Abstract
A common security measure is now to reduce or eliminate the presence of process memory that is both writable and executable. However, the dynamic linker needs to make changes to executable pages when binding lazy references. In multi-threaded programs this creates a window of vulnerability. Depending on the system architecture, it may also result in extra cache or TLB flushes to maintain coherency on multi-processor systems. I'll describe the implementation and use of kbind(), a machine-independent system call for secure and efficient binding of lazy references.
Speaker bio
Philip was initiated in UNIX system administration in 1992 as a student at Saint Olaf College, where he got involved in Open Source software including procmail and amd. In December 2000 he joined Sendmail Inc and worked on threaded IMAP/POP3/LMTP servers. He started using OpenBSD actively several years later but didn't join the project until July 2008 after the status of the threads implementation started to annoy him. Philip is currently a Director of Engineering at Proofpoint, Inc.
Presentation given at the KDE Seminar (University of Tsukuba) about CryptDB*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/06/24/summary-cryptdb/
The official website for CryptDB is: http://css.csail.mit.edu/cryptdb/
*Popa et al.: "CryptDB: Protecting Confidentiality with Encrypted Query Processing". SOSP 2011.
Presentation given at the KDE Seminar (University of Tsukuba) about CryptDB*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/06/24/summary-cryptdb/
The official website for CryptDB is: http://css.csail.mit.edu/cryptdb/
*Popa et al.: "CryptDB: Protecting Confidentiality with Encrypted Query Processing". SOSP 2011.
Arduino C maXbox web of things slide showMax Kleiner
RGB LED in Arduino
• Generating QR Code
• 3D Printing
• Web Video Cam
• Digi Clock with Real Time Clock
• Android SeekBar to Arduino LED Matrix
The second part is about new ideas, prototyping and new technologies that are in the lab. It’s
about research papers, and software philosophy, and about researchers worldwide.
This presentation introduces basic concepts about the Java socket abstraction. These slides introduce the following concepts:
- What is a socket
- How to implement a client program
- How to implement a server program
The presentation is took from the Java course I run in the bachelor-level informatics curriculum at the University of Padova.
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the CloudMateus S. H. Cruz
Presentation given at the SWIM seminar (University of Tsukuba) about the paper "Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/08/19/summary-privacy-preserving-multi-keyword-fuzzy-search-over-encrypted-data-in-the-cloud/
*Wang et al.: "Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud". INFOCOM 2014.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
For more classes visit
www.snaptutorial.com
Laboratory Title: Introduction to Memory Map
Submittal Date:Click here to enter a date.
Objectives:
The objective of this lab is familiarize ourselves with different factor for memory such as memory decoding
Laboratory Title: Introduction to Memory Map
Submittal Date:Click here to enter a date.
Objectives:
The objective of this lab is familiarize ourselves with different factor for memory such as memory decoding and memory mapping
Give two differences between EEPROM and Flash memory.
Ecet 330 Enthusiastic Study / snaptutorial.comStephenson033
Laboratory Title: Introduction to Memory Map
Submittal Date:Click here to enter a date.
Objectives:
The objective of this lab is familiarize ourselves with different factor for memory such as memory decoding and memory mapping
Give two differences between EEPROM and Flash memory.
Arduino C maXbox web of things slide showMax Kleiner
RGB LED in Arduino
• Generating QR Code
• 3D Printing
• Web Video Cam
• Digi Clock with Real Time Clock
• Android SeekBar to Arduino LED Matrix
The second part is about new ideas, prototyping and new technologies that are in the lab. It’s
about research papers, and software philosophy, and about researchers worldwide.
This presentation introduces basic concepts about the Java socket abstraction. These slides introduce the following concepts:
- What is a socket
- How to implement a client program
- How to implement a server program
The presentation is took from the Java course I run in the bachelor-level informatics curriculum at the University of Padova.
Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the CloudMateus S. H. Cruz
Presentation given at the SWIM seminar (University of Tsukuba) about the paper "Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud"*.
This presentation is based on the uploader's understanding of the paper and may contain inaccurate interpretations.
A summary of the paper is available at: https://mshcruz.wordpress.com/2016/08/19/summary-privacy-preserving-multi-keyword-fuzzy-search-over-encrypted-data-in-the-cloud/
*Wang et al.: "Privacy-Preserving Multi-Keyword Fuzzy Search over Encrypted Data in the Cloud". INFOCOM 2014.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
For more classes visit
www.snaptutorial.com
Laboratory Title: Introduction to Memory Map
Submittal Date:Click here to enter a date.
