Embedded Software Solutions ST, 3Rd Parties and Open Source a Full Portfolio and Several Models
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Fill Your Boots: Enhanced Embedded Bootloader Exploits Via Fault Injection and Binary Analysis
IACR Transactions on Cryptographic Hardware and Embedded Systems ISSN 2569-2925, Vol. 2021, No. 1, pp. 56–81. DOI:10.46586/tches.v2021.i1.56-81 Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis Jan Van den Herrewegen1, David Oswald1, Flavio D. Garcia1 and Qais Temeiza2 1 School of Computer Science, University of Birmingham, UK, {jxv572,d.f.oswald,f.garcia}@cs.bham.ac.uk 2 Independent Researcher, [email protected] Abstract. The bootloader of an embedded microcontroller is responsible for guarding the device’s internal (flash) memory, enforcing read/write protection mechanisms. Fault injection techniques such as voltage or clock glitching have been proven successful in bypassing such protection for specific microcontrollers, but this often requires expensive equipment and/or exhaustive search of the fault parameters. When multiple glitches are required (e.g., when countermeasures are in place) this search becomes of exponential complexity and thus infeasible. Another challenge which makes embedded bootloaders notoriously hard to analyse is their lack of debugging capabilities. This paper proposes a grey-box approach that leverages binary analysis and advanced software exploitation techniques combined with voltage glitching to develop a powerful attack methodology against embedded bootloaders. We showcase our techniques with three real-world microcontrollers as case studies: 1) we combine static and on-chip dynamic analysis to enable a Return-Oriented Programming exploit on the bootloader of the NXP LPC microcontrollers; 2) we leverage on-chip dynamic analysis on the bootloader of the popular STM8 microcontrollers to constrain the glitch parameter search, achieving the first fully-documented multi-glitch attack on a real-world target; 3) we apply symbolic execution to precisely aim voltage glitches at target instructions based on the execution path in the bootloader of the Renesas 78K0 automotive microcontroller. -
Cisco Telepresence TC Software Licensing Information (TC4.1)
Cisco TelePresence TC Software License information guide TC Software FEBRUARY 2011 Legal information and third party copyright and licenses For Cisco TelePresence products using TC software D14767.02 License Information for products using TC Software, TC4 February 2011. 1 © 2010-2011 Cisco Systems, Inc. All rights reserved. www.cisco.com Cisco TelePresence TC Software License information guide ipcalc-1.3, ipcalc-license ...................................................................................... 16 TA - ToC - Hidden Table of Contents iproute-2.6.26, GPLv2 .......................................................................................16 What’stext anchor in iptables-1.4.28, GPLv2......................................................................................16 About this guide ..............................................................................................................4 iputils-s20071127, iputils-bsd-license .................................................... 16 The products covered by this guide: .....................................................4 jpeg lib, jpeg-license ................................................................................................ 17 this guide? User documentation .............................................................................................4 Kmod-*, GPLv2 ........................................................................................................19 Software download ................................................................................................4 -
Enel Green Power, Sharp and Stmicroelectronics Sign Agreement for the Largest Photovoltaic-Panel Manufacturing Plant in Italy
Enel Green Power, Sharp and STMicroelectronics Sign Agreement for the Largest Photovoltaic-Panel Manufacturing Plant in Italy January 4, 2010 3:04 AM ET Enel Green Power, Sharp and STMicroelectronics join forces to produce innovative thin-film photovoltaic panels. The plant, located in Catania, Italy, is expected to have initial production capacity of 160 MW per year and is targeted to grow to 480 MW over the next years. In addition, Enel Green Power and Sharp will jointly develop solar farms focusing on the Mediterranean area, with a total installed capacity at a level of 500 MW, by the end of 2016. Geneva, January 4, 2010 – Today, Enel Green Power, Sharp and STMicroelectronics signed an agreement for the manufacture of triple-junction thin-film photovoltaic panels in Italy. At the same time, Enel Green Power and Sharp signed a further agreement to jointly develop solar farms. Today's agreement regarding the photovoltaic panel factory follows the Memorandum of Understanding signed in May 2008 by Enel Green Power and Sharp. STMicroelectronics has joined this strategic partnership. This agreement marks the first time that three global technology and industrial powerhouses have joined together in an equal partnership to contribute their unique value-add to the solar industry. It brings together Enel Green Power, with its international market development and project management know-how; Sharp, and its exclusive triple-junction thin-film technology, which will be operational in the mother plant in Sakai, Japan as of spring 2010; and STMicroelectronics, with its manufacturing capacity, skills and resources in highly advanced, hi-tech sectors such as microelectronics. -
