The rapid development of mobile computing and cloud trigger novel paradigm-----Mobile Cloud Computing. This paper review current research effort towards Mobile First, we present several challenges for the design Computing service. Second, a concept model has been proposed to analyze related work. Third, survey recent architecture, application partition & offloading, context-aware

Cryptography plays an important role in computer and communication security. In practical implementations of cryptosystems, the cryptographic keys are usually loaded into memory as plaintext, then used algorithms. Therefore, private subject to disclosure attacks that read unauthorized data from RAM. Such could be performed through software methods (e.g., Open SSL Heart bleed) even when integrity victim system's executable binaries is maintained. They also physical Cold-boot on RAM chips)...

The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need make them smarter. A variety applications now run simultaneously on ARM-based processor. For example, devices the edge Internet are provided with higher horsepower be entrusted storing, processing and analyzing data collected from IoT devices. This significantly improves efficiency reduces amount that needs transported cloud for processing, analysis storage. However, commodity OSes prone compromise. Once...

Power electronics systems have become increasingly vulnerable to cyber-physical threats due their growing penetration in the Internet-of-Things (IoT)-enabled applications, including connected electric vehicles (EVs). In response this emerging need, a cyber-physical-security initiative was recently launched by IEEE Electronics Society (PELS). With increasing connectivity vehicle-to-everything (V2X) and number of electronic control units, EVs are facing greater security challenges. However,...

In this article, a systematic assessment of cyber-physical security on the energy management system for connected and automated electric vehicles is proposed, which, to our knowledge, has not been attempted before. The generalized methodology impact analysis cyber attacks developed, including novel evaluation metrics from perspectives steady state transient performance innovative index-based resilience criteria. Specifically, we propose criterion in terms dynamic performance, comfortability,...

A smart home connects tens of devices to the Internet, where an IoT cloud runs various automation applications. While bringing unprecedented convenience and accessibility, it also introduces security hazards users. Prior research studied from several aspects. However, we found that complexity interactions among participating entities (i.e., devices, clouds, mobile apps) has not yet been systematically investigated. In this work, conducted in-depth analysis five widely-used platforms....

With the rapid proliferation of IoT devices, our cyberspace is nowadays dominated by billions low-cost computing nodes, which are very heterogeneous to each other. Dynamic analysis, one most effective approaches finding software bugs, has become paralyzed due lack a generic emulator capable running diverse previously-unseen firmware. In recent years, we have witnessed devastating security breaches targeting low-end microcontroller-based devices. These concerns significantly hamstrung further...

Cryptographic systems are essential for computer and communication security, instance, RSA is used in PGP Email clients AES employed full disk encryption. In practice, the cryptographic keys loaded stored RAM as plain-text, therefore vulnerable to physical memory attacks (e.g., cold-boot attacks). To tackle this problem, we propose Copker, which implements asymmetric cryptosystems entirely within CPU, without storing plain-text private RAM. its active mode, Copker stores kilobytes of...

Although the importance of using static taint analysis to detect taint-style vulnerabilities in Linux-based embedded firmware is widely recognized, existing approaches are plagued by following major limitations: (a) Existing works cannot properly handle indirect call on path from attacker-controlled sources security-sensitive sinks, resulting lots false negatives. (b) They employ heuristics identify mediate source and it not accurate enough, which leads high positives.

Fuzzing is one of the most effective approaches to finding software flaws. However, applying it microcontroller firmware incurs many challenges. For example, rehosting-based solutions cannot accurately model peripheral behaviors and thus be used fuzz corresponding driver code. In this work, we present $\mu$AFL, a hardware-in-the-loop approach fuzzing firmware. It leverages debugging tools in existing embedded system development construct an AFL-compatible framework. Specifically, use debug...

In recent years, Internet-of-Things (IoT) platforms and systems have been rapidly emerging. Although IoT is a new technology, does not mean simpler (than existing networked systems). Contrarily, the complexity (of systems) actually being increased in terms of interactions between physical world cyberspace. The indeed results vulnerabilities. This article seeks to provide review recently discovered logic bugs that are specific discuss lessons we learned from these bugs. particular, 20 one...

Finding bugs in microcontroller (MCU) firmware is challenging, even for device manufacturers who own the source code. The MCU runs different instruction sets than x86 and exposes a very development environment. This invalidates many existing sophisticated software testing tools on x86. To maintain unified developing environment, straightforward way to re-compile code into native executable commodity machine (called rehosting). However, ad-hoc re-hosting daunting tedious task subject issues...

The increasing growth of cybercrimes targeting mobile devices urges an efficient malware analysis platform. With the emergence evasive malware, which is capable detecting that it being analyzed in virtualized environments, bare-metal has become definitive resort. Existing works mainly focus on extracting malicious behaviors exposed during analysis. However, after analysis, equally important to quickly restore system a clean state examine next sample. Unfortunately, state-of-the-art solutions...

Emulating firmware of microcontrollers is challenging due to the lack peripheral models. Existing work finds out how respond read operations by analyzing target firmware. This problematic because sometimes does not contain enough clues support emulation or even contains misleading information (e.g., a buggy firmware). In this work, we propose new approach that builds models from specification. Using NLP, translate behaviors in human language (documented chip manuals) into set structured...

Cryptosystems are essential for computer and communication security, e.g., RSA or ECDSA in PGP Email clients AES full disk encryption. In practice, the cryptographic keys loaded stored RAM as plain-text, therefore vulnerable to cold-boot attacks exploiting remanence effect of chips directly read memory data. To tackle this problem, we propose Copker, a engine that implements asymmetric cryptosystems entirely within CPU, without storing any plain-text sensitive data RAM. Copker supports...

Nowadays, auto insurance companies set personalized rate based on data gathered directly from their customers' cars. In this paper, we show such a mechanism -- wildly adopted by many is vulnerable to exploit. particular, demonstrate that an adversary can leverage off-the-shelf hardware manipulate the device collects drivers' habits for customization and obtain fraudulent discount. response type of attack, also propose defense escalates protection insurers' collection. The main idea augment...

The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need make them smarter. However, the smartness comes at cost multi-vector security exploits. From cyber space, a compromised operating system could access all data in cloud-aware IoT device. physical cold-boot attacks and DMA impose great threat unattended devices. In this paper, we propose TrustShadow that provides comprehensively protected execution environment for unmodified application running on...

The supervisory software is widely used in industrial control systems (ICSs) to manage field devices such as PLC controllers. Once compromised, it could be misused or manipulate these physical maliciously, endangering manufacturing process even human lives. Therefore, extensive security testing of crucial for the safe operation ICS. However, fuzzing ICS challenging due prevalent use proprietary protocols. Without knowledge program states and packet formats, difficult enter deep effective fuzzing.

Microcontroller-based embedded systems have become ubiquitous with the emergence of IoT technology. Given its critical roles in many applications, security is becoming increasingly important. Unfortunately, MCU devices are especially vulnerable. Code reuse attacks particularly noteworthy since memory address firmware code static. This work seeks to combat attacks, including ROP and more advanced JIT-ROP via continuous randomization. Previous proposals geared towards full-fledged OSs rich...

With the rapid expansion of Internet Things, a vast number microcontroller-based (MCU) IoT devices are now susceptible to attacks through Internet. Vulnerabilities within firmware one most important attack surfaces. Fuzzing has emerged as effective techniques for identifying such vulnerabilities. However, when applied firmware, several challenges arise, including: 1) inability execute properly in absence peripherals; 2) lack support exploring input spaces multiple 3) difficulties...