Filters








118 Hits in 4.8 sec

Software analysis for security

Spiros Mancoridis
2008 2008 Frontiers of Software Maintenance  
This is a survey of the processes, practices, and technologies that can help software maintenance engineers improve the security of software systems.  ...  A particular emphasis is placed on validating security architectures, verifying that the implementation of an architecture's constituent applications adhere to secure coding practices, and protecting software  ...  For example, before adding two integers x and y (y ≥ 0) one can check for an integer overflow by checking if (x + y) < x.  ... 
doi:10.1109/fosm.2008.4659254 fatcat:lvh7wsvj7rbkfkdv5on762agva

Recent Developments in the Field of Bug Fixing

Varun Mittal, Shivam Aditya
2015 Procedia Computer Science  
We hereby have conducted a review of the seven recent techniques in the field of bug fixing and have made a report on it.  ...  These reviews can help people and companies identify the appropriate bug fixing mechanisms needed for them saving themselves both time and money.  ...  Seven research papers have been studied and reviews about them have been given accompanied by diagrams.  ... 
doi:10.1016/j.procs.2015.04.184 fatcat:6xmczrspnvb4fg4ra56grysry4

Avoiding inconsistencies in the Security Content Automation Protocol

William M. Fitzgerald, Simon N. Foley
2013 2013 IEEE Conference on Communications and Network Security (CNS)  
The Security Content Automation Protocol (SCAP) provides a standardized approach to specifying system configuration, vulnerability, patch and compliance management.  ...  It is argued that an ontology-based approach can be used as a means of providing a uniform vocabulary for specifying SCAP data and its relationships.  ...  <definition id="oval:org.mitre.oval:def:14812" version="6" class="vulnerability"> <title>Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified  ... 
doi:10.1109/cns.2013.6682760 dblp:conf/cns/FitzgeraldF13 fatcat:bqdrnls3gfhk5bbvdxpywtxida

BinderCracker: Assessing the Robustness of Android System Services [article]

Huan Feng, Kang G. Shin
2016 arXiv   pre-print
We thus highlight the deficiency of testing only on client-side public APIs and argue for the necessity of testing and protection on the Binder interface - the actual security boundary.  ...  We analyzed the root causes of these vulnerabilities to find that most of them exist because system service developers only considered exploitations via public APIs.  ...  We found that in several RPC methods, the server-side fails to check potential Integer overflows. This may lead to disastrous consequences when exploited by an experience attacker.  ... 
arXiv:1604.06964v1 fatcat:3woyjeew5raftfusv5ydruxpky

Understanding and defending the binder attack surface in Android

Huan Feng, Kang G. Shin
2016 Proceedings of the 32nd Annual Conference on Computer Security Applications - ACSAC '16  
This brings transparency into the IPC process and provides an essential step for other in-depth analysis or forensics.  ...  We thus highlight the deficiency of testing only on client-side public APIs and argue for the necessity of testing and protection on the Binder interface -the actual security boundary.  ...  Acknowledgements The work reported in this paper was supported in part by the National Science Foundation under Grants CNS-1505785 and CNS-1646130, and Army Research Office under Grant W911NF-15-1-0511  ... 
doi:10.1145/2991079.2991120 fatcat:iqwvjbyanjbipcmu4rot3wtamq

Flexible Hardware Acceleration for Instruction-Grain Lifeguards

Shimin Chen, Michael Kozuch, Phillip B. Gibbons, Michael Ryan, Theodoros Strigkos, Todd C. Mowry, Olatunji Ruwase, Evangelos Vlachos, Babak Falsafi, Vijaya Ramachandran
2009 IEEE Micro  
We thank Anastassia Ailamaki, Limor Fix, Greg Ganger, Michelle Goodstein, Bin Lin, and Radu Teodorescu for their contributions to the LBA project.  ...  Acknowledgments Grants from the US National Science Foundation and from Intel supported this work. Ramachandran is supported in part by NSF grant CCF-0514876.  ...  emerging lifeguards.  ... 
doi:10.1109/mm.2009.6 fatcat:apesvolhqzbbtn2rs7ff3g533q

Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface

Dong Wang, Xiaosong Zhang, Ting Chen, Jingwei Li
2019 Security and Communication Networks  
There were also two challenges: (1) due to the diversity of web interface implementations, there were no existing seed messages for fuzzing this interface and it was inefficient while taking random messages  ...  to guide the mutation to generate mostly structure-valid messages.  ...  (iii) Replacing the numerical-style content with typical integer number in the goal to trigger vulnerabilities about integer overflow.  ... 
doi:10.1155/2019/5076324 fatcat:k4qqipethrdlzkebxwh2d6haxy

Cyber-Physical Security of Powertrain Systems in Modern Electric Vehicles: Vulnerabilities, Challenges and Future Visions

Jin Ye, Lulu Guo, Bowen Yang, Fangyu Li, Liang Du, Le Guan, Wenzhan Song
2020 IEEE Journal of Emerging and Selected Topics in Power Electronics  
More importantly, an architecture for the next-generation power electronics systems is proposed to address the cyber-physical security challenges of EVs.  ...  Finally, potential research opportunities are discussed in detail, including detection and migration for firmware security, model-based, and data-driven detection and mitigation.  ...  Combined with memory checker [89] , taint analysis [90] and symbolic execution [91] , [92] , traditional software bugs such as buffer overflow, useafter-free, double-free, integer error, etc. could  ... 
doi:10.1109/jestpe.2020.3045667 fatcat:c3dzwsbtljeqng42zrjxq4b2ny

Predictable Software -- A Shortcut to Dependable Computing ? [article]

George Candea
2004 arXiv   pre-print
This approach might be a cheaper and faster way to improve dependability of software.  ...  Many dependability techniques expect certain behaviors from the underlying subsystems and fail in chaotic ways if these expectations are not met.  ...  I am indebted to Katerina Argyraki, Aaron Brown, David Cheriton, Steve Gribble, Kim Keeton, Bill Joy, Martin Rinard, Bjarne Stroustrup, and my colleagues in SWIG for their invaluable help with finetuning  ... 
arXiv:cs/0403013v1 fatcat:a45bqkne6rfrpejhltwsc4xlnu

IDS Alert Correlation in the Wild With EDGe

Elias Raftopoulos, Xenofontas Dimitropoulos
2014 IEEE Journal on Selected Areas in Communications  
EDGe detects several malware that exhibit a multistage behavior and it can identify the family and even variant of certain malware, which helps to remediate and prioritize incidents.  ...  Finally, we compare the alerts produced by different malware families and highlight key differences in their volume, aliveness, fanout, and severity.  ...  Bernhard Plattner and Dr. Vincent Lenders for their invaluable help and fruitful discussions.  ... 
doi:10.1109/jsac.2014.2358834 fatcat:dynhpxu225fplnip7o3kurzjk4

Reflections on industry trends and experimental research in dependability

D.P. Siewiorek, R. Chillarege, Z.T. Kalbarczyk
2004 IEEE Transactions on Dependable and Secure Computing  
To understand the magnitude and nature of this evolution, this paper analyzes industrial trends, namely: 1) shifting error sources, 2) explosive complexity, and 3) global volume.  ...  Index Terms-Experimental research in dependability and security, computing industry trends.  ...  ACKNOWLEDGMENTS The authors would like to thank the reviewers for their insightful comments and constructive suggestions.  ... 
doi:10.1109/tdsc.2004.20 fatcat:nvclswtiu5baxm7ew56zmjju5q

Enhanced Security in Cloud Computing Using Neural Network and Encryption

Muhammad Usman Sana, Zhanli Li, Fawad Javaid, Hannan Bin Liaqat, Muhammad Usman Ali
2021 IEEE Access  
access the data in an encrypted form for processing without disclosing the data of the provider party to secure important information.  ...  We examined the speech and voice recognition problem and the performance of the proposed method has been validated in MATLAB simulation.  ...  So even with a multi-precision computational library, this process will still overflow. It is found that using 1024-bit integers can only encode numbers up to 10 3 .  ... 
doi:10.1109/access.2021.3122938 fatcat:jpnki543zncbnij37pivanhbvi

Information Security Challenge of QR Codes

Nik Thompson, Kevin Lee
2013 Journal of Digital Forensics, Security and Law  
One such rapidly emerging interaction technology is the use of Quick Response (QR) codes. These offer a physical mechanism for quick access to Web sites for advertising and social interaction.  ...  New technologies present both challenges and opportunities for the security professional, especially for areas such as digital forensics.  ...  Widespread awareness and understanding of these issues amongst security professionals and end users alike is the front line of defense against the vulnerabilities associated with new and emerging technologies  ... 
doi:10.15394/jdfsl.2013.1143 fatcat:roxmr77nfbd67oxioahdyhuu3a

Survey on synchrophasor data quality and cybersecurity challenges, and evaluation of their interdependencies

Aditya SUNDARARAJAN, Tanwir KHAN, Amir MOGHADASI, Arif I. SARWAT
2018 Journal of Modern Power Systems and Clean Energy  
With their widespread implementation, significant challenges have emerged, especially in communication, data quality and cybersecurity.  ...  This paper conducts a comprehensive review of quality and cybersecurity challenges for synchrophasors, and identifies the interdependencies between them.  ...  Emerging research in this area has lately focused on determining solutions for ensuring data quality.  ... 
doi:10.1007/s40565-018-0473-6 fatcat:sw5vt7jdvjc3jml7ylpx3kp2ja

RuC PROJECT FOR EDUCATION AND RELIABLE SOFTWARE SYSTEMS DEVELOPMENT
ПРОЕКТ РуСи ДЛЯ ОБУЧЕНИЯ И СОЗДАНИЯ ВЫСОКОНАДЕЖНЫХ ПРОГРАММНЫХ СИСТЕМ

Andrey Terekhov
2017 University News North-Caucasian Region Technical Sciences Series  
facilities and, most importantly, of their effective extensibility in many directions and for many applications.  ...  The choice of a suitable formalism therefore assumed great importance, and we designed the language Oberon as not only an effective vehicle for implementation, but also as a publication medium for algorithms  ...  Example topics are system control and diagnosis, display management, and file management.  ... 
doi:10.17213/0321-2653-2017-3-70-75 fatcat:7hkqqpk3fresdexdq6bix7d6o4
« Previous Showing results 1 — 15 out of 118 results