Objectives:
The objective of this lab is familiarize ourselves with different factor for memory such as memory decoding
Laboratory Title: Introduction to Memory Map
Submittal Date:Click here to enter a date.
Objectives:
The objective of this lab is familiarize ourselves with different factor for memory such as memory decoding and memory mapping
Give two differences between EEPROM and Flash memory.
Ecet 330 Enthusiastic Study / snaptutorial.comStephenson033
Laboratory Title: Introduction to Memory Map
Submittal Date:Click here to enter a date.
Objectives:
The objective of this lab is familiarize ourselves with different factor for memory such as memory decoding and memory mapping
Give two differences between EEPROM and Flash memory.
The main body of work related to supporting dynamic languages on the JVM at Oracle today is done within the Nashorn project. While on the surface it looks like we're busy creating a JavaScript runtime, in reality JavaScript is only the beginning, and not the ultimate goal. Nashorn has served as the proving ground for new approaches for implementing a dynamic language on top of the JVM, and we're eager to – once solidified – crystallize these into a reusable dynamic language implementer's toolkit. We have faced challenges of optimally mapping JavaScript local variables to JVM types (or: "hey, there's a static type inference algorithm in your dynamic language compiler"), doing liveness analysis, cutting up methods too large to fit into a single JVM method, efficiently representing large array and object literals in compiled code, creating a system for on-demand compilation of several type-specialized variants of the same function, and more. Along the way, we have reached the limits of our initial internal representation (fun fact: you can't do liveness analysis on an AST. We learned it the hard way.) and started sketching up an intermediate representation that would be easy to emit from a dynamic language compiler, and that could be taken over by a toolchain to perform the operations described above then on it and finally output standard Java bytecode for JIT to take over. Elevator pitch: like LLVM, but for dynamic languages on the JVM.
The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019corehard_by
C++ is known for things such as performance, expressiveness, the lack of a standard build system and package management, complexity and long compile times. The inability to iterate quickly is one of the biggest killers of productivity. This talk is aimed at anyone interested in improving the last of these points - it will provide insights into why compilation (and linking) take so long for C++ and will then provide an exhaustive list of techniques and tools to mitigate the problem, such as: - tooling and infrastructure - hardware, build systems, caching, distributed builds, diagnostics of bottlenecks, code hygiene - techniques - unity builds, precompiled headers, linking (static vs shared libraries) - source code modification - the PIMPL idiom, better template use, annotations - modules - what they are, when they are coming to C++ and what becomes obsolete because of them
Kernel load-balancing for Docker containers using IPVSDocker, Inc.
Many companies use expensive proprietary hardware and software to provide load-balancing and routing for their users and services. I'm going to demonstrate how the same or even exceeding performance and feature set can be achieved using an open-source technology which has been a part of the mainline Linux kernel for over a decade – IPVS. Specifically, you'll see how IPVS can be used to automatically configure load balancing and routing for Docker containers using a simple Go daemon and a Docker plugin.
MS-SIP Library enables application developers to integrate Microsoft Lync presence, instant messaging, voice, video, and web conferencing into endpoints, servers, gateways, and services.
Similar to secure lazy binding, and the 64bit time_t development process by Philip Guenther (20)
Porting the drm/kms graphic drivers to DragonFlyBSD by Francois Tigeoteurobsdcon
Abstract
Francois Tigeot has been trying to make DragonFly more useful by improving its performance, making it able to use some common technologies such as PAM/NSS and porting various pieces of software.
One of these pieces of software was the new kms infrastructure and its associated drm/i915 driver.
The talk about how it has been ported from FreeBSD, the difficulties with making it first run on DragonFly and its evolution from there.
Speaker bio
François Tigeot is an Independent consultant, sysadmin, XFree86/Xorg user since 1996, BSD user since 1999 and DragonFly developer since 2011
University of Oslo's TSD service - storing sensitive & restricted data by D...eurobsdcon
Abstract
Researchers in many scientific fields routinely work with sensitive or restricted data such as patient records, human genetic sequences, or interviews with dissidents in oppressive regimes. Keeping this data secure while retaining the ability to process and analyse it is a non-trivial problem. The University of Oslo's TSD service is a "walled garden" environment for storing and processing this type of data. We present the architecture of TSD and describe how FreeBSD is used to control the interface between TSD and the world.
Speaker bio
Dag-Erling Smørgrav is a senior engineer at the University of Oslo, one of the developers of the TSD service and a member of the University's CERT and information security team. He has been a FreeBSD committer since 1998 and is currently serving as FreeBSD's Security Officer. He is also the author of OpenPAM.
