Evaluation of Crossover Displaced Left-turn (XDL) Intersections and Real-time Signal Control Strategies with Artificial Intelligence Techniques

Jagannathan, Ramanujan

12 October 2004

Although concepts of the XDL intersection or CFI (Continuous Flow Intersection) have been around for approximately four decades, users do not yet have a simplified procedure to evaluate its traffic performance and compare it with a conventional intersection. Several studies have shown qualitative and quantitative benefits of the XDL intersection without providing accessible tools for traffic engineers and planners to estimate average control delays, and queues. Modeling was conducted on typical geometries over a wide distribution of traffic flow conditions for three different design configurations or cases using VISSIM simulations with pre-timed signal settings. Some comparisons with similar conventional designs show considerable savings in average control delay, and average queue length and increase in intersection capacity. The statistical models provide an accessible tool for a practitioner to assess average delay and average queue length for three types of XDL intersections. Pre-timed signal controller settings are provided for each of the five intersections of the XDL network. In this research, a "real-time" traffic signal control strategy is developed using genetic algorithms and neural networks to provide near-optimal traffic performance for XDL intersections. Knowing the traffic arrival pattern at an intersection in advance, it is possible to come up with the best signal control strategy for the respective scenario. Hypothetical cases of traffic arrival patterns are generated and genetic algorithms are used to come up with near-optimal signal control strategy for the respective cases. The neural network controller is then trained and tested using pairs of hypothetical traffic scenarios and corresponding signal control strategies. The developed neural network controller produces near-optimal traffic signal control strategy in "real-time" for all varieties of traffic arrival patterns. / Master of Science

Genetic Algorithms

CFI

XDL

Neural Networks

Continuous Flow Intersections

Real-time Signal Control

Porting Linux on ARM-Based Micro-controllers

Tsai, Ju-Chin

30 July 2006

More and more embedded systems choose ARM-based micro-controllers as CPU. If no embedded OS built with the system, the application scope will be restricted. Therefore, the need of embedded OS is vital. There are many embedded OS¡¦s in the market, but the embedded Linux has many advantages and is widely accepted. Commercial embedded Linux takes less refund than other embedded OS¡¦s. The kernel and most applications are distributed in GPL open source copyright, and is highly portable to many machine platforms. Presently, the hardware key-technology is highly skilled. The margin of 3C industrial has gone down rapidly. Therefore, people focus on adapting integrated technology to practicality and innovation to make cost down. Developers choose appropriate ARM micro-controllers according to demanding functionality of their products. The microcontroller is not necessary running with Linux distribution. Two approaches can be used to resolve the embedded OS issue. The first approach is porting Linux to the platform without any refund. The second approach is to pay for commercial Linux. Embedded system peripheral devices aim at powerful functionalities and economy. For instance, UART interface is cheap and low data transfer rate. The target board communicates with host via RS-232. RS-232 acts as serial console to play dumb terminal under Linux. Industrial applications often make use of RS-xxx for UART physical transmission layer. For instance, RS-485 applies modbus protocol to build cheap monitor systems. Network transmission is a necessary function, and it generally achieves high data transfer rate application through Ethernet. The UNIX-like network socket has served network application very well. Embedded systems are usually diskless systems. In order to keep permanent data, using flash memory as block disk system is a widely adapted strategy and which operates flash memory through MTD subsystems¡][28]¡^. An MTD subsystem contains two different modules, ¡§user¡¨and ¡§driver¡¨. In the driver module, CFI¡][40]¡^ is applied to probe flash chip, partition it and provide operating function. Flash translation layer and file-system are applied in the user module. MTD BLOCK is used to emulate the flash partitions as block devices which are then mounted into Linux virtual file system¡]VFS¡^with JFFS2 type, designed according to the feature of flash devices. In this thesis, we will describe in detail the procedure of porting Linux to ARM micro-controllers. The motivation of the work is introduced in chapter 1. In chapter 2, we introduce development tools and the main flow of the porting procedure. In chapter 3, we describe the LH79525 platform and the main perepherals on the target board, then introduce the ARM programmer model. In chapter 4, we examine the required knowledge and the important issues for porting ARM Linux. In chapter 5, we describe the details of porting Linux to run with Sharp LH79525, including modifying the key source codes and adjusting kernel configuration for embedding the UART, ethernet MAC, and MTD subsystem. In chapter 6, we do step-by-step validation and apply an integrated application with the LF-314CP temperature controller¡][46]¡^ by law-chain technology for the LH79525 target board running with the ported ARM Linux. In chapter 7, we present some issues for future work and improvement, then make a conclusion for the thesis.

MAC

JTAG

XIP

FTL

ARM EVB

MTD subsystem

NOR flash

BSP

SDRAM

JFFS2

modbus

Embedded Linux

CFI

MCU

UART

Mixed Messages

Vice President Research, Office of the

12 1900

As the dangers of teens and the internet make media headlines, Jennifer Shapka sifts through the fact and fiction of adolescent internet use.

Jennifer Shapka

Developmental Change and Technology Lab

internet

adolescent development

Canada Foundation for Innovation

CFI

educational and counseling psychology

DCTech Lab

The Efficacy of Forward-Edge Control-Flow Integrity in Mitigating Memory Corruption Vulnerabilities : The Case of the Android Stack

Olofsson, Viktor

January 2023

Memory corruption is one of the oldest and most prominent problems in the field of computer security. In order to protect the vulnerabilities that arise from memory corruption, a mitigation technique called Control-flow Integrity (CFI) was developed. The Android Open Source Project utilizes a specific implementation of the CFI policy called forward-edge CFI in the compilation of the Android system. However, memory corruption vulnerabilities are still a problem for Android systems. This raises the question: Is forward-edge CFI really effective in mitigating memory corruption vulnerabilities? In this research, the efficacy of forward-edge CFI in terms of mitigating memory corruption vulnerabilities in Android systems is analyzed. This is done by analyzing nine Common Vulnerabilities and Exposures (CVE) in terms of how they can be exploited and whether forward-edge CFI could mitigate them. Additionally, the Android binaries containing the vulnerabilities are analyzed in an attempt to detect the presence of CFI instrumentation. CFI was detected in one of nine vulnerable Android binaries, implying that there exist memory corruption vulnerabilities that forward-edge CFI definitely can not protect. The analysis of nine CVEs showed that five CVEs could be mitigated by forward-edge CFI. These results indicate that forward-edge CFI could definitely mitigate a portion of the memory corruption vulnerabilities plaguing Android systems. However, in order to protect a greater portion of memory corruption vulnerabilities, forward-edge CFI should be combined with other mitigation techniques such as Shadow Stacks.

control-flow integrity

CFI

control-flow graph

CFG

memory corruption

Android

vulnerability

android vulnerability

computer security

Computer Sciences

Datavetenskap (datalogi)

Wood Wide Web

Vice President Research, Office of the

05 1900

Melanie Jones and Dan Durall aren't looking to the treetops for clues about the "wood wide web." They're looking to the soil at fungi that are crucial to renewing our forests.

Melanie Jones

Dan Durall

soil biology

mycorrhizal fungi

Species at Risk

Habitat Studies Centre

Denise Brooks

Canada Foundation for Innovation

CFI

UBC Okanagan

Co-processor based monitoring to detect control flow attacks / Övervakning baserad på koprocessor för att upptäcka kontrollflödesattacker

