24,905 research outputs found
Proposing a secure component-based-application logic and system’s integration testing approach
Software engineering moved from traditional methods of software enterprise applications to com-ponent based development for distributed system’s applications. This new era has grown up forlast few years, with component-based methods, for design and rapid development of systems, butfact is that , deployment of all secure software features of technology into practical e-commercedistributed systems are higher rated target for intruders. Although most of research has been con-ducted on web application services that use a large share of the present software, but on the otherside Component Based Software in the middle tier ,which rapidly develops application logic, alsoopen security breaching opportunities .This research paper focus on a burning issue for researchersand scientists ,a weakest link in component based distributed system, logical attacks, that cannotbe detected with any intrusion detection system within the middle tier e-commerce distributed ap-plications. We proposed An Approach of Secure Designing application logic for distributed system,while dealing with logically vulnerability issue
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities
Algorithmic complexity vulnerabilities occur when the worst-case time/space
complexity of an application is significantly higher than the respective
average case for particular user-controlled inputs. When such conditions are
met, an attacker can launch Denial-of-Service attacks against a vulnerable
application by providing inputs that trigger the worst-case behavior. Such
attacks have been known to have serious effects on production systems, take
down entire websites, or lead to bypasses of Web Application Firewalls.
Unfortunately, existing detection mechanisms for algorithmic complexity
vulnerabilities are domain-specific and often require significant manual
effort. In this paper, we design, implement, and evaluate SlowFuzz, a
domain-independent framework for automatically finding algorithmic complexity
vulnerabilities. SlowFuzz automatically finds inputs that trigger worst-case
algorithmic behavior in the tested binary. SlowFuzz uses resource-usage-guided
evolutionary search techniques to automatically find inputs that maximize
computational resource utilization for a given application.Comment: ACM CCS '17, October 30-November 3, 2017, Dallas, TX, US
Effect of gap lenghts of sphere-sphere electrodes on air breakdown level under lightning impulse
Impinging jets are a best method of achieving particularly high heat transfer
coefficient and are therefore employed in many engineering applications. In this
study we seek to understand the mechanism of the distributed heat on the curve
surface with the goal of identifying preferred methods to predicting jet performance.
The goals that have been achieved in the numerical results displayed are
determine the influence of impingement jet characteristics on thermal and flow field
on a curve surface, determine the variation of Nusselt numbers (NuD) along the
curve surface in order to understand the heat transfer characteristics and study the
effect of position (in the center, in the mid and in the end) and angle (α=90°, 60° and
30°) of jet impingement on curve surface, different Reynolds numbers (ReD) in
range of (5000, 6000, 7000, 8000 and 9000). The program, which was extracted
results it is (GAMBIT 2.4.6) and (FLUENT 6.3), simulation is (2-D) in submerged
jet flow and the continuity, momentum and energy equations were solved by means
of a finite volume method (FVM).
This study covers the effect of different Reynolds numbers (ReD) on average
Nusselt numbers (Nuavg) and local Nusselt numbers (NuD). From the result, the
average Nusselt numbers (Nuavg) increased with the increase of Reynolds numbers
(ReD) for all cases, in comparison between different positions (center, mid and end),
of nozzle on curve surface at angle (α=90°) the maximum value of average Nusselt
numbers (Nuavg=388.3) is found when the nozzle locate in the end followed by the
mid position and smallest value of average Nusselt numbers (Nuavg=182.25) in the
center of curve surface. In case of slant angle (α=60º) the maximum value of average
Nusselt numbers (Nuavg=387.47) is found when the nozzle locate in the end
followed by the mid position and smallest value of average Nusselt numbers
(Nuavg=308.3) in the center of curve surface
Recommended from our members
Performance and Usability Analysis of Varying Web Service Architectures
We tested the performance of four web application architectures, namely CGI, PHP, Java servlets, and Apache Axis SOAP. All four architectures implemented a series of typical web application tasks. Our findings indicated that PHP produced the smallest delay, while the SOAP implementation produces the largest
- …