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbelleurobsdcon
Abstract
Programs that talk over the internet today require unpredictable secrets to thwart passive eavesdroppers and active men-in-the-middle.
Unix folklore teaches that programs must acquire these secrets from a beast called `entropy' in the pantheon of information theory, who lives in /dev/random, and that in neighbouring /dev/urandom lives only a false idol. The truth, however, is not so mystical.
I will discuss what /dev/random and /dev/urandom actually mean, what applications actually need, and how they should attain it. I will also discuss the implementation of /dev/u?random in NetBSD and the kernel's cryptographic pseudorandom number generation API.
Speaker bio
Taylor `Riastradh' Campbell is not a cryptographer, but has spent enough time scrutinizing crypto in the software he relies on to notice when it's done wrong. In 2011, Taylor found what may be Colin Percival's most embarrassing bug when he noticed the two missing characters `++' to increment the AES-CTR nonce in Tarsnap leading to reused -- and thereby decidedly predictable -- key streams. Taylor became afflicted with a NetBSD commit bit later in 2011 for unrelated reasons, and has since participated in rototilling the NetBSD kernel entropy subsystem.
The LLDB Debugger in FreeBSD by Ed Masteeurobsdcon
Abstract
LLDB is a modern, high-performance debugger in the LLVM family of projects, and is built as a modular and reusable set of components on top of the Clang/LLVM foundation. It was originally developed for Mac OS X, but now supports FreeBSD and Linux as well, with ongoing work for Windows support.
This presentation will provide an overview of the design of LLDB, compare it with the existing GNU debugger in the FreeBSD base system, and present the path to importing LLDB as FreeBSD's debugger.
Speaker bio
Ed Maste manages project development for the FreeBSD Foundation and works in an engineering support role with Robert Watson's research group at the University of Cambridge Computer Laboratory. He has been a FreeBSD committer since 2005.
Porting Valgrind to NetBSD and OpenBSD by Masao Uebayashieurobsdcon
Abstract
Valgrind is a proven opensource instrumentation framework Mainly known by its memory profiler
Valgrind executes applications in virtual CPU and memory dynamically disassembling target code into intermediate representation (IR) and converting into native code (JIT). This Dynamic Binary Instrumentation (DBI) is useful for users in that no recompilation of target is needed. However, implementing that idea is difficult and code becomes complex. My talk will examine Valgrind's internal especially around platform dependent code, like system call wrapper, memory management, and signal handling. We also mention things that are needed to port Valgrind to a new platform/cpu, for example, how to debug and test Valgrind itself, and source code structure, etc.
Speaker bio
Masao Uebayashi is a the founder of Tombi Inc., a small company based in Yokohama, Japan, where he concentrates on *BSD only development consultation. In the past he worked for Brains Corp., who first ported NetBSD to Renesas SuperH platform, and later IIJ, where he brought up NetBSD on OCTEON MIPS64 processor. After having done PowerPC, SuperH, MIPS, and ARM in the last 15 years, he has finally started learning x86.
Multiplatform JIT Code Generator for NetBSD by Alexander Nasonoveurobsdcon
Abstract
The next release of NetBSD will have a support for Just-In-Time (JIT) compilation of bpf programs in the kernel; this change will greatly speed-up traffic sniffing on multiple platforms. Unlike similar interface in other operating systems, bpfjit uses a unified programming interface for code generation which is based on Stack Less JIT Compiler library (SLJIT) and which supports x86, mips, arm, sparc and some other platforms.
The speaker will give an overview of SLJIT API and discuss some implementation details of the bpfjit code with emphasis on supported optimizations of bpf programs by JIT engine. He will also touch on unit testing of dynamically generated code running inside the kernel and on other areas in the NetBSD project where bpfjit can help in boosting performance."
Speaker bio
Alex is a software developer working in the financial sector in the City of London. He often amuses fellow tube passengers with C or Lua coding in NetBSD console and sometimes even with the green kernel debugger prompt.
OpenStack and OpenContrail for FreeBSD platform by Michał Dubieleurobsdcon
Abstract
OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.
It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version.
Speaker bio
Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in Kraków, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing.
Porting NetBSD to the LatticeMico32 open source CPU by Yann Sionneaueurobsdcon
Abstract
I will describe the work I did on the open source LatticeMico32 softcore CPU to add a MMU to its pipeline and then how I added support for this enhanced LM32 CPU in the NetBSD <http: /> 6 kernel.
