Designing vulnerability testing tools for web services: approach,components, and tools

This paper proposes a generic approach for designing vulnerability testing tools for web services, which includes the definition of the testing procedure and the tool components. Based on the proposed approach, we present the design of three innovative testing tools that implement three complementary techniques (improved penetration testing, attack signatures and interface monitoring, and runtime anomaly detection) for detecting injection vulnerabilities, thus offering an extensive support for different scenarios. A case study has been designed to demonstrate the tools for the particular case of SQL Injection vulnerabilities. The experimental evaluation demonstrates that the tools can effectively be used in different scenarios and that they outperform well-known commercial tools by achieving higher detection coverage and lower false-positive rates.     

Optimal memoryless control in Gaussian noise: A simple counterexample

In this paper, we investigate control strategies for a scalar, one-step delay system in discrete-time, i.e., the state of the system is the input delayed by one time unit. In contrast with classical approaches, here the control action must be a memoryless function of the output of the plant, which comprises the current state corrupted by measurement noise. We adopt a first order state-space representation for the delay system, where the initial state is a Gaussian random variable. In addition, we assume that the measurement noise is drawn from a white and Gaussian process with zero mean and constant variance. Performance evaluation is carried out via a finite-time quadratic cost that combines the second moment of the control signal, and the second moment of the difference between the initial state and the state at the final time. We show that if the time-horizon is one or two then the optimal control is a linear function of the plant’s output, while for a sufficiently large horizon a control taking on only two values will outperform the optimal affine solution. This paper complements the well-known counterexample by Hans Witsenhausen, which showed that the solution to a linear, quadratic and Gaussian optimal control paradigm might be nonlinear. Witsenhausen’s counterexample considered an optimization horizon with two time-steps (two stage control). In contrast with Witsenhausen’s work, the solution to our counterexample is linear for one and two stages but it becomes nonlinear as the number of stages is increased. The fact that our paradigm leads to nonlinear solutions, in the multi-stage case, could not be predicted from prior results. In contrast to prior work, the validity of our counterexample is based on analytical proof methods. Our proof technique rests on a simple nonlinear strategy that is useful in its own right, since it outperforms any affine solution.     

Randomization can be a healer: consensus with dynamic omission failures

Wireless ad-hoc networks are being increasingly used in diverse contexts, ranging from casual meetings to disaster recovery operations. A promising approach is to model these networks as distributed systems prone to dynamic communication failures. This captures transitory disconnections in communication due to phenomena like interference and collisions, and permits an efficient use of the wireless broadcasting medium. This model, however, is bound by the impossibility result of Santoro and Widmayer, which states that, even with strong synchrony assumptions, there is no deterministic solution to any non-trivial form of agreement if n ? 1 or more messages can be lost per communication round in a system with n processes. In this paper we propose a novel way to circumvent this impossibility result by employing randomization. We present a consensus protocol that ensures safety in the presence of an unrestricted number of omission faults, and guarantees progress in rounds where such faults are bounded by ${f \,{\leq}\,\lceil \frac{n}{2} \rceil (n\,{-}\,k)\,{+}\,k\,{-}\,2}$ , where k is the number of processes required to decide, eventually assuring termination with probability 1.     

A Secure Grid Medical Data Manager Interfaced to the gLite Middleware

The medical community is producing and manipulating a tremendous volume of digital data for which computerized archiving, processing and analysis is needed. Grid infrastructures are promising for dealing with challenges arising in computerized medicine but the manipulation of medical data on such infrastructures faces both the problem of interconnecting medical information systems to Grid middlewares and of preserving patients’ privacy in a wide and distributed multi-user system. These constraints are often limiting the use of Grids for manipulating sensitive medical data. This paper describes our design of a medical data management system taking advantage of the advanced gLite data management services, developed in the context of the EGEE project, to fulfill the stringent needs of the medical community. It ensures medical data protection through strict data access control, anonymization and encryption. The multi-level access control provides the flexibility needed for implementing complex medical use-cases. Data anonymization prevents the exposure of most sensitive data to unauthorized users, and data encryption guarantees data protection even when it is stored at remote sites. Moreover, the developed prototype provides a Grid storage resource manager (SRM) interface to standard medical DICOM servers thereby enabling transparent access to medical data without interfering with medical practice.     

Trajectory reconstruction with uncertainty estimation using mosaic registration

This paper addresses the problem of estimating the 3D trajectory and associated uncertainty of an underwater autonomous vehicle from a set of images of the seabed taken by an onboard camera. The presented algorithms resort to the use of video mosaics and build upon previous work on image registration and visual pose estimation. The pose estimation is accomplished in two steps. Firstly, a video mosaic is created automatically, covering a region of interest of the seabed. Then, after associating a 3D referential for the mosaic, the estimation of the camera position from a new view of the scene becomes possible.

The main contribution of this paper lies on the assessment of the performance of the 3D pose algorithms. In order to do this, an image sequence with available ground-truth is used for precise error measuring. A first-order error propagation analysis is presented, relating the uncertainty in the location of the match points with the uncertainty in the pose parameters. The importance of predicting the estimate uncertainty is emphasized by the fact that it can be used for comparing algorithms and for the on-line monitoring of the vehicle trajectory reconstruction quality.

Several iterative and non-iterative pose estimation methods are discussed, differing both on the criteria being minimized and on the required information about the camera intrinsic parameters. This information ranges from the full knowledge of the parameters, to the case where they are estimated using self-calibration from an image sequence under pure rotation. The implemented pose algorithms are compared for the accuracy and estimate covariance.     

Locally perceiving hard global constraints in multi-agent scheduling

We propose how to model enterprise facilities (like factories, warehouses, etc.) in a multi-product production/distribution network, capacity management at those facilities, and scheduling agents which act as enterprise managers, taking decisions that affect the available capacity. A coordination mechanism through which scheduling agents can locally perceive hard global temporal constraints is also proposed.     

Holistic context models for visual recognition

A novel framework to context modeling based on the probability of co-occurrence of objects and scenes is proposed. The modeling is quite simple, and builds upon the availability of robust appearance classifiers. Images are represented by their posterior probabilities with respect to a set of contextual models, built upon the bag-of-features image representation, through two layers of probabilistic modeling. The first layer represents the image in a semantic space, where each dimension encodes an appearance-based posterior probability with respect to a concept. Due to the inherent ambiguity of classifying image patches, this representation suffers from a certain amount of contextual noise. The second layer enables robust inference in the presence of this noise by modeling the distribution of each concept in the semantic space. A thorough and systematic experimental evaluation of the proposed context modeling is presented. It is shown that it captures the contextual “gist” of natural images. Scene classification experiments show that contextual classifiers outperform their appearance-based counterparts, irrespective of the precise choice and accuracy of the latter. The effectiveness of the proposed approach to context modeling is further demonstrated through a comparison to existing approaches on scene classification and image retrieval, on benchmark data sets. In all cases, the proposed approach achieves superior results.     

Quantitative analysis of pore patterns on rat prostate nuclei using spatial statistics methods

Spatial statistics methods have been used to analyse the nuclear pore pattern in rat ventral prostate nuclei isolated from adult animals. The observed results show that: (1) pores on prostate nuclear membranes are not randomly distributed; (2) the data sets obtained from different micrographs are consistent with the same statistical model thus suggesting the existence of a typical pore distribution.     

Strawberries from integrated pest management and organic farming: Phenolic composition and antioxidant properties

Consumer awareness, pesticide and fertilizer contaminations and environmental concerns have resulted in significant demand for organically grown farm produce. Consumption of berries has become popular among health-conscious consumers due to the high levels of valuable antioxidants, such as anthocyanins and other phenolic compounds. The present study evaluated the influence that organic farming (OF) and integrated pest management (IPM) practise exert on the total phenolic content in 22 strawberry samples from four varieties. Postharvest performance of OF and IPM strawberries grown in the same area in the centre of Portugal and harvested at the same maturity stage were compared. Chemical profiles (phenolic compounds) were determined with the aid of HPLC-DAD/MS. Total phenolic content was higher for OF strawberry extracts. This study showed that the main differences in bioactive phytochemicals between organically and IPM grown strawberries concerned their anthocyanin levels. Organically grown strawberries were significantly higher in antioxidant activity than were the IPM strawberries, as measured by DPPH and FRAP assays.