The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
As wireless and telecommunicaton infrastructure communications have been integrated into modern vehicle systems (i.e., infotainment systems and vehicle to vehicle systems), the security implications on the relatively unchanged underlying network protocols inside the vehicles are investigated by researchers and industrial experts in the corresponding domain. Some researchers have achieved the investigation...
The vulnerabilities existing in network protocol implementations are difficult to detect. The main reason is that the state space of complex protocol binary software is too large to explore. This paper proposes a novel approach that leverages selective symbolic execution to test network protocol binary software directly, which confines symbolic execution in the secure-sensitive area. This paper also...
Hundreds of vulnerabilities and security defects are disclosed by hackers, developers, and users. The better way to improve software security is to enhance security process into SDLC processes. To keep software secure, security enhancement of the SDLC process involves lots of practices and activities to achieve goal of security. However, how to adopt these activities well to improve software security...
A service level agreement (SLA) is a negotiated agreement between consumers and service providers in order to guarantee the quality of the negotiated service level. Therefore, many companies used contract to specify the desired service level agreement. SLA may specify the levels of availability, serviceability, performance, operation, security, or other attributes of the service. However, due to the...
Passing university entrance examination is a big challenge for Afghan University applicants. In this paper, we propose an online examination support environment namely e-KEPS Exam Prep System (e-KEPS). The architecture is comprised mainly of three layers: (i) Presentation logic, (ii) Business Logic, and (iii) Data Access Logic. The system design methodology is incremental which supports the user involvements...
This demo shows a working prototype of the 3D face recognition biometric device utilizing a low-cost depth sensor, namely SoftKinetic DS325. It is based on the Intel Celeron board for embedded PCs, the sensor, and a touch screen.
We present Web Mate, a tool for automatically generating test cases for Web applications. Given only the URL of the starting page, Web Mate automatically explores the functionality of a Web application, detecting differences across multiple browsers or operating systems, as well as across different revisions of the same Web application. Web Mate can handle full Web 2.0 functionality and explore sites...
Test case generation is an important but tedious task, such that researchers have devised many different prototypes that aim to automate it. As these are research prototypes, they are usually only evaluated on a few hand-selected case studies, such that despite great results there remains the question of usability in the "real world". EVOSUITE is such a research prototype, which automatically...
Web services are often deployed with critical software bugs that may be maliciously exploited. Developers often trust on penetration testing tools to detect those vulnerabilities but the effectiveness of such technique is limited by the lack of information on the internal state of the tested services. This paper proposes a new approach for the detection of injection vulnerabilities in web services...
Bluetooth, as the most popular end user choice of wireless connection, have its own security issues till now. In this paper, we introduce the proof-of-concept of BTFriend, the only Bluetooth Security Alert System designed for end users. We also discuss the development of first version BTFriend's prototype including the creation of Bluetooth device threat classification database and the usage of vNote...
Considering the design of inclusive interfaces of static and dynamic Web pages, this work focuses on the group of users with cognitive/intellectual disabilities, while simultaneously accounting for the needs of users with mobility and sensory deficits. A number of specific universal design principles are derived from a variety of cognitive disabilities, such as problems with linguistics (text and...
The rapid development of trusted computing (TC) technology has become a milestone in the field of information security. There is an increasing application of trusted computing platform (TCP) with trusted computing supporting software (TCSS) providing support for the trusted platform module (TPM) of TCP. There is an urgent need to test TCSS according to the specification of TC to ensure its quality...
Buffer overflow vulnerabilities can cause attacks that result in serious consequences. However the techniques of buffer overflow vulnerability detection are limited to manual analysis, binary-patch comparison, fuzzing and so on. They rely on manual analysis, thus cause high overhead. In this paper, we propose a novel method of detection of buffer overflow vulnerabilities, which is based on fuzzing,...
With the rapid development of trusted computing technology, the security of computing environment for multifarious platforms has been enhanced by implementing both dedicated hardware and software. There is an increasing application of trusted computing platform with trusted computing supporting software (TCSS) providing support for the trusted platform module. Although many TCSS vendors claim that...
Application programming interface (API) fuzz testing is used to insert unexpected data into the parameters of functions and to monitor for resulting program errors or exceptions in order to test the security of APIs. However, vulnerabilities through which a user cannot insert data into API parameters are not security threats, because attackers cannot exploit such vulnerabilities. In this paper, we...
Trusted computing is a new generation technology of secure computing environment proposed by trusted computing group (TCG). Although many TC vendors claim that their products are compliant to TCG specifications, itpsilas very difficult to affirm it. Moreover, according to some government regulations on security, TC products shall require the official approval. Thus the testing and evaluation on TC...
Advances in computer and communication technologies have made it possible to access healthcare information through the World Wide Web. A wide range of users will received health and medical information using e-health community and use these web-based applications to exchanges information between patients, physicians, family members and others. Security threats come parallel with the growth of technology...
The VoIP technology has been increasingly popular and the number of its users has surged in the past years, because of its economical advantage over the traditional PSTN services. As a side effect, various VoIP servers and clients are becoming attractive targets of malicious attacks. This paper outlines the detection rules we have formulated to detect fuzzing attacks, which attempt to crash a VoIP...
This paper presents an architecture to support fast prototyping of augmented reality systems, based on virtual reality. The architecture defines simulation services separated from other aspects of the system. These services support incremental evolution of simulated prototypes into nonsimulated systems. Focus is also placed on user interaction,through the definition of an interaction architecture...
API fuzz testing is to insert unexpected data into parameters of functions and to monitor exceptions or errors of a software system in order to test security of it. API fuzz testing without considering the dependency between functions generates many errors, because required functions aren't called before the target function is called. Therefore, unexpected data cannot reach various codes in the target...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.