DOCSLIB.ORG

Cross-Network Security for Interactive Multimedia Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cross-Network Security for Interactive Multimedia Applications CrossCross--NetworkNetwork SecuritySecurity forfor InteractiveInteractive MultimediaMultimedia ApplicationsApplications ---- aa stepstep forwardforward lookinglooking For IEEE CIT’2010 Weijia Jia (賈維嘉) Dept. of Computer Science Director, Future Networking Centre City University of Hong Kong [email protected] www.cs.cityu.edu.hk/~wjia Agenda • Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions Weijia JIA CIT2010, CityU (賈維嘉) 2 Why Cross-Networking? Laptop with 3G Data Card 3G, 4G WiFi /HSPA WLAN Networks WMAN Internet Multimedia/Service Databases/Webs Weijia JIA CIT2010, CityU (賈維嘉) 3 Cross-Networking Weijia JIA CIT2010, CityU (賈維嘉) 4 4 Background: Related work & publications Security: – ICDCS 08 (WLAN Security) – CCS09: Cell Counter Attack Against Tor – WiSec09: Stealthy Video Capturer – INFOCOM09: Flow Watermarks – NAS10: Localization – TPDS 10 –1: Null Data Frame in 802.11 – TPDS 10 –2: DDOS attacks System & Mobility: – INFOCOM 09: Handoff in AP-dense 802.11 – TWC09; TVT09 – MobiHoc 10: HSPA Mobility – US Patent No. 12/101,048, 2008 (Several patents filed in China) Optimal 2D/3D BS/AP/Sensor Deployment – INFOCOM 08, 09, 10 – MobiHoc 08, 09 – TMC 10 – JSAC 10 – ToN 10 Weijia JIA CIT2010, CityU (賈維嘉) 5 5 Background–Triggers of this talk System R&D Application Development Demos … Micro Gateways 1st & 2nd R&D R&D+Apps: Generations IoT-Gateways – on going 3rd Generation: Cross-Networking & R&D+Apps: Security Mobile Cloud Computing 4th Generation: OS--Android Solution R&D+Apps: Smartphone Security U-Box/ WebLab WiSec09 Tor Network-CCS09 R&D+Apps: Mesh- DragonNet Localization-NAS10 HSPA-MobiHoc10 Weijia JIA CIT2010, CityU (賈維嘉) 6 Agenda • Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions Weijia JIA CIT2010, CityU (賈維嘉) 7 Cross Network System & Services (CNS) • CNS is not a simple combination of separate network protocols. • Transmission of data and control messages and protocol in each of CNS components, involving transcoding & trans-protocols between signaling and media/data in various devices. • What have we developed CNS… Weijia JIA CIT2010, CityU (賈維嘉) 8 8 CNS-Vulnerability • Security gaps are largely unexplored. • Protocol translation and media trans-coding may introduce serious loopholes. • Traditional attacks will bring more serious damage and complexity. • Existing countermeasures may not work. Weijia JIA CIT2010, CityU (賈維嘉) 9 9 Malicious Codec Change (MCC) Attack • SDP vs. 3G-324M control protocol H.245 – A malicious SDP with frequent RE-INVITE to change the codec slow down or DoS on H.245 Multimedia communication Re‐invite Change message codec Re‐invite ChangeChange message codec SDP 3G‐324M H.245 Attacker Weijia JIA CIT2010, CityU (賈維嘉) 10 Malicious-Formatted Flooding (MFF) Attack Lacking of support of media trans-coding from Internet to 3G network, e.g. , H. 264 not supported Malicious-formatted packets pass to 3G codec and be dropped out codec failed functioning. Flood malicious formatted packets Malicious …… 3G × 3G Codec Attacker H.264 not supported Weijia JIA CIT2010, CityU (賈維嘉) 11 Denial of Service Attack • Cross-Net DoS differs from traditional DoS • Many calls to attack to 3G signaling port (SP) from Internet -- Escape from Internet IDS and prevail 3G networks. DoS Attack Internet Operator Gateway Attacker Weijia JIA CIT2010, CityU (賈維嘉) 12 Malicious Code Injection and Traverse (MCIT) attack • Attacker injects malicious code into wireless devices – Such malicious code can propagate to wired networks – Depends on mobility of the