Buffer overflow (BOF) is a notorious vulnerability that leads to non-secure software. The presence of BOF hampers essential security objectives - confidentiality, integrity and availability. A BOF might result in neigh boring data values corruption, application core dumps, etc. This research focuses on the detection and patching of BOF vulnerabilities. The detection includes identifying programming elements that might cause BOF, such as limitations due to languages, associated libraries, and logical errors. This work presents several code patterns that include simple (one statement) and complex (multiple statements) forms of BOF. For prevention, we propose eight rules to fix vulnerable code to avoid BOF without modifying the application functionality. The proposed approach addresses BOF issues not only at the unit level but also at the integrated level by passing buffer length information. The proposed rules are evaluated with 14 benchmark applications that have known BOF vulnerabilities. The results show that the proposed rules are effective in detecting and patching BOF without altering original functionalities of applications. The performance overhead due to the application of the proposed patching rules is negligible.
{"title":"Rule-Based Source Level Patching of Buffer Overflow Vulnerabilities","authors":"H. Shahriar, Hisham M. Haddad","doi":"10.1109/ITNG.2013.96","DOIUrl":"https://doi.org/10.1109/ITNG.2013.96","url":null,"abstract":"Buffer overflow (BOF) is a notorious vulnerability that leads to non-secure software. The presence of BOF hampers essential security objectives - confidentiality, integrity and availability. A BOF might result in neigh boring data values corruption, application core dumps, etc. This research focuses on the detection and patching of BOF vulnerabilities. The detection includes identifying programming elements that might cause BOF, such as limitations due to languages, associated libraries, and logical errors. This work presents several code patterns that include simple (one statement) and complex (multiple statements) forms of BOF. For prevention, we propose eight rules to fix vulnerable code to avoid BOF without modifying the application functionality. The proposed approach addresses BOF issues not only at the unit level but also at the integrated level by passing buffer length information. The proposed rules are evaluated with 14 benchmark applications that have known BOF vulnerabilities. The results show that the proposed rules are effective in detecting and patching BOF without altering original functionalities of applications. The performance overhead due to the application of the proposed patching rules is negligible.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132455427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Hajar Omrana, I. Bitar, Fatima-Zahra Belouadha, O. Roudiès
Web services Description has been recognized as an interesting paradigm that attracted significant attention from the research community. Currently, several WS description approaches have been presented to complete a detailed description with all the required aspects. The WSDL standard remains incomplete to provide a sufficiently rich description to service consumers. Thus, WSDL extensions as SAWSDL and WS-Policy have been proposed to offer a wider coverage of various WSs description aspects. Meanwhile, OWL-S and WSMO provide general representational frameworks for semantic Web Services. In this paper, we systematically compare WSMO, OWL-S and WSDL 2.0 enriched by SAWSDL and WS-Policy extentions, in the context of four aspects namely the functional, non-functional, technical and the data model aspects to better illustrate the strengths and the weaknesses of each of these approaches.
{"title":"A Comparative Evaluation of Web Services Description Approaches","authors":"Hajar Omrana, I. Bitar, Fatima-Zahra Belouadha, O. Roudiès","doi":"10.1109/ITNG.2013.17","DOIUrl":"https://doi.org/10.1109/ITNG.2013.17","url":null,"abstract":"Web services Description has been recognized as an interesting paradigm that attracted significant attention from the research community. Currently, several WS description approaches have been presented to complete a detailed description with all the required aspects. The WSDL standard remains incomplete to provide a sufficiently rich description to service consumers. Thus, WSDL extensions as SAWSDL and WS-Policy have been proposed to offer a wider coverage of various WSs description aspects. Meanwhile, OWL-S and WSMO provide general representational frameworks for semantic Web Services. In this paper, we systematically compare WSMO, OWL-S and WSDL 2.0 enriched by SAWSDL and WS-Policy extentions, in the context of four aspects namely the functional, non-functional, technical and the data model aspects to better illustrate the strengths and the weaknesses of each of these approaches.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"131 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134497095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Kodithuwakku, Lakmal Padmakumara, Ishara Premadasa, S. Rathnayaka, V. Nanayakkara, S. Perera
Management of a large scale distributed system presents several issues such as managing a network of thousands of nodes, keeping the system up to date when nodes are added, deleted, changed and detecting and recovering from failures. With all these challenges, required features of a distributed system vary from organization to organization. Here we present 'GajaNindu', a distributed management framework, which facilitates user-defined management rules. This feature provides organizations with the capability of modifying the framework according to their business/organizational needs. Open source technologies (Apache Zookeeper, Apache Thrift and Jboss Drools) have been used to implement a prototype of the concept.
