The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we review the main middleware re-quirements applied to Internet of Things and High-Performance Computing combined, here called IoT/HPC. The goal was to describe a unique set of requirements that middleware systems should attempt to guarantee the development of integrated applications. Among many core complex services, the IoT/HPC challenges are related to the support of sensing, actuating,...
Cross Site Scripting (XSS) vulnerability acts as one of the chief widespread security issues in web applications. By reviewing the literature pertaining to XSS vulnerability, it has been found that many investigations have directed their energy only on XSS vulnerability detection, but not many studies have concentrated on removing XSS vulnerability. This paper embed the removal stage of XSS vulnerability...
Reflection, which is widely used in practice and abused by many security exploits, poses a significant obstacle to program analysis. Reflective calls can be analyzed statically or dynamically. Static analysis is more sound but also more imprecise (by introducing many false reflective targets and thus affecting its scalability). Dynamic analysis can be precise but often miss many true reflective targets...
Among the protection mechanisms that ensure the Java Card security, the Byte Code Verifier (BCV) is one of the most important security elements. In fact, embedded applets must be verified prior installation. This prevents ill-formed applet to be loaded. In this article, the behavior of the Oracle BCV towards some unchecked piece of codes is analyzed, and the way to bypass the BCV is highlighted. Then,...
Open source software systems are based on the principle of open collaboration for innovation and production. They highly depend on volunteer developers contributions for their existence and continuity; attracting new volunteer developers is crucial for the OSS community sustainability. However, new developers might be hesitant to join and participate to a project due to many obstacles such as lack...
Although it is well-known that API design has a large and long-term impact on security, the literature contains few substantial guidelines for practitioners on how to design APIs that improve security. Even fewer of those guidelines have been evaluated empirically. Security professionals have proposed that software engineers choose immutable APIs and architectures to enhance security. Unfortunately,...
While Java Virtual Machine can provide applications with safety property to avoid memory corruption bugs, it continues to encounter some security flaws. Real world exploits show that the current sandbox model can be bypassed. In this paper, we focus our work on bytecode integrity measurement in clouds to identify malicious execution and propose J-IMA architecture to provide runtime measurement and...
In order to bake security into application design, we introduce an adaptation to the Command pattern: command instances are tagged with the permissions required to perform them for each object they manipulate. Prior to executing a command instance issued by a given user, an execution engine validates the user has the required permissions over the objects the command is about to operate on. Stating...
This system is invented under the circumstance that security incidents frequently occurs when contemporary college students taking into outdoor activities. It is constructed based on the central idea of exploiting a safety management system on mobile terminal to further introduce the over all layout, different sorts of capacity and technology data base. The primary goal is to ensure the security of...
IoT devices are software-rich and Java is sometimes chosen as the developing programming language. Although Java is highly productive in constructing large advanced programs, application or user-defined Java classes must be responsible for safety and security issues. In particular, two fundamental methods hashCode and equals play key roles in safety and security assurance. Some existing studies for...
The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript, and style sheets. A common programming error is the use of a wrong encoder to sanitize untrusted data, leaving the application vulnerable. We present a security...
The growing popularity of Android applications makes them vulnerable to security threats. There exist several studies that focus on the analysis of the behaviour of Android applications to detect the repackaged and malicious ones. These techniques use a variety of features to model the application's behaviour, among which the calls to Android API, made by the application components, are shown to be...
Searching for vulnerabilities in Android apps through approaches based on the app's dex bytecode has been applied to a lot of researches. This approach, called late detection, is applied to apps already released, and usually doesn't identify vulnerabilities before users have been exposed. This article presents a method based on static analysis with matching patterns for identifying these vulnerabilities...
This work contains the implementation of techniques and recommendations OWASP on a SOA prototype developed with J2EE. To its design and coding we used some WS-Security specifications, Metro framework, MVC as architectural pattern, Facade and DAO as design patterns. The prototype was validated in terms of design, coding and security through some tools such as: Structural Analysis for Java, SonarQube,...
Cryptography is the fascinating science that deals with constructing and destructing the secret codes. The evolving digitization in this modern era possesses cryptography as one of its backbones to perform the transactions with confidentiality and security wherever the authentication is required. With the modern technology that has evolved, the use of codes has exploded, enriching cryptology and empowering...
Web-based applications are attractive due to their portability. To leverage that, many mobile applications are hybrid, incorporating a web component that implements most of their functionality. While solutions for enforcing security exist for both mobile and web applications, enforcing and reasoning about the security of their combinations is difficult. We argue for a combination of static and dynamic...
Today's modern homes are becoming complex live systems in which virtually all functionality, from lighting and heating control to security and occupancy simulation, is mediated by computerized controllers leading to IoT future. The smart nature of these homes raises obvious security concerns and history has shown that a vulnerability in only one component may provide the means to compromise the system...
Software Reverse Engineering scenario would involve software that has been worked upon for years and carries several modules of a business in its lines of code. Unfortunately the source code of the application has been lost, what remains is “native” or “binary” code. Traditional obfuscators work on binary code but they are tedious and do not provide us with a specific obfuscation depending upon the...
We performed an empirical study to understand interoperability issues in C and Fortran programs. C/Fortran interoperability is very common and is representative of general language interoperability issues, such as how interfaces between languages are defined and how data types are shared. Fortran presents an additional challenge, since several ad hoc approaches to C/Fortran interoperability were in...
The co-existence of critical and non-critical applications on computing devices, such as mobile phones, is becoming commonplace. The sensitive segments of a critical application should be executed in isolation on Trusted Execution Environments (TEE) so that the associated code and data can be protected from malicious applications. TEE is supported by different technologies and platforms, such as ARM...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.