The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
To evaluate the national military development situation, is not only to systematically grasp their own strength and security situation of the country, but also to compare and analyze the degree of the countries' future military construction. Based on the net assessment method, this paper established the evaluation index system of national military development, used the application of statistical methods...
The globalization of today's supply chains (e.g., information and communication technologies, military systems, etc.) has created an emerging security threat that could degrade the integrity and availability of sensitive and critical government data, control systems, and infrastructures. Commercial-off-the-shelf (COTS) and even government-off-the-self (GOTS) products often are designed, developed,...
This paper presents a new method, capable of automatically generating attacks on binary programs from software crashes. We analyze software crashes with a symbolic failure model by performing concolic executions following the failure directed paths, using a whole system environment model and concrete address mapped symbolic memory in . We propose a new selective symbolic input method...
This paper proposes to test web applications and generate the feasible exploits automatically, including cross-site scripting and SQL injection attacks. We test the web applications with initial random inputs by detecting symbolic queries to SQL servers or symbolic responses to HTTP servers. After symbolic outputs detected, we are able to generate attack strings and reproduce the results, emulating...
Supply chain integrity (SCI) is emerging as one of the top security issues facing critical systems. The government's reliance on commercial off-the-shelf (COTS) products is apparent, as is the threat of critical systems being designed and manufactured overseas. To date, few tools or capabilities exist to prevent or even detect these classes of attacks. Programs, such as DARPA Trust, exist to identify...
We present a simple framework capable of automatically generating attacks that exploit control flow hijacking vulnerabilities. We analyze given software crashes and perform symbolic execution in concolic mode, using a whole system environment model. The framework uses an end-to-end approach to generate exploits for various applications, including 16 medium scale benchmark programs, and several large...
Developing and evaluating exterior physical security system alternatives can be a daunting task. Once alternatives are identified, they must be evaluated not to only the set of threats they provide against, but also to other factors such as cost, performance, schedule and environmental impact. This article describes a systematic approach of applying decision analysis tools and techniques to develop,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.