Security Engineering Research Group

Report on VM internals and Dalvik VM

Engineer@IMS — Tue, 05 Jan 2010 07:35:11 +0000

A comprehensive report on “Virtual machines and Dalvik VM internals” is uploaded to EASIP resource section. The report contains basics about a virtual machine and its functionality. It describes the Dalvik VM and its respective byte codes. A comparison between Dalvik and Java virtual machine is also included in this report. The report was submitted to ICT R&D as a Ist Deliverable of EASIP project. Any comments, suggestions and questions regarding the material in the report will be appreciated.

Thankyou, from SERG Staff

Symbian and Open Source?

alam78 — Wed, 12 Aug 2009 07:10:26 +0000

Yes, this is true that Nokia is going to launch Symbian as Open source. It is not confirmed but according to my information, it is going to happen soon in the future. My perception is that Nokia has read the message very clearly written on the Wall. THe message is that in the future it will be very difficult to contain Google regarding its open source platform Android.

There is an already effort by Nokia to turn its Symbian mobile operating system to open source Maemo operating system that it uses for its Internet tablets. This is a very positive sign.

Tutorial For Digital Signature in Php

Mudaser — Sat, 25 Jul 2009 05:51:55 +0000

Digital Signature in PHP:
OpenSSL is used for generation and verification of signatures and for sealing (encrypting) and opening (decrypting) data.

Installation Help Provided at Php site (www.php.net)
To use PHP’s OpenSSL support you must also compile PHP –with-openssl[=DIR].

Note: Note to Win32 Users

In order for this extension to work, there are DLL files that must be available to the Windows system PATH. For information on how to do this, see the FAQ entitled “How do I add my PHP directory to the PATH on Windows”. Although copying DLL files from the PHP folder into the Windows system directory also works (because the system directory is by default in the system’s PATH), this is not recommended. This extension requires the following files to be in the PATH: libeay32.dll

Additionally, if you are planning to use the key generation and certificate signing functions, you will need to install a valid openssl.cnf file on your system. As of PHP 4.3.0, we include a sample configuration file in our win32 binary distributions. PHP 4.3.x and 4.4.x has the file in the openssl directory. PHP 5.x and 6.x has the file in the extras/openssl directory. If you are either using PHP 4.2.x or missing the file, you can obtain it from » the OpenSSL binaries page or by downloading a recent PHP release. Be aware that Windows Explorer hides the .cnf extension by default and says the file Type is SpeedDial.

PHP will search for the openssl.cnf using the following logic:
* the OPENSSL_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file.
* the SSLEAY_CONF environmental variable, if set, will be used as the path (including filename) of the configuration file.
* The file openssl.cnf will be assumed to be found in the default certificate area, as configured at the time that the openssl DLL was compiled. This is usually means that the default filename is c:\usr\local\ssl\openssl.cnf.

In your installation, you need to decide whether to install the configuration file at c:\usr\local\ssl\openssl.cnf or whether to install it someplace else and use environmental variables (possibly on a per-virtual-host basis) to locate the configuration file. Note that it is possible to override the default path from the script using the configargs of the functions that require a configuration file.

Steps to follow:
Installation:

Install latest WAMP server from http://www.wampserver.com/en/
Wamp server should be in workin condition http://localhost/
Get the Latest OpenSSL setup for Windows from http://gnuwin32.sourceforge.net/packages/openssl.htm Sources setup
For instaling Missing Dll’s visit http://support.microsoft.com/kb/259403 and downlad Vcredist.exe (msvcrt.dll and msvcp60.dll); In the location to specify for installation of dll’s, give path of Windows/System or Windows/System32 folder
Now To configure the Php, edit php.ini (c:\wamp\bin\php & c:\wamp\bin\apache\Apache2.2.11\bin)
Un-Comment the line “extension=php_openssl.dll” do it by removing ;
Now restart the Wamp Server.

Information Technology can help to reduce Pollution in Pakistan

alam78 — Wed, 22 Jul 2009 04:28:04 +0000

An important aspect of Information technology is to reduce the geographical boundaries among various parts of the country. A person living in a very rural and far away region area of Pakistan, if provided reasonable IT infrastructure, will not travel to the capital and thus will reduce his/her time as well as FUEL. This way, not only fuel consumption will be reduced but also the pollution in Pakistan can be overcomed which is a major factor for having unpredicted weather conditions.

If compared with the weather condition 20 years ago, every body will notice that some thing has worsened the weather. A part from reducing the trees, another important factor is the unnecessary traveling of citizens among different cities for their various works such as “Thana Kachari”

An important question is that how to equip a very illiterate village with IT facilities. The answer is very simple and straight forward. Learn how other countries did. Once, even a very illiterate person in a far away village learns that in a KIOSK center, he can get the status of his/her law suite — “Muqadima”, believe me he/she will never dare to cover long distance and thus reduce traveling.

How to realize it: Good question, I am sure it is not going to be implemented in NWFP in the first place any ways.

Walk-in Interviews

recluze — Mon, 06 Jul 2009 05:39:39 +0000

Walk-in interviews have been announced for the new project on Android. Please take a link at the advertisement below and follow the instructions to apply.

http://photos-d.ak.fbcdn.net/hphotos-ak-snc1/hs148.snc1/5490_87532858038_523073038_1719787_4862539_n.jpg

Android Project Approved

recluze — Fri, 03 Jul 2009 06:55:10 +0000

Our second research and development project has been approved by the National ICTR&D Fund, Pakistan. We at SERG have become the first group in NWFP to have two projects approved by ICTR&D. This one brings 14.7 million to SERG.

This project is about Android security. We’ll be making the details of the project available soon using our group’s homepage but I can announce right now that we will be needing highly skilled, motivated and energetic individuals to work with us on this very interesting and challenging new technology.

HTC Releases new Android-based Hero

recluze — Thu, 25 Jun 2009 04:05:04 +0000

HTC (the guys who built the first Android phone for T-Mobile) have released a new Android-based smartphone called Hero. It’s an amazing piece of technology and looks really cute. We’ll be trying to get our hands on this one but only if it’s not SIM-locked. Not likely, since HTC is a manufacturer, not a carrier. It runs on a customized Android OS. Looks like HTC guys put a lot of effort into the UI of the device. Not only is it multi-touch, it also looks like the next gen of UIs for smartphones. Here are the specs:

http://www.htc.com/www/product/hero/specification.html

And see the gallery of photos here.

Multi Mashup Web services

alam78 — Mon, 22 Jun 2009 11:10:52 +0000

An important question is that what if, mashups are integrated with each other in a web services format. What are the security requirements in that particular case.

am thinking on this issue and further details will posted soon here.

Multi Mashups

Mudaser — Mon, 22 Jun 2009 07:47:38 +0000

Mashups are around serving useful purposes. The technology isn’t new but came as a very different perspective on information sharing between different stakeholders. Currently the technology is limited to a single user accessing a single mashup site which can connect to multiple backend services.

A relevant security problem is the authentication and authorization issues. Multiple solutions exists such as PermitME OAuth or Google AuthSub. All of these approaches are some now ignoring the fact that a mashup can be connected to another mashup, consequently complicating the issues of authorization.

The approach of PermitMe simply introduces a third party server called Permit Grant Service. However, when we see this in the context of multi mashups, a “n” number of Permit Grant Services are required.

Video Lectures Available

recluze — Mon, 18 May 2009 13:49:32 +0000

Video Lectures related to the project Dynamic Behavioral Attestation for Mobile Platforms are now available. You can see the (constantly updated) list of uploaded video lectures here.