共查询到20条相似文献,搜索用时 709 毫秒
1.
《Information Security Journal: A Global Perspective》2013,22(6):346-352
ABSTRACT Software security helps in identifying and managing risks. One of the effective ways to identify software vulnerabilities is to analyze its code. Code analysis (Chess & West, 2007) helps in catching common coding mistakes such as buffer overflow, unused variables, memory leaks, and various race conditions, which in turn optimizes computer programs, both in storage and computation aspects. Software developers use either open source tools or commercial tools for verification and validation of software. Without proper validation of a software/system using some standard guidelines, potential attackers can find ways to exploit vulnerabilities and bugs and then can gain control over a system, if they are successful. In this paper, we discuss some of the open source static code analysis and dynamic analysis tools, their merits, and limitations with respect to some target codes that contain possible threats. We consider C/C++ and Java programming languages for our experiments. For static code analyzers, we consider Flawfinder, Splint, and Cppcheck; PMD, Findbugs, and Valgrind for dynamic code analysis, and its plug-in, Memcheck, to perform dynamic analysis on executables. We provide our observations in a comparison table, highlighting these tools strengths and weaknesses. 相似文献
2.
Matthew V. Ball Cyril Guyot James P. Hughes Luther Martin Landon Curt Noll 《Cryptologia》2013,37(1):70-79
Abstract This paper describes the importance of the XTS-AES encryption mode of operation and concludes with a new proof for the security of ciphertext stealing as used by XTS-AES. The XTS-AES mode is designed for encrypting data stored on hard disks where there is not additional space for an integrity field. Given this lack of space for an integrity field, XTS-AES builds on the security of AES by protecting the storage device from many dictionary and copy/paste attacks. The operation of the XTS mode of AES is defined in the IEEE 1619-2007 standard [3], and has been adopted by the U.S. National Institute of Standards and Technology (NIST) as an approved mode of operation under FIPS 140-2 [2]. XTS-AES builds on the XEX (Xor-Encrypt-Xor) mode originally proposed by Rogaway [8]. 相似文献
3.
Shoude Li 《International journal of systems science》2014,45(11):2390-2401
Using the well-known Arrow and Karlin (1958) dynamic production–inventory model and the model with tradable emission permits which was presented by Dobos (2005, 2007), we develop a model of the production–inventory system with deteriorating items and tradable emission permits. The objective of this paper is to apply the optimal control theory to solve the production–inventory problem with deteriorating items and tradable emission permits, and derive the optimal inventory level and the optimal production rate that minimise the total cost. The results are discussed with a numerical example and a sensitivity analysis of the optimal solution with respect to the parameters of the production–inventory system is carried out. 相似文献
4.
5.
AbstractGOST-R 34.11-94 is a Russian standard cryptographic hash function that was introduced in 1994 by the Russian Federal Agency for the purposes of information processing, information security, and digital signature. Mendel et al. (2008) and Courtois and Mourouzis (2011) found attacks on the compression function of the GOST-R structure that were basically weaknesses of the GOST-R block cipher (GOST 28147–89, 1989). Hence in 2012, it was updated to GOST-R 34.11-2012, which replaced the older one for all its applications from January 2013. GOST-R 34.11-2012 is based on a modified Merkle-Damgård construction. Here we present a modified version of GOST-R 34.11-2012 (Modified GOST-R (MGR) hash). The design of the MGR hash is based on wide-pipe construction, which is also a modified Merkle-Damgård construction. MGR is much more secure as well as three times faster than GOST-R 34.11-2012. Advanced Encryption Standard (AES)-like block ciphers have been used in designing the compression function of MGR because AES is one of the most efficient and secure block ciphers and has been evaluated for more than 14?years. A detailed statistical analysis with a few other attacks on MGR is incorporated into this paper. 相似文献
6.
Richard Ssekibuule 《控制论与系统》2013,44(7):522-534
This article presents a review of security mechanisms that have been developed for mobile agent security against malicious platforms. It has been almost 10 years since a prominent review of security in agent systems was presented by Jansen (2000). We present new developments that have been suggested over the years, evaluate limitations of these schemes, and highlight possible areas of improvement. This article further presents possible threats to the mobile agent paradigm and distinguishes between detection and prevention security mechanisms. 相似文献
7.