{"title":"GajaNindu: A Distributed System Management Framework with User-Defined Management Logic","authors":"S. Kodithuwakku, Lakmal Padmakumara, Ishara Premadasa, S. Rathnayaka, V. Nanayakkara, S. Perera","doi":"10.1109/ITNG.2013.125","DOIUrl":"https://doi.org/10.1109/ITNG.2013.125","url":null,"abstract":"Management of a large scale distributed system presents several issues such as managing a network of thousands of nodes, keeping the system up to date when nodes are added, deleted, changed and detecting and recovering from failures. With all these challenges, required features of a distributed system vary from organization to organization. Here we present 'GajaNindu', a distributed management framework, which facilitates user-defined management rules. This feature provides organizations with the capability of modifying the framework according to their business/organizational needs. Open source technologies (Apache Zookeeper, Apache Thrift and Jboss Drools) have been used to implement a prototype of the concept.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133803720","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Web applications are increasingly used in recent years to provide online services such as banking, shopping, social networking, etc. These applications operate with sensitive user information and hence there is a high need for assuring their confidentiality, integrity, and availability. Existing pre-deployment testing techniques, tools, and methodologies do not assure complete analysis, execution and testing of all possible behaviors of the software. This causes the software to sometimes behave differently than what it was designed for during its post-deployment. Such a deviation in the system's behavior, also termed as "Software Anomaly," is mostly due to external attacks such as Path Traversal Attacks, SQL Injection Attacks, etc., that in turn affect confidential user information stored in the application. In this paper, we present and evaluate a framework called Runtime Monitoring Framework to handle union query based SQL Injection Attacks.
{"title":"Runtime Monitors to Detect and Prevent Union Query Based SQL Injection Attacks","authors":"Ramya Dharam, S. Shiva","doi":"10.1109/ITNG.2013.57","DOIUrl":"https://doi.org/10.1109/ITNG.2013.57","url":null,"abstract":"Web applications are increasingly used in recent years to provide online services such as banking, shopping, social networking, etc. These applications operate with sensitive user information and hence there is a high need for assuring their confidentiality, integrity, and availability. Existing pre-deployment testing techniques, tools, and methodologies do not assure complete analysis, execution and testing of all possible behaviors of the software. This causes the software to sometimes behave differently than what it was designed for during its post-deployment. Such a deviation in the system's behavior, also termed as \"Software Anomaly,\" is mostly due to external attacks such as Path Traversal Attacks, SQL Injection Attacks, etc., that in turn affect confidential user information stored in the application. In this paper, we present and evaluate a framework called Runtime Monitoring Framework to handle union query based SQL Injection Attacks.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115376950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Software free from defects is a goal to be ideally achieved. Defects in software do arise from the development process. A possible solution for quality improvement is to apply a reference framework for software testing during all development phases. What is needed is a software testing process performed along with its development, in an orderly and simple way, even if the software development have been conducted in an organization without maturity certification. This investigation proposes to validate the hypothesis: software product quality is dependent on the software testing. In order to verify and validate the proposed hypothesis, it was applied to a case study, in which the statistical technique for Pearson's Chi-Square was used to determine whether there is a significant relationship among the categorical variables based on software testing results. This case study was derived from an actual project at the Brazilian Aeronautics Institute of Technology and its preliminary results are promising.
{"title":"Applying Testing to Enhance Software Product Quality","authors":"Etiene Lamas, L. Dias, A. Cunha","doi":"10.1109/ITNG.2013.56","DOIUrl":"https://doi.org/10.1109/ITNG.2013.56","url":null,"abstract":"Software free from defects is a goal to be ideally achieved. Defects in software do arise from the development process. A possible solution for quality improvement is to apply a reference framework for software testing during all development phases. What is needed is a software testing process performed along with its development, in an orderly and simple way, even if the software development have been conducted in an organization without maturity certification. This investigation proposes to validate the hypothesis: software product quality is dependent on the software testing. In order to verify and validate the proposed hypothesis, it was applied to a case study, in which the statistical technique for Pearson's Chi-Square was used to determine whether there is a significant relationship among the categorical variables based on software testing results. This case study was derived from an actual project at the Brazilian Aeronautics Institute of Technology and its preliminary results are promising.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116837955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The core problems of database migration are the data integrity, data accuracy and business continuity. We discussed these problems during heterogeneous database migration in this article. We designed and implemented a migration project for Tsinghua University. This project migrated Oracle RAC into a heterogeneous database completely and successfully.
