24,905 research outputs found

    Proposing a secure component-based-application logic and system’s integration testing approach

    Get PDF
    Software engineering moved from traditional methods of software enterprise applications to com-ponent based development for distributed system’s applications. This new era has grown up forlast few years, with component-based methods, for design and rapid development of systems, butfact is that , deployment of all secure software features of technology into practical e-commercedistributed systems are higher rated target for intruders. Although most of research has been con-ducted on web application services that use a large share of the present software, but on the otherside Component Based Software in the middle tier ,which rapidly develops application logic, alsoopen security breaching opportunities .This research paper focus on a burning issue for researchersand scientists ,a weakest link in component based distributed system, logical attacks, that cannotbe detected with any intrusion detection system within the middle tier e-commerce distributed ap-plications. We proposed An Approach of Secure Designing application logic for distributed system,while dealing with logically vulnerability issue

    Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

    Full text link
    Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that these devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Unfortunately, web security is known to be difficult, and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the vendor, device, or architecture. To achieve this goal, our framework performs full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we analyze the web interfaces within the firmware using both static and dynamic tools. We also present some interesting case-studies, and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale. We validate our framework by testing it on 1925 firmware images from 54 different vendors. We discover important vulnerabilities in 185 firmware images, affecting nearly a quarter of vendors in our dataset. These experimental results demonstrate the effectiveness of our approach

    SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities

    Full text link
    Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of an application is significantly higher than the respective average case for particular user-controlled inputs. When such conditions are met, an attacker can launch Denial-of-Service attacks against a vulnerable application by providing inputs that trigger the worst-case behavior. Such attacks have been known to have serious effects on production systems, take down entire websites, or lead to bypasses of Web Application Firewalls. Unfortunately, existing detection mechanisms for algorithmic complexity vulnerabilities are domain-specific and often require significant manual effort. In this paper, we design, implement, and evaluate SlowFuzz, a domain-independent framework for automatically finding algorithmic complexity vulnerabilities. SlowFuzz automatically finds inputs that trigger worst-case algorithmic behavior in the tested binary. SlowFuzz uses resource-usage-guided evolutionary search techniques to automatically find inputs that maximize computational resource utilization for a given application.Comment: ACM CCS '17, October 30-November 3, 2017, Dallas, TX, US

    Effect of gap lenghts of sphere-sphere electrodes on air breakdown level under lightning impulse

    Get PDF
    Impinging jets are a best method of achieving particularly high heat transfer coefficient and are therefore employed in many engineering applications. In this study we seek to understand the mechanism of the distributed heat on the curve surface with the goal of identifying preferred methods to predicting jet performance. The goals that have been achieved in the numerical results displayed are determine the influence of impingement jet characteristics on thermal and flow field on a curve surface, determine the variation of Nusselt numbers (NuD) along the curve surface in order to understand the heat transfer characteristics and study the effect of position (in the center, in the mid and in the end) and angle (α=90°, 60° and 30°) of jet impingement on curve surface, different Reynolds numbers (ReD) in range of (5000, 6000, 7000, 8000 and 9000). The program, which was extracted results it is (GAMBIT 2.4.6) and (FLUENT 6.3), simulation is (2-D) in submerged jet flow and the continuity, momentum and energy equations were solved by means of a finite volume method (FVM). This study covers the effect of different Reynolds numbers (ReD) on average Nusselt numbers (Nuavg) and local Nusselt numbers (NuD). From the result, the average Nusselt numbers (Nuavg) increased with the increase of Reynolds numbers (ReD) for all cases, in comparison between different positions (center, mid and end), of nozzle on curve surface at angle (α=90°) the maximum value of average Nusselt numbers (Nuavg=388.3) is found when the nozzle locate in the end followed by the mid position and smallest value of average Nusselt numbers (Nuavg=182.25) in the center of curve surface. In case of slant angle (α=60º) the maximum value of average Nusselt numbers (Nuavg=387.47) is found when the nozzle locate in the end followed by the mid position and smallest value of average Nusselt numbers (Nuavg=308.3) in the center of curve surface
    • …
    corecore