Ayan Bandyopadhyay Debasis Ganguly Mandar Mitra Sanjoy Kumar Saha Gareth J.F. Jones 《Information Systems Frontiers》2018,20(5):925-932
Twitter (http://twitter.com) is one of the most popular social networking platforms. Twitter users can easily broadcast disaster-specific information, which, if effectively mined, can assist in relief operations. However, the brevity and informal nature of tweets pose a challenge to Information Retrieval (IR) researchers. In this paper, we successfully use word embedding techniques to improve ranking for ad-hoc queries on microblog data. Our experiments with the ‘Social Media for Emergency Relief and Preparedness’ (SMERP) dataset provided at an ECIR 2017 workshop show that these techniques outperform conventional term-matching based IR models. In addition, we show that, for the SMERP task, our word embedding based method is more effective if the embeddings are generated from the disaster specific SMERP data, than when they are trained on the large social media collection provided for the TREC (http://trec.nist.gov/) 2011 Microblog track dataset. 相似文献
8.
《Information Security Journal: A Global Perspective》2013,22(5):280-284
ABSTRACT As open source software has gained in popularity throughout the last decades, free operating systems (OSs) such as Linux (Torvalds) and BSD derivatives (i.e., FreeBSD, 2012; NetBSD, 2012; OpenBSD, 2012) have become more common, not only on datacenters but also on desktop and laptop computers. It is not rare to find computer labs or company offices composed of personal computers that boot more than one operating system. By being able to choose among available OSs, a company's or organization's information technology manager has the freedom to select the right OS for the company's needs, and the decision can be based on technical or financial criteria. This freedom of choice, however, comes with a cost. The administrative complexity of heterogeneous networks is much higher compared to single OS networks, and if the network is large enough so that protocols such as LDAP (Zeilenga, 2006) or Kerberos (Kohl & Neuman, 1993) need to be adopted, then the administration burden may become unbearable. Even though some tools exist that make user management of heterogeneous networks more feasible (Tournier, 2006; Chu & Symas Corp., 2005), it is not uncommon to use more than one back end for storing user credentials due to OS incompatibilities. In such configurations, the hardest problem to address is credential and account expiration synchronization among the different back ends. This paper demonstrates a platform that tries to mitigate the problem of synchronization by adding an additional, modular, easy to expand layer which is responsible for synchronizing any number of underlying back ends in a secure fashion. 相似文献
9.
Piotr Grabowski 《International journal of control》2013,86(8):1539-1563
A model of a heavy chain system with a punctual load (tip mass) in the form of a system of partial differential equations is interpreted as an abstract semigroup system on a Hilbert state space. Our aim is to solve the output motion planning problem of the same nature as in the case of an unloaded heavy chain (Grabowski, P. (2003), ‘Abstract Semigroup Model of Heavy Chain System with Application to a Motion Planning Problem’, in Proceedings of 9th IEEE International Conference: Methods and Models in Automation and Robotics, 25–28 August, Mi?dzyzdroje, Poland, pp. 77–86 (IS1-2-3.PDF)). In order to solve this problem we first analyse its well-posedness and some basic properties. Next, we solve the output motion planning problem using a substitute of the inverse of the input–output operator represented in terms of the Laplace transforms. A problem of exponential stabilisation is also formulated and solved using a stabiliser of the colocated type. The exponential stabilisation is proved using the method of Lyapunov functionals combined with some frequency-domain tools. The method of Lyapunov functionals can be replaced by the spectral or exact controllability approach as shown in the second part (Grabowski, P. (2008), ‘The Motion Planning Problem and Exponential Stabilisation of a Heavy Chain. Part II’, Opuscula Mathematica, 28 (2008) (Special issue dedicated to the memory of Professor Andrzej Lasota), 481–505) of the present article. A laboratory setup which allows verification of the results in practice is described in detail. Its dynamical model is used as an example to illustrate the theoretical results. 相似文献
10.
11.
Chris Meigh-Andrews 《Digital Creativity》2013,24(2):112-114
The Brainstorm feature introduced in Adobe After Effects CS3 (2007) allows users to automate parts of the process of generating design variations for the purposes of comparison and selection. The paper begins with a brief discussion of current discursive formations around software and software-based practice among digital design practitioners and educators. Next, the paper draws upon critical concepts drawn from multimodal discourse analysis, media theory and sociology to analyse Brainstorm in terms of the interplay of software structure and design agency. The key concepts used are modality, articulation and interpretation (Kress and van Leeuwen 1996, 2001), the database as cultural form and the logic of selection (Manovich 2001), habitus and practical logic (Bourdieu 1977) and the radius of creativity (Toynbee 2000). Throughout, the paper addresses specific structural features of the software, thus developing an overview of the affordances and constraints of Brainstorm as a creative tool. 相似文献
12.
