An efficient email spam filtering system by selecting relevant features to reduce the dimensions has become a pivotal aspect in the field of machine learning based spam filtering. To deal with noisy features, TF-IDF-CF is chosen as the feature selection method in this study. The selected relevant feature sets are submitted to LibSVM and MNB classifiers to construct ham and spam models. An accuracy of 98.2612 with F-measure 0.9841 is obtained which depicts the effectiveness of proposed scheme.
{"title":"Machine learning approach for filtering spam emails","authors":"Princy George, P. Vinod","doi":"10.1145/2799979.2800043","DOIUrl":"https://doi.org/10.1145/2799979.2800043","url":null,"abstract":"An efficient email spam filtering system by selecting relevant features to reduce the dimensions has become a pivotal aspect in the field of machine learning based spam filtering. To deal with noisy features, TF-IDF-CF is chosen as the feature selection method in this study. The selected relevant feature sets are submitted to LibSVM and MNB classifiers to construct ham and spam models. An accuracy of 98.2612 with F-measure 0.9841 is obtained which depicts the effectiveness of proposed scheme.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122319526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Due to the Stateless Property of the ARP protocol (It means that a response can be processed despite the request was never received), which introduces some security flaws that makes it vulnerable to various types of attacks resulting in leaks and/or damage of information, They have presented various feasible solutions, amongst these we find S-ARP (secure ARP) and ES-ARP (Secure and efficient ARP), these two, seek to resolve the failure of ARP security, changing and improving its original protocols and performing other configurations that are believed feasible to improve their security. In this article, we will execute an ARP poisoning in order to show the insecurity that the Protocol has, and to compare it against other alternatives, to show the safety of each of these. In conclusion ES-ARP and S-ARP are good choices to improve the safety of the ARP protocol, although is not 100% secure, since if they send the answer and then the poisoned ARP reply is sent before the actual one is received, and set on the cache memory, the victim stores the wrong response in the cache and discards the actual one. When the first ARP request is sent, the victim and the attacker receive the message. Who comes first will get the ARP cache of the victim.
{"title":"Comparison between safety and efficient security of the ARP protocol","authors":"E. León, B. S. R. Daza, O. S. Parra","doi":"10.1145/2799979.2800035","DOIUrl":"https://doi.org/10.1145/2799979.2800035","url":null,"abstract":"Due to the Stateless Property of the ARP protocol (It means that a response can be processed despite the request was never received), which introduces some security flaws that makes it vulnerable to various types of attacks resulting in leaks and/or damage of information, They have presented various feasible solutions, amongst these we find S-ARP (secure ARP) and ES-ARP (Secure and efficient ARP), these two, seek to resolve the failure of ARP security, changing and improving its original protocols and performing other configurations that are believed feasible to improve their security. In this article, we will execute an ARP poisoning in order to show the insecurity that the Protocol has, and to compare it against other alternatives, to show the safety of each of these. In conclusion ES-ARP and S-ARP are good choices to improve the safety of the ARP protocol, although is not 100% secure, since if they send the answer and then the poisoned ARP reply is sent before the actual one is received, and set on the cache memory, the victim stores the wrong response in the cache and discards the actual one. When the first ARP request is sent, the victim and the attacker receive the message. Who comes first will get the ARP cache of the victim.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129843397","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
L. Babenko, Philipp Burtyka, O. Makarevich, A. Trepacheva
The paper considers the problem of organization the computations over encrypted data. This problem has become increasingly important due to the expansion of the cloud computing and the need for suitable measures to protect it. Different primitives were proposed to solve the problem in a limited context, such as garbled circuits, fully homomorphic encryption, functional encryption, secure multiparty computations and so on. However, the development of real secure computing system requires some general theory for organization of secure computing, using a systemic approach. We propose to divide all the functionality that the secure computing system must support into the several layers; the interaction between them would be done through the interfaces. Presented six-layer analytical model under the title "Secure computing interface stack" ("SCIS") is intended to standardize and facilitate the work of researchers and developers in the field of cryptographically secure computing, i.e. such systems in which the untrusted parties process the sensitive data in encrypted form without decrypting at the any stage of processing. For each layer we outline the problems researchers deal with, reveal a range of issues that must be addressed, and provide a brief overview of the relative works. We survey and compare known secure computation systems analyzing them within our model and derive some new ideas for improvements of existing CSCS.
