Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a <i>hybrid</i> approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts -- the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information. <br>

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a <i>hybrid</i> approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts -- the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information. <br>

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a <i>hybrid</i> approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts -- the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information. <br>

Design and Evaluation of a Solo-Resident Smart Home Testbed for Mobility Pattern Monitoring and Behavioural Assessment

Aging population increase demands for solutions to help the solo-resident elderly live independently. Unobtrusive data collection in a smart home environment can monitor and assess elderly residents’ health state based on changes in their mobility patterns. In this paper, a smart home system testbed setup for a solo-resident house is discussed and evaluated. We use paired Passive infra-red (PIR) sensors at each entry of a house and capture the resident’s activities to model mobility patterns. We present the required testbed implementation phases, i.e., deployment, post-deployment analysis, re-deployment, and conduct behavioural data analysis to highlight the usability of collected data from a smart home. The main contribution of this work is to apply intelligence from a post-deployment process mining technique (namely, the parallel activity log inference algorithm (PALIA)) to find the best configuration for data collection in order to minimise the errors. Based on the post-deployment analysis, a re-deployment phase is performed, and results show the improvement of collected data accuracy in re-deployment phase from 81.57% to 95.53%. To complete our analysis, we apply the well-known CASAS project dataset as a reference to conduct a comparison with our collected results which shows a similar pattern. The collected data further is processed to use the level of activity of the solo-resident for a behaviour assessment.

Experimental and Numerical Investigation of Solar Panels Deployment with Tape Spring Hinges Having Nonlinear Hysteresis with Friction Compensation

In this work, experimental and numerical investigation on the deployment of solar panels with tape spring (TS) hinges showing complex nonlinear hysteresis behavior caused by the snap-through buckling was conducted. Subsequently, it was verified by comparing simulation results by multi-body dynamics (MBD) analysis with test results on ground-based deployment testing considering gravity compensation, termed zero-gravity (Zero-G) device. It has been difficult to predict the folding and unfolding behavior of TS hinges because their moment–rotation relationship showed a nonlinear hysteresis behavior. To realize this attribute, an algorithm that checks the sign of angular velocity of the revolute joints was used to distinguish folding from unfolding. The nonlinear hysteresis was implemented in terms of two path-dependent nonlinear moment–rotation curves with the aid of the expression function (a kind of user subroutine) in MBD software RecurDyn. Finally, it was found that the results of the deployment analysis were in excellent agreement with those of the test when the friction torques of the revolute joints were properly identified by an inverse analysis with the test frames, thus validating the MBD model.

Guidelines for the Use of Unmanned Aerial Systems in Flood Emergency Response

There is increasing interest in using Unmanned Aircraft Systems (UAS) in flood risk management activities including in response to flood events. However, there is little evidence that they are used in a structured and strategic manner to best effect. An effective response to flooding is essential if lives are to be saved and suffering alleviated. This study evaluates how UAS can be used in the preparation for and response to flood emergencies and develops guidelines for their deployment before, during and after a flood event. A comprehensive literature review and interviews, with people with practical experience of flood risk management, compared the current organizational and operational structures for flood emergency response in both England and India, and developed a deployment analysis matrix of existing UAS applications. An online survey was carried out in England to assess how the technology could be further developed to meet flood emergency response needs. The deployment analysis matrix has the potential to be translated into an Indian context and other countries. Those organizations responsible for overseeing flood risk management activities including the response to flooding events will have to keep abreast of the rapid technological advances in UAS if they are to be used to best effect.