Operating Systems Security - Aiming at the problem of Disturbance Error of dynamic random access memory (DRAM) on domestic NeoKylin operating system, this article analyzes the reasons for rowhammer attacks, proposes a rowhammer attack scheme based on domestic NeoKylin operating system, and designs a tool to implement the attack. The results of the attack on domestic NeoKylin operating system demonstrate that this attack scheme can achieve bit flips by rapid and repeated access (hammer) to the neighboring rows of the target cell.

Operating Systems Security - Now personal computers are used in which the user has free access to all the resources of the machine. This opened the door to the danger known as computer virus. The purpose of the work is to introduce the user to the basics of computer virology, to identify viruses and to teach them how to combat them. The method of the work is the analysis of printed publications on this topic. Several attempts to provide a "modern" definition of the virus have been unsuccessful. To realize the complexity of the problem, for example, try to define the concept of "editor". In this paper, the modern Antivirus security classification model to enhance the protection for commercial computer networks. The either come up with the most common one or start listing all the known types of editors. Neither can be considered acceptable. Therefore, we will limit ourselves to considering some characteristics of computer viruses that allow us to speak of certain types of programs.

Operating Systems Security - Design of the high-confidence embedded operating system based on artificial intelligence and smart chips is studied in this paper. The cooperative physical layer security system is regarded as a state machine. Relay nodes with untrusted behavior will affect the physical layer security of the system, and the system tries to prevent the untrusted behavior of relay nodes. While implementing public verification, it realizes the protection of data privacy. The third party can directly verify the data holding of the data stored in the cloud without verification by the user, and in the process of system expansion and growth, software can ensure vigorous vitality. For the verification, the smart chips are combined for the systematic implementations. The experimental results have shown the satisfactory results.

Operating Systems Security - The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safetycritical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both highcriticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).

Operating Systems Security - Drive Backup is an application for backing up data, including creating copies of partitions for quick recovery in case of an accident, virus attack or, if necessary, replacing all data, including the operating system and installed ones. Software, plus a new hard drive. Reinstalling the operating system and applications after a hardware failure or virus attack does not take you much time and effort. The best way to protect your computer is to create a backup of the system partition with the operating system installed on it and all the necessary applications. In this paper, The commercial hard disk backup system for quick recovery operating system in cloud storage system. Copies can be made to hard drives and removable media as well as network-connected drives. If you need a disk management program, check out the corporate version of this package. A multicast function for transferring copies of an image to multiple computers at the same time, well suited to the needs of corporate offices (for example, to create or restore multiple workstations). But for home backup, you may need to think about other programs - simpler and faster.

Operating Systems Security - The era of technology has seen many rising inventions and with that rise, comes the need to secure our systems. In this paper we have discussed how the old generation of people are falling behind at being updated in tandem with technology, and losing track of the knowledge required to process the same. In addition this factor leads to leakage of critical personal information. This paper throws light upon the steps taken in order to exploit the pre-existing operating system, Windows 7, Ultimate, using a ubiquitous framework used by everyone, i.e. Metasploit. It involves installation of a backdoor on the victim machine, from a remote setup, mostly Kali Linux operating machine. This backdoor allows the attackers to create executable files and deploy them in the windows system to gain access on the machine, remotely. After gaining access, manipulation of sensitive data becomes easy. Access to the admin rights of any system is a red alert because it means that some outsider has intense access to personal information of a human being and since data about someone explains a lot of things about them. It basically is exposing and human hate that. It depraves one of their personal identity. Therefore security is not something that should be taken lightly. It is supposed to be dealt with utmost care.

