scholarly journals PMCAP: A Threat Model of Process Memory Data on the Windows Operating System

2017 ◽  
Vol 2017 ◽  
pp. 1-15 ◽  
Author(s):  
Jiaye Pan ◽  
Yi Zhuang
Keyword(s):  
Operating System ◽  
Lower Cost ◽  
Data Extraction ◽  
Web Browsers ◽  
Malware Analysis ◽  
Dynamic Data ◽  
Valuable Data ◽  
Threat Model ◽  
Memory Forensics ◽  
Process Memory

Research on endpoint security involves both traditional PC platform and prevalent mobile platform, among which the analysis of software vulnerability and malware is one of the important contents. For researchers, it is necessary to carry out nonstop exploration of the insecure factors in order to better protect the endpoints. Driven by this motivation, we propose a new threat model named Process Memory Captor (PMCAP) on the Windows operating system which threatens the live process volatile memory data. Compared with other threats, PMCAP aims at dynamic data in the process memory and uses a noninvasive approach for data extraction. In this paper we describe and analyze the model and then give a detailed implementation taking four popular web browsers IE, Edge, Chrome, and Firefox as examples. Finally, the model is verified through real experiments and case studies. Compared with existing technologies, PMCAP can extract valuable data at a lower cost; some techniques in the model are also suitable for memory forensics and malware analysis.

Transformable Electronics Implantation in ROM for Anti-Reverse Engineering

2019 ◽  
Vol 28 (03n04) ◽  
pp. 1940021
Author(s):  
Shuai Chen ◽  
Lei Wang
Keyword(s):  
Integrated Circuits ◽  
Reverse Engineering ◽  
Lower Cost ◽  
Design Method ◽  
Data Extraction ◽  
Semiconductor Industry ◽  
Physical Structure ◽  
Security And Privacy ◽  
Systematic Design ◽  
Non Volatile Memory

The protection of intellectual property (IP) is increasingly critical for IP vendors in the semiconductor industry. Read Only Memories (ROMs) serve as important non-volatile memory in various hardware systems to store predefined data and programs, which is critical to IP protection. Its pre-determined layout pattern makes unauthorized data extraction through chip-level reverse engineering easy to carry out. Advanced reverse engineering techniques can physically disassemble the chip and derive the IPs precisely at a much lower cost than the value of IP design that chips carry. This invasive hardware attack obtaining information from IC chips always violates the IP rights of vendors. This paper proposes a new security mechanism implanted ROM design to address the vulnerability to reverse energy attacks. Irreversible via in ROM layout transform triggered by reverse engineering completely changes the electrical properties and the physical structure of ROMs that determine the stored data. Newly-created patten will significantly increase the difficulty of reverse engineering, even lead the attackers to another working function mode. Furthermore, to improve the effectiveness of the proposed technique, a systematic design method is developed targeting integrated circuits with multiple design constraints. Two widely used ROM scheme cases have been studied to test the design method and its effectiveness. Simulations have been conducted to demonstrate the capability of the proposed technique, which generates extremely large complexity for reverse engineering with manageable overhead. CCS Concepts: Security and privacy → Hardware reverse engineering; Hardware → Hard and soft IP

scholarly journals Valuable data extraction for resistivity imaging logging interpretation

2020 ◽  
Vol 25 (2) ◽  
pp. 281-293
Author(s):  
Yili Ren ◽  
Renbin Gong ◽  
Zhou Feng ◽  
Meichao Li
Keyword(s):  
Data Extraction ◽  
Valuable Data ◽  
Resistivity Imaging

scholarly journals Memory Layout Extraction and Verification Method for Reliable Physical Memory Acquisition

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1380
Author(s):  
Seungwon Jung ◽  
Seunghee Seo ◽  
Yeog Kim ◽  
Changhoon Lee
Keyword(s):  
Malware Analysis ◽  
Acquisition Process ◽  
Verification Method ◽  
Memory Forensics ◽  
Memory Acquisition ◽  
Modification Attack ◽  
The One ◽  
Memory Layout ◽  
Return Value ◽  
Acquisition Method

Physical memory acquisition is a prerequisite when performing memory forensics, referring to a set of techniques for acquiring and analyzing traces associated with user activity information, malware analysis, cyber incident response, and similar areas when the traces remain in the physical RAM. However, certain types of malware have applied anti-memory forensics techniques to evade memory analysis strategies or to make the acquisition process impossible. To disturb the acquisition process of physical memory, an attacker hooks the kernel API, which returns a map of the physical memory spaces, and modifies the return value of the API, specifically that typically used by memory acquisition tools. Moreover, an attacker modifies the kernel object referenced by the kernel API. This causes the system to crash during the memory acquisition process or causes the memory acquisition tools to incorrectly proceed with the acquisition. Even with a modification of one byte, called a one-byte modification attack, some tools fail to acquire memory. Therefore, specialized countermeasure techniques are needed for these anti-memory forensics techniques. In this paper, we propose a memory layout acquisition method which is robust to kernel API hooking and the one-byte modification attack on NumberOfRuns, the kernel object used to construct the memory layout in Windows. The proposed acquisition method directly accesses the memory, extracts the byte array, and parses it in the form of a memory layout. When we access the memory, we extract the _PHYSICAL_MEMORY_DESCRIPTOR structure, which is the basis of the memory layout without using the existing memory layout acquisition API. Furthermore, we propose a verification method that selects a reliable memory layout. We realize the verification method by comparing NumberOfRuns and the memory layout acquired via the kernel API, the registry, and the proposed method. The proposed verification method guarantees the reliability of the memory layout and helps secure memory image acquisition through a comparative verification with existing memory layout acquisition methods. We also conduct experiments to prove that the proposed method is resistant to anti-memory forensics techniques, confirming that there are no significant differences in time compared to the existing tools.

scholarly journals Efficient and Transparent Method for Large-Scale TLS Traffic Analysis of Browsers and Analogous Programs

2019 ◽  
Vol 2019 ◽  
pp. 1-22
Author(s):  
Jiaye Pan ◽  
Yi Zhuang ◽  
Binglin Sun
Keyword(s):  
Data Transmission ◽  
Large Scale ◽  
Traffic Analysis ◽  
Target System ◽  
Web Browsers ◽  
Scale Analysis ◽  
Valuable Data ◽  
Large Scale Analysis ◽  
Security Software ◽  
Target Data

Many famous attacks take web browsers as transmission channels to make the target computer infected by malwares, such as watering hole and domain name hijacking. In order to protect the data transmission, the SSL/TLS protocol has been widely used to defeat various hijacking attacks. However, the existence of such encryption protection makes the security software and devices confront with the difficulty of analyzing the encrypted malicious traffic at endpoints. In order to better solve this kind of situation, this paper proposes a new efficient and transparent method for large-scale automated TLS traffic analysis, named as hyper TLS traffic analysis (HTTA). It extracts multiple types of valuable data from the target system in the hyper mode and then correlates them to decrypt the network packets in real time, so that overall data correlation analysis can be performed on the target. Additionally, we propose an aided reverse engineering method to support the analysis, which can rapidly identify the target data in different versions of the program. The proposed method can be applied to the endpoints and cloud platforms; there are no trust risk of certificates and no influence on the target programs. Finally, the real experimental results show that the method is feasible and effective for the analysis, which leads to the lower runtime overhead compared with other methods. It covers all the popular browser programs with good adaptability and can be applied to the large-scale analysis.

scholarly journals Transparency as a Functional and Visual Tool. The GUI of the Windows 10 Operating System as an Example

2018 ◽  
pp. 171-183
Author(s):  
Agnieszka Smaga
Keyword(s):  
Operating System ◽  
Operating Systems ◽  
Effective Communication ◽  
Web Browsers ◽  
Digital Environment ◽  
Surface Level ◽  
Visual Tool ◽  
Digital World ◽  
Multi Level ◽  
Different Levels