{"title":"The general model of secure computation system","authors":"L. Babenko, Philipp Burtyka, O. Makarevich, A. Trepacheva","doi":"10.1145/2799979.2800006","DOIUrl":"https://doi.org/10.1145/2799979.2800006","url":null,"abstract":"The paper considers the problem of organization the computations over encrypted data. This problem has become increasingly important due to the expansion of the cloud computing and the need for suitable measures to protect it. Different primitives were proposed to solve the problem in a limited context, such as garbled circuits, fully homomorphic encryption, functional encryption, secure multiparty computations and so on. However, the development of real secure computing system requires some general theory for organization of secure computing, using a systemic approach. We propose to divide all the functionality that the secure computing system must support into the several layers; the interaction between them would be done through the interfaces. Presented six-layer analytical model under the title \"Secure computing interface stack\" (\"SCIS\") is intended to standardize and facilitate the work of researchers and developers in the field of cryptographically secure computing, i.e. such systems in which the untrusted parties process the sensitive data in encrypted form without decrypting at the any stage of processing. For each layer we outline the problems researchers deal with, reveal a range of issues that must be addressed, and provide a brief overview of the relative works. We survey and compare known secure computation systems analyzing them within our model and derive some new ideas for improvements of existing CSCS.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132507089","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Android OS market share has made it a feverish target of malicious attacks. Dynamic Binary Instrumentation (DBI) based tools are gaining prominence for behavioral program inspection, feature identification and virtual machine binary code translation. DBI has an advantage of being transparent, i.e. the application under inspection is never modified. In this paper we describe DynaDroid, DBI framework developed to build behavior based binary instrumentation methodology to effectively monitor Android Package (APK) behavior. Unlike the existing behavior monitoring approaches, the proposed DynaDroid reconstructs the Dalvik level and Java level semantics at a time. The proposed dynamic behavior approach can provide base for analyzing the native calls, Dalvik instructions and also generate profile for Java based API activity. We plan to build effective instrumentation framework to detect real malware with lightweight overhead.
{"title":"DynaDroid: dynamic binary instrumentation based app behavior monitoring framework","authors":"Bharat Buddhdev, R. Bhan, M. Gaur, V. Laxmi","doi":"10.1145/2799979.2800036","DOIUrl":"https://doi.org/10.1145/2799979.2800036","url":null,"abstract":"Android OS market share has made it a feverish target of malicious attacks. Dynamic Binary Instrumentation (DBI) based tools are gaining prominence for behavioral program inspection, feature identification and virtual machine binary code translation. DBI has an advantage of being transparent, i.e. the application under inspection is never modified. In this paper we describe DynaDroid, DBI framework developed to build behavior based binary instrumentation methodology to effectively monitor Android Package (APK) behavior. Unlike the existing behavior monitoring approaches, the proposed DynaDroid reconstructs the Dalvik level and Java level semantics at a time. The proposed dynamic behavior approach can provide base for analyzing the native calls, Dalvik instructions and also generate profile for Java based API activity. We plan to build effective instrumentation framework to detect real malware with lightweight overhead.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134045674","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The escalating number of the most various intelligent devices having Internet connection will be the defining direction of development of the Internet for the next years. Already now 98.8% of all manufactured microprocessors are used in the embedded applications and only 1.2% -- in traditional computers. Along with traditional Internet devices, such as personal computers, laptops, smartphones, the Internet access have the devices of household appliances, transport, various sensors (including connected with processing of biometric data, personal information of medical character, etc.), and also the tags of radio-frequency identification (RFID). However there is a basic possibility of using of this technology for unauthorized obtaining of confidential information of personal character. So the former CIA director David Petraeus declared that data from the Internet-connected devices can be used for drawing up the most detailed file on any person. Thus, development information and the Internet of technologies will demand effective implementation of the information security algorithms providing confidentiality and integrity of data. It is obvious that cryptographic methods of information security form a basis of such safety. Feature is that they have to be applied to the most various intelligent devices which because of their activity conditions as well as cost constrains peculiar to mass production, are characterized by rigid restrictions on the used memory resources, computing power, power supplies, etc. that in turn conducts to restrictions on the used technologies and technological decisions. So, for example, strict restrictions are imposed on energy consumption of passive intelligent devices such as radio-frequency tags or contactless smart cards. Other restriction imposed on the hardware is a limit on number of the logical elements used in an algorithm chip. The report examines various approaches to the design of information security algorithms, effective for realization in the conditions of significantly limited resources such as radio-frequency tags, contactless smart cards, sensors, coprocessors for 8-bit processors etc.
