Safer at any speed: automatic context-aware safety enhancement for Rust

Type-safe languages improve application safety by eliminating whole classes of vulnerabilities–such as buffer overflows–by construction. However, this safety sometimes comes with a performance cost. As a result, many modern type-safe languages provide escape hatches that allow developers to manually bypass them. The relative value of performance to safety and the degree of performance obtained depends upon the application context, including user goals and the hardware upon which the application is to be executed. Since libraries may be used in many different contexts, library developers cannot make safety-performance trade-off decisions appropriate for all cases. Application developers can tune libraries themselves to increase safety or performance, but this requires extra effort and makes libraries less reusable. To address this problem, we present NADER, a Rust development tool that makes applications safer by automatically transforming unsafe code into equivalent safe code according to developer preferences and application context. In end-to-end system evaluations in a given context, NADER automatically reintroduces numerous library bounds checks, in many cases making application code that uses popular Rust libraries safer with no corresponding loss in performance.

A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead

The concepts brought by Industry 4.0 have been explored and gradually applied.The cybersecurity impacts on the progress of Industry 4.0 implementations and their interactions with other technologies require constant surveillance, and it is important to forecast cybersecurity-related challenges and trends to prevent and mitigate these impacts. The contributions of this paper are as follows: (1) it presents the results of a systematic review of industry 4.0 regarding attacks, vulnerabilities and defense strategies, (2) it details and classifies the attacks, vulnerabilities and defenses mechanisms, and (3) it presents a discussion of recent challenges and trends regarding cybersecurity-related areas for Industry 4.0. From the systematic review, regarding the attacks, the results show that most attacks are carried out on the network layer, where dos-related and mitm attacks are the most prevalent ones. Regarding vulnerabilities, security flaws in services and source code, and incorrect validations in authentication procedures are highlighted. These are vulnerabilities that can be exploited by dos attacks and buffer overflows in industrial devices and networks. Regarding defense strategies, Blockchain is presented as one of the most relevant technologies under study in terms of defense mechanisms, thanks to its ability to be used in a variety of solutions, from Intrusion Detection Systems to the prevention of Distributed dos attacks, and most defense strategies are presented as an after-attack solution or prevention, in the sense that the defense mechanisms are only placed or thought, only after the harm has been done, and not as a mitigation strategy to prevent the cyberattack. Concerning challenges and trends, the review shows that digital sovereignty, cyber sovereignty, and data sovereignty are recent topics being explored by researchers within the Industry 4.0 scope, and GAIA-X and International Data Spaces are recent initiatives regarding data sovereignty. A discussion of trends is provided, and future challenges are pointed out.

PICO

Memory safety violations such as buffer overflows are a threat to security to this day. A common solution to ensure memory safety for C is code instrumentation. However, this often causes high execution-time overhead and is therefore rarely used in production. Static analyses can reduce this overhead by proving some memory accesses in bounds at compile time. In practice, however, static analyses may fail to verify in-bounds accesses due to over-approximation. Therefore, it is important to additionally optimize the checks that reside in the program. In this article, we present PICO, an approach to eliminate and replace in-bounds checks. PICO exactly captures the spatial memory safety of accesses using Presburger formulas to either verify them statically or substitute existing checks with more efficient ones. Thereby, PICO can generate checks of which each covers multiple accesses and place them at infrequently executed locations. We evaluate our LLVM-based PICO prototype with the well-known SoftBound instrumentation on SPEC benchmarks commonly used in related work. PICO reduces the execution-time overhead introduced by SoftBound by 36% on average (and the code-size overhead by 24%). Our evaluation shows that the impact of substituting checks dominates that of removing provably redundant checks.

An Enhanced routing Technique to improve the Network Lifetime of Cognitive Sensor Network

