The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
SQL Injection attack is a kind of attack to a web application that accesses the database of the web application illegitimate. Along with the increasing use of web applications, the database where stores much sensitive information became more and more valuable and vulnerable. Eventually, SQL Injection attack has become rank one in top ten vulnerabilities as specified by Open Web Application Security...
Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. The latter phase is known as the security oracle problem. In this work, we present SOFIA, a Security Oracle for SQL-Injection Vulnerabilities. SOFIA is programming-language and source-code independent,...
With the rapid advancement of technology today, smartphones become more and more powerful and attract a huge amount of users with new features provided by mobile device operating systems such as Android. However, due to its security vulnerability, hackers and cybercriminals constantly attack Android mobile devices. Thus, research on effective and efficient mobile threat analysis becomes an emerging...
In the preceding few years the security of databases is a challenging and multifarious issue for enterprises. As a matter of fact, databases are the premier targeted system in any corporation that holds confidential information, or its businesses' relies heavily on the data and its integrity and availability. Vulnerability in network and internet links to databases may trigger obscure things even...
The globalization of the software industry has introduced a widespread use of system components across traditional system boundaries. Due to this global reuse, also vulnerabilities and security concerns are no longer limited in their scope to individual systems but instead can now affect global software ecosystems. While known vulnerabilities and security concerns are reported in specialized vulnerability...
Hiding High Utility Sequential Patterns (HUSPs) is the task of finding the ways how to hide high utility sequential patterns appearing in sequence databases so that the adversaries cannot discover them after hiding. It has become an important research topic in recent years and has been applied in various domains such as business, marketing, stock, health and security, etc. However, few methods have...
In recent years, the use of smart devices is becoming increasingly popular. All kinds of mobile applications are emerging. In addition to the official market, there are also many ways to allow users to download the mobile app. As unidentified instances of malware grow day by day, off-the-shelf malware detection methods identify malicious programs mainly with extracted signatures of codes, which only...
When a cloud scales out to a large size, the cloud network potentially extends to a multi-domain structure, and needs to keep its scalability, consistency and flexibility. Software-Defined Networking (SDN) provides the technical possibility to realize the requirements. However, the existing studies of SDN focus on the perspective of network builders and managers, different from the perspective of...
The main concern associated with biometric structures which are stored in a database is the security of the template storage system. A new technique which assembles the encryption key and biometric sample using a cryptographic means is the fuzzy vault. The fuzzy vault scheme provides supreme security to the templates which are stored in a database or smart card. Compared to an ordinary system which...
Airplane cockpit security is of utmost importance in the current scenario of terrorism. To avoid incidents like the September 11 attacks, where unauthorized people took control of airplanes, it is crucial to determine the authenticity of a person occupying the pilot/co-pilot seat(s). In this paper we extend previous results in biometric techniques to accurately recognize the person occupying the seat...
For the issues that the Web service is easy to suffer from SQL injection attacks in cloud computing environment. This paper proposes a kind of SQL detection method which combined with dynamic taint analysis and input filtering. And it is embedded in the cloud environment to achieve the protection of the Web applications in cloud deployment. First, the method obtains the SQL keywords through the analysis...
Proofs of Retrievability (POR) is a scheme to build a verifiable storage on a remote server that a client can access the data randomly, and periodically execute an efficient Audit protocol to ensure that the data is intact. In dynamic POR, the difficulties are to maintain the latest version of the data while achieving efficient Update and Audit. In this paper, we propose PDPOR that achieves the best...
Content Security Policy (CSP) is powerful client-side security layer that helps in mitigating and detecting wide ranges of web attacks including cross-site scripting (XSS). However, utilizing CSP by site administrators is a fallible process and may require significant changes in web application code. In this paper, we propose an approach to help site administers to overcome these limitations in order...
Cloud computing is a model that offers on-demand computational resources to clients as services. In this concept, users are charged based on a pay-per-use business model. Therefore, it dramatically reduces operating costs associated with the maintenance of the local data center. Recently, database is provided as a service to fulfill clients' demand. Following this, companies can rely on a remote database...
Whole-system data provenance provides deep insight into the processing of data on a system, including detecting data integrity attacks. The downside to systems that collect whole-system data provenance is the sheer volume of data that is generated under many heavy workloads. In order to make provenance metadata useful, it must be stored somewhere where it can be queried. This problem becomes even...
Critical infrastructure such as power plants, oil refineries, and sewage are at the core of modern society. Supervisory Control and Data Acquisition (SCADA) systems were designed to allow human operators supervise, maintain, and control critical infrastructure. Recent years has seen an increase in connectivity of SCADA systems to the Internet. While this connectivity provides an increased level of...
Big data has been arising a growing interest in both scientific and industrial fields for its potential value. However, before employing big data technology into massive applications, a basic but also principle topic should be investigated: security and privacy. In this paper, the recent research and development on security and privacy in big data is surveyed. First, the effects of characteristics...
In order to solve the problem of the traditional parking system equipment is too large and lack of stability and the user group is relatively single. This system uses the embedded hardware as the server side and client side of the parking lot system, it vastly reduces the hardware size and its cost plus stable operating system. In the use of the crowd, the system gets rid of a single administrator...
Existing vulnerabilities of Web system threaten the regular work of information systems. The most common Web system vulnerability is SQL injection. There is known approaches to protect Web applications against SQL injection attacks in the article. To improve the Web software security it is developed defense mechanism that protects Web resources from SQL injection performing. To implement this software...
A technique has been presented to use ECG (Electrocardiogram) for human identification. Earlier researches were tested on PTB or MIT-BIH ECG data which was recorded once a person is at rest and will give erroneous results if the heart beat rate changes depending upon human activity. Hence time and amplitude normalization is necessary for identification. In this technique, R peaks of ECG signal are...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.