The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Traditional symbolic execution for testing software focuses on exploring the paths of the program. However, for stateful network protocol, this method is hard to explore all the protocol states. This paper proposes a novel method based on model-guided symbolic execution, which can associate the program paths with the protocol states and utilize the protocol model to guide the test to explore interesting...
The vulnerabilities existing in network protocol implementations are difficult to detect. The main reason is that the state space of complex protocol binary software is too large to explore. This paper proposes a novel approach that leverages selective symbolic execution to test network protocol binary software directly, which confines symbolic execution in the secure-sensitive area. This paper also...
In this paper a new vulnerability discovery method based on symbolic execution and machine learning is proposed. Given a vulnerable function, similar function set can be located efficiently based on machine learning technique. Function call graphs of each function from the similar function set are obtained by dataflow analysis of the whole program. At last, the symbolic execution engine KLEE is used...
The vulnerabilities exist in Android binary software bring critical threat to Mobile Internet security. In this paper, we put forward a novel method to detect memory corruption vulnerabilities for Android binary software which builds upon memory accession security rules and selective symbolic execution. We also implemented our prototype system and the evaluation results show that our method can detect...
Different from the typical networks, the sensor nodes have limited capacity for computing, storing and communicating in wireless sensor networks. So it is a hot topic to reduce the energy consumption and prolong the lifetime of wireless sensor networks. Based on this, in order to reduce the energy consumption when the wireless sensor network management operation is running, a new encoding rule- Reduced...
Geo-information network service has become more and more popular; however the practical application of vector data service is rare used. The main reasons are as follows: firstly, with the variety of vector data formats, the general format conversion cannot be applied data shared services; Secondly, Existing vector data service interface standard (such as WFS) is too simple, which doesn't meet the...
Domain Name is a scarcity finite resource and is the base for internet business operation well. Enterprises could build websites to expand its value chain through register domain names. But the phenomenon of improper competition frequently occurred because of many companies domain name has been Cyber-squatting, so brought very large negative impact to the function of market reputation mechanisms....
Firewalls are the most deployed security devices in computer networks. Nevertheless, designing and configuring distributed firewalls, which include determining access control rules and device placement in the network, is still a significantly complex task as it requires balancing between connectivity requirements and the inherent risk and cost. Formal approaches that allow for investigating distributed...
In this paper, an efficient and secure encryption scheme for JPEG2000 codestream is proposed. The scheme encrypts each codeblock contribution to a packet (CCP) and does not introduce superfluous JPEG2000 markers in the protected codestream. It achieves full information protection for data confidentiality, and maintains all the advanced features of the original JPEG2000 codestream such as error resilience...
The objective of this work is to create usable security architecture that will minimize network risk while considering usability and budget. We propose and formulate a novel framework for automatic creation of network security architecture including configuration rules and device placements in order to minimize risk while satisfying the business requirements, service usability and budget constraints...
As multicasting is increasingly used as an efficient communication mechanism for group-oriented applications in the Internet, the research of the multicast key management is becoming a hot issue. Firstly, we analyze the n-party GDH.2 multicast key management protocol and point out that it has the following flaws: lack of certification, vulnerability to man-in-the-middle attacks, and a single-point...
In 2006, the IETF released its latest effort, NETCONF, a brand new network management protocol, which is based on the XML encoding method. The NETCONF protocol is thought to be able to meet the requirement of configuration management which SNMP fails to do well. The NETCONF protocol also performs better in other fields such as the efficiency, more flexible operations, etc. But, as a new protocol,...
Secure interaction between trusted-domains is a major problem on network security. Combining with the advantages of role-based access control (RBAC) and the existing authentication technique on crossing the trusted-domain, this paper proposes a privilege management model on crossing the trusted-domains (PMCT) which is suitable for large scale distributed network. Role recommending policy and unilateral...
This paper analyzes the features of non-functional properties of Web Services, studies their classification, advance a method to dispose the uncertain features with fuzzy sets and grey systems, provide a measurement (i.e. relevance degree, based on rough sets) of dependency among the non-functional properties, which evolves a description (i.e. support degree, based on rough sets too) of essentiality...
The efficient authorization is the precondition of implementing access control. Traditional access control technology which lacks dynamic authorization mechanism focuses on the beforehand authorization process. Based on usage control (UCON) which is new access control technology, this paper proposes a role-based dynamic authorization model. This model extends RBAC by introducing elements of UCON such...
In the grid security infrastructure (GSI), cross-domain authentication is based on traditional PKI cross certificate, which brings about problems of certificates management. Encouragingly, identity-based cryptography (IBC) can overcome these problems for its certificate-free feature. Therefore, an identity-based signcryption scheme is proposed in order to meet the requirement of cross-domain authentication...
In 2007, Fu Chong et al. proposed an improved chaos-based stream cipher. The secret key of Fu's cipher with 2158 key space size composes of 3 independent chaos initial states. In this paper, the security of Fu's chaotic cipher is investigated and the information leak of chaos map that we call preimage compressibility is discovered. We guess one chaos initial state and obtain two sampling quantified...
Trust management, with trust collecting mechanism as one of its foundations, has been the focus of more and more researches in grid security. This paper analyzes shortages of existing trust collecting mechanisms, and then proposes a novel trust collecting mechanism by introducing the idea of publish/subscribe scheme used in messaging system. The objective of this mechanism is to support dynamic trust...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.