{"title":"An Approach to Heterogeneous Database Migration","authors":"Qian Wang, Chun-I Yu, Naijia Liu","doi":"10.1109/ITNG.2013.120","DOIUrl":"https://doi.org/10.1109/ITNG.2013.120","url":null,"abstract":"The core problems of database migration are the data integrity, data accuracy and business continuity. We discussed these problems during heterogeneous database migration in this article. We designed and implemented a migration project for Tsinghua University. This project migrated Oracle RAC into a heterogeneous database completely and successfully.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128491283","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Information Technology has redefined the parameters of doing the business in the recent past. On one side it is opening the doors for new opportunities and on the other side many obstacles are also coming in the successful use of IT tools. Supply chain management is one of the core focuses on the emerging technologies now days. The concept of competitive economy in globalized world is increasing the importance of efficient supply chain management in service organizations. The question raised over here is that whether the service companies are adopting the concept of supply chain management (SCM) in an efficient way or not? Adoption of suitable supply chain technologies in service organizations can have timely and accurate information availability for their decision making process. This adoption of proper Information Technology tools in the SCM is the most important factor to maximize the efficiency in the service organizations. Service organizations in Saudi Arabia (KSA) are facing many obstacles and challenges in successful implementation of supply chain technologies. Based on the data collected from surveying supply chain and logistics managers in 52 organizations based in KSA, this study proposes the possible challenges of Supply chain technologies faced by different categories of service organizations. The findings provide a new perspective in identifying the possible challenges faced by the service organizations to implement supply chain technologies.
{"title":"Supply Chain Technology Acceptance, Adoption, and Possible Challenges: A Case Study of Service Organizations of Saudi Arabia","authors":"H. Khan, Shafiq Ahmad, M. Abdollahian","doi":"10.1109/ITNG.2013.75","DOIUrl":"https://doi.org/10.1109/ITNG.2013.75","url":null,"abstract":"Information Technology has redefined the parameters of doing the business in the recent past. On one side it is opening the doors for new opportunities and on the other side many obstacles are also coming in the successful use of IT tools. Supply chain management is one of the core focuses on the emerging technologies now days. The concept of competitive economy in globalized world is increasing the importance of efficient supply chain management in service organizations. The question raised over here is that whether the service companies are adopting the concept of supply chain management (SCM) in an efficient way or not? Adoption of suitable supply chain technologies in service organizations can have timely and accurate information availability for their decision making process. This adoption of proper Information Technology tools in the SCM is the most important factor to maximize the efficiency in the service organizations. Service organizations in Saudi Arabia (KSA) are facing many obstacles and challenges in successful implementation of supply chain technologies. Based on the data collected from surveying supply chain and logistics managers in 52 organizations based in KSA, this study proposes the possible challenges of Supply chain technologies faced by different categories of service organizations. The findings provide a new perspective in identifying the possible challenges faced by the service organizations to implement supply chain technologies.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127389605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We consider a problem of computing spectrum of an ordinary differential operator with periodic coefficients. Due to Floquet's theory, such a problem is reduced to a set of eigenvalue problems for modified operators with a periodic boundary condition. We treat two numerical methods for such problems. A first is Hill's method, which reduces each problem to a matrix eigenvalue problem with the finite Fourier series approximation of eigenfunctions of each operator. This method achieves exponential convergence rate with respect to the size of the matrix. The rate, however, gets worse as the period of the coefficients becomes longer, which is observed in some numerical experiments. Then, in order to realize accurate computation in the cases of the long periods, we propose a second method related to Sinc approximation. Basically, Sinc approximation employs Sinc bases generated by the sinc function sinc(x) = sin(pi x)/(pi x) on R. In this work, a certain variant of the sinc function is adopted to approximate periodic functions. Our method keeps good accuracy in the cases of the long periods, which can be confirmed in some numerical experiments.
