The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
With the development of information technology, software plays an increasingly important role in the process of social development. However, at the same time, the number of software vulnerabilities is growing, posing a threat to national security and social stability. Therefore, some scholars and research institutions are paying their attention to the study of software vulnerability. In this paper,...
Security vulnerabilities in system software are a major concern, especially when the software is highly exposed. This paper studies whether it is possible to emulate security vulnerabilities through software fault injection by using well known emulation operators. Emulating security vulnerabilities in the C programming language, in a realistic way using field data, is an unanswered research question,...
Due to the increasing complexity of web and client application's structure, security problem has become more and more critical. Among all the threats reported, SQL Injection Attacks (SQLIAs) have always been top-ranked in recent years, and network logs, which are very important for the detection of SQLIA, are often utilized to analyze the user's attacking behaviors. However, the collection of network...
In this presentation, I describe how the SEI’s Security Engineering Risk Analysis (SERA) method provides a structure that connects desired system functionality with the underlying software to evaluate the sufficiency of requirements for software security and the potential operational security risks based on mission impact.
A significant milestone is reached when the field of software vulnerability research matures to a point warranting related security patterns represented by intelligent data. A substantial research material of empirical findings, distinctive taxonomy, theoretical models, and a set of novel or adapted detection methods justify a unifying research map. The growth interest in software vulnerability is...
Open source projects and the globalization of the software industry have been a driving force in reuse of system components across traditional system boundaries. As a result, vulnerabilities and security concerns are no longer only impact individual but now also global software ecosystems. Known vulnerabilities and security concerns are reported in specialized vulnerability databases, which often...
Securing critical systems such as Cyber-Physical Systems (CPS) is an important feature especially when it comes to critical transmitted data in a real-time environment. At the same time, the implementation of security counter-measures in such systems may impact transmission delays of critical tasks. For this reason selecting proper security mechanisms in such critical systems is an important issue...
In this paper, a position has been taken to include the non-human active agents as insiders of an enterprise, as opposed to only human insiders as found in the literature. This eliminates the necessity of including the psycho-social and criminological behavioural traits to be incorporated in the management of insider threats. A framework of an Enterprise has been developed and it is shown that within...
There are many illegal memory access (IMA) defects in C programs, for example, null pointer dereference, buffer overflow and array out of bounds. When C programs are running, these defects may cause software failure, and may lead to serious consequences. In order to fully detect these IMA defects, we apply abstract regions to simulate memory blocks that allocated to memory objects at the runtime,...
As the dominant mobile computing platform, Android has become a prime target for cyber-security attacks. Many of these attacks are manifested at the application level, and through the exploitation of vulnerabilities in apps downloaded from the popular app stores. Increasingly, sophisticated attacks exploit the vulnerabilities in multiple installed apps, making it extremely difficult to foresee such...
Recent years people have witnessed a surge of interest in APT attack, due to its complex and persistent attack characteristics. In order to prevent APT attacks, this article studies and analyzes a large number of APT attack cases which have been disclosed, gives an overview of APT attack lifecycle and attack techniques. This paper discusses the purposes of APT attacks and APT attack characteristics...
Programming languages use type systems to reduce number of bugs. Type systems of most languages are not powerful enough to express basic exception safety. Extension of type system in a way that allows representing exception guaranties can provide valuable information to analysis tools. Such tools could even be implemented in type system. We describe a way to extend type system of a given language...
Due to complex and heterogeneous nature of a software being used in present-day scenario, the need for developing solution to the design related problems, where solutions were made earlier can be reused in a recurring manner. For solving various design problems, it is observed that design pattern helps to find a better solution to many of the recurring design problems. Generally, design patterns are...
The OpenOrbiter CubeSat Development Initiative is working to build a small spacecraft system using open source software and open hardware principles. The important design considerations for the CubeSat include availability and performance. The essential contribution of this paper is the requirement elicitation and specification of system-wide qualities such as availability, performance, and security...
Next-generation autonomous and semi-autonomous vehicles will not only precept the environment with their own sensors, but also communicate with other vehicles and surrounding infrastructures for vehicle safety and transportation efficiency. The design, analysis and validation of various vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) applications involve multiple layers, from V2V/V2I...
The existing information system (IS) development methods do not meet the requirements to resolve security-related IS problems and they fail to provide for the successful integration of security and systems engineering during all development process stages. Security should be considered during all software development process and the requirements specifications should be identified. This paper aims...
In this paper, we propose a model-driven framework for security analysis. We present a security analysis process that begins from the design phase of the system architecture then allows performing several security analysis methods. Our approach presents mainly two advantages: First, it allows the traceability of the security analysis methods with the system architecture. Second, this framework can...
Many commercial systems in the embedded space have shown weakness against power analysis-based side-channel attacks in recent years. Random masking is a commonly used technique for removing the statistical dependency between the sensitive data and the side-channel information. However, the process of designing masking countermeasures is both labor intensive and error prone. Furthermore, there is a...
Attack Graphs (AGs) are a well-known formalism and there are tools available for AG generation and security risk analysis. The security posture of a networked system can be evaluated via an AG. However, as the size of the system becomes large, the AG suffers from the state-space explosion problem. Scalable security models have been developed to cope with this issue. Hierarchical Attack Representation...
As a kind of critical system, safety-critical system is always used for the key areas such as aerospace, national defense, transportation, nuclear energy, health and so on, which require the high security. Due to the inherent defects which caused by the complexity of the organizational structure, and the external threats which caused by the open and dynamic environment, some unexpected results will...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.