The Experts below are selected from a list of 16893 Experts worldwide ranked by ideXlab platform
Dawu Gu - One of the best experts on this subject based on the ideXlab platform.
-
SecureComm - Security Analysis of Vendor Customized Code in Firmware of Embedded Device
Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, 2017Co-Authors: Yuanyuan Zhang, Juanru Li, Dawu GuAbstract:Despite the increased concerning about Embedded system security, the security assessment of commodity Embedded Devices is far from being adequate. The lack of assessment is mainly due to the tedious, time-consuming, and the very ad hoc reverse engineering procedure of the Embedded Device firmware. To simplify this procedure, we argue that only a particular part of the entire Embedded Device’s firmware, as we called vendor customized code, should be thoroughly analyzed. Vendor customized code is usually developed to deal with external inputs and is especially sensitive to attacks compared to other parts of the system. Moreover, vendor customized code is often highly specific and proprietary, which lacks security implementation guidelines. Therefore, the security demands of analyzing this kind of code is urgent.
-
Security analysis of vendor customized code in firmware of Embedded Device
Lecture Notes of the Institute for Computer Sciences Social-Informatics and Telecommunications Engineering LNICST, 2017Co-Authors: Muqing Liu, Junliang Shu, Juanru Li, Yuanyuan Zhang, Dawu GuAbstract:Despite the increased concerning about Embedded system security, the security assessment of commodity Embedded Devices is far from being adequate. The lack of assessment is mainly due to the tedious, time-consuming, and the very ad hoc reverse engineering procedure of the Embedded Device firmware. To simplify this procedure, we argue that only a particular part of the entire Embedded Device's firmware, as we called vendor customized code, should be thoroughly analyzed. Vendor customized code is usually developed to deal with external inputs and is especially sensitive to attacks compared to other parts of the system. Moreover, vendor customized code is often highly specific and proprietary , which lacks security implementation guidelines. Therefore, the security demands of analyzing this kind of code is urgent. In this paper, we present empirical security analysis of vendor customized code on commodity Embedded Devices. We first survey the feasibility and limitations of state-of-the-art analysis tools. We focus on investigating typical program analysis tools used for classical security assessment and check their usability on conducting practical Embedded Devices' firmware reverse engineering. Then, we propose a methodology of vendor cus-tomized code analysis corresponding to both the feature of Embedded Devices and the usability of current analysis tools. It first locates the vendor customized code part of the firmware through black-box testing and firmware unpacking, and focuses on assessing typical aspects of common weakness of Embedded Devices in the particularly featured code part. Based on our analysis methodology, we assess five popular Embedded Devices and find critical vulnerabilities. Our results show that: a) the workload of assessing Embedded Devices could be significantly reduced according to our analysis methodology and only a small portion of programs on the Device are needed to be assessed; b) the vendor customized code is often more error-prone and thus vulnerable to attacks; c) using existing tools to conduct automated analysis for many Embedded Devices is still infeasible, and manual intervention is essential to fulfil an effective assessment.
Hsueh-ming Hang - One of the best experts on this subject based on the ideXlab platform.
-
IIH-MSP - A Switchable DRM Structure for Embedded Device
Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007), 2007Co-Authors: Feng-cheng Chang, Chiao-lin Wu, Hsueh-ming HangAbstract:Digital Rights Management (DRM) is a concept for controlling the distribution and consumption of digital media. As Embedded multimedia Devices are becoming popular, there are strong demands for the light-weight DRM systems that can run smoothly in a resource-limited environment. Due to the variety of Embedded Devices, an ideal DRM system should be platform independent and interoperable. These requirements, however, often increase the software complexity, which is undesirable to an Embedded Device. In this paper, a switchable DRM system is thus proposed. It integrates the concept of downloadable tools and the OMA architecture to provide a balance between flexibility and complexity. We also implement the scheme on an Embedded evaluation board to demonstrate its feasibility.
-
A Switchable DRM Structure for Embedded Device
Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007), 2007Co-Authors: Feng-cheng Chang, Chiao-lin Wu, Hsueh-ming HangAbstract:Digital Rights Management (DRM) is a concept for controlling the distribution and consumption of digital media. As Embedded multimedia Devices are becoming popular, there are strong demands for the light-weight DRM systems that can run smoothly in a resource-limited environment. Due to the variety of Embedded Devices, an ideal DRM system should be platform independent and interoperable. These requirements, however, often increase the software complexity, which is undesirable to an Embedded Device. In this paper, a switchable DRM system is thus proposed. It integrates the concept of downloadable tools and the OMA architecture to provide a balance between flexibility and complexity. We also implement the scheme on an Embedded evaluation board to demonstrate its feasibility.
Anselm Haselhoff - One of the best experts on this subject based on the ideXlab platform.
-
Random Forest on an Embedded Device for Real-time Machine State Classification
2019 27th European Signal Processing Conference (EUSIPCO), 2019Co-Authors: Fabian Küppers, Jonas Albers, Anselm HaselhoffAbstract:Heavy machine tools are used in numerous industrial manufacturing processes. Avoiding unplanned maintenance time is crucial and can be achieved by continuous condition monitoring. A more targeted condition monitoring is possible if the operating state of a machine tool is known (e.g. standstill, neutral or cut). However, many manufacturers of control units do not release any information about the machine's operating state. For this reason, we investigated a system-independent approach to determine the operating state in real-time in less than 1 ms. This low runtime is necessary for machine state classification. Since most machine tools vary in individual components, the proposed state detection uses learning algorithms based on the machine's vibration characteristics. In this work we propose the Random Forest algorithm because of its reliable classification performance while keeping explainability of each prediction. Facing the real-time requirements, the Random Forest model has been adapted to an Embedded Device with very limited resources. Thus, the model prediction has to work with low resource consumption in a very low runtime and without loss in accuracy. We show that this approach is suitable for determining machine operating states in real-time in less than 700 μs with an average accuracy of 96 %.
