The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
A standardized Communication / Information Protocol is necessary for implementing the 4 upper digitalization layers of Industrie 4.0-compliant solutions. OPC UA is one of the leading and preferred technology. Currently, there are many different OPC UA implementations available on the market. This paper gives an overview of existing solutions and shows the results of an initial benchmarking based on...
This paper proposes a conceptual, performance-based ranking framework that prioritises the output of multiple Static Analysis Tools, to improve the tool effectiveness and usefulness. The framework weights the performance of Static Analysis Tools per defect type and cross-validates the findings between different Static Analysis Tools' reports. An initial validation shows the potential benefits of the...
When analyzing sensitive data in a cloud-deployed Hadoop stack, data-in-transit security needs to be enabled, especially in the underlying storage tier. This, however, will affect the performance of the system and may partially offset the cost benefits of the cloud. In this paper, we discuss two strategies for securing HBase deployments in the cloud. For both, we present benchmarking results which...
This paper is a record of the First International Workshop on Database Architectures for the Internet of Things. The Internet of Things refers to the future internet which will contain trillions of nodes representing various objects from small ubiquitous sensor devices and handhelds to large web servers and supercomputer clusters. The workshop investigated a number of areas appertaining to data management...
Since the first performance benchmarks proposed more than 25 years ago, the concept of comparing/ranking computer systems or components has proven to be a powerful instrument to promote the improvement of specific computer or software features. Following this path, many benchmarking studies have extended the benchmarking model initially proposed for performance to address the comparison of different...
Research and practice show that the effectiveness of vulnerability detection tools depends on the concrete use scenario. Benchmarking can be used for selecting the most appropriate tool, helping assessing and comparing alternative solutions, but its effectiveness largely depends on the adequacy of the metrics. This paper studies the problem of selecting the metrics to be used in a benchmark for software...
Selecting a vulnerability detection tool is a key problem that is frequently faced by developers of security-critical web services. Research and practice shows that state-of-the-art tools present low effectiveness both in terms of vulnerability coverage and false positive rates. The main problem is that such tools are typically limited in the detection approaches implemented, and are designed for...
The security of software-based systems is one of the most difficult issues when accessing the suitability of systems to most application scenarios. However, security is very hard to evaluate and quantify, and there are no standard methods to benchmark the security of software systems. This work proposes a novel methodology for benchmarking the security of software-based systems. This methodology uses...
The adoption of Service Oriented Architectures (SOAs) in a wide range of organizations, including business-critical systems, opens the door to new security challenges. Although the services used should be secure and reliable, they are often deployed with security bugs that can be maliciously exploited. The problem is that developers are frequently not specialized on security and the common time-to-market...
Benchmarking the security of web applications is complex and, although there are many proposals of metrics, no consensual quantitative security metric has been proposed so far. Static analysis is an effective approach for detecting vulnerabilities, but the complexity of applications and the large variety of vulnerabilities prevent any single tool from being foolproof. In this application paper we...
Security is one of the biggest concerns of database administrators. Most marketed software products announce a variety of features and mechanisms designed to improve security. However, that same variety largely complicates the process of selecting the adequate set of software products (i.e., a software package) for a given installation. In this paper we propose an approach that can be used to fairly...
This study summarizes results of a study of the internal, structural quality of 288 business applications comprising 108 million lines of code collected from 75 companies in 8 industry segments. Results are presented for measures of security, performance, and changeability. The effect of size on quality is evaluated, and the ability of modularity to reduce the impact of size is suggested.
This study summarizes results of a study of the internal, structural quality of 288 business applications comprising 108 million lines of code collected from 75 companies in 8 industry segments. These applications were submitted to a static analysis that evaluates quality within and across application components that may be coded in different languages. The analysis consists of evaluating the application...
Self-adaptive systems are widely recognized as the future of computer systems. Due to their dynamic and evolving nature, the characterization of self-adaptation and resilience attributes is of upmost importance. The problem is that nowadays there is no practical way to characterize self-adaptation capabilities or to compare alternative solutions concerning resilience. In this paper we discuss the...
Vulnerability detection tools are frequently considered the silver-bullet for detecting vulnerabilities in web services. However, research shows that the effectiveness of most of those tools is very low and that using the wrong tool may lead to the deployment of services with undetected vulnerabilities. In this paper we propose a benchmarking approach to assess and compare the effectiveness of vulnerability...
Database management systems (DBMS), the central component of many computers applications, are typically immersed in very complex environments. Protecting the DBMS from security attacks requires evaluating a long list of complex configuration characteristics that may impact, in a variety of ways, the applications and people that interact with the database system. Effectively, understanding the impact...
Database Management Systems (DBMS) are usually immersed in a so complex environment that assessing the security impact of any particular configuration choice is an extremely hard task. DBMS configuration untrustworthiness can be defined as a measure of how much one should distrust a given configuration to be able to prevent the manifestation of the most common security threats as real attacks. In...
There are many applications for secure multi-party computation (SMC), but practical adoption is still an issue. One reason is that the business model of the application does not match the system architecture of regular secure computation. An important business model is that of a single service provider dealing with many customers. Applications with this business model are e.g. auctions or benchmarking...
Parfait is a bug checker of C code that has been designed to address developers' requirements of scalability (support millions of lines of code in a reasonable amount of time), precision (report few false positives) and reporting of bugs that may be exploitable from a security vulnerability point of view. For large code bases, performance is at stake if the bug checking tool is to be integrated into...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.