{"title":"Lightweight cryptography: modern development paradigms","authors":"A. Zhukov","doi":"10.1145/2799979.2799981","DOIUrl":"https://doi.org/10.1145/2799979.2799981","url":null,"abstract":"The escalating number of the most various intelligent devices having Internet connection will be the defining direction of development of the Internet for the next years. Already now 98.8% of all manufactured microprocessors are used in the embedded applications and only 1.2% -- in traditional computers. Along with traditional Internet devices, such as personal computers, laptops, smartphones, the Internet access have the devices of household appliances, transport, various sensors (including connected with processing of biometric data, personal information of medical character, etc.), and also the tags of radio-frequency identification (RFID). However there is a basic possibility of using of this technology for unauthorized obtaining of confidential information of personal character. So the former CIA director David Petraeus declared that data from the Internet-connected devices can be used for drawing up the most detailed file on any person. Thus, development information and the Internet of technologies will demand effective implementation of the information security algorithms providing confidentiality and integrity of data. It is obvious that cryptographic methods of information security form a basis of such safety. Feature is that they have to be applied to the most various intelligent devices which because of their activity conditions as well as cost constrains peculiar to mass production, are characterized by rigid restrictions on the used memory resources, computing power, power supplies, etc. that in turn conducts to restrictions on the used technologies and technological decisions. So, for example, strict restrictions are imposed on energy consumption of passive intelligent devices such as radio-frequency tags or contactless smart cards. Other restriction imposed on the hardware is a limit on number of the logical elements used in an algorithm chip. The report examines various approaches to the design of information security algorithms, effective for realization in the conditions of significantly limited resources such as radio-frequency tags, contactless smart cards, sensors, coprocessors for 8-bit processors etc.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125994672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Nowadays, the evolution of the information system (IS) is very fast and companies have to manage a very huge amount of sensitive and critical information. Therefore, the information system managers are urged to accurately design their IS and to provide the accurate access rights to this information. In that regards, although the advantage of this strict definition of the IS, we observe that this evolution also tends to reduce and to limit the employees' personal initiatives to act and to behave for the well-being of the company, especially in the case of professional ethical reasons. In this context, this paper takes up the challenge to show to the information security specialists the importance of addressing ethical issues along the management of the access rights and proposes a model-based technical approach to face this problem.
{"title":"Analysis of the impact of ethical issues on the management of the access rights","authors":"André Rifaut, C. Feltus, S. Turki, D. Khadraoui","doi":"10.1145/2799979.2799996","DOIUrl":"https://doi.org/10.1145/2799979.2799996","url":null,"abstract":"Nowadays, the evolution of the information system (IS) is very fast and companies have to manage a very huge amount of sensitive and critical information. Therefore, the information system managers are urged to accurately design their IS and to provide the accurate access rights to this information. In that regards, although the advantage of this strict definition of the IS, we observe that this evolution also tends to reduce and to limit the employees' personal initiatives to act and to behave for the well-being of the company, especially in the case of professional ethical reasons. In this context, this paper takes up the challenge to show to the information security specialists the importance of addressing ethical issues along the management of the access rights and proposes a model-based technical approach to face this problem.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123635482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This study is devoted to the optimization of implementation of a recent treeless signature scheme called TSS12. It was shown earlier that the most computational complexity of TSS12 signing algorithm is provided by numerous calls to a Gaussian random oracle in undefined number of attempts to find a suitable masking vector. It is shown in this paper that a several hundred byte buffer of pre-generated random data is capable of providing significant acceleration of TSS12 signing algorithm. This fact is believed to be important for digital signature implementation on devices with limited computational capacities, such as wireless sensors.
