Search for: All records

Static binary analysis is critical to various security tasks such as vulnerability discovery and malware detection. In recent years, binary analysis has faced new challenges as vendors of the Internet of Things (IoT) and Industrial Control Systems (ICS) continue to introduce customized or non-standard binary formats that existing tools cannot readily process. Reverse-engineering each of the new formats is costly as it requires extensive expertise and analysts’ time. In this paper, we investigate the first step to automate the analysis of non-standard binaries, which is to recognize the bytes representing “code” from “data” (i.e., data-code separation). We propose Loadstar, and its key idea is to use the abundant labeled data from standard binaries to train a classifier and adapt it for processing unlabeled non-standard binaries. We use a pseudo-label-based method for domain adaption and leverage knowledge-inspired rules for pseudo-label correction, which serves as the guardrail for the adaption process. A key advantage of the system is that it does not require labeling any non-standard binaries. Using three datasets of non-standard PLC binaries, we evaluate Loadstar and show it outperforms existing tools in terms of both accuracy and processing speed. We will share the tool (open source) with the community. 

With the introduction of Cyber-Physical Systems (CPS) and Internet of Things (IoT) technologies, the automation industry is undergoing significant changes, particularly in improving production efficiency and reducing maintenance costs. Industrial automation applications often need to transmit time- and safety-critical data to closely monitor and control industrial processes. Several Ethernet-based fieldbus solutions, such as PROFINET IRT, EtherNet/IP, and EtherCAT, are widely used to ensure real-time communications in industrial automation systems. These solutions, however, commonly incorporate additional mechanisms to provide latency guarantees, making their interoperability a grand challenge. The IEEE 802.1 Time-Sensitive Networking (TSN) task group was formed to enhance and optimize IEEE 802.1 network standards, particularly for Ethernet-based networks. These solutions can be evolved and adapted for cross-industry scenarios, such as large-scale distributed industrial plants requiring multiple industrial entities to work collaboratively. This paper provides a comprehensive review of current advances in TSN standards for industrial automation. It presents the state-of-the-art IEEE TSN standards and discusses the opportunities and challenges of integrating TSN into the automation industry. Some promising research directions are also highlighted for applying TSN technologies to industrial automation applications. 

Restaurants are increasingly relying on on-demand delivery platforms (e.g., DoorDash, Grubhub, and Uber Eats) to reach customers and fulfill takeout orders. Although on-demand delivery is a valuable option for consumers, whether restaurants benefit from or are being hurt by partnering with these platforms remains unclear. This paper investigates whether and to what extent the platform delivery channel substitutes restaurants’ own takeout/dine-in channels and the net impact on restaurant revenue. Empirical analyses show that restaurants overall benefit from on-demand delivery platforms—these platforms increase restaurants’ total takeout sales while creating positive spillovers to customer dine-in visits. However, the platform effects are substantially heterogeneous, depending on the type of restaurants (independent versus chain) and the type of customer channels (takeout versus dine-in). The overall positive effect on fast-food chains is four times as large as that on independent restaurants. For takeout, delivery platforms substitute independent restaurants’ but complement chain restaurants’ own takeout sales. For dine-in, delivery platforms increase both independent and chain restaurants’ dine-in visits by a similar magnitude. Therefore, the value of delivery platforms to independent restaurants mostly comes from the increase in dine-in visits, whereas the value to chain restaurants primarily comes from the gain in takeout sales. Further, the platform delivery channel facilitates price competition and reduces the opportunity for independent restaurants to differentiate with premium services and dine-in experience, which may explain why independent restaurants do not benefit as much from on-demand delivery platforms. This paper was accepted by D. J. Wu, information systems. Funding: Z. Li is grateful to the National Science Foundation Division of Social and Economic Sciences for support provided through the CAREER award [Grant 2243736]. Supplemental Material: The online appendix and data files are available at https://doi.org/10.1287/mnsc.2021.01010 .