I will quickly explain what a MMU is and how it works in LM32. I will then show an overview of the steps I followed to add support for this new CPU and this new System-on-Chip to the NetBSD kernel. Afterward I will explain some of the choices made for this port, especially those in relation with the MMU handling : the (machine-dependant) virtual memory system (aka pmap).
I will demo the boot of the NetBSD kernel on QEMU emulating LM32 CPU and then on the Milkymist One VJ Station.
Speaker bio
Yann Sionneau is a 26 year-old French embedded software engineer passionate about learning how embedded systems work in general.
Yann is part of the M-Labs <http: /> (fka Milkymist) community that is working on developing open source digital designs on FPGAs as well as making it more and more easy to do so by providing a simple but yet powerful framework for System-on-Chip design.
Yann contributed the original RTEMS Board Support Package of the Milkymist One video synthesizer, a Memory Management Unit (MMU) for the Open Source soft-core CPU LatticeMico32, and ported NetBSD kernel for the LM32 CPU and the Milkymist System-on-Chip. Yann recently became an EdgeBSD developer and his work on LM32 support is currently upstream in an EdgeBSD branch.
Smartcom's control plane software, a customized version of FreeBSD by Boris A...eurobsdcon
Abstract
Smartcom Bulgaria’s switching family consists of Ethernet switches targeted at offering access and aggregation layer L2 and L3 switching solutions for FTTX deployments that satisfy today’s requirements for delivering TriplePlay services with appropriate levels of QoS and security.
The family offers fixed configuration (for the access layer), as well as modular configuration (for the aggregation layer) devices with up to 24x1GE + 4x10GE Ethernet ports.
The switches run Smartcom's control plane software, a customized version of FreeBSD. The control plane software is modular, ensuring that, even in case of software problems, the switch will continue to operate with minimal or no service disruption.
Abstract
Application sandboxes allow developers to take an unusual stance: not that our systems will be bug-free, and that bugs should be considered the corner-case; but that in fact there will be bugs, bugs as the rule, bugs that will be exploited in the messiest, ugliest way.
(I won't mention current events. But we'll know what they are...)
For this talk, I propose speaking about the design of a CGI framework that assumes exactly that: that its network-touching components will be exploited.
After all, CGI frameworks have a celestially vast attack surface: URL query strings; cookies and HTTP headers; and beneath and beyond it all, form parsing. Combine these attack vectors with validation--at best validation of simple types, and then more terrifyingly (and normally) via external libraries such as libpng.
In reviewing CGI frameworks in C for some recent work, I noticed less a lack of security focus than a parade committee for exploits. Even given my own small demands for CGI security, I was led to asked myself: can I do better than this?
The topic would necessarily focus on available sandbox techniques (e.g., systrace, Capsicum) and their practical pros and cons (portability, ease of implementation, documentation, etc.). After all, if we make mistakes in deploying our sandbox, it's just more ticker-tape for the parade.
The CGI framework in question, kcgi, is one I use for my own small purposes. Obviously it's ISC-licensed, well-documented C code, and will be mentioned as little as possible beyond as an exemplar of how easy (or hard!) it can be to write portable sandboxes. In short, this isn't about kcgi, but about systrace, Capsicum, Darwin's sandbox, and so on.
Speaker bio
Most of my open-source work focusses on UNIX documentation, e.g., the mandoc suite (now captained by schwarze@) and its constellation of related tools, such as pod2mdoc, docbook2mdoc, etc. Earlier work focussed more on security, from the experimental mult kernel container on OpenBSD and NetBSD to sysjail. In general, I dislike computers and enjoy the sea.
Cross Building the FreeBSD ports tree by Baptiste Daroussineurobsdcon
Abstract
Building packages is a resource consuming task and can take very long on embedded devices or low power architectures. Being able to use the power of amd64 servers to build packages for arm or mips allows to make this task faster and less tedious.
This talk will cover the following topic:
State of art to build arm/mips packages on FreeBSD from a powerful amd64 box
How to create a cross building environement
How the ports tree does automatically handle cross building
How dependencies are handled when cross building packages
How to workaround non cross buildable or broken build system like perl and python
Cross build monster ports: chromium, libreoffice, openjdk and firefox
What are the current limitation
Future directions for the cross building framework in the ports tree.
Speaker bio
Baptiste Daroussin is a unix system engineer, FreeBSD committer for both base and ports, a member of the port management team.
He is responsible for a couple of the important changes that happened in the ports over the past few years: New options framework, pkgng, Stage support and more.