《Information Security Journal: A Global Perspective》2013,22(5):253-262
ABSTRACT This paper proposes an information assurance (IA) metric that can be used to measure the security posture of an enterprise system in the “monitoring” step (Step 6) of the risk management framework (RMF), as required in the new certification and accreditation (C&A) process described in NIST SP 800-37, Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. This metric was developed by adopting the Object Measurement (OM® 1 ) approach, created to evaluate system development life cycle (SDLC) processes, for use as an IA metric. This metric supports organizational management's decision-making processes by enabling an organization to determine how well a system is complying with its monitoring plan. The values obtained through use of this metric can be abstracted to roll up values from multiple systems, creating an aggregate measure usable by organizational management to assess the security posture of all, or a subset, of their accredited systems undergoing monitoring. 相似文献
13.
《国际计算机数学杂志》2012,89(18):2562-2575
In this article, we extend a Milstein finite difference scheme introduced in 8 for a certain linear stochastic partial differential equation (SPDE) to semi-implicit and fully implicit time-stepping as introduced by Szpruch 32 for stochastic differential equations (SDEs). We combine standard finite difference Fourier analysis for partial differential equations with the linear stability analysis in 3 for SDEs to analyse the stability and accuracy. The results show that Crank–Nicolson time-stepping for the principal part of the drift with a partially implicit but negatively weighted double Itô integral gives unconditional stability over all parameter values and converges with the expected order in the mean-square sense. This opens up the possibility of local mesh refinement in the spatial domain, and we show experimentally that this can be beneficial in the presence of reduced regularity at boundaries. 相似文献
14.
《Information Security Journal: A Global Perspective》2013,22(5-6):267-277
ABSTRACT A mobile ad hoc network (MANET) is a self-organizing, self-configuring confederation of wireless systems. MANET devices join and leave the network asynchronously at will, and there are no predefined client or server roles – roles change based on the nature of a given communication. The dynamic topologies, mobile communications structure, decentralized control, and anonymity creates many challenges to the security of systems and network infrastructure in a MANET environment. Consequently, this extreme form of dynamic and distributed model requires a reevaluation of conventional approaches to security enforcements. Recent developments in agent frameworks have contributed to some potential solutions for security policy enforcements for MANETs. Building on these developments, and extending principles from structuration theory (Giddens, 1984), we formulated a socio-biologically inspired approach to MANET security we refer to as structuration agency theory. 相似文献
15.
José Aguilar Frank Prato César Bravo Francklin Rivas 《Applied Artificial Intelligence》2013,27(5):406-426
Concerning industrial automation, the management of abnormal situations becomes more important everyday. The ability to detect, isolate, and handle abnormal situations in industrial installations, could save huge amounts of money which is normally invested in reparations and/or wasted because of unjustified stoppage of processing plants. In this work, a system for the management of abnormal situations in an artificially gas-lifted well based on agents Abnormal Situations Management System (ASMS) is developed, which is part of the architecture of the industrial automation based on multi-agents systems (SADIA) proposed in Bravo, Aguilar, and Rivas (2004). This agent is based on the intelligent distributed control system based on agents (IDCSBA) reference model proposed in Aguilar, Cerrada, Mousalli, Rivas, and Hidrobo (2005). The MASINA methodology (Aguilar, Hidrobo, and Cerrada 2007) is used in matters of analysis, design, and implementation. 相似文献
16.
Idoya Ferrero-Ferrero M. Ángeles Fernández-Izquierdo M. Jesús Muñoz-Torres 《控制论与系统》2015,46(3-4):249-270
This study aims to explore how board age diversity affects corporate performance. This study develops three hypotheses built on the perspective of the upper echelons and Harrison and Klein's (2007) diversity typology. Focusing on age diversity and using a board of directors as a unit of analysis, this study empirically tests the effects of each type of age diversity on corporate performance in a sample of European listed firms for the year 2009. This study advances the understanding of board behavior and its relationships with corporate results, and presents a new approach to study age diversity from an integrated point of view. 相似文献
17.
Game appropriation is currently not well conceptualized. What literature does exists (Griffiths & Light, 2008; Lowood, 2005; Postigo, 2008; Stalker, 2005) uses the term primarily to denote gamers' practices beyond the designers' original intentions, for instance, game content modifications. This article frames game appropriation in a different manner; unlike existing appropriation models, game appropriation is conceptualized as a motivational process underpinned by three primary factors: game design characteristics, social interaction, and the psychological characteristics of the gamer. The main contribution of this article is the development of the first model of game appropriation, the game appropriation model (GAM). GAM explains the process of digital games' incorporation into gamers' daily practices as well as the nature of their gameplay. Game appropriation recognizes the online–offline continuity; it contributes to understating gameplay as a long-term, dynamic activity, directly interrelated with a gamers' everyday life rather than a set of defined moments of participation. 相似文献
18.
Babula Jena Sanghamitra Sahu Madala Venkateswara Rao Bijoy Kumar Sahu 《International journal of remote sensing》2013,34(24):9879-9891
Indian Remote Sensing Satellite (IRS-P4) multi-frequency scanning microwave radiometer (MSMR) provides geophysical parameters like sea surface temperature (SST), sea surface wind speed (SSWS), integrated water vapour (IWV) and cloud liquid water (CLW). The retrieval procedure of these parameters given by Gohil et al. (2000, Geophysical parameter retrieval over global oceans from IRS-P4 (MSMR). In Preprints, Fifth Pacific Ocean Remote Sensing Conference, 5–8 December 2000, Goa, India (Goa: National Institute of Oceanography), pp. 207–211) was summarized by Sharma et al. (2002, Identification of large scale atmospheric and oceanic features from IRS-P4 multifrequency scanning microwave radiometer: preliminary results. Journal of Atmospheric and Oceanic Technology, 19, pp. 1127–1134) and Jena (2007, Studies on the retrieval, validation and applications of geophysical parameters from IRS-P4 (MSMR) data. PhD thesis, Berhampur University, Orissa). Demonstration of self-consistency of these parameters has primary scientific importance. This article deals with the validation of MSMR geophysical parameters such as SST and SSWS with in situ observations (buoy data) over the north Indian Ocean during 2000. Result shows that the MSMR-derived SST and SSWS can be utilized for several applications because of their reasonable accuracy and coverage even under cloudy condition. 相似文献
19.
《Information Security Journal: A Global Perspective》2013,22(5):256-268
ABSTRACT Image hiding methods embed a secret image into a host image. The resultant stego-image does not attract the interceptors that would not detect the differences between the host image and the stego-image. To exploit the great developments in the area of image compression and to improve the quality of stego-image, this paper proposes a new method to embed the secret image into the host image. Basically, the secret image is compressed and then embedded into host image. The embedding method is based on the Optimal Pixel Adjustment Process (OPAP) and genetic algorithm. In the paper we addressed the important issues to build such systems. The experimental results showed that the proposed method can improve the quality from 60% to 80% when compared with the simple Least Significant Bit (LSB) replacement methods. Adding to that, the mean square error of the stego-image is much lower compared with other methods (Chan & Cheng, 2004; Chang, Hsiao, & Chan, 2003; Thien & Lin, 2003; Tseng, Chan, Ho, & Chu, 208; Wang, Lin, & Lin, 2001). Also, the proposed technique improves capacity. In other words, we can embed a secret image with size 450?×?450 inside a hosting image with size 512?×?512. 相似文献
20.
Leap et al. (2016) reduced the time complexity of the Bauer-Millward (2007) ciphertext-only attack on the Hill cipher from 𝒪(Ln) to 𝒪(Ln?1), where L is the length of the alphabet, and n is the block size. This article presents an attack that reduces the complexity to 𝒪(Ln?1?s), 0?≤?s?≤?n???1. The practical limitation on the size of s is the memory available on the computer being used for the attack. Specifically, the computer must be able to hold Ls integer arrays of length N, where N is the number of blocks of ciphertext. The key idea is not to iterate over potential rows of the decryption matrix, but to iterate over randomly chosen characters in the plaintext. This attack also admits a straightforward parallel implementation on multiple processors to further decrease the run time of the attack. 相似文献