Transparency mediates between a body and light, and the surrounding multidirectional reality, and then their observer, that is, at the meeting point of various physicalities. Transparency suggests an existence of a hidden depth which adds a mysterious and magical dimension. Transparency exists mainly at the surface level (signifiant), within arm’s reach, thus it is controllable. Unlike the depth of the message (signifié), which, when obscured, creates an inaccessible, hidden impression. Transparency in the digital environment becomes a medium with the laws of technology applied to it – as an activity and a tool for effective communication and use. Transparency is therefore considered as an operational category – accompanying the process of generating and using a message – and an instrument – supporting software. Both types of transparency mutually condition each other at different levels of the digital world – operating systems, applications, websites, search engines and web browsers, etc. The last version of Windows offers various forms of GUI transparency at the hardware level in terms of operating, and at the software level in terms of functionality and aesthetics, where aesthetics is connected with the literal visualisation effect and the mental building of structures. Transparencies conduct, at various levels of their saturation, a kind of multi-level game: between their form and the content hidden behind it, visible and invisible, an illusion and a disillusion, materialisation and dematerialisation, self-reality and reality existing beyond it, finally between itself and recipients, forcing them to specific perceptions, reactions, behaviours, and valuations.

scholarly journals Automated Inventory

2021 ◽  
Vol 9 (VI) ◽  
pp. 2799-2801
Author(s):  
Devendra Kumar
Keyword(s):  
Operating System ◽  
Product Category ◽  
Inventory System ◽  
Easy Access ◽  
Manual Work ◽  
Valuable Data

The purpose of the Automated Inventory is to automate the existing manual inventory system with the help of computerized automation software, in a manner such that it provides the functionality to store the valuable data or information for a longer period of time, along with its easy access and manipulation. The application can track sales and the available inventory. It also notifies the store owner when the products need to be reordered and also their quantity. Automated Inventory is an application developed for Windows operating system, which enables users to control and monitor inventory and generate various reports. This project reduces the manual work and delay for managing the stock, inventory, product category and products. The technologies used in this system are MySQL (Xampp), Python & Django, HTML & CSS.

Formulary Considerations for Insulins Approved Through the 505(b)(2) “Follow-on” Pathway

2018 ◽  
Vol 53 (2) ◽  
pp. 204-210 ◽  
Author(s):  
Jack T. Rasmussen ◽  
Heather J. Ipema
Keyword(s):  
Insulin Glargine ◽  
Insulin Lispro ◽  
Lower Cost ◽  
Data Extraction ◽  
Safety Data ◽  
Current Data ◽  
Regulatory Change ◽  
Efficacy And Safety ◽  
Data Synthesis ◽  
Study Selection

Objective: To summarize formulary-relevant issues for follow-on insulins approved through the Food and Drug Administration (FDA) 505(b)(2) approval pathway (Basaglar and Admelog). Data Sources: A search of the MEDLINE database was performed for articles pertaining to clinical and formulary considerations for follow-on insulin products through July 2018. Study Selection and Data Extraction: All clinical trials used in the 505(b)(2) approval process for follow-on insulin glargine and insulin lispro products were included and summarized. Data Synthesis: Follow-on insulin glargine and insulin lispro products have been recently approved as the first lower-cost alternatives to innovator insulin products. The follow-on insulins were approved via the 505(b)(2) pathway, making them neither generics nor biosimilars. Current data do not suggest any clinically relevant differences between the follow-on insulins and their respective innovator products. Clinicians should be aware that follow-on insulins will be reclassified as biologic products in the year 2020. Relevance to Patient Care and Clinical Practice: This article provides information about currently available follow-on insulin products that were approved through the 505(b)(2) pathway, including product characteristics and efficacy and safety data. These products will likely be considered for both clinical use and formulary placement because of their potentially lower cost compared with innovator products. Conclusions: Follow-on insulin products approved through the 505(b)(2) pathway are supported by robust efficacy and safety data. As new follow-on insulins are approved and the regulatory change that will occur with these products in 2020 approaches, formulary decisions and clinical policies (eg, substitution) will continue to be revisited.

Sign in / Sign up

Export Citation Format

Share Document