victim, the attack will result in large scale security compromises. AP Malicious Internet Code jamming Malicious code propagate ! Weijia JIA CIT2010, CityU (賈維嘉) 13 Identified Threatens • What do “CNS Threatens” indicate? – Newly identified Attacks (NA), unique in the cross-networking & platform; – Cross Net Attacks (CNA), which are conducted in the cross platform mode; – Traditional Attacks (TA) occur in cross platform/network applications, happen to traditional platforms. Weijia JIA CIT2010, CityU (賈維嘉) 14 14 Agenda • Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions Weijia JIA CIT2010, CityU (賈維嘉) 15 Vulnerability analysis Eavesdropping Weak node – wireless air interface Hijacking/Man-in-the-middle Fake registration … Denial of Service (DoS) TCP SYN flooding SIP INVITE flooding Passive/Active traffic analysis Transcoding/protocol attacks Weijia JIA CIT2010, CityU (賈維嘉) 16 16 Typical Cases • SIP IM – Junk SIP Instant messages • Video – Video injection • Web services – TCP SYN flooding (port 80) • Stream services – TCP SYN flooding (port 443) • VoIP services – SIP INVITE flooding (port 5060) – Teardown (Fake Bye) Weijia JIA CIT2010, CityU (賈維嘉) 17 17 Sniff & Insert Attacks Video/Packet/VoIP sniffing and insert: – broadcast media (shared Ethernet, wireless etc) – Malicious read/record/insert all video/VoIP packets (e.g., including passwords!) passing by (focusing on wireless attack) A C src:B dest:A payload B Weijia JIA CIT2010, CityU (賈維嘉) 18 App Scenarios: Video Surveillance The Hacker: 1. cheats video-cam by telling that he is the surveillance server. 2. Video-cam sends the video to it. 3. records static scenario 4. cheats the server by telling the server that he is the video- cam. 5. Hacker sends recorded video to Weijia JIA CIT2010, CityU (賈維嘉) 19 server. 19 Web Alice is using BaiDu to search some information on 11 Hacker observed nothingthat withAlice hisis using hack BaiDutool. to search some information on 11 with his hack tool. Weijia JIA CIT2010, CityU (賈維嘉) 20 IM --Junk SIP Instant Messages 1.Alice is chatting with Bob who 2. Hacker injects junk messages Weijia JIA CIT2010, CityU (賈維嘉) 21 21 Agenda • Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions Weijia JIA CIT2010, CityU (賈維嘉) 22 Solutions: Reinforcement Software Packages/cells Cross-networking security (Internt-3G-WiFi- WiMAX)-- hardware/software co-design • Video Surveillance • VoIP services • Instant Messaging (IM) and • (1) SIP/SDP-H.245. • (2) RTP/UDP-H.223. • (3) Transcoding H.711 to ARM and video of H.263 and H.264 and SIP servers. Weijia JIA CIT2010, CityU (賈維嘉) 23 Reinforcement -- SIP • SIP Server – OpenSER • PC version – H.263/AMR • Smartphone version – H.263/G.711 • SIP-based 3G Gateway – H.263/AMR/G.711 Weijia JIA CIT2010, CityU (賈維嘉) 24 Reinforcement -- OS • IPSec Server (Linux) • IPSec Client (Windows/BREW/Android) • V2oIP Sniffer (Windows) • Mobile Security Measurement (Android) • Integrated Secure Micro Gateway/BS for Video Surveillance/VoIP. Weijia JIA CIT2010, CityU (賈維嘉) 25 Agenda • Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions Weijia JIA CIT2010, CityU (賈維嘉) 26 Next Generation Ubiquitous Embedded Systems (ES) • ES = Computer system designed to perform one or a few dedicated functions (real-time constraints) • Embedded as part of a complete device, including hardware and mechanical parts. Weijia JIA CIT2010, CityU (賈維嘉) 27 ES Characteristics • Designed to do specific task. • Not standalone devices. • Programs written for are firmware, stored in read-only/flash memory chips. • Limited hardware resources: little memory, small/non-existent keyboard or screen. Weijia JIA CIT2010, CityU (賈維嘉) 28 How to make the ES work? Technology