STM32-P103 User's Manual
STM-P103 development board User's manual Document revision C, August 2016 Copyright(c) 2014, OLIMEX Ltd, All rights reserved INTRODUCTION STM32-P103 board is development board which allows you to explore thee features of the ARM Cortex M3 STM32F103RBT6 microcontroller produced by ST Microelectronics Inc. The board has SD/MMC card connector and allows USB Mass storage device demo to be evaluated. The RS232 driver and connector allows USB to Virtual COM port demo to be evaluated. The CAN port and driver allows CAN applications to be developed. The UEXT connector allows access to all other UEXT modules produced by OLIMEX (like MOD-MP3, MOD-NRF24LR, MOD-NOKIA6610, etc) to be connected easily. In the prototype area the customer can solder his own custom circuits and interface them to USB, CAN, RS232 etc. STM32-P103 is almost identical in hardware design to STM32-P405. The major difference is the microcontroller used (STM32F103 vs STM32F405). Another board with STM32F103 and a display is STM32-103STK. A smaller (and cheaper board) with STM32F103 is the STM32-H103. Both boards mentioned also have a version with the newer microcontroller STM32F405 used. The names are respectively STM32-405STK and STM32-H405. BOARD FEATURES STM32-P103 board features: - CPU: STM32F103RBT6 ARM 32 bit CORTEX M3™ - JTAG connector with ARM 2×10 pin layout for programming/debugging with ARM-JTAG, ARM-USB- OCD, ARM-USB-TINY - USB connector - CAN driver and connector - RS232 driver and connector - UEXT connector which allow different modules to be connected (as MOD-MP3, -
AMNESIA 33: How TCP/IP Stacks Breed Critical Vulnerabilities in Iot
AMNESIA:33 | RESEARCH REPORT How TCP/IP Stacks Breed Critical Vulnerabilities in IoT, OT and IT Devices Published by Forescout Research Labs Written by Daniel dos Santos, Stanislav Dashevskyi, Jos Wetzels and Amine Amri RESEARCH REPORT | AMNESIA:33 Contents 1. Executive summary 4 2. About Project Memoria 5 3. AMNESIA:33 – a security analysis of open source TCP/IP stacks 7 3.1. Why focus on open source TCP/IP stacks? 7 3.2. Which open source stacks, exactly? 7 3.3. 33 new findings 9 4. A comparison with similar studies 14 4.1. Which components are typically flawed? 16 4.2. What are the most common vulnerability types? 17 4.3. Common anti-patterns 22 4.4. What about exploitability? 29 4.5. What is the actual danger? 32 5. Estimating the reach of AMNESIA:33 34 5.1. Where you can see AMNESIA:33 – the modern supply chain 34 5.2. The challenge – identifying and patching affected devices 36 5.3. Facing the challenge – estimating numbers 37 5.3.1. How many vendors 39 5.3.2. What device types 39 5.3.3. How many device units 40 6. An attack scenario 41 6.1. Other possible attack scenarios 44 7. Effective IoT risk mitigation 45 8. Conclusion 46 FORESCOUT RESEARCH LABS RESEARCH REPORT | AMNESIA:33 A note on vulnerability disclosure We would like to thank the CERT Coordination Center, the ICS-CERT, the German Federal Office for Information Security (BSI) and the JPCERT Coordination Center for their help in coordinating the disclosure of the AMNESIA:33 vulnerabilities. -
Intesa Sanpaolo Group Conflicts of Interest
Conflicts of interest 24/07/2020 Intesa Sanpaolo Group conflicts of interest Please read carefully the important disclosures at the end of this publication COMPANIES CONFLICTS OF INTEREST 2I RETE GAS SPA We provide the following information on Intesa Sanpaolo Group's conflicts of interest: - One or more of the companies of the Intesa Sanpaolo Banking Group have an equity stake of 5% or more in 2I RETE GAS SPA or in the Company that has a controlling interest in 2I RETE GAS SPA or are a major shareholder of 2I RETE GAS SPA - One or more of the companies of the Intesa Sanpaolo Banking Group have elected one or more members of the Board of Directors or the Board of Statutory Auditors or another controlling body of 2I RETE GAS SPA or of the parent company 2I RETE GAS SPA or the majority shareholder of 2I RETE GAS SPA - One or more of the companies of the Intesa Sanpaolo Banking Group have granted significant financing to 2I RETE GAS SPA and its parent and group companies A2A SPA We provide the following information on Intesa Sanpaolo Group's conflicts of interest: - One or more of the companies of the Intesa Sanpaolo Banking Group have granted significant financing to A2A SPA and its parent and group companies ABITARE IN SPA We provide the following information on Intesa Sanpaolo Group's conflicts of interest: - One or more of the companies of the Intesa Sanpaolo Banking Group are one of the main financial lenders to ABITARE IN SPA and its parent and group companies - Intesa Sanpaolo acts as Corporate Broker relative to securities issued -