Operating Systems Security - IoT technology is finding new applications every day and everywhere in our daily lives. With that, come new use cases with new challenges in terms of device and data security. One of such challenges arises from the fact that many IoT devices/nodes are no longer being deployed on owners’ premises, but rather on public or private property other than the owner’s. With potential physical access to the IoT node, adversaries can launch many attacks that circumvent conventional protection methods. In this paper, we propose Secure SoC (SecSoC), a secure system-on-chip architecture that mitigates such attacks. This include logical memory dump attacks, bus snooping attacks, and compromised operating systems. SecSoC relies on two main mechanisms, (1) providing security extensions to the compute engine that runs the user application without changing its instruction set, (2) adding a security management unit (SMU) that provide HW security primitives for encryption, hashing, random number generators, and secrets store (keys, certificates, etc.). SecSoC ensures that no secret or sensitive data can leave the SoC IC in plaintext. SecSoC is being implemented in Bluespec SystemVerilog. The experimental results will reveal the area, power, and cycle time overhead of these security extensions. Overall performance (total execution time) will also be evaluated using IoT benchmarks.

Operating Systems Security - In this paper, the reader s attention is directed to the problem of inefficiency of the add-on information security tools, that are installed in operating systems, including virtualization systems. The paper shows the disadvantages, that significantly affect the maintenance of an adequate level of security in the operating system. The results allowing to control all areas hierarchical of protection of the specialized operating system are presented.

Operating Systems Security - The operating system is the core of the smart power terminal. It is designed to strengthen security from five aspects: terminal container security, system security, security audit, communication protocol security, and hardware access control. By formulating a verification strategy, a comparative security test was carried out for the security hardening and non-security hardening operating systems of smart power terminals, and a detailed comparison test table was formed, demonstrating the importance of security hardening and security hardening for the operating systems of smart power terminals The advantages. The security-hardened operating system can effectively ensure the security of the operating environment of the terminal body and prevent illegal access by malicious programs.

Object Oriented Security - The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safetycritical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both highcriticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).

Network on Chip Security - IoT technology is finding new applications every day and everywhere in our daily lives. With that, come new use cases with new challenges in terms of device and data security. One of such challenges arises from the fact that many IoT devices/nodes are no longer being deployed on owners’ premises, but rather on public or private property other than the owner’s. With potential physical access to the IoT node, adversaries can launch many attacks that circumvent conventional protection methods. In this paper, we propose Secure SoC (SecSoC), a secure system-on-chip architecture that mitigates such attacks. This include logical memory dump attacks, bus snooping attacks, and compromised operating systems. SecSoC relies on two main mechanisms, (1) providing security extensions to the compute engine that runs the user application without changing its instruction set, (2) adding a security management unit (SMU) that provide HW security primitives for encryption, hashing, random number generators, and secrets store (keys, certificates, etc.). SecSoC ensures that no secret or sensitive data can leave the SoC IC in plaintext. SecSoC is being implemented in Bluespec SystemVerilog. The experimental results will reveal the area, power, and cycle time overhead of these security extensions. Overall performance (total execution time) will also be evaluated using IoT benchmarks.

Multifactor Authentication - The article describes the development and integrated implementation of software modules of photo and video identification system, the system of user voice recognition by 12 parameters, neural network weights, Euclidean distance comparison of real numbers of arrays. The user s biometric data is encrypted and stored in the target folder. Based on the generated data set was developed and proposed a method for synthesizing the parameters of the mathematical model of convolutional neural network represented in the form of an array of real numbers, which are unique identifiers of the user of a personal computer. The training of the training model of multifactor authentication is implemented using categorical cross-entropy. The training sample is generated by adding distorted images by changing the receptive fields of the convolutional neural network. The authors have studied and applied features of simulation modeling of user authorization systems. The main goal of the study is to provide the necessary level of security of user accounts of personal devices. The task of this study is the software implementation of the synthesis of the mathematical model and the training neural network, necessary to provide the maximum level of protection of the user operating system of the device. The result of the research is the developed mathematical model of the software complex of multifactor authentication using biometric technologies, available for users of personal computers and automated workplaces of enterprises.

Malware Analysis - The rising use of smartphones each year is matched by the development of the smartphone s operating system, Android. Due to the immense popularity of the Android operating system, many unauthorized users (in this case, the attackers) wish to exploit this vulnerability to get sensitive data from every Android user. The flubot malware assault, which happened in 2021 and targeted Android devices practically globally, is one of the attacks on Android smartphones. It was known at the time that the flubot virus stole information, particularly from banking applications installed on the victim s device. To prevent this from happening again, we research the signature and behavior of flubot malware. In this study, a hybrid analysis will be conducted on three samples of flubot malware that are available on the open-source Hatching Triage platform. Using the Android Virtual Device (AVD) as the primary environment for malware installation, the analysis was conducted with the Android Debug Bridge (ADB) and Burpsuite as supporting tools for dynamic analysis. During the static analysis, the Mobile Security Framework (MobSF) and the Bytecode Viewer were used to examine the source code of the three malware samples. Analysis of the flubot virus revealed that it extracts or drops dex files on the victim s device, where the file is the primary malware. The Flubot virus will clone the messaging application or Short Message Service (SMS) on the default device. Additionally, we discovered a form of flubot malware that operates as a Domain Generation Algorithm (DGA) and communicates with its Command and Control (C\&C) server.

Malware Analysis - The effective security system improvement from malware attacks on the Android operating system should be updated and improved. Effective malware detection increases the level of data security and high protection for the users. Malicious software or malware typically finds a means to circumvent the security procedure, even when the user is unaware whether the application can act as malware. The effectiveness of obfuscated android malware detection is evaluated by collecting static analysis data from a data set. The experiment assesses the risk level of which malware dataset using the hash value of the malware and records malware behavior. A set of hash SHA256 malware samples has been obtained from an internet dataset and will be analyzed using static analysis to record malware behavior and evaluate which risk level of the malware. According to the results, most of the algorithms provide the same total score because of the multiple crime inside the malware application.

Malware Analysis - The rising use of smartphones each year is matched by the development of the smartphone s operating system, Android. Due to the immense popularity of the Android operating system, many unauthorized users (in this case, the attackers) wish to exploit this vulnerability to get sensitive data from every Android user. The flubot malware assault, which happened in 2021 and targeted Android devices practically globally, is one of the attacks on Android smartphones. It was known at the time that the flubot virus stole information, particularly from banking applications installed on the victim s device. To prevent this from happening again, we research the signature and behavior of flubot malware. In this study, a hybrid analysis will be conducted on three samples of flubot malware that are available on the open-source Hatching Triage platform. Using the Android Virtual Device (AVD) as the primary environment for malware installation, the analysis was conducted with the Android Debug Bridge (ADB) and Burpsuite as supporting tools for dynamic analysis. During the static analysis, the Mobile Security Framework (MobSF) and the Bytecode Viewer were used to examine the source code of the three malware samples. Analysis of the flubot virus revealed that it extracts or drops dex files on the victim s device, where the file is the primary malware. The Flubot virus will clone the messaging application or Short Message Service (SMS) on the default device. Additionally, we discovered a form of flubot malware that operates as a Domain Generation Algorithm (DGA) and communicates with its Command and Control (C\&C) server.

Malware Analysis - The effective security system improvement from malware attacks on the Android operating system should be updated and improved. Effective malware detection increases the level of data security and high protection for the users. Malicious software or malware typically finds a means to circumvent the security procedure, even when the user is unaware whether the application can act as malware. The effectiveness of obfuscated android malware detection is evaluated by collecting static analysis data from a data set. The experiment assesses the risk level of which malware dataset using the hash value of the malware and records malware behavior. A set of hash SHA256 malware samples has been obtained from an internet dataset and will be analyzed using static analysis to record malware behavior and evaluate which risk level of the malware. According to the results, most of the algorithms provide the same total score because of the multiple crime inside the malware application.