Advancement on R&D of • DSP • Microprocessor • Electronic/remote/Au • Microcontroller to Control Unit Programming • Embedded Hypervisor languages • Network communications • Real-time operating • Embedded operating system systems • Software engineering • Embedded software • System on a chip • Firmware • • Information appliance System on module Weijia JIA CIT2010, CityU (賈維嘉) 29 Technology convergence • Secure-Networked ES: – Communication gateway/node/servers • Open, standards-based computing systems, carrier-grade common platform, • Wide range /heterogeneous of communication interfaces, • Multimedia communications – Electronic/Remote/Auto Control Unit: Wired/Wireless control on • E-healthy: Man Machine Interface, On-Board Diagnostics … • Body Security; Body Control controls door locks, e-windows, courtesy- lights, etc. • Key Issues: Way of ES link to heterogeneous wired/wireless cross-networks • Network Convergence with Security Weijia JIA CIT2010, CityU (賈維嘉) 30 Technology convergence • Embedded and mobile OS • Embedded Linux: • Access Linux Platform • Android • Bada, Openmoko Linux, OPhone, Maemo • Mobilinux, MotoMagx, Qt Extended • LiMo Platform, webOS and … (many others) • Key Issues: – Kernel Reuse: Compatibility & integration of diverse OS vs. ES and security. – Difficulties: How to provide Functions that an ES OS (say Android SDKs) do not support OS Convergence & Security Weijia JIA CIT2010, CityU (賈維嘉) 31 Technology convergence • Interconnected ES: – Communications gateway/node/servers • C/S; Ad-hoc; Mesh; Grid; Group; P2P … ; Add-value at many levels of the system architecture. – Cyber-physical system (CPS) • tight combination/coordination of system & physical elements apps: aerospace, automotive, chemical, civil, energy, healthcare, manufacturing, transportation, entertainment, and consumer appliances. • Key Issues: – Scalability; Self-configuration & security (we have discussed extensively) – Energy saving/harvesting – Weijia JIA
Load more

Recommended publications
  • Incubating the Next Generation of Offshore Outsourcing Entrepreneurs
    Mobile Phone Programming Introduction Dr. Christelle Scharff Pace University, USA http://atlantis.seidenberg.pace.edu/wiki/mobile2008 Objectives Getting an overall view of the mobile phone market, its possibilities and weaknesses Providing an overview of the J2ME architecture and define the buzzwords that accompanies it Why mobile phones? Nowadays mobile phones outnumber desktop computers for Internet connections in the developer world A convenient and simpler alternative to the desktop/laptop for all (developed and developing countries) Mobile phones are computers! Some numbers and important facts: • Target of 10 million iphones sales by the end of 2008 (just one year after being launched) • Google phone to be launched in 2008 • 70% of the world’s mobile subscriptions are in developing countries, NY Times April 13, 2008 Global Handset Sales by Device Type http://linuxdevices.com/files/misc/StrategyAnalytics- mobilephone-segments.jpg Devices A wide variety of devices by the main vendors: • E.g, Nokia, Motoral, Sony Ericson A wide variety of operating systems • E.g., Blackberry, Palm OS, Windows CE/Mobile, Symbian, motomagx, linux A wide variety of development environments • E.g., Java ME, Qualcomm’s BREW, Google’ Android, Google App Engine (GAE) for mobile web applications, JavaFX Programming languages: • Java, Python, Flast-lith, Objective C Operating Systems http://mobiledevices.kom.aau.dk Mobile Web Access to wireless data services using a mobile device cHTML (Compact HTML) is a subset of HTML that excludes JPEG images,
    [Show full text]
  • A Taxonomy and Business Analysis for Mobile Web Applications