Kaddami, Oussama

January 2024

Memory corruption attacks pose a significant threat to the security of embedded devices with limited resources that lack basic protection mechanisms. Control Flow Integrity (CFI) is a promising technique to mitigate these attacks by ensuring that the program’s control flow adheres to a predetermined set of rules. In this project, we propose a CFI solution tailored for embedded devices based on combining a type-based approach for indirect branches with a shadow stack approach to protect return addresses. Our solution targets the ARM Cortex-M33 architecture and is evaluated on various applications that are adequate for low-end devices, including embedded cryptographic primitives and a real-time operating system. Our solution provides a high level of security, allowing for a 99.99% reduction in attacks using the average reduction metric (AIR). However, we acknowledge that the performance overhead may be a concern for some use cases. The evaluation of our Control Flow Integrity (CFI) implementation shows that it incurs a performance overhead ranging between 7% and 81%, with a relatively small size overhead of around 3%. Therefore, we propose that the use of adequate architectural models could help reduce the performance overhead while still maintaining good security guarantees. Our study highlights the trade-off between security and performance in CFI implementations and provides insights into potential areas for improvement. / Minneskorruptionsattacker utgör ett betydande hot mot säkerheten för inbyggda enheter med begränsade resurser som saknar grundläggande skyddsmekanismer. Kontrollflödesintegritet (CFI) är en lovande teknik för att mildra dessa attacker genom att säkerställa att programkontrollen följer en förutbestämd uppsättning regler. I detta projekt föreslår vi en CFI-lösning anpassad för inbyggda enheter som bygger på en kombination av en typbaserad metod för indirekta grenar med en skuggstackmetod för att skydda returadresser. Vår lösning riktar sig mot ARM Cortex-M33-arkitekturen och utvärderas på olika applikationer som är lämpliga för lågpresterande enheter, inklusive inbyggda kryptografiska grundläggande funktioner och ett realtidsoperativsystem. Vår lösning erbjuder en hög säkerhetsnivå och möjliggör en minskning av attacker med 99,99% enligt genomsnittsmätningsmetoden (AIR). Vi erkänner dock att prestandaöverhuvud kan vara en oro i vissa användningsfall. Utvärderingen av vår CFI-implementering visar att den medför en prestandaöverhuvud som varierar mellan 7% och 81%, med en relativt liten storleksöverhuvud på cirka 3%. Därför föreslår vi att användningen av lämpliga arkitekturmodeller kan bidra till att minska prestandaöverhuvudet samtidigt som goda säkerhetsgarantier bibehålls. Vår studie belyser avvägningen mellan säkerhet och prestanda i CFI-implementeringar och ger insikter om potentiella områden för förbättring.

Embedded security

Remote software attacks

Control flow integrity (CFI)

Instrumentation

Inbäddade system säkerhet

Fjärrprogramvaruattacker

Computer and Information Sciences

Data- och informationsvetenskap

On the (in)security of behavioral-based dynamic anti-malware techniques

Ersan, Erkan

21 April 2017

The Internet has become the primary vector for the delivery of malicious code in cyber attacks, and malware has rapidly become a pervasive critical threat. Anti- malware products offer effective protection from malware threats for servers and endpoint devices using a variety of techniques. Advanced enterprise-level anti-malware products rely on state-of-art behavioral-based detection algorithms, in addition to traditional signature-based mechanisms. These dynamic detection techniques have been around for more than a decade and in response hackers have developed methods to evade them. However, currently known bypass methods require intensive manual labor. Moreover, this manual work has to be repeated whenever a parameter of the environment (such as the payload, operating system, Antivirus version, etc) changes, making these methods impractical. This may lead to the belief that dynamic techniques provide a good deterrence, and hence good protection. In this thesis we evaluate dynamic techniques. Specifically, we build tools to implement generic unhooking and funneling, and using these tools we show how dynamic techniques can be bypassed with considerably less effort than by fully manual methods. We also extend the repertoire of existing bypass methods and introduce a new malicious function call technique which exploits detection techniques that monitor a limited collection of critical system functions, as well as a method for bypassing guard-page protections. We demonstrate the effectiveness of all our techniques by conducting attacks against two enterprise antivirus products. Our results lead us to conclude that that dynamic techniques do not provide sufficient protection. / Graduate / 2018-02-07 / 0984 / erkanersan@gmail.com

Malware

Malware Detection

Computer Security

Anti-malware

Antivirus

Cyber Attacks

Behavioral-based Detection

EMET

Hooking

Unhooking

Guard Pages

Bypassing Techniques

Evasion Techniques

Evasion

funneling

Control Flow Integrity

CFI

Web-based malware

ROP

Return-Oriented Programming

Shellcode

Payload

Windows

Anti-malware Evaluation

Antivirus Evaluation

Anti-malware Effectiveness

Antivirus Effectiveness