{"title":"A Sinc Method for an Eigenvalue Problem of a Differential Operator with Periodic Coefficients and Its Comparison with Hill's Method","authors":"Ken’ichiro Tanaka","doi":"10.1109/ITNG.2013.31","DOIUrl":"https://doi.org/10.1109/ITNG.2013.31","url":null,"abstract":"We consider a problem of computing spectrum of an ordinary differential operator with periodic coefficients. Due to Floquet's theory, such a problem is reduced to a set of eigenvalue problems for modified operators with a periodic boundary condition. We treat two numerical methods for such problems. A first is Hill's method, which reduces each problem to a matrix eigenvalue problem with the finite Fourier series approximation of eigenfunctions of each operator. This method achieves exponential convergence rate with respect to the size of the matrix. The rate, however, gets worse as the period of the coefficients becomes longer, which is observed in some numerical experiments. Then, in order to realize accurate computation in the cases of the long periods, we propose a second method related to Sinc approximation. Basically, Sinc approximation employs Sinc bases generated by the sinc function sinc(x) = sin(pi x)/(pi x) on R. In this work, a certain variant of the sinc function is adopted to approximate periodic functions. Our method keeps good accuracy in the cases of the long periods, which can be confirmed in some numerical experiments.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"299 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132333078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Researchers are struggling for building high reliable and energy efficient parallel disk systems for years. With the times of high energy cost, conserving energy in parallel disk systems has large impact on reducing cost of disk systems and other related backup systems. In addition, it will conserve a lot of energy consumed by parallel disks in high performance computing systems. Moreover, Disk reliability is also significant for data integrity. While different reliability models and energy conservation techniques have been developed for parallel disk systems, most solutions do not consider two factors together in an optimization prospective and they do not consider the impact of disk workload. In this paper, we build a high reliable and energy-efficient parallel disk system using Markov chains. Specifically, we develop a quantitative reliability model for energy-efficient parallel disk systems which considers the impact of disk workload. With the new model, we can achieve the optimization between disk reliability and energy efficiency in parallel disk systems.
{"title":"Workload Based Optimization Model for Parallel Disk Systems","authors":"Fangyang Shen, Bing Qi","doi":"10.1109/ITNG.2013.34","DOIUrl":"https://doi.org/10.1109/ITNG.2013.34","url":null,"abstract":"Researchers are struggling for building high reliable and energy efficient parallel disk systems for years. With the times of high energy cost, conserving energy in parallel disk systems has large impact on reducing cost of disk systems and other related backup systems. In addition, it will conserve a lot of energy consumed by parallel disks in high performance computing systems. Moreover, Disk reliability is also significant for data integrity. While different reliability models and energy conservation techniques have been developed for parallel disk systems, most solutions do not consider two factors together in an optimization prospective and they do not consider the impact of disk workload. In this paper, we build a high reliable and energy-efficient parallel disk system using Markov chains. Specifically, we develop a quantitative reliability model for energy-efficient parallel disk systems which considers the impact of disk workload. With the new model, we can achieve the optimization between disk reliability and energy efficiency in parallel disk systems.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130281792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Model-based testing (MBT) in hardware-in-the-loop (HIL) platform is a simulation and testing environment for embedded systems, in which test design automation provided by MBT is combined with HIL methodology. A HIL platform is a testing environment in which the embedded system under testing (SUT) assumes to be operating with real-world inputs and outputs. In this paper, we focus on presenting the novel methodologies and tools that were used to conduct the validation of the MBT in HIL platform. Another novelty of the validation approach is that it aims to provide a comprehensive and many-sided process view to validating MBT and HIL related systems including different component, integration and system level testing activities. The research is based on the constructive method of the related scientific literature and testing technologies, and the results are derived through testing and validating the implemented MBT in HIL platform. The used testing process indicated that the functionality of the constructed MBT in HIL prototype platform was validated.
{"title":"Validation of Model-Based Testing in Hardware in the Loop Platform","authors":"J. Keranen, T. Raty","doi":"10.1109/ITNG.2013.53","DOIUrl":"https://doi.org/10.1109/ITNG.2013.53","url":null,"abstract":"Model-based testing (MBT) in hardware-in-the-loop (HIL) platform is a simulation and testing environment for embedded systems, in which test design automation provided by MBT is combined with HIL methodology. A HIL platform is a testing environment in which the embedded system under testing (SUT) assumes to be operating with real-world inputs and outputs. In this paper, we focus on presenting the novel methodologies and tools that were used to conduct the validation of the MBT in HIL platform. Another novelty of the validation approach is that it aims to provide a comprehensive and many-sided process view to validating MBT and HIL related systems including different component, integration and system level testing activities. The research is based on the constructive method of the related scientific literature and testing technologies, and the results are derived through testing and validating the implemented MBT in HIL platform. The used testing process indicated that the functionality of the constructed MBT in HIL prototype platform was validated.","PeriodicalId":320262,"journal":{"name":"2013 10th International Conference on Information Technology: New Generations","volume":"237 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123166110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: