27,565 research outputs found
Achieving Obfuscation Through Self-Modifying Code: A Theoretical Model
With the extreme amount of data and software available on networks, the protection of online information is one of the most important tasks of this technological age. There is no such thing as safe computing, and it is inevitable that security breaches will occur. Thus, security professionals and practices focus on two areas: security, preventing a breach from occurring, and resiliency, minimizing the damages once a breach has occurred. One of the most important practices for adding resiliency to source code is through obfuscation, a method of re-writing the code to a form that is virtually unreadable. This makes the code incredibly hard to decipher by attackers, protecting intellectual property and reducing the amount of information gained by the malicious actor. Achieving obfuscation through the use of self-modifying code, code that mutates during runtime, is a complicated but impressive undertaking that creates an incredibly robust obfuscating system. While there is a great amount of research that is still ongoing, the preliminary results of this subject suggest that the application of self-modifying code to obfuscation may yield self-maintaining software capable of healing itself following an attack
Recommended from our members
Integrity protection for code-on-demand mobile agents in e-commerce
The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent’s perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand(CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection
Securely Outsourcing Large Scale Eigen Value Problem to Public Cloud
Cloud computing enables clients with limited computational power to
economically outsource their large scale computations to a public cloud with
huge computational power. Cloud has the massive storage, computational power
and software which can be used by clients for reducing their computational
overhead and storage limitation. But in case of outsourcing, privacy of
client's confidential data must be maintained. We have designed a protocol for
outsourcing large scale Eigen value problem to a malicious cloud which provides
input/output data security, result verifiability and client's efficiency. As
the direct computation method to find all eigenvectors is computationally
expensive for large dimensionality, we have used power iterative method for
finding the largest Eigen value and the corresponding Eigen vector of a matrix.
For protecting the privacy, some transformations are applied to the input
matrix to get encrypted matrix which is sent to the cloud and then decrypting
the result that is returned from the cloud for getting the correct solution of
Eigen value problem. We have also proposed result verification mechanism for
detecting robust cheating and provided theoretical analysis and experimental
result that describes high-efficiency, correctness, security and robust
cheating resistance of the proposed protocol
Securing library information system: Vulnerabilities and threats
Threats and vulnerabilities in computers and networks are common nowadays since computers are widely used by the
public. The risks of computer threats and vulnerabilities are high since most computers are connected to the internet.
Library Information Systems is also vulnerable to attack since it is a public access institution. Majority of users are naive when it comes to computer and network securities. Some breaches in Library Information System are intentional and some are unintentional. Risks analysis should be done to find the threats and risks in designing the Library Information System. Threats are made possible due to lack of proper procedures, software flaws and policies. The administrators should anticipate all the possible attacks and their mitigation techniques. In this paper, we will try to address various issues arise from this vulnerabilities and threats. We will also describe how we can reduce and overcome this vulnerabilities and threats
- …