Android smart device has become a preferred target for attackers as it carries plenty of private and sensitive information. However, heap overflow vulnerability in Android system gives the opportunity to execute arbitrary malicious code and even steal personal privacy. The existence of such vulnerability makes Android system too weak to defense attacks and protect privacy. It's necessary to evaluate the security risk brought to the system. However, current vulnerability risk evaluation methods mainly focus on predicting the likelihood of exploiting, which is not enough and convictive for system security researcher. In this paper, we propose an Android system vulnerability risk evaluation method for heap overflow. We detect whether the heap overflow vulnerability is existent in current Android system, and then validate the exploitability by crafted input data. The evaluation result is classified into three kinds: inexistent, existent but not exploitable, existent and exploitable. Experiment results prove the effectiveness and indicate a good performance of the method.
{"title":"An Android System Vulnerability Risk Evaluation Method for Heap Overflow","authors":"Dali Zhu, Ying Li, N. Pang, Weimiao Feng","doi":"10.1109/ES.2016.18","DOIUrl":"https://doi.org/10.1109/ES.2016.18","url":null,"abstract":"Android smart device has become a preferred target for attackers as it carries plenty of private and sensitive information. However, heap overflow vulnerability in Android system gives the opportunity to execute arbitrary malicious code and even steal personal privacy. The existence of such vulnerability makes Android system too weak to defense attacks and protect privacy. It's necessary to evaluate the security risk brought to the system. However, current vulnerability risk evaluation methods mainly focus on predicting the likelihood of exploiting, which is not enough and convictive for system security researcher. In this paper, we propose an Android system vulnerability risk evaluation method for heap overflow. We detect whether the heap overflow vulnerability is existent in current Android system, and then validate the exploitability by crafted input data. The evaluation result is classified into three kinds: inexistent, existent but not exploitable, existent and exploitable. Experiment results prove the effectiveness and indicate a good performance of the method.","PeriodicalId":184435,"journal":{"name":"2016 4th International Conference on Enterprise Systems (ES)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128242196","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Android system attracts many malicious applications to steal sensitive data. Not only in storing data, it is also easy to get data leaked while sharing. SDKEY device is an external compute system with Independent arithmetic processor. In this paper. First, we present and implement a method to store and share data safely with cipher policy attribute-based encryption between Android phones, and it is useful in Instant messaging and file managing. Second, we design a security file structure to manage data efficiently. Third, we design a kind of dual-authentication login scheme using both SDKEY and PIN for booting Android OS. Finally, a solution on transparent encryption storage for sensitive message like SMS is proposed. Besides, we also develop a prototype system based on all above solutions in this paper, the performance and security of system are proved and verified from several aspects.
{"title":"An SDKEY Data Protection and Sharing Scheme with Attribute-Based Encryption for Smartphone","authors":"Lun Li, Meihong Li, Jiqiang Liu, Jia Zhao","doi":"10.1109/ES.2016.20","DOIUrl":"https://doi.org/10.1109/ES.2016.20","url":null,"abstract":"Android system attracts many malicious applications to steal sensitive data. Not only in storing data, it is also easy to get data leaked while sharing. SDKEY device is an external compute system with Independent arithmetic processor. In this paper. First, we present and implement a method to store and share data safely with cipher policy attribute-based encryption between Android phones, and it is useful in Instant messaging and file managing. Second, we design a security file structure to manage data efficiently. Third, we design a kind of dual-authentication login scheme using both SDKEY and PIN for booting Android OS. Finally, a solution on transparent encryption storage for sensitive message like SMS is proposed. Besides, we also develop a prototype system based on all above solutions in this paper, the performance and security of system are proved and verified from several aspects.","PeriodicalId":184435,"journal":{"name":"2016 4th International Conference on Enterprise Systems (ES)","volume":"322 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126027729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A decision support method is developed to capture the classification patterns from the doctor, to establish a new global classification schema, and to classify the new patient cases into facet categories. The proposed system provides valuable recommendations to healthcare providers, and helps them gain more transparent information from patients so as to make better scheduling decisions that minimize the gap between patient demand and the provided services.
{"title":"A Smart Decision Making System for Managing Patient Database","authors":"Liuliu Fu, L. Li","doi":"10.1109/ES.2016.12","DOIUrl":"https://doi.org/10.1109/ES.2016.12","url":null,"abstract":"A decision support method is developed to capture the classification patterns from the doctor, to establish a new global classification schema, and to classify the new patient cases into facet categories. The proposed system provides valuable recommendations to healthcare providers, and helps them gain more transparent information from patients so as to make better scheduling decisions that minimize the gap between patient demand and the provided services.","PeriodicalId":184435,"journal":{"name":"2016 4th International Conference on Enterprise Systems (ES)","volume":"136 12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131239271","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Danillo Sprovieri, N. Argyropoulos, C. Souveyet, R. Mazo, H. Mouratidis, A. Fish
Context: Security is becoming increasingly important during software engineering. Software developers should be able to adapt and deploy secure systems in a continuously changing execution context. Method: We use Software Product Lines (SPLs), Business Process Management (BPM) and Security Requirements Engineering (SRE) techniques for anticipating the uncertainty and the changes of security requirements. Results: We provide a method to support developers to incorporate security in the design of SPLs systems. To avoid costly and extensive re-design of SPLs and BPs, we propose a methodology to analyse the strategic change impact of SPLs and BPs. The methodology supports the alignment of organizational strategy and execution level with an emphasis to security. Conclusions: This methodology constitutes a guideline to trace back the impact of change respecting security constraints of SPLs and BPs on different abstraction levels.
