Serwis Infona wykorzystuje pliki cookies (ciasteczka). Są to wartości tekstowe, zapamiętywane przez przeglądarkę na urządzeniu użytkownika. Nasz serwis ma dostęp do tych wartości oraz wykorzystuje je do zapamiętania danych dotyczących użytkownika, takich jak np. ustawienia (typu widok ekranu, wybór języka interfejsu), zapamiętanie zalogowania. Korzystanie z serwisu Infona oznacza zgodę na zapis informacji i ich wykorzystanie dla celów korzytania z serwisu. Więcej informacji można znaleźć w Polityce prywatności oraz Regulaminie serwisu. Zamknięcie tego okienka potwierdza zapoznanie się z informacją o plikach cookies, akceptację polityki prywatności i regulaminu oraz sposobu wykorzystywania plików cookies w serwisie. Możesz zmienić ustawienia obsługi cookies w swojej przeglądarce.
This experience report analyses security problems of modern computer systems caused by vulnerabilities in their operating systems. An aggregated vulnerability database has been developed by joining vulnerability records from two publicly available vulnerability databases: the Common Vulnerabilities and Exposures system (CVE) and the National Vulnerabilities database (NVD). The aggregated data allow...
There is no doubt that security issues are on the rise and defense mechanisms are becoming one of the leading subjects for academic and industry experts. In this paper, we focus on the security domain and envision a new way of looking at the security life cycle. We utilize our vision to propose an asset-based approach to countermeasure zero day attacks. To evaluate our proposal, we built a prototype...
Cloud computing relies on virtualization technologies to provide computer resource elasticity and scalability. Despite its benefits, virtualization technologies come with serious concerns in terms of security. Although existing work focuses on specific vulnerabilities and attack models related to virtualization, a systematic analysis of known vulnerabilities for different virtualization models, including...
In the preceding few years the security of databases is a challenging and multifarious issue for enterprises. As a matter of fact, databases are the premier targeted system in any corporation that holds confidential information, or its businesses' relies heavily on the data and its integrity and availability. Vulnerability in network and internet links to databases may trigger obscure things even...
Nowadays securing data has become a prime concern for educational institutes, workplaces etc. USB drives are now largely used for storing and transferring data due to its large capacity at nominal cost, high-transferring rate and portability. These drives are not only used to store data but they also have the ability to run software programs and boot the operating systems. Besides several advantages,...
The detection of vulnerabilities in computer systems and computer networks as well as the weakness analysis are crucial problems. The presented method tackles the problem with an automated detection. For identifying vulnerabilities the approach uses a logical representation of preconditions and postconditions of vulnerabilities. The conditional structure simulates requirements and impacts of each...
Vulnerability testing platform may be time consuming and inconvenient to establish for that it greatly depends on tester's testing ability and knowledge of network security architecture. Virtual vulnerability validation platform (VVVP) is proposed in this paper to deal with this dilemma. Key technologies such as OS image customization and KVM are analyzed. VVVP model has two main parts, the OS image...
Existence of a CMS as a tool in making a website has been used extensively by the communities. Currently, there are many CMS available as options, especially CMS bulletin board. The number of options is an obstacle for someone to choose a suitable CMS to fulfill their needs. Because of the lack of research on this CMS bulletin board comparison, this research tries to compare and search the best CMS...
This paper deals with the characterization of security-related vulnerabilities based on public data reported in the Open Source Vulnerability Database. We focus on the analysis of vulnerability life cycle events corresponding to the vulnerability discovery, the vulnerability disclosure, the patch release, and the exploit availability. We study the distribution of the time between these events considering...
There are two main methods that identify host information Banner and Fingerprint. Through research, analysis and combined with the two methods, we complete and realize passive host characteristic information identification. For other network security research, particularly with regard to improvement of network intrusion detection system, we prepare data, and broaden ideas.
Utilizing computer aided security risk assessment, administrators can apperceive network security situation quickly and take countermeasures effectively. Most assessment methods disregard the dependencies among services, lack the evaluation against indirect risks, and seldom mention the composition of multiple source risks. Regarding the above problems, an assessment method that based on service dependency...
Software code reuse has long been touted as a reliable and efficient software development paradigm. Whilst this practice has numerous benefits, it is inherently susceptible to latent vulnerabilities. Source code which is re-used without being patched for various reasons may result in vulnerable binaries, despite the vulnerabilities being made publicly known. To aggravate matters, crackers have access...
While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments and the development of models is still weak. Addressing this research gap, this paper presents the first comprehensive empirical investigation of published vulnerabilities and patches of 17 widely deployed open source and...
In this paper, we proposed a file backup method. Files in devices of computer system can be destructed under abnormal condition. We divide file or database into ranges. Each range contains records and fields. We backup ranges to different devices. When files process the operation of creation, insertion, update or deletion, we only backup the corresponding ranges. When the original file is destructed,...
Database management systems (DBMS), the central component of many computers applications, are typically immersed in very complex environments. Protecting the DBMS from security attacks requires evaluating a long list of complex configuration characteristics that may impact, in a variety of ways, the applications and people that interact with the database system. Effectively, understanding the impact...
This paper presents the quantitative characterization of vulnerability life cycle and of exploit creation by probability distributions. This work aims at helping the production of quantitative measures of information system security considering system environment. In this paper, we focus on two environmental factors: the vulnerability life cycle; and the attacker behaviour. We look for the probability...
While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments is still weak. Addressing this research gap, this paper presents a comprehensive empirical investigation of the patching behavior of software vendors/communities of widely deployed open source and closed source software...
Database Management Systems (DBMS) are usually immersed in a so complex environment that assessing the security impact of any particular configuration choice is an extremely hard task. DBMS configuration untrustworthiness can be defined as a measure of how much one should distrust a given configuration to be able to prevent the manifestation of the most common security threats as real attacks. In...
In this paper, the remote operating system detection is discussed and some detection methods which contain active detection and passive detection are studied and compared. The implement of remote operating system detection based on Libnet is provided and the architecture of total system is presented. The principle of Libnet is studied and it can improve detection performance and scalability. The detection...
According to a study from Gartner Group, mostly successful attacks exploit software applications and operating systems that were not properly configured or vulnerability patched. Regarding enterprises, there are far reaching consequences if their online services are attacked and compromised. As a result, making their systems safer is becoming a higher priority. In this paper, we proposed a system...
Podaj zakres dat dla filtrowania wyświetlonych wyników. Możesz podać datę początkową, końcową lub obie daty. Daty możesz wpisać ręcznie lub wybrać za pomocą kalendarza.