    A Taxonomy and Business Analysis for Mobile Web Applications Kevin Hao Liu Working Paper CISL# 2009-01 January 2009 Composite Information Systems Laboratory (CISL) Sloan School of Management, Room E53-320 Massachusetts Institute of Technology Cambridge, MA 02142 A Taxonomy and Business Analysis for Mobile Web Applications By Kevin Hao Liu Ph.D. Computer Science Victoria University Submitted to the System Design and Management Program in Partial Fulfillment of the Requirements for the Degree of Master of Science in Management and Engineering At the Massachusetts Institute of Technology February 2009 © 2009 Kevin H Liu. All rights reserved The author hereby grants to MIT permission to reproduce and to distribute publicly paper and electronic copies of this thesis document in whole or in part in any medium now known or hereafter created. Signature of Author Kevin H Liu System Design and Management Program February 2009 Certified by Stuart E Madnick John Norris Maguire Professor of Information Technology Sloan School of Management Professor of Engineering Systems School of Engineering Massachusetts Institute of Technology Thesis Supervisor Certified by Patrick Hale Director System Design & Management Program Massachusetts Institute of Technology A Taxonomy and Business Analysis for Mobile Web Applications By Kevin Hao Liu Submitted to the System Design and Management Program in February 2009 in Partial Fulfillment of the Requirements for the Degree of Master of Science in Management and Engineering ABSTRACT Mobile web applications refer to web applications on mobile devices, aimed at personalizing, integrating, and discovering mobile contents in user contexts. This thesis presents a comprehensive study of mobile web applications by proposing a new taxonomy for mobile web applications, and conducting a business analysis in the field of mobile web applications.
    [Show full text]
  • Mobile Linux Mojo the XYZ of Mobile Tlas PDQ!
    Mobile Linux Mojo The XYZ of Mobile TLAs PDQ! Bill Weinberg January 29, 2009 Copyright © 2009 Bill Weinberg, LinuxPundit,com Alphabet Soup . Too many TLAs – Non-profits – Commercial Entities – Tool Kits – Standards . ORG Typology – Standards Bodies – Implementation Consortia – Hybrids MIPS and Open Source Copyright © 2008 Bill Weinberg, LinuxPundit,com Page: 2 The Big Four . Ahem, Now Three . OHA - Open Handset Alliance – Founded by Google, together with Sprint, TIM, Motorola, et al. – Performs/support development of Android platform . LiMo Foundation – Orig. Motorola, NEC, NTT, Panasonic, Samsung, Vodaphone – Goal of created shared, open middleware mobile OS . LiPS - Linux Phone Standards Forum – Founded by France Telecom/Orange, ACCESS et al. – Worked to create standards for Linux-based telephony m/w – Merged with LiMo Foundation in June 2008 . Moblin - Mobile Linux – Founded by Intel, (initially) targeting Intel Atom CPUs – Platform / distribution to support MIDs, Nettops, UMPC MIPS and Open Source Copyright © 2008 Bill Weinberg, LinuxPundit,com Page: 3 LiMo and Android . Android is a complete mobile stack LiMo is a platform for enabling that includes applications applications and services Android, as Free Software, should LiMo membership represents appeal to Tier II/III OEMs and Tier I OEMs, ISVs and operators ODMs, who lack resources LiMo aims to leave Android strives to be “room for differentiation” a stylish phone stack LiMo presents Linux-native APIs Android is based on Dalvik, a Java work-alike The LiMo SDK has/will have compliance test suites OHA has a “non Fragmentation” pledge MIPS and Open Source Copyright © 2008 Bill Weinberg, LinuxPundit,com Page: 4 And a whole lot more .