{"title":"Security Alignment Analysis of Software Product Lines","authors":"Danillo Sprovieri, N. Argyropoulos, C. Souveyet, R. Mazo, H. Mouratidis, A. Fish","doi":"10.1109/ES.2016.19","DOIUrl":"https://doi.org/10.1109/ES.2016.19","url":null,"abstract":"Context: Security is becoming increasingly important during software engineering. Software developers should be able to adapt and deploy secure systems in a continuously changing execution context. Method: We use Software Product Lines (SPLs), Business Process Management (BPM) and Security Requirements Engineering (SRE) techniques for anticipating the uncertainty and the changes of security requirements. Results: We provide a method to support developers to incorporate security in the design of SPLs systems. To avoid costly and extensive re-design of SPLs and BPs, we propose a methodology to analyse the strategic change impact of SPLs and BPs. The methodology supports the alignment of organizational strategy and execution level with an emphasis to security. Conclusions: This methodology constitutes a guideline to trace back the impact of change respecting security constraints of SPLs and BPs on different abstraction levels.","PeriodicalId":184435,"journal":{"name":"2016 4th International Conference on Enterprise Systems (ES)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116007513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Haiyang Xia, Jiaxin Han, Jie Kong, Wenjuan Wei, Lei Zhang
While the data mining in education field gained more and more popularity in recent years, there have many research endeavors to find association rules in students' academic situation. The current methods normally apply traditional association rules mining technique to identify those rules. However, traditional association rules mining technique can not identify difference between different types of students' academic situation. To solve this problems, we applied a novel contrast target rules mining method in this paper. Real world data set from Computer Science department of a university of China, the empirical results show the difference characteristics of different types of students in their academic situation.
{"title":"Discovering the Academic Situation of Students by Relationship Mining","authors":"Haiyang Xia, Jiaxin Han, Jie Kong, Wenjuan Wei, Lei Zhang","doi":"10.1109/ES.2016.31","DOIUrl":"https://doi.org/10.1109/ES.2016.31","url":null,"abstract":"While the data mining in education field gained more and more popularity in recent years, there have many research endeavors to find association rules in students' academic situation. The current methods normally apply traditional association rules mining technique to identify those rules. However, traditional association rules mining technique can not identify difference between different types of students' academic situation. To solve this problems, we applied a novel contrast target rules mining method in this paper. Real world data set from Computer Science department of a university of China, the empirical results show the difference characteristics of different types of students in their academic situation.","PeriodicalId":184435,"journal":{"name":"2016 4th International Conference on Enterprise Systems (ES)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122220369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
U. Pakdeetrakulwong, P. Wongthongtham, Suksawat Sae-Lim, Hassan Marzooq Naqvi
A software development project produces a large volume of software artefacts. However, these are in syntactic form so their structures are not conducive to an understanding of the semantics, and therefore may create ambiguities (e.g. incorrect or different interpretations). This problem is particularly large in a distributed software development context where project members are geographically dispersed. Furthermore, in this type of setting, information related to the software project is scattered across various, unlinked software repositories. This results in two main challenges. First, this software project information is not readily accessible because of its dispersal. Second, there is a lack of integration among relevant software artefacts. Previous research efforts have attempted to address these issues by capturing software project information and structuring it in conceptualised form. However, most of the proposals are based on a manual or semi-automatic approach, resulting in tasks being more laborious for team members. In this paper, we propose a systematic approach to automatically capture the semantics of software project information (i.e. source code artefacts) by means of the semantic annotation process. The Software Engineering Ontology is utilised to provide domain knowledge and the multi-agent approach is applied to automate the process. Once software project information has been captured and structured according to the ontology, it is in machine understandable and processable form and can be subsequently used by software agents. They can read and process this information in order to provide active support for dispersed team members to clarify any ambiguity resulting from remote communication, to address major software development issues, and to facilitate effective and efficient coordination.
{"title":"SEOMAS: An Ontology-Based Multi-Agent System for Capturing Semantics of Software Project Information","authors":"U. Pakdeetrakulwong, P. Wongthongtham, Suksawat Sae-Lim, Hassan Marzooq Naqvi","doi":"10.1109/ES.2016.21","DOIUrl":"https://doi.org/10.1109/ES.2016.21","url":null,"abstract":"A software development project produces a large volume of software artefacts. However, these are in syntactic form so their structures are not conducive to an understanding of the semantics, and therefore may create ambiguities (e.g. incorrect or different interpretations). This problem is particularly large in a distributed software development context where project members are geographically dispersed. Furthermore, in this type of setting, information related to the software project is scattered across various, unlinked software repositories. This results in two main challenges. First, this software project information is not readily accessible because of its dispersal. Second, there is a lack of integration among relevant software artefacts. Previous research efforts have attempted to address these issues by capturing software project information and structuring it in conceptualised form. However, most of the proposals are based on a manual or semi-automatic approach, resulting in tasks being more laborious for team members. In this paper, we propose a systematic approach to automatically capture the semantics of software project information (i.e. source code artefacts) by means of the semantic annotation process. The Software Engineering Ontology is utilised to provide domain knowledge and the multi-agent approach is applied to automate the process. Once software project information has been captured and structured according to the ontology, it is in machine understandable and processable form and can be subsequently used by software agents. They can read and process this information in order to provide active support for dispersed team members to clarify any ambiguity resulting from remote communication, to address major software development issues, and to facilitate effective and efficient coordination.","PeriodicalId":184435,"journal":{"name":"2016 4th International Conference on Enterprise Systems (ES)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127858290","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: