Seguridad de JAX-RS frente a ataques por inyección de código

Trabajo de InvestigaciónSe implementan tres algoritmos de ataques de inyección de código. Teniendo en cuenta estos algoritmos se definen los requerimientos para diseñar y desarrollar el prototipo, se describe la arquitectura de la aplicación, además del escenario de pruebas donde se encuentran los servicios Web a ser atacados. Por último se indican los niveles de vulnerabilidad encontrados en cada una de las implementaciones seleccionadas y se finaliza con un análisis de los resultados y algunas conclusiones de la investigación.Trabajo de investigaciónINTRODUCCIÓN 1. GENERALIDADES 2. SELECCIÓN DE ALGORITMOS 3. DEFINICIÓN DE REQUISITOS 4. DISEÑO DEL SISTEMA 5. ARQUITECTURA DEL SISTEMA 6. DESARROLLO DEL SISTEMA 7. ESCENARIO DE PRUEBAS 8. EVALUACIÓN DE VULNERABILIDADES 9. CONCLUSIONES REFERENCIASPregradoIngeniero de Sistema

Efficient enhanced keyword search for encrypted document in cloud

A sensitive public-key searchable encryption system in the prime-order groups, which lets keyword search policies to be uttered in conjunctive, disjunctive or any monotonic Boolean formulas and realizes momentous act enhancement over existing schemes. We legally express its sanctuary, and verify that it is selectively sheltered in the standard model. Correspondingly, we instrument the wished-for outline using a hasty prototyping tool so-called Charm and conduct more than a few experiments to estimate it show. The results determine that our scheme is plentiful more proficient than the ones assembled over the composite-order groups. Keyword research is one of the most imperative, valuable, and high return activities in the search marketing field. Position for the right keywords can make or interruption your website

Public Key Encryption with Keyword Search from Lattices in Multiuser Environments

A public key encryption scheme with keyword search capabilities is proposed using lattices for applications in multiuser environments. The proposed scheme enables a cloud server to check if any given encrypted data contains certain keywords specified by multiple users, but the server would not have knowledge of the keywords specified by the users or the contents of the encrypted data, which provides data privacy as well as privacy for user queries in multiuser environments. It can be proven secure under the standard learning with errors assumption in the random oracle model

A Lightweight Buyer-Seller Watermarking Protocol

The buyer-seller watermarking protocol enables a seller to successfully identify a traitor from a pirated copy, while preventing the seller from framing an innocent buyer. Based on finite field theory and the homomorphic property of public key cryptosystems such as RSA, several buyer-seller watermarking protocols (N. Memon and P. W. Wong (2001) and C.-L. Lei et al. (2004)) have been proposed previously. However, those protocols require not only large computational power but also substantial network bandwidth. In this paper, we introduce a new buyer-seller protocol that overcomes those weaknesses by managing the watermarks. Compared with the earlier protocols, ours is n times faster in terms of computation, where n is the number of watermark elements, while incurring only O(1/lN) times communication overhead given the finite field parameter lN. In addition, the quality of the watermarked image generated with our method is better, using the same watermark strength

A Two-Party Protocol with Trusted Initializer for Computing the Inner Product

We propose the first protocol for securely computing the inner product modulo an integer $m$ between two distrustful parties based on a trusted initializer, i.e. a trusted party that interacts with the players solely during a setup phase. We obtain a very simple protocol with universally composable security. As an application of our protocol, we obtain a solution for securely computing linear equations

Searchable atribute-based mechanism with efficiient data sharing for secure cloud storage

To date, the growth of electronic personal data leads to a trend that data owners prefer to remotely outsource their data to clouds for the enjoyment of the high-quality retrieval and storage service without worrying the burden of local data management and maintenance. However, secure share and search for the outsourced data is a formidable task, which may easily incur the leakage of sensitive personal information. Efficient data sharing and searching with security is of critical importance. This paper, for the first time, proposes a searchable attribute-based proxy re-encryption system. When compared to existing systems only supporting either searchable attribute-based functionality or attribute-based proxy re-encryption, our new primitive supports both abilities and provides flexible keyword update service. Specifically, the system enables a data owner to efficiently share his data to a specified group of users matching a sharing policy and meanwhile, the data will maintain its searchable property but also the corresponding search keyword(s) can be updated after the data sharing. The new mechanism is applicable to many real-world applications, such as electronic health record systems. It is also proved chosen ciphertext secure in the random oracle model

When Less is Enough: Positive and Unlabeled Learning Model for Vulnerability Detection

Automated code vulnerability detection has gained increasing attention in recent years. The deep learning (DL)-based methods, which implicitly learn vulnerable code patterns, have proven effective in vulnerability detection. The performance of DL-based methods usually relies on the quantity and quality of labeled data. However, the current labeled data are generally automatically collected, such as crawled from human-generated commits, making it hard to ensure the quality of the labels. Prior studies have demonstrated that the non-vulnerable code (i.e., negative labels) tends to be unreliable in commonly-used datasets, while vulnerable code (i.e., positive labels) is more determined. Considering the large numbers of unlabeled data in practice, it is necessary and worth exploring to leverage the positive data and large numbers of unlabeled data for more accurate vulnerability detection. In this paper, we focus on the Positive and Unlabeled (PU) learning problem for vulnerability detection and propose a novel model named PILOT, i.e., PositIve and unlabeled Learning mOdel for vulnerability deTection. PILOT only learns from positive and unlabeled data for vulnerability detection. It mainly contains two modules: (1) A distance-aware label selection module, aiming at generating pseudo-labels for selected unlabeled data, which involves the inter-class distance prototype and progressive fine-tuning; (2) A mixed-supervision representation learning module to further alleviate the influence of noise and enhance the discrimination of representations.Comment: This paper is accepted by ASE 202

Revealing Encryption for Partial Ordering

We generalize the cryptographic notion of Order Revealing Encryption (ORE) to arbitrary functions and we present a construction that allows to determine the (partial) ordering of two vectors i.e., given E(x) and E(y) it is possible to learn whether x is less than or equal to y, y is less than or equal to x or whether x and y are incomparable. This is the first non-trivial example of a Revealing Encryption (RE) scheme with output larger than one bit, and which does not rely on cryptographic obfuscation or multilinear maps