Static Detection of User-specified Security Vulnerabilities in Client-side JavaScript

2016 ◽  
Author(s):  
Jens Nicolay ◽  
Valentijn Spruyt ◽  
Coen De Roover
Keyword(s):  
Security Vulnerabilities ◽  
Client Side ◽  
Static Detection

DYNAMIC REST SERVICES ORCHESTRATION USING THE KNOWLEDGE BASE

2019 ◽  
Author(s):  
Kostyantyn Kharchenko
Keyword(s):  
Knowledge Base ◽  
Service Oriented Architecture ◽  
Main Idea ◽  
The Real ◽  
Server Side ◽  
Service Oriented ◽  
Services Orchestration ◽  
Client Side ◽  
Abstract Operation ◽  
Microservice Architecture

The approach to organizing the automated calculations’ execution process using the web services (in particular, REST-services) is reviewed. The given solution will simplify the procedure of introduction of the new functionality in applied systems built according to the service-oriented architecture and microservice architecture principles. The main idea of the proposed solution is in maximum division of the server-side logic development and the client-side logic, when clients are used to set the abstract computation goals without any dependencies to existing applied services. It is proposed to rely on the centralized scheme to organize the computations (named as orchestration) and to put to the knowledge base the set of rules used to build (in multiple steps) the concrete computational scenario from the abstract goal. It is proposed to include the computing task’s execution subsystem to the software architecture of the applied system. This subsystem is composed of the service which is processing the incoming requests for execution, the service registry and the orchestration service. The clients send requests to the execution subsystem without any references to the real-world services to be called. The service registry searches the knowledge base for the corresponding input request template, then the abstract operation description search for the request template is performed. Each abstract operation may already have its implementation in the form of workflow composed of invocations of the real applied services’ operations. In case of absence of the corresponding workflow in the database, this workflow implementation could be synthesized dynamically according to the input and output data and the functionality description of the abstract operation and registered applied services. The workflows are executed by the orchestrator service. Thus, adding some new functions to the client side can be possible without any changes at the server side. And vice versa, adding new services can impact the execution of the calculations without updating the clients.

Static detection of array bounds errors and null pointer dereference in Java

2009 ◽  
Vol 29 (5) ◽  
pp. 1376-1379 ◽  
Author(s):  
Bai-qiang CHEN ◽  
Tao GUO ◽  
Hui RUAN ◽  
Jun YAN
Keyword(s):  
Static Detection ◽  
Null Pointer

Static detection of polymorphic attack codes

2011 ◽  
Vol 30 (12) ◽  
pp. 3349-3353 ◽  
Author(s):  
Jia-xing LU ◽  
Fan GUO ◽  
Min YU
Keyword(s):  
Static Detection

Comparative Study of Cryptography for Cloud Computing for Data Security

2019 ◽  
Vol 13 ◽  
Author(s):  
Priya Mathur ◽  
Amit Kumar Gupta ◽  
Prateek Vashishtha
Keyword(s):  
Cloud Computing ◽  
Data Security ◽  
Elliptic Curve Cryptography ◽  
Plain Text ◽  
Hybrid Encryption ◽  
Cipher Text ◽  
Business Applications ◽  
Computing Grid ◽  
Cloud Servers ◽  
Client Side

Cloud computing is an emerging technique by which anyone can access the applications as utilities over the internet. Cloud computing is the technology which comprises of all the characteristics of the technologies like distributed computing, grid computing, and ubiquitous computing. Cloud computing allows everyone to create, to configure as well as to customize the business applications online. Cryptography is the technique which is use to convert the plain text into cipher text using various encryption techniques. The art and science used to introduce the secrecy in the information security in order to secure the messages is defined as cryptography. In this paper we are going to review few latest Cryptographic algorithms which are used to enhance the security of the data on the cloud servers. We are comparing Short Range Natural Number Modified RSA (SRNN), Elliptic Curve Cryptography Algorithm, Client Side Encryption Technique and Hybrid Encryption Technique to secure the data in cloud.

Clinical Cybersecurity Training Through Novel High Fidelity Simulations (Preprint)

2018 ◽  
Author(s):  
Christian Dameff ◽  
Jordan Selzer ◽  
Jonathan Fisher ◽  
James Killeen ◽  
Jeffrey Tully
Keyword(s):  
Patient Safety ◽  
Patient Care ◽  
Medical Devices ◽  
Healthcare Systems ◽  
High Fidelity ◽  
Protected Health Information ◽  
Patient Harm ◽  
Security Vulnerabilities ◽  
Clinical Simulations ◽  
Medical Infrastructure

BACKGROUND Cybersecurity risks in healthcare systems have traditionally been measured in data breaches of protected health information but compromised medical devices and critical medical infrastructure raises questions about the risks of disrupted patient care. The increasing prevalence of these connected medical devices and systems implies that these risks are growing. OBJECTIVE This paper details the development and execution of three novel high fidelity clinical simulations designed to teach clinicians to recognize, treat, and prevent patient harm from vulnerable medical devices. METHODS Clinical simulations were developed which incorporated patient care scenarios with hacked medical devices based on previously researched security vulnerabilities. RESULTS Clinician participants universally failed to recognize the etiology of their patient’s pathology as being the result of a compromised device. CONCLUSIONS Simulation can be a useful tool in educating clinicians in this new, critically important patient safety space.

Hardware Information Flow Tracking

2021 ◽  
Vol 54 (4) ◽  
pp. 1-39
Author(s):  
Wei Hu ◽  
Armaiti Ardeshiricham ◽  
Ryan Kastner
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Information Flow ◽  
Hardware Security ◽  
Computing System ◽  
Security Vulnerabilities ◽  
Information Flow Tracking ◽  
Side Channels ◽  
Security Properties ◽  
Tools And Techniques

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

Security Threat Analyses and Attack Models for Approximate Computing Systems

2021 ◽  
Vol 26 (4) ◽  
pp. 1-31
Author(s):  
Pruthvy Yellu ◽  
Landon Buell ◽  
Miguel Mark ◽  
Michel A. Kinsy ◽  
Dongpeng Xu ◽  
...  
Keyword(s):  
Error Resilience ◽  
Security Threats ◽  
Approximate Computing ◽  
Security Threat ◽  
Security Vulnerabilities ◽  
Computing Systems ◽  
Quantitative Analyses ◽  
Resilience Mechanisms ◽  
The Impact ◽  
Attack Models

Approximate computing (AC) represents a paradigm shift from conventional precise processing to inexact computation but still satisfying the system requirement on accuracy. The rapid progress on the development of diverse AC techniques allows us to apply approximate computing to many computation-intensive applications. However, the utilization of AC techniques could bring in new unique security threats to computing systems. This work does a survey on existing circuit-, architecture-, and compiler-level approximate mechanisms/algorithms, with special emphasis on potential security vulnerabilities. Qualitative and quantitative analyses are performed to assess the impact of the new security threats on AC systems. Moreover, this work proposes four unique visionary attack models, which systematically cover the attacks that build covert channels, compensate approximation errors, terminate normal error resilience mechanisms, and propagate additional errors. To thwart those attacks, this work further offers the guideline of countermeasure designs. Several case studies are provided to illustrate the implementation of the suggested countermeasures.

Sign in / Sign up

Export Citation Format

Share Document