My world in a nutshell
Recently I’ve started thinking about various problems that exist today which next generation should probably think of solving.
1. Improve the education system in India.
2. Improve computer security status in India.
Do you have any more suggestions? If so, leave a comment! Thanks!
PS: I might ask for clarifications so do subscribe to the post so that you will get the comments delivered to inbox. Thanks!
Amrita University is organizing the first international conference on security of internet of things in August 2012. With the advent of Internet of Things, there have been significant advances in the areas of computing, communication and control systems. The magnitude and impact of Internet of Things touches every aspect of human life as never before. The cars we drive, the planes in which we fly, and the trains we travel have hundreds of vulnerable networked embedded computers. New security threats have emerged with growth of cloud computing, smart phones, internet enabled medical devices and smart energy control systems. Tackling new security threats and preserving societal concord requires experts to rapidly develop “defend & repair” techniques. Furthermore, there is a need for holistic approaches to anchor integrating technical solutions in economics & social bases. SecureIT, the first international conference on ‘Security of Internet of Things’ aims to bring together researchers, practitioners & “ethical hackers” for disseminating latest advances & security, best practices in cloud computing, mobile networks & cyber-physical control systems.
SecurIT 2012 conference invites professionals from industry verticals such as security solutions companies, automobile, mobile and wireless companies and academicians from universities and research labs to participate and contribute towards:
For more details, visit the website. You can also get updates from Facebook and Twitter. See you at the conference hopefully!
.
I see many people doing awesome stuff every year but none inspiring juniors to follow their footsteps. This is my small attempt to get juniors to do something useful. Hope it has some impact!
I started off by wanting to chronicle what I have done in my four years so that it’ll be of use to people but decided against it-in today’s world people want information in an instant and sometimes people might take away the wrong message. So here’s what one could do-the essence of what I wanted to convey.
Another post will come sometime later-what not to do during computer science education. Mostly based on the exploits of the author and what he’s observed people around him do.
I thought I’d write about my project in my blog so that if someone’s really interested can keep up and learn stuff.
My final year B.Tech project is developing a tool that program that can perform dynamic verification of Java programs. I’ve been doing this for a long time now and know that the blog post is coming rather late but hey better late than never .
I don’t wish to talk about what is program verification or JIVE or JML in detail-Google can help out there. I’m just going to talk about them in brief and end my post.
Program verification is ensuring that a given program does what it’s supposed to do. It sounds easy enough but is probably the most toughest thing to do. It’s kinda related to testing I’d say.
Okay so what’s dynamic about it huh? Why would the act of verification change? Dynamic is actually related to the category of verification algorithms. There are two common approaches in program verification: static and dynamic.
Static verification is mainly based on the structure of the program i.e. no actual execution of the program is performed. It does cover all possible execution paths and thus is a sure shot way of verifying a program but problems such as state explosion(in theorem provers) and program size(in model checking) can prove detrimental to successfully carrying out this approach.
We’re adopting the dynamic approach where data from several runs are obtained and used to perform the verification. This is best suited for large programs but complete coverage of all execution paths isn’t easy. But hey, there’s always a tradeoff in everything we do and that’s why engineers have a profession 
.
Of course the question that comes next is “What data?” This is where JIVE comes in. JIVE stands for Java Interactive Visualization Environment. It’s a tool developed by Computer Science department SUNY, Buffalo that performs some amazing visualization such as class diagram, sequence diagram etc. It also generates logs of events which occur and that is the data that we’ll be using to perform verification.
So now we’ve the data and what are we going to verify against then? JML specifications 
! JML stands for Java Modelling Language-a behavioural specification language for Java programs! It’s an amazingly powerful language that has a huge number of constructs to specify behaviour!
Now comes the ultimate question posed to every developer to find out if it’s just a passing whim and fancy of the developer-why is this idea important? I can simply read code and verify the code myself.
Again that is not easy-think of reading tens of thousands of LoC and performing verification. Not an easy task! Having a tool that can do it and too for almost any code you write is super cool!
Of course there are other advantages that it’s possible to modify and test the specification without having to execute the program. Not just that, there’s no need to add any extra code to assert certain conditions and this allows profiling and verifying the program to be done simultaneously.
And that’s our project in a nutshell-perform dynamic verification of Java programs using the JIVE logs and the JML specifications! Sounds easy to say but really hard to do I’d say. More in the next post!
I’d like to thank our project guide Mr. Jayaraj P, CTO, Amrita Research Lab and Mr. Bharat Jayaraman, Professor, Department of Computer Science and Engineering, The State University of New York, Buffalo and co-ordinator of the Language Research Group at The State University of New York, Buffalo for all the support I’ve received from them in the project. I’d also like to thank Shilpa, my project teammate for having to put with my um idiosyncrasies .
I just saw an interesting(I think the appropriate term is shocking!) about the Mulla periyar dam. I must say it’s definitely a disaster in the making!
I think the facts and figures are available online so there’s no need to state it again-I don’t see the point of simply quoting something. Instead I’d like to voice my opinion about this entire issue as such and what I find really appalling!
People in Tamil Nadu are nuts! I’m not talking about the entire population or anything alright? I’m talking about those particular section of people who had said or done something related to this issue which I found plain stupid. The politicians are always to blame first(I wonder why it’s always the case)-what the hell were they doing while this matter spilled over and became a public issue huh? Calculating political strategies(if they were they’re brainless morons for sure)?! I’m guessing the present government was(and is) sleeping over this just like the previous slept over the 2G scam. Shops run by Malayalees in Tamil Nadu were attacked and ransacked! And in Kerala, life still goes on-none of the Tamil people are harmed except for those Sabarimala pilgrims incident. The part that strikes me as interesting is the fact that while the attack on Sabarimala pilgrims from Tamil Nadu did not deter any pilgrims from visiting Sabarimala but the attacks in Tamil Nadu really did strike fear in hearts of few people-I overheard a few people headed to Chennai extremely worried for their safety there
Amrita University & TIFAC CORE
proudly present
National Level “Capture the Flag” style ethical hacking contest
Not a day passes when several websites are compromised on a daily basis. The latest in the line of compromised websites was http://kernel.org-the home page of the Linux kernel. Several more security incidents go unreported. Security of sensitive data has several implications ranging from national security issues to defense secrets ending up in the wrong hands and much more.
Indian websites offer little or no resistance to such security intrusions. The Computer Emergency Response Team, India(Cert-In) has been tracking de-facements of Indian websites and more. Their report can be viewed here. It’s really sad that with so much talent and skill, Indian websites are compromised frequently and nothing can be done to stand this wave of attacks on them.
InCTF is a Capture the Flag style ethical hacking contest, a strategic war-game designed to mimic the real world security challenges. Software developers in India have little exposure to secure coding practices and the effects of not adopting such practices-one of the main reasons why systems are compromised quite easily these. Following such simple practices can help prevent such incidents.
InCTF ‘12 is from November 2011 to January 2012 and is focused exclusively on the student community. You can participate from your own university and no travel is required. No prior exposure or experience in cyber security needed to participate.
What you need to do?
1. Form a team (max five members from your college)
2. Approach a faculty/mentor and request him/her to mentor your team
3. Register online at http://inctf.in
In addition it’s been decided that teams which finished in the top 10 places on InCTF 2011 qualify directly for the second round-they do not have to participate in the first round. Congratulations to all these teams!
Great Rewards
| 25K | The winning team receives a cash prize of up to Rs. 25000/- |
| 20K | The first runner-up team receives a cash prize of up to Rs. 20000/- |
| 15K | The second runner-up team receives a cash prize of up to Rs. 15000/- |
| 10K | The third runner-up team receives a cash prize of up to Rs. 10000/- |
| 5K | The fourth runner-up team receives a cash prize of up to Rs. 5000/- |
So, what are you waiting for? It’s simple: Register, Learn, Hack!
*Cash prizes are subject to their performance and participation in the CTF round. Only teams who connect to the VPN server and successfully gain points in the CTF round are eligible for prizes. In addition, cash prize winners of InCTF ’11 are not eligible for prizes in InCTF ’12.
Speaker Profile: http://www.ted.com/speakers/john_underkoffler.html
The TED talk was mainly focussed on Human Computer Interfaces-one of the most exciting areas of computer science today. The talk started off with the Macintosh and how it revolutionized the entire concept of Human Computer Interaction and went on to talk about the speaker’s research in the area.
Link: http://www.ted.com/talks/john_underkoffler_drive_3d_data_with_a_gesture.html
Indeed the Macintosh was among the revolutionary developments in Human Computer Interfaces-Apple designed it such that anyone and everyone could use computers. They had to write a brand new “operating system” complete with graphic libraries, mouse libraries and more-none of which existed-to create something truly wonderful.
But indeed as the speaker put it, that’s the past. It’s time to move on. While peripherals such as memory, hard disk etc have grown considerably, human computer interfaces are still in the same 70′s-80′s; the time of the Macintosh. Although this has indeed received attention in recent days, there is still a long way to go.
After this, the speaker demoed the systems that they have developed in their research lab that revolutionize the human computer interfaces. I was shocked to learn that they actually designed that amazing interface used by Tom Cruise in Mission Impossible-I thought the entire system he is using was actually a projection on the screen . But, I was very surprised when he actually demoed the system and the various tasks that are possible.
Although the presentation isn’t anything great, they have indeed done a wonderful job in developing such a system that transforms the traditional interfaces into a more intuitive and easy to use interface. The applications of the system demoed and suggested by the speaker are indeed wonderful-I never thought of Supply Chain Management(urgh MIS ). I’m waiting to see the next killer app that is created using this system-the next Angry Birds .
I’ve been busy spending last few days trying to get a decent non-curses based interface for IDA 64 bit but sadly there’s been no luck. I have a decent looking interface for 32 bit but since I run a 32 bit linux machine, I was sorta stuck on how to generate binaries to try my hand at reversing.
Finally I ended up finding it. It’s possible by passing the flag ‘-m32′ to gcc/g++ when compiling the program. This will generate a 32 bit binary as opposed to the 64 bit binary created default on 64 bit machines.
To do so you need to have gcc/g++ mutillib package installed for the cross compiling to happen.
sudo apt-get install gcc-multilib g++-multilib
Hopefully my next post will be how to cross compile using gcc and create a binary that works on windows. Till next time! Ciao!
I just reached home today morning-what a journey it was to the station and there after. At 10am, started on CSAW CTF. I solved a few “crypto” questions-they were quite easy IMO! But, it’s nevertheless encouraging. Of course, Leet More managed to breeze through-they started much later and made it to 13th in no time . Anyway mom asks me to set out at around 7 in the evening to buy a few stuff. And the walk around Mylapore’s Mada street was a wonderful experience!
Mada street is a set of four roads around the Kapaleeshwar temple(http://en.wikipedia.org/wiki/Kapaleeshwarar_Temple)-east, west, north and south. It’s a sleepy place in the morning but springs to life in the evening. The south mada street has a lot of shops and the bus stop for the temple. The temple can be accessed from all roads except this road.
The east mada street is notable for the evening market where several vendors come and sell vegetables on the street. There are so many varieties of vegetables being sold-it’s awesome! I just was spellbound the variety available-not even half of this is there in Calicut’s main market!
From here, I headed to the north mada street which houses the temple chariot right in front of the entrance to the temple. It is taken round the temple annually during April as a part of a festival. I’m hoping that I can come during that time to see the chariot and the procession.
From the north mada street, I headed out to west mada street and was shocked to see the entire road-the ENTIRE road filled with “gollu bommai”-dolls that are displayed in every household for Navarathri(also known as Dusshera in the north india). From several idols of gods including Krishna, Shiva and Anathashayanam to village scenes, cricket teams, fruits and much more, there were dolls for almost everything! The craftsmanship was just amazing-each doll had so much detailing done that it looked amazing. I was tempted to buy a few by just looking at it-few minutes of talking would have probably convinced me!
I was really sad that I didn’t have a camera to take the pics of what I saw 
. I will come back sometime and take a whole bunch of pics! If you every visit Chennai, stay before and during Navarathri. Along with West Bengal, Tamil Nadu is one place where this festival is widely celebrated where each and every household will have this “gollu” on display and neighbours visit each other to see them.
Till next time! Ciao!
April 21, 2012
Arvind
