The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Information flow control (IFC) is useful in preventing information leakage during software execution. Our survey reveals that no IFC model is applied on the entire software development process. Applying an IFC model on the entire software development process offers the following features: (1) viewpoints of all stakeholders (i.e., customers and analysts) can be included and (2) the IFC model helps...
Malware is one of the most serious security threats on the Internet today, it has been seen that malware authors employ variety of techniques to evade security detection but most of their techniques are discovered and blocked by antivirus programs. Still there are some evasion techniques which are not exploited in wild and are effective against antivirus programs. This paper studies the working of...
Web applications dependent on back-end databases are currently not immune to SQL injection attacks despite huge investment in security artefacts and defensive software mechanisms deployed by organizations. These forms of attacks involve the insertion of malformed strings or specially crafted input encoded as SQL query into web forms or http header requests to web servers. While many techniques have...
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveals significant failings in their performance. The Web extra at http://youtu.be/COgKs9e679o is an audio interview in which authors Nuno Antunes and...
Increased usage of web applications in recent years has emphasized the need to achieve (i) confidentiality, (ii) integrity, and (iii) availability of web applications. Backend database being the main target for external attacks such as SQL Injection Attacks, there is an emerging need to handle such attacks to secure stored information. Pre-deployment testing alone does not ensure complete security...
It is difficult to develop a program that is completely free from vulnerabilities. Despite the application of many approaches to secure programs, vulnerability exploitations occur in real-world in large numbers. Exploitations of vulnerabilities may corrupt memory spaces and program states, lead to denial of services and authorization bypassing, and leak sensitive information. Monitoring at the program...
SQL injection attacks, a class of injection flaw in which specially crafted input strings leads to illegal queries to databases, are one of the topmost threats to web applications. A number of research prototypes and commercial products that maintain the queries structure in web applications have been developed. But these techniques either fail to address the full scope of the problem or have limitations...
Web services are often deployed with critical software bugs that may be maliciously exploited. Developers often trust on penetration testing tools to detect those vulnerabilities but the effectiveness of such technique is limited by the lack of information on the internal state of the tested services. This paper proposes a new approach for the detection of injection vulnerabilities in web services...
Database systems are an important element of any web based systems. As such, it is very important to test database systems adequately because if any defects go undetected in the design and/or implementation of database systems, it may jeopardize dependability of web based systems. Web-based systems are examples of systems that heavily relay on databases, they are expected to be highly available and...
Developing large scale software systems has major security challenges. This paper describes the issues involved and then addresses two topics: formal methods for emerging secure systems and secure services modeling.
This paper presents a methodology to perform passive testing of behavioural conformance for the web services based on the security rule. The proposed methodology can be used either to check a trace (offline checking) or to runtime verification (online checking) with timing constraints, including future and past time. In order to perform this: firstly, we use the Nomad language to define the security...
This paper proposes a new automatic approach for the detection of SQL Injection and XPath Injection vulnerabilities, two of the most common and most critical types of vulnerabilities in Web services. Although there are tools that allow testing Web applications against security vulnerabilities, previous research shows that the effectiveness of those tools in Web services environments is very poor....
Developers using third party software components need to test them to satisfy quality requirements. In this paper, according to the characteristics of component security test, we present a new tool called GCDEFI (generic component dynamic environment fault injection). GCDEFI adopt environment fault injection based on API interception technology. Faults can be injected by GCDEFI without the source...
The testing of error handling and dynamic security mechanisms often depends on reproducing specific conditions outside the realm of an application's normal program state. We present RUGRAT, a novel technique to automatically generate tests for these challenging test situations. RUGRAT uses a dynamic compiler to add instructions to the program during execution, and thus dynamically generates tests...
Maritime Safety and Security systems represent a novel kind of large-scale distributed component-based systems in which the individual components are elaborate and complex systems in their own right. Two distinguishing characteristics are their ability to evolve during runtime, that is, joining and leaving of components, and the need for high reliability of the system. In this paper, we identify the...
This paper presents an architecture to support fast prototyping of augmented reality systems, based on virtual reality. The architecture defines simulation services separated from other aspects of the system. These services support incremental evolution of simulated prototypes into nonsimulated systems. Focus is also placed on user interaction,through the definition of an interaction architecture...
In this paper, we present a new technique to improve the reliability of H-tree SRAM memories. This technique deals with the SRAM power-bus monitoring by using built-in current sensor (BICS) circuits that detect abnormal current dissipation in the memory power-bus. This abnormal current is the result of a single-event upset (SEU) in the memory and it is generated during the inversion of the state of...
During the last 10 years, code inspection for standard programming errors has largely been automated with static code analysis. During the next 10 years, we expect to see similar progress in automating testing, and specifically test generation, thanks to advances in program analysis, efficient constraint solvers, and powerful computers. Three new tools from Microsoft combine techniques from static...
Collecting data on user activities is one of the fundamental middleware services in Web-enabled systems. The collected data is analyzed and used by various high-level services, like user profiling, accounting, security auditing, and system health monitoring. In this paper, we present architecture and performance evaluation of usage tracking components for service-oriented middleware systems. Presented...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.