Achieving Obfuscation Through Self-Modifying Code: A Theoretical Model

With the extreme amount of data and software available on networks, the protection of online information is one of the most important tasks of this technological age. There is no such thing as safe computing, and it is inevitable that security breaches will occur. Thus, security professionals and practices focus on two areas: security, preventing a breach from occurring, and resiliency, minimizing the damages once a breach has occurred. One of the most important practices for adding resiliency to source code is through obfuscation, a method of re-writing the code to a form that is virtually unreadable. This makes the code incredibly hard to decipher by attackers, protecting intellectual property and reducing the amount of information gained by the malicious actor. Achieving obfuscation through the use of self-modifying code, code that mutates during runtime, is a complicated but impressive undertaking that creates an incredibly robust obfuscating system. While there is a great amount of research that is still ongoing, the preliminary results of this subject suggest that the application of self-modifying code to obfuscation may yield self-maintaining software capable of healing itself following an attack

Integrity protection for code-on-demand mobile agents in e-commerce

The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent’s perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand(CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection

Securely Outsourcing Large Scale Eigen Value Problem to Public Cloud

Cloud computing enables clients with limited computational power to economically outsource their large scale computations to a public cloud with huge computational power. Cloud has the massive storage, computational power and software which can be used by clients for reducing their computational overhead and storage limitation. But in case of outsourcing, privacy of client's confidential data must be maintained. We have designed a protocol for outsourcing large scale Eigen value problem to a malicious cloud which provides input/output data security, result verifiability and client's efficiency. As the direct computation method to find all eigenvectors is computationally expensive for large dimensionality, we have used power iterative method for finding the largest Eigen value and the corresponding Eigen vector of a matrix. For protecting the privacy, some transformations are applied to the input matrix to get encrypted matrix which is sent to the cloud and then decrypting the result that is returned from the cloud for getting the correct solution of Eigen value problem. We have also proposed result verification mechanism for detecting robust cheating and provided theoretical analysis and experimental result that describes high-efficiency, correctness, security and robust cheating resistance of the proposed protocol

Securing library information system: Vulnerabilities and threats

Threats and vulnerabilities in computers and networks are common nowadays since computers are widely used by the public. The risks of computer threats and vulnerabilities are high since most computers are connected to the internet. Library Information Systems is also vulnerable to attack since it is a public access institution. Majority of users are naive when it comes to computer and network securities. Some breaches in Library Information System are intentional and some are unintentional. Risks analysis should be done to find the threats and risks in designing the Library Information System. Threats are made possible due to lack of proper procedures, software flaws and policies. The administrators should anticipate all the possible attacks and their mitigation techniques. In this paper, we will try to address various issues arise from this vulnerabilities and threats. We will also describe how we can reduce and overcome this vulnerabilities and threats