A Smart Contract Blockchain Penetration Testing Framework

Likened to old-style contracts smart agreements motorized by blockchain ensure that deal processes are real safe then well-organized Without the need aimed at third-party mediators like lawyers smart contracts enable transparent processes cost-effectiveness time efficiency and trust lessness While old-style cybersecurity attacks on keen agreement requests can be thwarted by blockchain new threats and attack vectors are constantly emerging which affect blockchain in a manner alike toward additional web and application-based systems Organizations can develop and use the technology securely with connected infrastructure by using effective blockchain testing However the authors discovered throughout the sequence of their investigate that Blockchain technology has security issues like permanent dealings insufficient access and ineffective plans Web portals and other applications do not contain attack vectors like these This study introduces a brand new penetration testing framework for decentralized apps and clever contracts Results from the suggested penetration-testing methodology were com-pared by those from automatic diffusion examination scanners by the authors The findings revealed gaps in vulnerabilities that were not disclosed during routine pen testin

A Model-Based Security Testing Approach for Web Applications

Il pentration testing \ue8 l'approccio pi\uf9 comune per testare la sicurezza delle applicazioni web, ma il model-based testing sta costantemente maturando in un'alternativa valida e complementare. Il pentration testing \ue8 molto conveniente, nel senso che un lasso di tempo breve di pen-testing di solito \ue8 sufficiente per rivelare diversi bug, ma l'esperienza dell'analista di sicurezza \ue8 fondamentale; il model-based testing si basa su metodi formali, ma l'analista di sicurezza deve prima creare un modello adeguato dell'applicazione sottoposta a test. In questa tesi, propongo un framework basato su modelli formali e che supporta un analista nella realizzazione di test di sicurezza delle applicazioni web. L'idea alla base del framework \ue8 che l'uso di tecniche di model-checking possono automatizzare la ricerca di possibili punti di ingresso vulnerabili nelle applicazioni web, cio\ue8, permettono ad un analista di effettuare test di sicurezza senza tralasciare controlli importanti. Inoltre, il framework permette anche di riuso del lavoro: l'analista pu\uf2 inserire la propria esperienza nel framework e (ri)utilizzarla durante i test futuri su diverse applicazioni. Tali test possono essere svolti sia un un singolo analista che dai membri del gruppo di testing di cui fa parte (se presente un'organizzazione pi\uf9 ampia). In questo modo, la potenzialit\ue0 di un singolo test (su una specifica applicazione web) non \ue8 correlata alle competenze di un singolo analista, ma alle competenze di tutto il gruppo di test. Come esempi concreti, presento quattro casi di studio son il fine di dimostrare l'idoneit\ue0 e la flessibilit\ue0 del framework. Sono presentati test per diverse vulnerabilit\ue0 e confrontati con quelli eseguiti con tre tool di sicurezza.Penetration testing is the most common approach for testing the security of web applications, but model-based testing has been steadily maturing into a viable alternative and complementary approach. Penetration testing is very cost-efficient, in the sense that little pen-testing time usually is enough to reveal several bugs, but the experience of the security analyst is crucial; model-based testing relies on formal methods but the security analyst has to first create a suitable model of the application under test. In this thesis, I propose a formal and flexible model-based framework that supports a security analyst in carrying out security testing of web applications. The main idea underlying this framework is that the use of model-checking techniques can automate the research of possible vulnerable entry points in the web application, i.e., it permits an analyst to perform security testing without missing important checks. Moreover, the framework also al- lows for reuse: the analyst can collect her expertise into the framework and (re)use it during future tests on possibly different web applications, which may be carried out by her or by members of the testing group of the analyst\u2019s organization, if any. In this way, the potentiality of a single test is not related to the expertise of the single analyst on a specific web application but to the expertise of the entire testing group. As concrete examples, I consider four case studies in order to show the suitability and flexibility of the framework. Tests for a variety of vulnerabilities has been performed and compared with the ones executed with three benchmark security tools

Authentication of Students and Students’ Work in E-Learning : Report for the Development Bid of Academic Year 2010/11

Global e-learning market is projected to reach $107.3 billion by 2015 according to a new report by The Global Industry Analyst (Analyst 2010). The popularity and growth of the online programmes within the School of Computer Science obviously is in line with this projection. However, also on the rise are students’ dishonesty and cheating in the open and virtual environment of e-learning courses (Shepherd 2008). Institutions offering e-learning programmes are facing the challenges of deterring and detecting these misbehaviours by introducing security mechanisms to the current e-learning platforms. In particular, authenticating that a registered student indeed takes an online assessment, e.g., an exam or a coursework, is essential for the institutions to give the credit to the correct candidate. Authenticating a student is to ensure that a student is indeed who he says he is. Authenticating a student’s work goes one step further to ensure that an authenticated student indeed does the submitted work himself. This report is to investigate and compare current possible techniques and solutions for authenticating distance learning student and/or their work remotely for the elearning programmes. The report also aims to recommend some solutions that fit with UH StudyNet platform.Submitted Versio