    [Show full text]
  • 1 Sistem Operasi
    Sistem operasi - operating system - OS adalah seperangkat program yang mengelola sumber daya perangkat keras komputer, dan menyediakan layanan umum untuk aplikasi perangkat lunak. Sistem operasi adalah jenis yang paling penting dari perangkat lunak sistem dalam sistem komputer. Tanpa sistem operasi, pengguna tidak dapat menjalankan program aplikasi pada komputer mereka, kecuali program aplikasi boot diri. Waktu-berbagi jadwal tugas sistem operasi untuk penggunaan yang efisien dari sistem dan juga dapat mencakup akuntansi untuk alokasi biaya waktu prosesor, penyimpanan massa, cetak, dan sumber daya lainnya. Untuk fungsi-fungsi perangkat keras seperti sebagai masukan dan keluaran dan alokasi memori, sistem operasi bertindak sebagai perantara antara program aplikasi dan perangkat keras komputer, meskipun kode aplikasi biasanya dieksekusi langsung oleh perangkat keras dan seringkali akan menghubungi OS atau terputus oleh itu. Sistem operasi yang ditemukan pada hampir semua perangkat yang berisi komputer-dari ponsel dan konsol permainan video untuk superkomputer dan server web. Contoh populer sistem operasi modern termasuk Linux, Android, iOS, Mac OS X, dan Microsoft Windows. Pendahuluan Biasanya, istilah Sistem Operasi sering ditujukan kepada semua perangkat lunak yang masuk dalam satu paket dengan sistem komputer sebelum aplikasi-aplikasi perangkat lunak terinstal. Sistem operasi adalah perangkat lunak sistem yang bertugas untuk melakukan kontrol dan manajemen perangkat keras serta operasi-operasi dasar sistem, termasuk menjalankan perangkat lunak aplikasi seperti program-program pengolah kata dan peramban web. Secara umum, Sistem Operasi adalah perangkat lunak pada lapisan pertama yang ditempatkan pada memori komputer pada saat komputer dinyalakan. Sedangkan software-software lainnya dijalankan setelah Sistem Operasi berjalan, dan Sistem Operasi akan melakukan layanan inti umum untuk software-software itu.
    [Show full text]
  • The Software Engineering of Mobile Application Development
    The Software Engineering of Mobile Application Development Dr. Christelle Scharff Pace University, NY, USA Thanks: NCIIA IBM Agenda Audience Mobiles Java ME Context Android Java ME Designing Coding Process Testing Process Audience Who are the attendees? Context A Unique Medium – More than a Computer Ubiquity Everywhere and always with you Accessibility Always on Everything can be accessed from a mobile phone (e.g., Web, music, radio, photos and videos) Connectivity Staying connected to a social circle at all times A Unique Medium – More than a Computer Calls and voice commands Cameras, accelerometers and sensors for proximity and ambient light Touch screen Location by triangulation or GPS Mobile Phones and the Maslow's Hierarchy of Needs Who are the users? Global Mobile Market USA Engagement in mobile content and downloading applications Experience with 3G Latin America 12% of the population has mobile phones 6 times the PC penetration Brazil is the 5th mobile market in the world Asia Pacific Japan uses a higher-speed transmission protocol for content (W-CDMA) More emails than SMS, Flash support, QR codes, TV South Korea has a very successful mobile game market India has the lowest mobile Internet penetration rate in the region. It is famous for outsourcing of mobile development Europe, Middle East and Africa Less carriers than in other parts of the world UK and Spain are the largest mobile markets in Europe Africa is the fastest growing market Devices A wide variety of devices by the main vendors • E.g.,
    [Show full text]
  • Mobile Control System for Location Based Alarm Activation
    Mobile Control System for Location Based Alarm Activation Jan Magne Tjensvold June 16, 2008 Abstract This report describes the design and implementation of a system that can automatically control various services based on the location of one or more mobile devices. These services can also be controlled manually through a user interface on the mobile devices. A burglar alarm service that can au- tomatically be activated and deactivated is used as a case study for this system. The implementation is entirely Java based, using the Android op- erating system to run the mobile device software. Challenges related to accurately locating the mobile devices and communicating between the mo- bile devices and a home server is examined. A set of policies for activation and deactivation of the alarm system and other services is also defined. The report also looks at examples of other services like automated temperature, lighting control and adaptive fire sensors that can be integrated into the same system. Acknowledgments I wish to thank Hein Meling for his detailed and insightful comments on the report and his helpful ideas on the design and implementation of the soft- ware. Also many thanks to Thanh Danh Nguyen for his useful information regarding fire alarm systems. 2 Contents 1 Introduction 5 1.1 Related work . 8 1.2 Report organization . 8 2 Background 9 2.1 Mobile application platforms . 9 2.1.1 Android . 9 2.1.2 Java ME . 10 2.1.3 iPhone . 11 2.1.4 Windows Mobile . 12 2.1.5 Other platforms . 13 2.1.6 Summary .
    [Show full text]
  • Universidad Técnica De Ambato
    UNIVERSIDAD TÉCNICA DE AMBATO CENTRO DE ESTUDIOS DE POSGRADO MAESTRÍA EN DOCENCIA MATEMÁTICA “M-EVA LEARNING Y LA ENSEÑANZA DE LÓGICA MATEMÁTICA PROPOSICIONAL DIRIGIDA A ESTUDIANTES TEMA: DE SEGUNDO SEMESTRE DE LA CARRERA DE DISEÑO GRÁFICO DE LA FACULTAD DE DISEÑO ARQUITECTURA Y ARTES DE LA UNIVERSIDAD TÉCNICA DE AMBATO”. Trabajo de Investigación Previa a la obtención del Grado Académico de Magister en Docencia Matemática. Autora: Lcda. Tannia Gabriela Acosta Chávez Director: Ing. Mg. Javier Salazar Mera Ambato – Ecuador 2013 ii Al Consejo de Posgrado de la UTA El tribunal receptor de la defensa del trabajo de investigación con el tema: ―M- EVA LEARNING Y LA ENSEÑANZA DE LÓGICA MATEMÁTICA PROPOSICIONAL DIRIGIDA A ESTUDIANTES DE SEGUNDO SEMESTRE DE LA CARRERA DE DISEÑO GRÁFICO DE LA FACULTAD DE DISEÑO ARQUITECTURA Y ARTES DE LA UNIVERSIDAD TÉCNICA DE AMBATO‖, presentado por: Lcda. Tannia Gabriela Acosta Chávez y conformado por: Ing. Mg. Fausto Garcés Naranjo, Ing. Carlos Meléndez Tamayo, Dr. Ing. Mg. Freddy Robalino Peña, Miembros del Tribunal, Ing. Mg. Javier Salazar Mera, Director del trabajo de investigación y presidido por Ing. Mg. Juan Garcés Chávez Presidente del Tribunal y Director del CEPOS – UTA, una vez escuchada la defensa oral el Tribunal aprueba y remite el trabajo de investigación para uso y custodia en las bibliotecas de la UTA. ________________________ ___________________________ Ing. Mg. Juan Garcés Chávez Ing. Mg. Juan Garcés Chávez Presidente del Tribunal de Defensa DIRECTOR CEPOS _________________________ Ing. Mg. Javier Salazar Mera Director del Trabajo de Investigación _________________________ Ing. Mg. Fausto Garcés Naranjo Miembro del Tribunal _________________________ Ing. Carlos Meléndez Tamayo, Dr.
    [Show full text]
  • Operating Systems for Mobile Computing*
    OPERATING SYSTEMS FOR MOBILE COMPUTING* Sharon P. Hall, Eric Anderson University of Houston – Clear Lake 2700 Bay Area Blvd. Houston, TX 77058 281-283-3868 [email protected], [email protected] ABSTRACT The need for specialized operating systems to host mobile computers and provide application development opportunities has risen due to the proliferation of cell phone users. Because phones have become such pervasive and affordable mobile computers, developers and users need a development environment that allows more of its users to create unique and specialized applications that are affordable. This paper provides a comparison of Android, the Symbian Operating System and Apple's Mac Operating System that identifies the role of an operating system in forwarding a successful mobile technology. It also demonstrates the need for operating systems that are open- sourced and that provide an easier way to develop applications. 1. HISTORY OF MOBILE COMPUTING In the early days of mobile computing, the mid 1990s, a few companies attempted to build and market personal data assistants (PDAs). Even though PDAs are not considered mobile computers, they were in fact, the predecessors to today’s smartphones. This is evident by the fact that PDA and phone manufactures have merged into a single market. The early models, like the Palm 1000, and Palm 5000 had very limited functionality. They typically had less than one megabyte of memory, a green screen and very simple applications like a contact database, calendar, note pad, tracking expenses, etc. All had the ability to link to a computer via a serial port [12]. With this link, contacts and calendars could be synchronized.
    [Show full text]
  • Open Source Software-A Study on Choice of Linux by Smb’S
    FREE AND OPEN SOURCE SOFTWARE CONFERENCE (FOSSC-13) MUSCAT, FEBRUARY 18-19, 2013 OPEN SOURCE SOFTWARE-A STUDY ON CHOICE OF LINUX BY SMB’S Venkateswaran Radhakrishnan1, Salim Ali Salim Al Amri2 Abstract— In Spite of increasing interest and open source time that you use Google, Yahoo, YouTube or Facebook — software growth, this article discusses about Linux-the open or most Web sites for that matter — you are communicating source software in Business. This study reveals the factors that with computers running FOSS. Wikipedia is an example of a influences on the selection of LINUX. This study is a qualitative Web site that is not only hosted on FOSS, but is actively research, which turns back the pages of past studies about developed in the same open and collaborative spirit as LINUX and the factors that lead to select LINUX as Operating System. The results revealed that most of the SMB’s prefer FOSS. The world of film making is no stranger to FOSS. LINUX-OSS for Open Source, Freeware, low implementation FOSS has played a vital role in the productions of cost, Security, Firewalls (less vulnerable to computer malware), blockbuster films like Titanic, The Lord of the Rings trillogy Interoperability, Reliability, Support, Management and Finding Nemo. The short films, Elephants Dream and Application, File Sharing, Databases, E-mails, DNS/File Big Buck Bunny, were built entirely by community members Servers. using FOSS methods and software — the same software that that you can download for free and run on your home Index Terms— Freeware, LINUX, Open Source, Small and computer.
    [Show full text]
  • Hacking Exposed: Embedded Securing the Unsecurable
    Hacking Exposed: Embedded Securing the Unsecurable Stuart McClure CEO, Cylance Inc. Billy Rios Justin W. Clarke Terry McCorkle Chris Abad Session ID: EXP-W21 Session Classification: Advanced Disclaimer Warning: ► Loud noises during demo ► Do not sit close to the demo if you are sensitive to loud noises World of Embedded Estimated 10Billion WorldWide Designed without Security Endless Connectivity options Few protective solutions Embedded and RealTime Operating Systems Access Linux Platform Inferno (Bell Labs) RouterOS by Mikrotik AirOS by Ubiquiti Networks iOS (a subset of Mac OS X) RTOS by Force10 Networks AlliedWare by Allied Telesis IOS-XR by Cisco Systems RuggedCom OS by RuggedCom Android IronWare by Foundry Networks ScreenOS by Juniper Networks bada JunOS by Juniper Networks Symbian OS platform BlackBerry OS leJOS ThreadX Boot to Gecko LiMo Platform Timos by Alcatel-Lucent brickOS MeeGo (Maemo & Moblin) TinyOS CatOS by Cisco Systems MINIX uClinux Cisco IOS by Cisco Systems Mobilinux Unison Operating System by Contiki MotoMagx RoweBots DD-WRT by NewMedia-NET NCOS VxWorks by Wind River Systems DSPnano RTOS Openmoko Linux webOS eCos OPhone Windows CE Embedded Linux Palm OS Windows Embedded Embedded Linux by Wind River PEN/GEOS, GEOS-SC, GEOS-SE Windows Embedded Enterprise FreeBSD polyBSD (embedded NetBSD) Windows Embedded POSReady freeRTOS, openRTOS and safeRTOS Qt Extended Windows Embedded Standard FTOS by Force10 Networks REX OS (microkernel OS) Windows Mobile Green Hills Software ROM-DOS Wombat OS (microkernel OS) µTasker ThreadX
