IoT security.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
6. Need for security in devices
Devices getting integrated into personal and
commercial networks
Consumer devices are ubiquitous
Pervasive use of Wireless communication
Portable devices communicate with changing
network conditions
Gadgets can get stolen making them physically
accessible .
6
12. Threats in a device
Theft of data ,keys and privacy
Loss of data consistency
Altering device firmware
Copy of digital content
Breaking access control
12
13. Embedded devices have different
challenges compared to their
desktop counterparts.
13
14. Design challenges
Devices are constrained on their
resources and capabilities
Defense mechanisms should not alter the
response time of their key function
Physical accessibility of devices call for
solutions different from ones applied to
traditional systems
14
15. Design challenges
Security concerns cannot be solved in a
single abstraction layer of software
Software on devices becoming complex
Quick time to market and increased cost
need simple yet robust solutions
15
17. 17
Security requirements - Example
All password and user data should be encrypted
using 128bit AES
User and device should be authenticated before
allowing streaming session
Device should use https for all transactions with the
server
XXX 128 bit encryption should be used for content
security
ATSC channels need not be protected.
18. What are the weak links intruders
looking for ?
18
19. Areas prone to attack
Logical threats aiming to modify
device firmware
Threats due to weakness in
design and implementation
Unhandled system errors
19
26. Core problems with ‘C’ language
26
Language has no consideration for
security
There are functions that can be used in
unsecure way
Dynamic memory allocation needs careful
manipulation
27. Core problems with ‘C’ language
27
Vulnerable
Function
Safe Version
strcpy() strncpy() & explicit null
termination
strcat() strncat()(destination size–1)
sprintf() snprintf()
scanf()
family
scanf() (specify the maximum)
length)
getc() /
getchar()
This function can be
vulnerable if used in a loop.
28. Unsecure program
int func( char * input)
{
char local [10];
int i=0;
while (*input !=‘0’)
{
local[i++]=*input++;
}
return 0;
}
NO “NULL” CHECK
NO “Length of input “CHECK
28
29. Secure programming
A more appropriate program would be :
int func( char * input)
{
if((*input !=NULL) && (strlen(input) <=10))
{
……
…………….
}
}
29
Return appropriately based on error
30. Reducing attack at the entry
point is as important as trying
to get the code right
30
31. Input parameter validation
Perform validation at all inputs across
modules
Assume all inputs are malicious
Reject data when in doubt
Parse the characters , commands and
escape sequences
31
35. Memory management
Always free() dynamically allocated memory
after it is not needed
Set the free pointer to NULL
Failure to release memory is problematic
on embedded devices with limited memory
Attackers can use memory
vulnerabilities to damage operation of
device 35
36. Error handling principles
Every error should be handled in a graceful
way
At lowest level (e.g. drivers) try to recover from
error
Internal errors should not be reported to users
Disable core dumps , stack trace , diagnostic
information
36
37. Safe initialization
Initialize variables and file descriptors before
using them.
Initialize and limit the use of env variables
Avoid passing data using env variables
Avoid execution of program at high privileges
37
38. Safe initialization
int vuln_fn(int a) {
unsigned int result;
if (a > 0) {
result = 256 % result;
}
return result;
}
uninitialized
variable
Potential security bugs can creep in
through uninitialized variable usage
38
39. Compiler warnings
Warnings are first level of defense against any
security flaw
Compiler warnings are effective at detecting
programming flaws
It can catch bugs which are hard to find during
testing.
Compile with the highest level of
warning set as error
39
40. Flag setting for compilers
GNU C compiler :
-Wall : enable all compiler warnings
-Werror : treat compiler warnings as errors
ARM Developer Suite C compiler:
-E+c : enable all implicit cast errors
-E+l : errors on linkage disagreements
-fv : reports unused declarations
…
Greenhills Embedded MIPS compiler:
- check=all : enable all compile time error and warning
-strict :enables strictest level of error checking
40
42. Basics of cryptography
Encryption is used to encode message only the group
communicating would understand
Encryption : move alphabets one step up
Decryption :move alphabets one step down
“ A SECRET MESSAGE” encrypted as
“ B TFDSFU NFTTBHF “
42
43. Keyed encryption algorithm
KEY value = “No of steps rotated by position of English alphabet”
Encryption : Move up the alphabet
Encrypt : “A SECRET MESSAGE”
Key : “C”
Encrypted message “ C UGETGV OGUUCHG”
Cryptographic strength is measured in the time and
resource it would require to recover the plain content
43
44. Advantages of keyed algorithm
Instead of communicating the algorithm , share
the key in secret
With varying key sizes the encryption will get
stronger (min 80 bits)
44
45. Public key cryptography
Asymmetric scheme using a pair of keys for encryption:
Public key is used to encrypt data
Private key is used for decryption
The public key is published to the world
The private and public keys are mathematically
related but difficult to break
45
46. 46
Other crypto mechanisms
Hash functions
o Validate integrity of data by sending a digest
Digital signature
o Checks authentication of origin
o Non - repudiation
RSA DSA DES MD5 SHA1
Signature Encryption Hashing
SSL
Algorithm
Mechanism
Service
47. Protect data stored in device
Encrypt private and confidential data
like password , address book, database.
Do not store data in contiguous location.
In your design identify critical and non critical
memory areas based on data stored
47
48. Securing Network transactions
• SSL is Secure socket layer ,a global standard
in transferring data
• It creates encrypted link between server and
web browser
Secure communication goals are
privacy, message integrity and
authentication 48
49. Security within the device
Architecture of a secure processor
49
Secure SoC
Secure ROM
Secure
Bootloader
ROM
(Internal)
RAM
(Internal)
Processor
External
RAM
Signed Firmware (Ext. ROM/Flash/HDD)
50. Signed Firmware binary
Secure boot loader
Boot
functionality
Sign
verification
Public
key
Signed firmware
App code + data Signature
Private
key
The Keys are generated by the device manufacturer
Firmware not signed by manufacturer will not work.
