Theses
http://hdl.handle.net/10034/623039
2024-03-28T22:11:19ZSoftware Exploitation and Software Protection Measures Enhancing Software Protection via Inter-Process Control Flow Integrity
http://hdl.handle.net/10034/628480
Software Exploitation and Software Protection Measures Enhancing Software Protection via Inter-Process Control Flow Integrity
Oyinloye, Toyosi A.
Computer technologies hinge on the effective functionality of the software component. Unfortunately, software code may have flaws that cause them to be vulnerable and exploitable by attackers. Software exploitation could involve a hijack of the application and deviation of the flow of its execution. Whenever this occurs, the integrity of the software and the underlying system could be compromised. For this reason, there is a need to continually develop resilient software protection tools and techniques. This report details an in-depth study of software exploitation and software protection measures. Efforts in the research were geared towards finding new protection tools for vulnerable software. The main focus of the study is on the problem of Control Flow Hijacks (CFH) against vulnerable software, particularly for software that was built and executed on the RISC-V architecture. Threat models that were addressed are buffer overflow, stack overflow, return-to-libc, and Return Oriented Programming (ROP). Whilst the primary focus for developing the new protection was on RISC-V-based binaries, programs that were built on the more widespread x86 architecture were also explored comparatively in the course of this study.
The concept of Control Flow Integrity (CFI) was explored in the study and a proof-of-concept for mitigating ROP attacks that result in Denial of Service is presented. The concept of CFI involves the enforcement of the intended flow of execution of a vulnerable program. The novel protection is based on the CFI concept combined with Inter-process signalling (named Inter-Process Control Flow Integrity (IP-CFI)). This technique is orthogonal to well-practised software maintenance such as patching/updates and is complementary to it providing integrity regardless of exploitation path/vector. In evaluating the tool, it was applied to vulnerable programs and found to promptly identify deviations in vulnerable programs when ROP attacks lead to DoS with an average runtime overhead of 0.95%. The system on which the software is embedded is also protected as a result of the watchdog in the IP-CFI where this kind of attack would have progressed unnoticed. Unlike previous CFI models, IP-CFI extends protection outside the vulnerable program by setting up a mutual collaboration between the protected program and a newly written monitoring program. Products derived in this study are software tools in the form of various Linux scripts that can be used to automate several functionalities, two RISC-V ROP gadget finders (RETGadgets & JALRGadget), and the software protection tool IP-CFI. In this report, software is also referred to as binary, executable, application, program or process.
2023-08-01T00:00:00ZExploring Mixed Reality Level Design Workflows
http://hdl.handle.net/10034/628071
Exploring Mixed Reality Level Design Workflows
Beever, Lee
The past decade has seen a continual increase in quality and capability of augmented reality (AR) and virtual reality (VR) devices. Due to this greater capability, there have been an influx of entertainment and serious games that have been developed for these systems. Yet, the current workflows for developing VR game levels for entertainment or serious games have remained the same, with developers using a game engine presented on a 2D screen with a traditional mouse and keyboard for input.
This thesis explores the use of AR and VR technologies as part of level design workflows used to develop both entertainment and serious VR game levels. Two existing workflows were identified as areas that could be improved by integrating AR and VR technologies as part of the workflow. Whilst a third new workflow was developed which focused on enabling new experiences for players:
Workflow 1: This workflow explored using AR to help create a digital map of an existing space to help improve realism and presence of a VR serious game environment. The initial focus was on improving the workflow for developers of serious game levels.
Workflow 2: This workflow focused on improving entertainment VR game level creation through the development of a VR level editor. The focus was on improving the entertainment VR level design process for professional level designers.
Workflow 3: This workflow enables new experiences by supporting substitutional reality (SR) level design for players through a mix of both AR and VR technologies. It enables players to develop their own entertainment game levels that support SR using consumer technology.
Each of the three workflows are presented in this thesis along with results from multiple studies. Results from the studies show positive outcomes supporting each of the workflows.
2023-03-01T00:00:00ZTowards Effective Project Management and Knowledge Transfer Enhancement: A Novel System Capturing and Modelling Knowledge Acquired in a Software Development Practice
http://hdl.handle.net/10034/626721
Towards Effective Project Management and Knowledge Transfer Enhancement: A Novel System Capturing and Modelling Knowledge Acquired in a Software Development Practice
Fannoun, Sufian
The practice of software project management evolves alongside emerging new technologies such as advances in new tools and resources in Application Programming Interfaces (APIs) and machine learning applications. This thesis evaluates the ways in which a small software development unit, characteristics of other small enterprises, has embraced emerging trends in the development of digital technologies in order to establish and maintain successful practice. A qualitative research approach was adopted to elicit an understanding of the critical knowledge acquired as the unit developed and its members become effective practitioners. The research identifies and analyses the acquired knowledge that underpins successful practice, and uses the results of this analysis to propose a support system to enhance future practice. This is a challenge is that there is limited evidence of Small and Medium Enterprises (SMEs) engaging in knowledge management (KM) or in organisational learning (OL) initiatives. In developing projects, smaller software development organisations rely on implicit knowledge and Agile to resolve complexity. Consequently, and specifically in a small business, the development of this bespoke system, represents a novel approach to Knowledge Management (KM) and Organisational Learning (OL).