In terms of using the technology of Cognitive Radio (CR), a Cognitive Sensor Network (CSN) is varied from the conventional Wireless Sensor Networks (WSNs). According to the interaction with the surrounding environment, the transmitter parameters can be modified in the sensor nodes of CSN adaptively. In CSNs, routing is one of the important components. Based on the capability of spectrum-aware, the schemes of routing of CSNs are district from other networks. The changeable spectrum resource dynamically should be understood by the routing scheme to establish a path of reliable forwarding by the adjustment of routing policy adaptively. In CSNs, reliable routing is an essential thing but still not a well-explored problem in CSNs. Packet drops due to spectrum unavailability and buffer overflows seriously affects the connectivity of the nodes. The whole network’s lifetime and the data delivery rate are impacted by the prolonging packet drops. To increase the nodes’ lifetime, the addressing of this drawback in the phase of routing should be done. Before the making of routing decisions, a new routing technique is proposed named as Drop factor based energy efficient routing technique (DFBEER) with the use of packet drop ratio and power dissipation metric of the spectrum links. With the total number of users in the routing path, the drop factor is computed. Power dissipation is calculated based on the transmitted data packets versus the amount of total consumed energy. This method reduces the drop ratio by avoiding the high drop factor nodes from being participating in the routing process. It always ensures that the data would be handled by the low dropping ratio nodes, thus the network’s lifetime is improved.

An automated approach to fix buffer overflows

Buffer overflows are one of the most common software vulnerabilities that occur when more data is inserted into a buffer than it can hold. Various manual and automated techniques for detecting and fixing specific types of buffer overflow vulnerability have been proposed, but the solution to fix Unicode buffer overflow has not been proposed yet. Public security vulnerability repository e.g., Common Weakness Enumeration (CWE) holds useful articles about software security vulnerabilities. Mitigation strategies listed in CWE may be useful for fixing the specified software security vulnerabilities. This research contributes by developing a prototype that automatically fixes different types of buffer overflows by using the strategies suggested in CWE articles and existing research. A static analysis tool has been used to evaluate the performance of the developed prototype tools. The results suggest that the proposed approach can automatically fix buffer overflows without inducing errors.

A Review of Memory Errors Exploitation in x86-64

Memory errors are still a serious threat affecting millions of devices worldwide. Recently, bounty programs have reached a new record, paying up to USD 2.5 million for one single vulnerability in Android and up to USD 2 million for Apple’s operating system. In almost all cases, it is common to exploit memory errors in one or more stages to fully compromise those devices. In this paper, we review and discuss the importance of memory error vulnerabilities, and more specifically stack buffer overflows to provide a full view of how memory errors are exploited. We identify the root causes that make those attacks possible on modern x86-64 architecture in the presence of modern protection techniques. We have analyzed how unsafe library functions are prone to buffer overflows, revealing that although there are secure versions of those functions, they are not actually preventing buffer overflows from happening. Using secure functions does not result in software free from vulnerabilities and it requires developers to be security-aware. To overcome this problem, we discuss the three main security protection techniques present in all modern operating system; the non-eXecutable bit (NX), the Stack Smashing Protector (SSP) and the Address Space Layout Randomization (ASLR). After discussing their effectiveness, we conclude that although they provide a strong level of protection against classical exploitation techniques, modern attacks can bypass them.

ON TIME-TO-BUFFER OVERFLOW DISTRIBUTION IN A SINGLE-MACHINE DISCRETE-TIME SYSTEM WITH FINITE CAPACITY

A model of a single-machine production system with finite magazine capacity is investigated. The input flow of jobs is organized according to geometric distribution of interarrival times, while processing times are assumed to be generally distributed. The closed-form formula for the generating function of the time to the first buffer overflow distribution conditioned by the initial buffer state is found. The analytical approach based on the idea of embedded Markov chain, the formula of total probability and linear algebra is applied. The corresponding result for next buffer overflows is also given. Numerical examples are attached as well.

Prioritized Retransmission: A TCP Flow Control Mechanism

Now-a-days, efforts have been made in the research of transmission control protocols to improve the performance of the flow control mechanism. Internet communication and services daily increase the variety and quantity of their capacity and needs. Therefore the flow control mechanism will have to consider valuable for traffic control, especially on high-speed networks. Initially there are some challenges, for instance, loss of packet, processing capacity, performance, buffer overflows and deadlocks with which daily traffic is confronted. This paper analyzes and reviewed the strengths and weaknesses of the different flow control mechanisms used in TCP. To overcome the weaknesses of these flow controls, we suggest a priority retransmission mechanism. Here we have priority on the Negative Acknowledgment (NACK), we resend the package on the basis of the minimum sequence number of the NACK. In buffer of priority retransmission Automatic Repeat request (ARQ) mechanism, the packet is released to the communication link in a First in First out (FIFO) manner. That is why the priority retransmission ARQ gives the optimum performance