ROP Gadgets hiding techniques in Open Source Projects

Today there are many techniques that allows to exploit vulnerabilities of an application; there are also many techniques that are designed to stop these exploit attacks. This thesis wants to highlight how a specific type of attack, based on a technique called Return Oriented Programming (ROP), can be easily applied to binaries with particular characteristics. A new method that allows the injection of "useful" code in an Open Source projects without arousing suspicions is presented; this is possible because of the harmless aspects of the injected code. This useful code facilitate a ROP attack against an executable that contains vulnerable bugs. The injection process can be visualized in environment where an user can contribute with own code to a particular Open Source project. This thesis also highlights how current software protections are not correctly applied to Open Source project, thus enabling the proposed approach.

Task analysis for HMI design. Level of automation study of aircraft navigation functions

Advancements in technology have enabled increasingly sophisticated automation to be introduced into the flight decks of modern aircraft. Generally, this automation was added to accomplish worthy objectives such as reducing flight crew workload, adding additional capability, or increasing fuel economy. Automation is necessary due to the fact that not all of the functions required for mission accomplishment in today’s complex aircraft are within the capabilities of the unaided human operator, who lacks the sensory capacity to detect much of the information required for flight. To a large extent, these objectives have been achieved. Nevertheless, despite all the benefits from the increasing amounts of highly reliable automation, vulnerabilities do exist in flight crew management of automation and Situation Awareness (SA). Issues associated with flight crew management of automation include: • Pilot understanding of automation’s capabilities, limitations, modes, and operating principles and techniques. • Differing pilot decisions about the appropriate automation level to use or whether to turn automation on or off when they get into unusual or emergency situations. • Human-Machine Interfaces (HMIs) are not always easy to use, and this aspect could be problematic when pilots experience high workload situations. • Complex automation interfaces, large differences in automation philosophy and implementation among different aircraft types, and inadequate training also contribute to deficiencies in flight crew understanding of automation.