Industrial Control Systems - With the introduction of the national “carbon peaking and carbon neutrality” strategic goals and the accelerated construction of the new generation of power systems, cloud applications built on advanced IT technologies play an increasingly important role in meeting the needs of digital power business. In view of the characteristics of the current power industrial control system operation support cloud platform with wide coverage, large amount of log data, and low analysis intelligence, this paper proposes a cloud platform network security behavior audit method based on FP-Growth association rule algorithm, aiming at the uniqueness of the operating data of the cloud platform that directly interacts with the isolated system environment of power industrial control system. By using the association rule algorithm to associate and classify user behaviors, our scheme formulates abnormal behavior judgment standards, establishes an automated audit strategy knowledge base, and improves the security audit efficiency of power industrial control system operation support cloud platform. The intelligent level of log data analysis enables effective discovery, traceability and management of internal personnel operational risks.

The rising use of smartphones each year is matched by the development of the smartphone s operating system, Android. Due to the immense popularity of the Android operating system, many unauthorized users (in this case, the attackers) wish to exploit this vulnerability to get sensitive data from every Android user. The flubot malware assault, which happened in 2021 and targeted Android devices practically globally, is one of the attacks on Android smartphones. It was known at the time that the flubot virus stole information, particularly from banking applications installed on the victim s device. To prevent this from happening again, we research the signature and behavior of flubot malware. In this study, a hybrid analysis will be conducted on three samples of flubot malware that are available on the open-source Hatching Triage platform. Using the Android Virtual Device (AVD) as the primary environment for malware installation, the analysis was conducted with the Android Debug Bridge (ADB) and Burpsuite as supporting tools for dynamic analysis. During the static analysis, the Mobile Security Framework (MobSF) and the Bytecode Viewer were used to examine the source code of the three malware samples. Analysis of the flubot virus revealed that it extracts or drops dex files on the victim s device, where the file is the primary malware. The Flubot virus will clone the messaging application or Short Message Service (SMS) on the default device. Additionally, we discovered a form of flubot malware that operates as a Domain Generation Algorithm (DGA) and communicates with its Command and Control (C\&C) server.

The effective security system improvement from malware attacks on the Android operating system should be updated and improved. Effective malware detection increases the level of data security and high protection for the users. Malicious software or malware typically finds a means to circumvent the security procedure, even when the user is unaware whether the application can act as malware. The effectiveness of obfuscated android malware detection is evaluated by collecting static analysis data from a data set. The experiment assesses the risk level of which malware dataset using the hash value of the malware and records malware behavior. A set of hash SHA256 malware samples has been obtained from an internet dataset and will be analyzed using static analysis to record malware behavior and evaluate which risk level of the malware. According to the results, most of the algorithms provide the same total score because of the multiple crime inside the malware application.

Due to the widespread use of the Internet of Things (IoT) in recent years, the need for IoT technologies to handle communications with the rest of the globe has grown dramatically. Wireless sensor networks (WSNs) play a vital role in the operation of the IoT. The creation of Internet of Things operating systems (OS), which can handle the newly constructed IoT hardware, as well as new protocols and procedures for all communication levels, all of which are now in development, will pave the way for the future. When compared to other devices, these gadgets require a comparatively little amount of electricity, memory, and other resources. This has caused the scientific community to become more aware of the relevance of IoT device operating systems as a result of their findings. These devices may be made more versatile and powerful by including an operating system that contains real-time capabilities, kernel, networking, and other features, among other things. IEEE 802.15.4 networks are linked together using IPv6, which has a wide address space and so enables more devices to connect to the internet using the 6LoWPAN protocol. It is necessary to address some privacy and security issues that have arisen as a result of the widespread use of the Internet, notwithstanding the great benefits that have resulted. For the Internet of Things operating systems, this research has provided a network security architecture that ensures secure communication by utilizing the Cooja network simulator in combination with the Contiki operating system and demonstrate and explained how the nodes can protect from the network layer and physical layer attacks. Also, this research has depicted the energy consumption results of each designated node type during the authentication and communication process. Finally, proposed a few further improvements for the architecture which will enhance the network layer protection.