Building packages through emulation by Sean Brunoeurobsdcon
Abstract
Explanation and use of QEMU user mode on FreeBSD in tandem with binmiscctl tools to create and manipulate arbitrary hardware architecture jails on AMD64/i386. Detailed setup of tools and use for creating and maintaining ports packages, initial prototype of disk images and testing of concepts on architectures without having real hardware in play.
Examples of MIPS and ARM execution for the crowd and demonstration of setup and configuration on AMD64 hardware. Display use of poudriere to build PKG style repos for these architectures.
Simple how with regards to rapid prototyping of compressed flash images to assist in the propagation of FreeBSD on other platforms.
Speaker bio
Sean Bruno is FreeBSD src committer, ports maintainer and member of the cluster administration team. He is the lead mirror manager interacting with external organizations in the installation of new style PKG and SVN mirrors around the world.
Living in the San Francisco, CA, USA area, with his family, Sean is a FreeBSD developer working on several projects for various employers. Sean enjoys spinning records and has a shoutcast show on Radio KoL twice a week.
Making OpenBSD Useful on the Octeon Network Gear by Paul Iroftieurobsdcon
Abstract
My work on the Octeon port made possible for OpenBSD to run on the D-Link DSR line of mid-range routers and also improved all supported models through the drivers I wrote. I'm continuing my work on improving the OpenBSD experience on the Octeon products by enhancing network support (including advanced switch support among other things) and adding disk support via USB and CFI. This presentation summarizes the developments I brought and the obstacles I faced.
Speaker bio
Paul is an OpenBSD developer since 2008, involved in ACPI, suspend and resume, power management, mips64, porting and currently with a keen interest in the Loongson and Octeon platforms. Currently he's a freelancer and also studying for his PhD in Parallel Algorithms for Signal Processing. In the past he worked for a telephony company developing VoIP, Voicemail and related software and after that as an antivirus engine developer and reverse engineer. In his spare time he enjoys a good game of Go, running or hiking.
A Reimplementation of NetBSD Based on a Microkernel by Andrew S. Tanenbaumeurobsdcon
Abstract
The MINIX 3 microkernel has been used as a base to reimplement NetBSD. To application programs, MINIX 3 looks like NetBSD, with the NetBSD headers, libraries, package manager, etc. Thousands of NetBSD packages run on it on the x86 and ARM Cortex V8 (BeagleBones). Inside, however, it is a completely different architecture, with a tiny microkernel and independent servers for memory management, the file system, and each device driver. This architecture has many valuable properties which will be described in the talk, including better security and the ability to recover from many component crashes without running applications even noticing. Updating to a new version of the operating system while it is running and without a reboot is on the roadmap for the future.
Using routing domains / routing tables in a production network by Peter Hesslereurobsdcon
Abstract
OpenBSD has supported routing domains (aka VRF-lite) since 4.6, released in 2009. In 2014, OpenBSD 5.5 gained support for IPv6 routing domains.
At it's most basic, routing domains are simply multiple routing tables. While seeming like a simple task, there are many gotcha's involved in using routing domains in a production network. This talk will give a brief history, as well as some scenarios for why and how you would use routing domains while describing several of the issues that came up during the initial deployments.
Speaker bio
Peter Hessler is 33 and has been a developer with the OpenBSD project since 2008.
Originally from San Francisco he has an interest in how things work. An OpenBSD user since 2000, he moved to Germany in 2008 and then to Switzerland in 2013. In his spare time, Peter enjoys drinking beer and bad puns.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
secure lazy binding, and the 64bit time_t development process by Philip Guenther
1. Table of Contents
1. Secure (and hopefully efficient) Lazy Binding
2. Plan
3. Lazy Binding
4. Goal
5. Dynamic Linking
6. Relocations
7. Position Independent Code
8. amd64 Details
9. amd64 Example
10. Lazy binding
11. Lazy binding, revised
12. Lazy binding, revised again
13. Lazy binding (threaded)
14. Lazy binding (trace)
15. mprotect() costs
16. Solution: kbind
17. ld.so: before and after
18. kbind implementation: amd64
19. Again, With More Feeling: sparc64
20. sparc64 Initial PLT
21. sparc64 PLT Update Example
24. sparc64: kbind again
25. kbind implementation: sparc64
26. How Good Is It
27. Security
28. Locking it down: ideas
29. Locking it down: locked down PC
30. Locking it down: per-process cookie
31. Locking it down: per-thread cookie
32. Locking it down: pass old data too
33. Locking it down: marked mappings
34. Locking it down: permanent mappings
35. Status
36. What else should we do?
37. Questions? Thank you!