Hiroshi Esaki - One of the best experts on this subject based on the ideXlab platform.
-
Architecture of scalable Embedded Device management system with configurable plug-in translator
SAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W, 2007Co-Authors: Hideya Ochiai, Hiroshi EsakiAbstract:Ubiquitous computer network shall include wide variety of Devices. This means that the ubiquitous network certainly increases the heterogeneity of nodes connected to the Internet, while increasing the number of nodes. This paper proposes a system architecture to solve this architectural challenge by the introduction of two sub-systems: "Configurable Plug-In Translator System" and "Dynamic Management Script Resolver System". The translator system provides generalized interfaces to applications, by absorbing the heterogeneous low-level interfaces with script execution engine. Here, the behavior of every remote node is described by the script language. The resolver system achieves a global scale script repository, using DNS, inheriting the advantages of DNS, i.e., scalability, robustness and authority management capability. The integration of these two sub-systems autonomously provides application software with generalized interfaces to access any remote Device node on the global Internet. © 2007 IEEE.
-
Architecture of Scalable Embedded Device Management System with Configurable Plug-In Translator
2007 International Symposium on Applications and the Internet Workshops, 2007Co-Authors: Hideya Ochiai, Hiroshi EsakiAbstract:Ubiquitous computer network shall include wide variety of Devices. This means that the ubiquitous network certainly increases the heterogeneity of nodes connected to the Internet, while increasing the number of nodes. This paper proposes a system architecture to solve this architectural challenge by the introduction of two sub-systems: "configurable plug-in translator system77 and "dynamic management script resolver system77. The translator system provides generalized interfaces to applications, by absorbing the heterogeneous low-level interfaces with script execution engine. The behavior of every remote node is described by the script language. The resolver system achieves a global scale script repository, using DNS, inheriting the advantages of DNS, i.e., scalability, robustness and authority management capability. The integration of these two sub-systems autonomously provides application software with generalized interfaces to access any remote Device node on the global Internet
Yuanyuan Zhang - One of the best experts on this subject based on the ideXlab platform.
-
SecureComm - Security Analysis of Vendor Customized Code in Firmware of Embedded Device
Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, 2017Co-Authors: Yuanyuan Zhang, Juanru Li, Dawu GuAbstract:Despite the increased concerning about Embedded system security, the security assessment of commodity Embedded Devices is far from being adequate. The lack of assessment is mainly due to the tedious, time-consuming, and the very ad hoc reverse engineering procedure of the Embedded Device firmware. To simplify this procedure, we argue that only a particular part of the entire Embedded Device’s firmware, as we called vendor customized code, should be thoroughly analyzed. Vendor customized code is usually developed to deal with external inputs and is especially sensitive to attacks compared to other parts of the system. Moreover, vendor customized code is often highly specific and proprietary, which lacks security implementation guidelines. Therefore, the security demands of analyzing this kind of code is urgent.
-
Security analysis of vendor customized code in firmware of Embedded Device
Lecture Notes of the Institute for Computer Sciences Social-Informatics and Telecommunications Engineering LNICST, 2017Co-Authors: Muqing Liu, Junliang Shu, Juanru Li, Yuanyuan Zhang, Dawu GuAbstract:Despite the increased concerning about Embedded system security, the security assessment of commodity Embedded Devices is far from being adequate. The lack of assessment is mainly due to the tedious, time-consuming, and the very ad hoc reverse engineering procedure of the Embedded Device firmware. To simplify this procedure, we argue that only a particular part of the entire Embedded Device's firmware, as we called vendor customized code, should be thoroughly analyzed. Vendor customized code is usually developed to deal with external inputs and is especially sensitive to attacks compared to other parts of the system. Moreover, vendor customized code is often highly specific and proprietary , which lacks security implementation guidelines. Therefore, the security demands of analyzing this kind of code is urgent. In this paper, we present empirical security analysis of vendor customized code on commodity Embedded Devices. We first survey the feasibility and limitations of state-of-the-art analysis tools. We focus on investigating typical program analysis tools used for classical security assessment and check their usability on conducting practical Embedded Devices' firmware reverse engineering. Then, we propose a methodology of vendor cus-tomized code analysis corresponding to both the feature of Embedded Devices and the usability of current analysis tools. It first locates the vendor customized code part of the firmware through black-box testing and firmware unpacking, and focuses on assessing typical aspects of common weakness of Embedded Devices in the particularly featured code part. Based on our analysis methodology, we assess five popular Embedded Devices and find critical vulnerabilities. Our results show that: a) the workload of assessing Embedded Devices could be significantly reduced according to our analysis methodology and only a small portion of programs on the Device are needed to be assessed; b) the vendor customized code is often more error-prone and thus vulnerable to attacks; c) using existing tools to conduct automated analysis for many Embedded Devices is still infeasible, and manual intervention is essential to fulfil an effective assessment.