    [Show full text]
  • Exploitation and Threat Analysis of Open Mobile Devices
    Exploitation and Threat Analysis of Open Mobile Devices Lei Liu Xinwen Zhang Dept. of Computer Science Computer Science Lab George Mason University Samsung Information Systems America [email protected] [email protected] Guanhua Yan Songqing Chen Information Sciences Dept. of Computer Science Los Alamos National Lab George Mason University [email protected] [email protected] ABSTRACT development and distribution models for these open plat- The increasingly open environment of mobile computing sys- forms accelerate these trends, such as Apple AppStore [12] tems such as PDAs and smartphones brings rich applica- for iPhones. Mobile users nowadays can easily ¯nd and tions and services to mobile users. Accompanied with this download applications developed by untrusted developers trend is the growing malicious activities against these mobile from these stores and install them on their devices. systems, such as information leakage, service stealing, and The increasing usage of mobile devices in practice has at- power exhaustion. Besides the threats posed against indi- tracted not only more regular users, but also more attackers. vidual mobile users, these unveiled mobile devices also open According to F-Secure [39], currently there are more than the door for more serious damage such as disabling criti- 370 mobile malware in circulation, most of which are in- cal public cyber physical systems that are connected to the fected via user installed applications. McAfee's 2008 mobile mobile/wireless infrastructure. The impact of such attacks, security report [19] indicates that nearly 14% of global mo- however, has not been fully recognized. bile users have been directly infected or have known some- In this work, we show that mobile devices, even with the one who was infected by a mobile virus and the number of state-of-the-art security mechanisms, are still vulnerable to infected mobile devices increases remarkably according to a set of carefully crafted attacks.
    [Show full text]
  • SEIP: Simple and Efficient Integrity Protection for Open Mobile Platforms
    SEIP: Simple and Efficient Integrity Protection for Open Mobile Platforms Xinwen Zhang1, Jean-Pierre Seifert2, and Onur Acıic¸mez1 1 Samsung Information Systems America, San Jose, CA, USA fxinwen.z, [email protected] 2 Deutsche Telekom Laboratories and Technical University of Berlin [email protected] Abstract. SEIP is a simple and efficient but yet effective solution for the integrity protection of real-world cellular phone platforms, which is motivated by the dis- advantages of applying traditional integrity models on these performance and user experience constrained devices. The major security objective of SEIP is to protect trusted services and resources (e.g., those belonging to cellular service providers and device manufacturers) from third party code. We propose a set of simple in- tegrity protection rules based upon open mobile operating system environments and respective application behaviors. Our design leverages the unique features of mobile devices, such as service convergence and limited permissions of user in- stalled applications, and easily identifies the borderline between trusted and un- trusted domains on mobile platform. Our approach thus significantly simplifies policy specifications while still achieves a high assurance of platform integrity. SEIP is deployed within a commercially available Linux-based smartphone and demonstrates that it can effectively prevent certain malware. The security policy of our implementation is less than 20kB, and a performance study shows that it is lightweight. 1 Introduction With the increasing computing capability and network connectivity of mobile devices such as cellular phones and smartphones, more applications and services are deployed on these platforms. Thus, their computing environments become more general-purpose and open than ever before.
    [Show full text]