RT-ROS: a Real-Time ROS Architecture on Multi-Core Processors
Future Generation Computer Systems 56 (2016) 171–178 Contents lists available at ScienceDirect Future Generation Computer Systems journal homepage: www.elsevier.com/locate/fgcs RT-ROS: A real-time ROS architecture on multi-core processors Hongxing Wei a,1, Zhenzhou Shao b, Zhen Huang a, Renhai Chen d, Yong Guan b, Jindong Tan c,1, Zili Shao d,∗,1 a School of Mechanical Engineering and Automation, Beihang University, Beijing, 100191, PR China b College of Information Engineering, Capital Normal University, Beijing, 100048, PR China c Department of Mechanical, Aerospace, and Biomedical Engineering, The University of Tennessee, Knoxville, TN, 37996-2110, USA d Department of Computing, The Hong Kong Polytechnic University, Hong Kong, China article info a b s t r a c t Article history: ROS, an open-source robot operating system, is widely used and rapidly developed in the robotics Received 6 February 2015 community. However, running on Linux, ROS does not provide real-time guarantees, while real-time tasks Received in revised form are required in many robot applications such as robot motion control. This paper for the first time presents 20 April 2015 a real-time ROS architecture called RT-RTOS on multi-core processors. RT-ROS provides an integrated Accepted 12 May 2015 real-time/non-real-time task execution environment so real-time and non-real-time ROS nodes can be Available online 9 June 2015 separately run on a real-time OS and Linux, respectively, with different processor cores. In such a way, real-time tasks can be supported by real-time ROS nodes on a real-time OS, while non-real-time ROS nodes Keywords: Real-time operating systems on Linux can provide other functions of ROS. -
1921 Tulsa Race Riot Reconnaissance Survey
1921 Tulsa Race Riot Reconnaissance Survey Final November 2005 National Park Service U.S. Department of the Interior CONTENTS INTRODUCTION 1 Summary Statement 1 Bac.ground and Purpose 1 HISTORIC CONTEXT 5 National Persp4l<live 5 1'k"Y v. f~u,on' World War I: 1896-1917 5 World W~r I and Postw~r ( r.: 1!1t7' EarIV 1920,; 8 Tulsa RaCR Riot 14 IIa<kground 14 TI\oe R~~ Riot 18 AIt. rmath 29 Socilot Political, lind Economic Impa<tsJRamlt;catlon, 32 INVENTORY 39 Survey Arf!a 39 Historic Greenwood Area 39 Anla Oubi" of HiOlorK G_nwood 40 The Tulsa Race Riot Maps 43 Slirvey Area Historic Resources 43 HI STORIC GREENWOOD AREA RESOURCeS 7J EVALUATION Of NATIONAL SIGNIFICANCE 91 Criteria for National Significance 91 Nalional Signifiunce EV;1lu;1tio.n 92 NMiol\ill Sionlflcao<e An.aIYS;s 92 Inl~ri ly E~alualion AnalY'is 95 {"",Iu,ion 98 Potenl l~1 M~na~menl Strategies for Resource Prote<tion 99 PREPARERS AND CONSULTANTS 103 BIBUOGRAPHY 105 APPENDIX A, Inventory of Elltant Cultural Resoun:es Associated with 1921 Tulsa Race Riot That Are Located Outside of Historic Greenwood Area 109 Maps 49 The African American S«tion. 1921 51 TI\oe Seed. of c..taotrophe 53 T.... Riot Erupt! SS ~I,.,t Blood 57 NiOhl Fiohlino 59 rM Inva.ion 01 iliad. TIll ... 61 TM fighl for Standp''''' Hill 63 W.II of fire 65 Arri~.. , of the Statl! Troop< 6 7 Fil'lal FiOlrtino ~nd M~,,;~I I.IIw 69 jii INTRODUCTION Summary Statement n~sed in its history. -
Performance Study of Real-Time Operating Systems for Internet Of
IET Software Research Article ISSN 1751-8806 Performance study of real-time operating Received on 11th April 2017 Revised 13th December 2017 systems for internet of things devices Accepted on 13th January 2018 E-First on 16th February 2018 doi: 10.1049/iet-sen.2017.0048 www.ietdl.org Rafael Raymundo Belleza1 , Edison Pignaton de Freitas1 1Institute of Informatics, Federal University of Rio Grande do Sul, Av. Bento Gonçalves, 9500, CP 15064, Porto Alegre CEP: 91501-970, Brazil E-mail: [email protected] Abstract: The development of constrained devices for the internet of things (IoT) presents lots of challenges to software developers who build applications on top of these devices. Many applications in this domain have severe non-functional requirements related to timing properties, which are important concerns that have to be handled. By using real-time operating systems (RTOSs), developers have greater productivity, as they provide native support for real-time properties handling. Some of the key points in the software development for IoT in these constrained devices, like task synchronisation and network communications, are already solved by this provided real-time support. However, different RTOSs offer different degrees of support to the different demanded real-time properties. Observing this aspect, this study presents a set of benchmark tests on the selected open source and proprietary RTOSs focused on the IoT. The benchmark results show that there is no clear winner, as each RTOS performs well at least on some criteria, but general conclusions can be drawn on the suitability of each of them according to their performance evaluation in the obtained results. -
NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0
NIST Special Publication 1108 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0 Office of the National Coordinator for Smart Grid Interoperability NIST Special Publication 1108 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0 Office of the National Coordinator for Smart Grid Interoperability January 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Director Table of Contents Executive Summary........................................................................................................................ 7 1 Purpose and Scope .................................................................................................................. 13 1.1 Overview and Background............................................................................................. 13 1.2 How This Report Was Produced.................................................................................... 16 1.3 Key Concepts ................................................................................................................. 18 1.3.1 Definitions............................................................................................................... 19 1.3.2 Applications and Requirements: Eight Priority Areas............................................ 20 1.4 Content Overview .......................................................................................................... 21 2 Smart Grid Vision.................................................................................................................. -
A Tutorial on Performance Evaluation and Validation Methodology for Low-Power and Lossy Networks
A Tutorial on Performance Evaluation and Validation Methodology for Low-Power and Lossy Networks Kosmas Kritsis, Georgios Papadopoulos, Antoine Gallais, Periklis Chatzimisios, Fabrice Theoleyre To cite this version: Kosmas Kritsis, Georgios Papadopoulos, Antoine Gallais, Periklis Chatzimisios, Fabrice Theoleyre. A Tutorial on Performance Evaluation and Validation Methodology for Low-Power and Lossy Networks. Communications Surveys and Tutorials, IEEE Communications Society, Institute of Electrical and Electronics Engineers, 2018, 20 (3), pp.1799 - 1825. 10.1109/COMST.2018.2820810. hal-01886690 HAL Id: hal-01886690 https://hal.archives-ouvertes.fr/hal-01886690 Submitted on 23 Apr 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. 1 A Tutorial on Performance Evaluation and Validation Methodology for Low-Power and Lossy Networks Kosmas Kritsis, Georgios Z. Papadopoulos, Member, IEEE, Antoine Gallais, Periklis Chatzimisios, Senior Member, IEEE, and Fabrice Theoleyre,´ Senior Member, IEEE, Abstract—Envisioned communication densities in Internet of may be used for counting the number of vehicles, such to Things (IoT) applications are increasing continuously. Because control optimally the street traffic lights and to reduce the these wireless devices are often battery powered, we need waiting time [3]. specific energy efficient (low-power) solutions. -
Attachment A
Board of Governors, State University System of Florida Request to Offer a New Degree Program (Please do not revise this proposal format without prior approval from Board staff) University of West Florida Fall 2018 University Submitting Proposal Proposed Implementation Term Hal Marcus College of Science and Engineering Computer Science Name of College(s) or School(s) Name of Department(s)/ Division(s) Bachelor of Science in Computer Computer Science Science Academic Specialty or Field Complete Name of Degree 11.0701 Proposed CIP Code The submission of this proposal constitutes a commitment by the university that, if the proposal is approved, the necessary financial resources and the criteria for establishing new programs have been met prior to the initiation of the program. Date Approved by the University Board of President Date Trustees Signature of Chair, Board of Date Provost and Senior Vice Date Trustees President Provide headcount (HC) and full-time equivalent (FTE) student estimates of majors for Years 1 through 5. HC and FTE estimates should be identical to those in Table 1 in Appendix A. Indicate the program costs for the first and the fifth years of implementation as shown in the appropriate columns in Table 2 in Appendix A. Calculate an Educational and General (E&G) cost per FTE for Years 1 and 5 (Total E&G divided by FTE). Projected Implementation Projected Program Costs Enrollment Timeframe (From Table 2) (From Table 1) E&G Contract E&G Auxiliary Total HC FTE Cost per & Grants Funds Funds Cost FTE Funds Year 1 150 96.87 3,241 313,960 0 0 313,960 Year 2 150 96.87 Year 3 160 103.33 Year 4 160 103.33 Year 5 170 109.79 3,426 376,087 0 0 376,087 1 Note: This outline and the questions pertaining to each section must be reproduced within the body of the proposal to ensure that all sections have been satisfactorily addressed.