Projects were identified as key sources and locus of development, innovation knowledge, skills, know-how and learning within the unit. This outcome has reinforced the proposal for a links-based system around individual projects. As in Chapter Nine, the system is as a web-based repository of project templates. The templates capture key insights into critical decisions and significant advances in current practice that arise from work within individual projects. The proposed system captures the unit’s knowledge. In addition, it provides an accessible resource that not only supports critical reflection and decision making but also retains key aspects of organisational learning (OL) and know-how. Further, while complementing continuing implicit learning, it has the further benefit of maintaining organisational resilience where individuals’ skills may be lost or where the unit faces high staff turnover. Moreover, the system can serve to induct newcomers to the unit.
Accordingly, for a small software development unit with no prior knowledge management initiative or system in place, the research’s immediate contribution is through modelling, capturing and representing the acquired knowledge. This thesis provides insights into the management of software project knowledge through web technology. The prototype was successfully designed, implemented, evaluated and made available to the research unit working group. Such a system provides an effective measure for application at organisational and project levels, the evaluation of practice and the reuse of project knowledge to improve performance and effective practice.
A further contribution made by this research is in revealing the range of the acquired knowledge, the know-how and the soft skills that complement the technical skills of software development within the research unit. The set of know-how and soft skills could be valuable where measures for effective professional practice are required. The analysed data revealed the range of capabilities the members developed to enable the application of implicit knowledge. Such insights, perceptions, and understanding enabled them to engage with clients, as well as manage risks and changes, assist key business processes and, importantly, deliver projects successfully. These skills contribute to the members’ individual professional development and capabilities. These might be termed Confidence, Relationships, Communication and Self-Management, Cooperation and Teamwork. Similarly, the research revealed the range of Know-How the members have developed. This range would include Understanding of Business Processes, Experimentation and Problem Solving, Reusing of Project Knowledge, Establishing and Marinating Quality, Project Time Estimates, and Learning from Project Failure the thesis also highlights the additional range of critical knowledge encapsulated within projects. This knowledge specifically related to Business Processes, Business Domains, Client and Working Environment. Such contextual implicit knowledge is part of the critical knowledge the practitioners acquired. Consequently, a model of successful practice within the unit was then built upon facets of this salient knowledge.
An evaluation provided feedback on the system and assessed its suitability for the research unit. The unit members were satisfied with how the prototype restricted the key elements related to their knowledge and practice without duplicating information and acknowledged that it was the knowledge management system that best suits their needs.
A focus group meeting with another similar software development unit highlighted and validated commonalities and differences in experience and in the nature of the individual organisations. The findings suggest that the proposed approach to recognising and utilising knowledge for transfer, reuse and consolidating effective practice is, potentially, extendable to similar domains. Continued research would explore the wider generalisability of this approach. Further research would explore extensions or revisions of the prototype that might further clarify the benefits and limitations of such an approach as well as providing a model for knowledge management in similar small-scale environments. This research might also serve as a template or road map for the implementation of KM initiatives elsewhere, such as start-up companies where there is a lack of software development expertise. Furthermore, the proposed system could serve as a model for the development of comparable systems in organisations where projects form the core of their work.
2021-03-01T00:00:00ZA Framework for Web-Based Immersive Analytics
http://hdl.handle.net/10034/623604
A Framework for Web-Based Immersive Analytics
Butcher, Peter W. S.
The emergence of affordable Virtual Reality (VR) interfaces has reignited the interest of researchers and developers in exploring new, immersive ways to visualise data. In particular, the use of open-standards Web-based technologies for implementing VR experiences in a browser aims to enable their ubiquitous and platform-independent adoption. In addition, such technologies work in synergy with established visualization libraries, through the HTML Document Object Model (DOM). However, creating Immersive Analytics (IA) experiences remains a challenging process, as the systems that are currently available require knowledge of game engines, such as Unity, and are often intrinsically restricted by their development ecosystem. This thesis presents a novel approach to the design, creation and deployment of Immersive Analytics experiences through the use of open-standards Web technologies. It presents <VRIA>, a Web-based framework for creating Immersive Analytics experiences in VR that was developed during this PhD project. <VRIA> is built upon WebXR, A-Frame, React and D3.js, and offers a visualization creation workflow which enables users of different levels of expertise to rapidly develop Immersive Analytics experiences for the Web. The aforementioned reliance on open standards and the synergies with popular visualization libraries make <VRIA> ubiquitous and platform-independent in nature. Moreover, by using WebXR’s progressive enhancement, the experiences <VRIA> is able to create are accessible on a plethora of devices. This thesis presents an elaboration on the motivation for focusing on open-standards Web technologies, presents the <VRIA> visualization creation workflow and details the underlying mechanics of our framework. It reports on optimisation techniques, integrated into <VRIA>, that are necessary for implementing Immersive Analytics experiences with the necessary performance profile on the Web. It discusses scalability implications of the framework and presents a series of use case applications that demonstrate the various features of <VRIA>. Finally, it describes the lessons learned from the development of the framework, discusses current limitations, and outlines further extensions.
2020-08-17T00:00:00Z