In recent years, the detection of illegal and harmful messages which plays an significant role in Internet service is highly valued by the government and society. Although artificial intelligence technology is increasingly applied to actual operating systems, it is still a big challenge to be applied to systems that require high real-time performance. This paper provides a real-time detection system solution based on artificial intelligence technology. We first introduce the background of real-time detection of illegal and harmful messages. Second, we propose a complete set of intelligent detection system schemes for real-time detection, and conduct technical exploration and innovation in the media classification process including detection model optimization, traffic monitoring and automatic configuration algorithm. Finally, we carry out corresponding performance verification.

Resilience and antifragility under duress present significant challenges for autonomic and self-adaptive systems operating in contested environments. In such settings, the system has to continually plan ahead, accounting for either an adversary or an environment that may negate its actions or degrade its capabilities. This will involve projecting future states, as well as assessing recovery options, counter-measures, and progress towards system goals. For antifragile systems to be effective, we envision three self-* properties to be of key importance: self-exploration, self-learning and self-training. Systems should be able to efficiently self-explore – using adversarial search – the potential impact of the adversary’s attacks and compute the most resilient responses. The exploration can be assisted by prior knowledge of the adversary’s capabilities and attack strategies, which can be self-learned – using opponent modelling – from previous attacks and interactions. The system can self-train – using reinforcement learning – such that it evolves and improves itself as a result of being attacked. This paper discusses those visions and outlines their realisation in AWaRE, a cyber-resilient and self-adaptive multi-agent system.

Security incident handling and response are essen-tial parts of every organization's information and cyber security. Security incident handling consists of several phases, among which digital forensic analysis has an irreplaceable place. Due to particular digital evidence being recorded at a specific time, timelines play an essential role in analyzing this digital evidence. One of the vital tasks of the digital forensic investigator is finding relevant records in this timeline. This operation is performed manually in most cases. This paper focuses on the possibilities of automatically identifying digital evidence pertinent to the case and proposes a model that identifies this digital evidence. For this purpose, we focus on Windows operating system and the NTFS file system and use outlier detection (Local Outlier Factor method). Collected digital evidence is preprocessed, transformed to binary values, and aggregated by file system inodes and names. Subsequently, we identify digital records (file inodes, file names) relevant to the case. This paper analyzes the combinations of attributes, aggregation functions, local outlier factor parameters, and their impact on the resulting selection of relevant file inodes and file names.

The study focused on assessing and testing Windows 10 to identify possible vulnerabilities and their ability to withstand cyber-attacks. CVE data, alongside other vulnerability reports, were instrumental in measuring the operating system's performance. Metasploit and Nmap were essential in penetration and intrusion experiments in a simulated environment. The study applied the following testing procedure: information gathering, scanning and results analysis, vulnerability selection, launch attacks, and gaining access to the operating system. Penetration testing involved eight attacks, two of which were effective against the different Windows 10 versions. Installing the latest version of Windows 10 did not guarantee complete protection against attacks. Further research is essential in assessing the system's vulnerabilities are recommending better solutions.

The era of technology has seen many rising inventions and with that rise, comes the need to secure our systems. In this paper we have discussed how the old generation of people are falling behind at being updated in tandem with technology, and losing track of the knowledge required to process the same. In addition this factor leads to leakage of critical personal information. This paper throws light upon the steps taken in order to exploit the pre-existing operating system, Windows 7, Ultimate, using a ubiquitous framework used by everyone, i.e. Metasploit. It involves installation of a backdoor on the victim machine, from a remote setup, mostly Kali Linux operating machine. This backdoor allows the attackers to create executable files and deploy them in the windows system to gain access on the machine, remotely. After gaining access, manipulation of sensitive data becomes easy. Access to the admin rights of any system is a red alert because it means that some outsider has intense access to personal information of a human being and since data about someone explains a lot of things about them. It basically is exposing and human hate that. It depraves one of their personal identity. Therefore security is not something that should be taken lightly. It is supposed to be dealt with utmost care.