1,312 research outputs found
Improving Fuzz Testing using Game Theory
International audienceWe propose a game theoretical model for fuzz testing, consisting in generating unexpected input to search for software vulnerabilities. As of today, no performance guarantees or assessment frameworks for fuzzing exist. Our paper addresses these issues and describes a simple model that can be used to assess and identify optimal fuzzing strategies, by leveraging game theory. In this context, payoff functions are obtained using a tainted data analysis and instrumentation of a target application to assess the impact of different fuzzing strategies
Exploratory study to explore the role of ICT in the process of knowledge management in an Indian business environment
In the 21st century and the emergence of a digital economy, knowledge and the knowledge base economy are rapidly growing. To effectively be able to understand the processes involved in the creating, managing and sharing of knowledge management in the business environment is critical to the success of an organization. This study builds on the previous research of the authors on the enablers of knowledge management by identifying the relationship between the enablers of knowledge management and the role played by information communication technologies (ICT) and ICT infrastructure in a business setting. This paper provides the findings of a survey collected from the four major Indian cities (Chennai, Coimbatore, Madurai and Villupuram) regarding their views and opinions about the enablers of knowledge management in business setting. A total of 80 organizations participated in the study with 100 participants in each city. The results show that ICT and ICT infrastructure can play a critical role in the creating, managing and sharing of knowledge in an Indian business environment
The enablers and implementation model for mobile KMS in Australian healthcare
In this research project, the enablers in implementing mobile KMS in Australian regional healthcare will be investigated, and a validated framework and guidelines to assist healthcare in implementing mobile KMS will also be proposed with both qualitative and quantitative approaches. The outcomes for this study are expected to improve the understanding the enabling factors in implementing mobile KMS in Australian healthcare, as well as provide better guidelines for this process
SHAPFUZZ: Efficient Fuzzing via Shapley-Guided Byte Selection
Mutation-based fuzzing is popular and effective in discovering unseen code
and exposing bugs. However, only a few studies have concentrated on quantifying
the importance of input bytes, which refers to the degree to which a byte
contributes to the discovery of new code. They often focus on obtaining the
relationship between input bytes and path constraints, ignoring the fact that
not all constraint-related bytes can discover new code. In this paper, we
conduct Shapely analysis to understand the effect of byte positions on fuzzing
performance, and find that some byte positions contribute more than others and
this property often holds across seeds. Based on this observation, we propose a
novel fuzzing solution, ShapFuzz, to guide byte selection and mutation.
Specifically, ShapFuzz updates Shapley values (importance) of bytes when each
input is tested during fuzzing with a low overhead, and utilizes contextual
multi-armed bandit to trade off between mutating high Shapley value bytes and
low-frequently chosen bytes. We implement a prototype of this solution based on
AFL++, i.e., ShapFuzz. We evaluate ShapFuzz against ten state-of-the-art
fuzzers, including five byte schedule-reinforced fuzzers and five commonly used
fuzzers. Compared with byte schedule-reinforced fuzzers, ShapFuzz discovers
more edges and exposes more bugs than the best baseline on three different sets
of initial seeds. Compared with commonly used fuzzers, ShapFuzz exposes 20 more
bugs than the best comparison fuzzer, and discovers 6 more CVEs than the best
baseline on MAGMA. Furthermore, ShapFuzz discovers 11 new bugs on the latest
versions of programs, and 3 of them are confirmed by vendors
Turning the Page for Spot: Exploring the Potential of Therapy Dogs to Support Reading Motivation and Positive Reading Behaviours Among Young Children
Animal-assisted literacy programs are growing in popularity as research continues to reveal their benefits for promoting children’s reading skills and positive reading behaviours. Struggling readers may benefit the most from canine-assisted literacy programs as these programs may increase children’s motivation to read, which in turn might be associated with improvements in children’s reading performance. However, little is known about how the context of canine-assisted literacy programs can help increase children’s motivation and persistence to read. The purpose of this proof of concept study was to assess the feasibility of engaging children with therapy dogs to help increase children’s reading motivation and persistence. We collected observational and self-report data from several sources (child participants, parents and researchers). Results of multivariate repeated-measures ANOVA with two levels (i.e. two-factor repeated measures design) revealed significant differences in reading motivation and reading persistence as a function of the presence or absence of a therapy dog when children were asked to read a challenging passage. Specifically, the children reported that they were more interested in reading and felt more competent reading a challenging passage when reading in the presence (versus absence) of a therapy dog. Additionally, the children individually spent more time reading in the presence (versus absence) of the therapy dog. The findings from this research will inform the development of animal-assisted literacy programs regarding the potential of canine-assisted reading programs to support children’s reading motivation and persistence
Learning-based Analysis on the Exploitability of Security Vulnerabilities
The purpose of this thesis is to develop a tool that uses machine learning techniques to make predictions about whether or not a given vulnerability will be exploited. Such a tool could help organizations such as electric utilities to prioritize their security patching operations. Three different models, based on a deep neural network, a random forest, and a support vector machine respectively, are designed and implemented. Training data for these models is compiled from a variety of sources, including the National Vulnerability Database published by NIST and the Exploit Database published by Offensive Security. Extensive experiments are conducted, including testing the accuracy of each model, dynamically training the models on a rolling window of training data, and filtering the training data by various features. Of the chosen models, the deep neural network and the support vector machine show the highest accuracy (approximately 94% and 93%, respectively), and could be developed by future researchers into an effective tool for vulnerability analysis
- …