325,628 research outputs found
Preventing Supply Chain Vulnerabilities in Java with a Fine-Grained Permission Manager
Integrating third-party packages accelerates modern software engineering, but
introduces the risk of software supply chain vulnerabilities. Vulnerabilities
in applications' dependencies are being exploited worldwide. Often, these
exploits leverage features that are present in a package, yet unneeded by an
application. Unfortunately, the current generation of permission managers, such
as SELinux, Docker containers, and the Java Security Manager, are too
coarse-grained to usefully support engineers and operators in mitigating these
vulnerabilities. Current approaches offer permissions only at the application's
granularity, lumping legitimate operations made by safe packages with
illegitimate operations made by exploited packages. This strategy does not
reflect modern engineering practice. we need a permission manager capable of
distinguishing between actions taken by different packages in an application's
supply chain.
In this paper, we describe Next-JSM, the first fine-grained ("supply chain
aware") permission manager for Java applications. Next-JSM supports permission
management at package-level granularity. Next-JSM faces three key challenges:
operating on existing JVMs and without access to application or package source
code, minimizing performance overhead in applications with many packages, and
helping operators manage finer-grained permissions. We show that these
challenges can be addressed through bytecode rewriting; appropriate data
structures and algorithms; and an expressive permission notation plus automated
tooling to establish default permission. In our evaluation, we report that
Next-JSM mitigates 11 of the 12 package vulnerabilities we evaluated and incurs
an average 2.72% overhead on the Dacapobench benchmark. Qualitatively, we argue
that Next-JSM addresses the shortcomings of the (recently deprecated) Java
Security Manager (JSM).Comment: 15 pages, 5 figures, 5 table
[The Engineering and Technical Services Directorate at the Glenn Research Center]
My name is James Moon and I am a senior at Tennessee State University where my major is Aeronautical and Industrial Technology with a concentration in industrial electronics. I am currently serving my internship in the Engineering and Technical Services Directorate at the Glenn Research Center (GRC). The Engineering and Technical Service Directorate provides the services and infrastructure for the Glenn Research Center to take research concepts to reality. They provide a full range of integrated services including engineering, advanced prototyping and testing, facility management, and information technology for NASA, industry, and academia. Engineering and Technical Services contains the core knowledge in Information Technology (IT). This includes data systems and analysis, inter and intranet based systems design and data security. Including the design and development of embedded real-time s o h a r e applications for flight and supporting ground systems, Engineering and Technical Services provide a wide range of IT services and products specific to the Glenn Research Center research and engineering community. In the 7000 Directorate I work directly in the 7611 organization. This organization is known as the Aviation Environments Technical Branch. My mentor is Vincent Satterwhite who is also the Branch Chief of the Aviation Environments Technical Branch. In this branch, I serve as the Assistant program manager of the Engineering Technology Program. The Engineering Technology Program (ETP) is one of three components of the High School L.E.R.C.I.P. This is an Agency-sponsored, eight-week research-based apprenticeship program designed to attract traditionally underrepresented high school students that demonstrate an aptitude for and interest in mathematics, science, engineering, and technology
Spicy salmon: converting between 50+ annotation formats with Fintan, Pepper, Salt and Powla
Heterogeneity of formats, models and annotations has always been a primary hindrance for exploiting the ever increasing amount of existing linguistic resources for real world applications in and beyond NLP. Fintan - the Flexible INtegrated Transformation and Annotation eNgineering platform introduced in 2020 is designed to rapidly convert, combine and manipulate language resources both in and outside the Semantic Web by transforming it into segmented RDF representations which can be processed in parallel on a multithreaded environment and integrating it with ontologies and taxonomies. Fintan has recently been extended with a set of additional modules increasing the amount of supported non-RDF formats and the interoperability with existing non-JAVA conversion tools, and parts of this work are demonstrated in this paper. In particular, we focus on a novel recipe for resource transformation in which Fintan works in tandem with the Pepper toolset to allow computational linguists to transform their data between over 50 linguistic corpus formats with a graphical workflow manager
Incorporating Agile with MDA Case Study: Online Polling System
Nowadays agile software development is used in greater extend but for small
organizations only, whereas MDA is suitable for large organizations but yet not
standardized. In this paper the pros and cons of Model Driven Architecture
(MDA) and Extreme programming have been discussed. As both of them have some
limitations and cannot be used in both large scale and small scale
organizations a new architecture has been proposed. In this model it is tried
to opt the advantages and important values to overcome the limitations of both
the software development procedures. In support to the proposed architecture
the implementation of it on Online Polling System has been discussed and all
the phases of software development have been explained.Comment: 14 pages,1 Figure,1 Tabl
Cross-middleware Interoperability in Distributed Concurrent Engineering
Secure, distributed collaboration between different organizations is a key challenge in Grid computing today. The GDCD project has produced a Grid-based demonstrator Virtual Collaborative Facility (VCF) for the European Space Agency. The purpose of this work is to show the potential of Grid technology to support fully distributed concurrent design, while addressing practical considerations including network security, interoperability, and integration of legacy applications. The VCF allows domain engineers to use the concurrent design methodology in a distributed fashion to perform studies for future space missions. To demonstrate the interoperability and integration capabilities of Grid computing in concurrent design, we developed prototype VCF components based on ESA’s current Excel-based Concurrent Design Facility (a non-distributed environment), using a STEP-compliant database that stores design parameters. The database was exposed as a secure GRIA 5.1 Grid service, whilst a .NET/WSE3.0-based library was developed to enable secure communication between the Excel client and STEP database
A Middleware for the Internet of Things
The Internet of Things (IoT) connects everyday objects including a vast array
of sensors, actuators, and smart devices, referred to as things to the
Internet, in an intelligent and pervasive fashion. This connectivity gives rise
to the possibility of using the tracking capabilities of things to impinge on
the location privacy of users. Most of the existing management and location
privacy protection solutions do not consider the low-cost and low-power
requirements of things, or, they do not account for the heterogeneity,
scalability, or autonomy of communications supported in the IoT. Moreover,
these traditional solutions do not consider the case where a user wishes to
control the granularity of the disclosed information based on the context of
their use (e.g. based on the time or the current location of the user). To fill
this gap, a middleware, referred to as the Internet of Things Management
Platform (IoT-MP) is proposed in this paper.Comment: 20 pages, International Journal of Computer Networks & Communications
(IJCNC) Vol.8, No.2, March 201
- …