{"title":"Improvement of treeless signature schemes implementation by random oracle buffering","authors":"M. Anikeev","doi":"10.1145/2799979.2800045","DOIUrl":"https://doi.org/10.1145/2799979.2800045","url":null,"abstract":"This study is devoted to the optimization of implementation of a recent treeless signature scheme called TSS12. It was shown earlier that the most computational complexity of TSS12 signing algorithm is provided by numerous calls to a Gaussian random oracle in undefined number of attempts to find a suitable masking vector. It is shown in this paper that a several hundred byte buffer of pre-generated random data is capable of providing significant acceleration of TSS12 signing algorithm. This fact is believed to be important for digital signature implementation on devices with limited computational capacities, such as wireless sensors.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124681085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The two main problems that make authentication difficult for users have been known for some time and result in a number of coping mechanisms. The first problem is that users need to provide a large number of passwords, leading to password reuse. The second problem is that it is difficult to find passwords and PINS that are both secure and memorable, leading to writing them down. One technical solution to the first problem is to use a password manager, but this gives a large amount of personal information to the organisation providing the password manager, leading to issues of trust. One technical solution to the second problem is to use graphical passwords, but they are less usable because of the long registration process. Mobile devices provide a different environment for authentication, with both advantages and disadvantages. One immediate difference is that these devices are mobile, meaning that authentication can be location based. They usually contain a camera and microphone and some input from these peripherals can also be used in authentication. Another difference is that users typically spend a lot of time with their mobile device, making the registration time for graphical passwords less of a problem, provided it was entertaining enough. Most mobile devices have a touch screen which can also be used to create graphical passwords if necessary. Mobile devices also have drawbacks, mainly that they are easily lost, stolen or accessed by someone else. Also, it is not possible to write a password down on a sticky note and attach it to the screen! Using the memo app or 'fake' contacts is vulnerable to being downloaded. I will talk about work done with Md. Sadek Ferdous on Federated Authentication Systems. We look at ways of giving users control over the attributes that they wish to reveal to the various parties to the system. We also look at aggregating attributes from different providers, creating dynamic federations. This is quite useful for mobile devices where portable personal ID providers can be aware of their context. Whether such systems will actually be adopted depends on the views of the various stakeholders, and I will briefly discuss this issue. I will also talk about work done with Salem Jebriel, Rose English, Hani Aljahdali and Soum Chowdhury on graphical passwords. We have focussed on recognition based graphical passwords, where the user has to recognise the pass-images they provided on registration among other distracter images. They are easier to use than other approaches and so more likely to be adopted. The images can either be created by the user on registration, or selected from a collection provided by the system. Both ways have their advantages and disadvantages. It is possible to quantify how secure each type of system is under a variety of attacks. One attack is to guess which images a person would have created or chosen based on other readily available information about the user. There are interesting effects of cultur
让用户难以进行身份验证的两个主要问题已经为人所知有一段时间了,并导致了许多应对机制。第一个问题是用户需要提供大量的密码,导致密码重复使用。第二个问题是,很难找到既安全又容易记住的密码和个人识别码,导致人们把它们写下来。第一个问题的一个技术解决方案是使用密码管理器,但这会向提供密码管理器的组织提供大量个人信息,从而导致信任问题。第二个问题的一个技术解决方案是使用图形密码,但由于注册过程漫长,它们的可用性较差。移动设备为身份验证提供了不同的环境,有优点也有缺点。一个直接的区别是,这些设备是移动的,这意味着身份验证可以基于位置。它们通常包含一个摄像头和麦克风,这些外设的一些输入也可以用于身份验证。另一个不同之处在于,用户通常会花很多时间在他们的移动设备上,这使得注册图形密码的时间不是一个问题,只要它足够有趣。大多数移动设备都有触摸屏,必要时还可以使用触摸屏创建图形密码。移动设备也有缺点,主要是它们很容易丢失、被盗或被其他人访问。此外,不可能在便利贴上写下密码并将其贴在屏幕上!使用备忘录应用程序或“假”联系人很容易被下载。我将讨论与Sadek Ferdous博士在联邦身份验证系统上所做的工作。我们研究了让用户控制他们希望向系统的各方显示的属性的方法。我们还研究了聚合来自不同提供者的属性,创建动态联合。这对于移动设备非常有用,因为便携式个人ID提供程序可以了解它们的上下文。这些制度是否会被采纳,取决于各持份者的意见,我将简要讨论这个问题。我还将讨论与Salem Jebriel, Rose English, Hani Aljahdali和Soum Chowdhury在图形密码方面所做的工作。我们专注于基于图形密码的识别,用户必须识别在其他干扰图像中注册时提供的通行证图像。它们比其他方法更容易使用,因此更有可能被采用。这些图像可以由用户在注册时创建,也可以从系统提供的集合中选择。两种方式都有各自的优点和缺点。可以量化每种类型的系统在各种攻击下的安全程度。一种攻击是根据其他现成的用户信息猜测用户会创建或选择哪些图像。文化、性别和选择干扰图像的方式会产生有趣的影响。如果图形密码被广泛采用,而没有使用联邦系统,那么记住多个图形密码就会成为一个问题。我将讨论使用多个图形密码的实验,以及如何给出通过提示来缓解问题。
{"title":"The use of mobile devices in authentication","authors":"R. Poet","doi":"10.1145/2799979.2799982","DOIUrl":"https://doi.org/10.1145/2799979.2799982","url":null,"abstract":"The two main problems that make authentication difficult for users have been known for some time and result in a number of coping mechanisms. The first problem is that users need to provide a large number of passwords, leading to password reuse. The second problem is that it is difficult to find passwords and PINS that are both secure and memorable, leading to writing them down. One technical solution to the first problem is to use a password manager, but this gives a large amount of personal information to the organisation providing the password manager, leading to issues of trust. One technical solution to the second problem is to use graphical passwords, but they are less usable because of the long registration process. Mobile devices provide a different environment for authentication, with both advantages and disadvantages. One immediate difference is that these devices are mobile, meaning that authentication can be location based. They usually contain a camera and microphone and some input from these peripherals can also be used in authentication. Another difference is that users typically spend a lot of time with their mobile device, making the registration time for graphical passwords less of a problem, provided it was entertaining enough. Most mobile devices have a touch screen which can also be used to create graphical passwords if necessary. Mobile devices also have drawbacks, mainly that they are easily lost, stolen or accessed by someone else. Also, it is not possible to write a password down on a sticky note and attach it to the screen! Using the memo app or 'fake' contacts is vulnerable to being downloaded. I will talk about work done with Md. Sadek Ferdous on Federated Authentication Systems. We look at ways of giving users control over the attributes that they wish to reveal to the various parties to the system. We also look at aggregating attributes from different providers, creating dynamic federations. This is quite useful for mobile devices where portable personal ID providers can be aware of their context. Whether such systems will actually be adopted depends on the views of the various stakeholders, and I will briefly discuss this issue. I will also talk about work done with Salem Jebriel, Rose English, Hani Aljahdali and Soum Chowdhury on graphical passwords. We have focussed on recognition based graphical passwords, where the user has to recognise the pass-images they provided on registration among other distracter images. They are easier to use than other approaches and so more likely to be adopted. The images can either be created by the user on registration, or selected from a collection provided by the system. Both ways have their advantages and disadvantages. It is possible to quantify how secure each type of system is under a variety of attacks. One attack is to guess which images a person would have created or chosen based on other readily available information about the user. There are interesting effects of cultur","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129778040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper is devoted to static analysis of the software code security. We suggest using heuristic static code analysis to detect a full spectrum of vulnerabilities, including backdoors. Production rules are suggested for use to formalize heuristics for detection of vulnerabilities. We developed a conceptual system of production models for detection of a full spectrum of vulnerabilities in the software code. This paper provides examples of heuristic formalization for detection of certain vulnerabilities classified subject to CWE register. It also provides a brief statistics of application of the suggested heuristic analysis in the study of the software code security.
{"title":"A Production Model System for Detecting Vulnerabilities in the Software Source Code","authors":"A. Barabanov, A. Markov, Andrey Fadin, V. Tsirlov","doi":"10.1145/2799979.2800019","DOIUrl":"https://doi.org/10.1145/2799979.2800019","url":null,"abstract":"This paper is devoted to static analysis of the software code security. We suggest using heuristic static code analysis to detect a full spectrum of vulnerabilities, including backdoors. Production rules are suggested for use to formalize heuristics for detection of vulnerabilities. We developed a conceptual system of production models for detection of a full spectrum of vulnerabilities in the software code. This paper provides examples of heuristic formalization for detection of certain vulnerabilities classified subject to CWE register. It also provides a brief statistics of application of the suggested heuristic analysis in the study of the software code security.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131081873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article describes the access control model D-TBAC which extends TBAC. The presented model takes into account the requirements for the tasks performance. Model elements, properties, and rules of conditions' transformation are defined formally
{"title":"Access control model D-TBAC subject to the requirements to tasks' performing","authors":"Sergey Lapin","doi":"10.1145/2799979.2800034","DOIUrl":"https://doi.org/10.1145/2799979.2800034","url":null,"abstract":"This article describes the access control model D-TBAC which extends TBAC. The presented model takes into account the requirements for the tasks performance. Model elements, properties, and rules of conditions' transformation are defined formally","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131155322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: