Search for: All records

The COVID-19 pandemic led the majority of educational institutions to rapidly shift to primarily conducting courses through online, remote delivery. Across different institutions, the tools used for synchronous online course delivery varied. They included traditional video conferencing tools like Zoom, Google Meet, and WebEx as well as non-traditional tools like Gather.Town, Gatherly, and YoTribe. The main distinguishing characteristic of these nontraditional tools is their utilization of 2-D maps to create virtual meeting spaces that mimic real-world spaces. In this work, we aim to explore how such tools are perceived by students in the context of learning. Our intuition is that utilizing a tool that features a 2-D virtual space that resembles a real world classroom has underlying benefits compared to the more traditional video conferencing tools. The results of our study indicate that students' perception of using a 2-D virtual classroom improved their interaction, collaboration and overall satisfaction with an online learning experience. 

Programmable Logic Controllers are an integral component for managing many different industrial processes (e.g., smart building management, power generation, water and wastewater management, and traffic control systems), and manufacturing and control industries (e.g., oil and natural gas, chemical, pharmaceutical, pulp and paper, food and beverage, automotive, and aerospace). Despite being used widely in many critical infrastructures, PLCs use protocols which make these control systems vulnerable to many common attacks, including man-in-the-middle attacks, denial of service attacks, and memory corruption attacks (e.g., array, stack, and heap overflows, integer overflows, and pointer corruption). In this paper, we propose PLC-PROV, a system for tracking the inputs and outputs of the control system to detect violations in the safety and security policies of the system. We consider a smart building as an example of a PLC-based system and show how PLC-PROV can be applied to ensure that the inputs and outputs are consistent with the intended safety and security policies. 

In the recent past, there has been a rapid increase in attacks on consumer Internet-of-Things (IoT) devices. Several attacks currently focus on easy targets for exploitation, such as weak configurations (weak default passwords). However, with governments, industries, and organizations proposing new laws and regulations to reduce and prevent such easy targets in the IoT space, attackers will move to more subtle exploits in these devices. Memory corruption vulnerabilities are a significant class of vulnerabilities in software security through which attackers can gain control of the entire system. Numerous memory corruption vulnerabilities have been found in IoT firmware already deployed in the consumer market. This paper presents an approach for exploiting stack-based buffer-overflow attacks in IoT firmware, to hijack the device remotely. To show the feasibility of this approach, we demonstrate exploiting a common network software application, Connman, used widely in IoT firmware such as Samsung smart TVs. A series of experiments are reported on, including: crashing and executing arbitrary code in the targeted software application in a controlled environment, adopting the attacks in uncontrolled environments (with standard software defenses such as W⊕X and ASLR enabled), and installing publicly available IoT firmware that uses this software application on a Raspberry Pi. The presented exploits demonstrate the ease in which an adversary can control IoT devices. 

This paper describes a series of making activities developed for entry-level engagement in selected learning contexts. We describe the goals of each activity and reflections on development and delivery. We use our reflections from the design and implementation to develop a set of dimensions along which to talk about important similarities and differences between these kinds of making workshops. These dimensions enable us to highlight and discuss some of the challenges and tradeoffs. The activities discussed focus on a middle-school audience, but the findings illustrate themes that are relevant to the design of making activities more generally.