SymbolDesign: A User-centered Method to Design Pen-based Interfaces and Extend the Functionality of Pointer Input Devices

A method called "SymbolDesign" is proposed that can be used to design user-centered interfaces for pen-based input devices. It can also extend the functionality of pointer input devices such as the traditional computer mouse or the Camera Mouse, a camera-based computer interface. Users can create their own interfaces by choosing single-stroke movement patterns that are convenient to draw with the selected input device and by mapping them to a desired set of commands. A pattern could be the trace of a moving finger detected with the Camera Mouse or a symbol drawn with an optical pen. The core of the SymbolDesign system is a dynamically created classifier, in the current implementation an artificial neural network. The architecture of the neural network automatically adjusts according to the complexity of the classification task. In experiments, subjects used the SymbolDesign method to design and test the interfaces they created, for example, to browse the web. The experiments demonstrated good recognition accuracy and responsiveness of the user interfaces. The method provided an easily-designed and easily-used computer input mechanism for people without physical limitations, and, with some modifications, has the potential to become a computer access tool for people with severe paralysis.National Science Foundation (IIS-0093367, IIS-0308213, IIS-0329009, EIA-0202067

DEUCE : a test-bed for evaluating ESL competence criteria

This paper describes work in progress to apply a Web-based facility for evaluating differing criteria for English language competence. The proposed system, Discriminated Evaluation of User's Competence with English (DEUCE), addresses the problem of determining the efficacy of individual criteria for competence in English as a Second Language (ESL). We describe the rationale, design and application of DEUCE and outline its potential as a discriminator for ESL competence criteria and as a basis for low cost mass ESL competence testing

Advanced Media Control Through Drawing: Using a graphics tablet to control complex audio and video data in a live context

This paper demonstrates the results of the authors’ Wacom tablet MIDI user interface. This application enables users’ drawing actions on a graphics tablet to control audio and video parameters in real-time. The programming affords five degrees (x, y, pressure, x tilt, y tilt) of concurrent control for use in any audio or video software capable of receiving and processing MIDI data

Wearable and mobile devices

Information and Communication Technologies, known as ICT, have undergone dramatic changes in the last 25 years. The 1980s was the decade of the Personal Computer (PC), which brought computing into the home and, in an educational setting, into the classroom. The 1990s gave us the World Wide Web (the Web), building on the infrastructure of the Internet, which has revolutionized the availability and delivery of information. In the midst of this information revolution, we are now confronted with a third wave of novel technologies (i.e., mobile and wearable computing), where computing devices already are becoming small enough so that we can carry them around at all times, and, in addition, they have the ability to interact with devices embedded in the environment. The development of wearable technology is perhaps a logical product of the convergence between the miniaturization of microchips (nanotechnology) and an increasing interest in pervasive computing, where mobility is the main objective. The miniaturization of computers is largely due to the decreasing size of semiconductors and switches; molecular manufacturing will allow for “not only molecular-scale switches but also nanoscale motors, pumps, pipes, machinery that could mimic skin” (Page, 2003, p. 2). This shift in the size of computers has obvious implications for the human-computer interaction introducing the next generation of interfaces. Neil Gershenfeld, the director of the Media Lab’s Physics and Media Group, argues, “The world is becoming the interface. Computers as distinguishable devices will disappear as the objects themselves become the means we use to interact with both the physical and the virtual worlds” (Page, 2003, p. 3). Ultimately, this will lead to a move away from desktop user interfaces and toward mobile interfaces and pervasive computing

Nanotechnology Oversight: An Agenda for the New Administration

Identifies how current laws can be applied or modified to provide needed oversight of nanotechnology and materials for public health and environmental protection. Calls for more funding for risk research, coordinated regulation, and public involvement

Using digital pens to expedite the marking procedure

This is the Post-print version of the Article. The official published version can be accessed from the link below - Copyright @ 2010 Inderscience PublishersDigital pens have been introduced over the last six years and have demonstrated that they can be used effectively for collecting, processing and storing data. These properties make them ideal for use in education, particularly in the marking procedure of multiple-choice questions (MCQ). In this report, we present a system that was designed to expedite the marking procedure of MCQ, for use at any educational level. The main element of the system is a digital pen, i.e. given to the students prior to the examination. On return of the pen, the system immediately recognises the students' answers and produces their results. In this specific research, four groups of students were studied and a variety of data were collected, concerning issues, such as accuracy, time gained by the use of the system and the impressions of the students. The pedagogic value of the use of the system is also presented