50
Key
51. Secure Boot
Secure boot loader contains critical code to configure
the hardware for limited access.
Secret keys are loaded into the internal RAM only
Secure boot loader checks the validity of firmware
code by verifying the signature
Abort loading of device firmware if signature
verification fails
51
53. Security audit
Periodic audits will uncover security loopholes
Review the code for security violation
Review the system architecture
Look for unintended firmware installations
Check network and storage security
53
54. Example audit report
Module Audit step List Action required
Kernel
List and check if all
x.ko ,
modules
modules are needed
y.ko.
Remove modules
not needed
Kernel
debug
Is kernel debug enabled ? Yes Disable debug
Installed
software
Is there any installed
default software?
Rpc ,
pop3 ,
telnet
Remove these
installed software
Field debug Check logging protocol Clear Encrypt logging
mechanism
54
55. Example audit report (Contd..)
Module Audit step List Action required
Network
Ports
Check which ports
are available for
connection using
nmap.
Remove ports not
reqd.
Stored data Check stored data Clear in file Use encryption
Media
transmission
Check security of
transmission
tiny
encryption
Weak , use
stronger encrypt
Services
Any unintended
services running?
Httpd, telnet Remove the
services.
55
57. Tools
Some of the tools which un cover security issues
Does software analysis in depth.
Profiling and debugging tool
Tool for port scanning
Scans database server application
http://www.securecoding.org/companion/tools.php
57
Your blue tooth may be on without security making it accessible to a stranger sniffing t hem in market place.
The total cost of Internet-related fraud complaints from consumers rose from $206 million in 2003 to $336 million in 2005, according to the U.S. Federal Trade Commission. Internet-related complains accounted for 46 percent of all fraud complaints to the agency.
With products ranging from security camera , medical devices , mobile , dish washer, an off the shelf software program cannot be used to protect devices. The devices have varied platforms with varying security needs. Processor limitations , memory constraints , battery life and host of other idiosyncrasies make security a non trivial thing
Another burning issue is the identity theft of web applications. According to [JAV06], the amount
lost to fraud over a one-year period for online applications (banking, shopping, etc.) is estimated at
$54.4 billion in 2005 in the U.S. alone.
Validate this data!!!
Unlike traditional systems , they have less memory/ processing power and hence cannot add sophisticated algorithms. Hence more prone to attack)
In PC , it is allowed to run virus scan, SSL checks etc in the background at the cost of foreground tasks. Mobile phones or TV need minimum latency for the primary function .
security protocols are computationally intensive, and deploying them on resource-constrained embedded systems without appreciably degrading their performance is a challenging task.
Unlike traditional systems , they have less memory/ processing power and hence cannot add sophisticated algorithms. Hence more prone to attack)
In PC , it is allowed to run virus scan, SSL checks etc in the background at the cost of foreground tasks. Mobile phones or TV need minimum latency for the primary function .
It cannot be an after thought. Product managers should define security requirements right at the beginning of product conceptualization.
Validate this data!!!
Validate this data!!!
This whole section needs review
The C programming language was engineered for speed and portability. At the time it was developed, there was no consideration given to security. As a result, many of the functions in the C language do no properly limit user input, which leads to problems like buffer overflows. There are other classes of security problems also, which can lead to logic bugs and exploitable security bugs. Examples include integer wrapping, signed/unsigned issues, type casting problems, format string bugs, and race conditions
There are some functions that have no secure replacement in the standard library and an external library may be required
What are the various problems in this piece of code
1.
Do not just validate in some modules leaving it vulnerable. When you have to choose the first priority should be to check user inputs , data transactions over network or any other source external to your module
deny access until specifically granted, not grant access until denied
1. Do not just validate in some modules leaving it vulnerable. When you have to choose the first priority should be to check user inputs , data transactions over network or any other source external to your module
Validate the JPEG marker 0xffd8
The addition of 0x103+0xFFFFFFFC = 0x1000000FF . Due to overflow , the result will be 0xFF . It would be good to check individual lengths as well.
Basic principles of memory management
Any error generated by internal components like system call fail ,database error , internal error should not be exposed.
Attackers can easily take control of the system through environment variables even remotely like using CGI scripts
This is a simple example where any one can enter un validated inputs that can lead to a system crash
This is a simple example where any one can enter un validated inputs that can lead to a system crash
1. These algorithms are easily predictable.
New algorithms have to be generated if secrecy is compromised.
fixed algorithms cannot be revealed to anyone but the intended set of recipients.
Taking a simple example to associate algorithm with key.
The algorithm may be known . The effectiveness is in keeping the Key secret and complex.
This is symmetric key cryptography.
Alice wants to buy a book from Bob's online bookstore. In order to complete the process she'll need to transmit sensitive personal information, such as her credit card number. Alice wants to make sure that the information she sends to Bob is kept confidential (privacy), and cannot be altered along the way (message integrity). She also wants to make sure that she's really sending the information to Bob and not an imposter (authentication).
Alice wants to send Bob private information, so Bob says, "Here Alice, use this public key to encrypt your message before sending it to me. When I receive your encrypted message I will use my private key to decrypt your message." It's okay for anyone to have a copy of the public key, but only Bob should have a copy of his private key
Spread data across multiple files , memory location. In case of loss of storage device , such data should not be easily retrievable
The security of the device is dependent on the secrecy of the keys
Tools will help to bring out many security issues without manual intervention
Scatter the pins , do not connect them to processor
Attacks can alter or erase the flash firmware or get access to SIM locks , IMEI etc.
4. Removing external power source will halt clock and may corrupt memory