Java operating systems: design and implementation

Journal ArticleLanguage-based extensible systems such as Java use type safety to provide memory safety in a single address space. Memory safety alone, however, is not sufficient to protect different applications from each other. such systems must support a process model that enables the control and management of computational resources. In particular, language-based extensible systems must support resource control mechanisms analogous to those in standard operating-systems. They must support the separation of processes and limit their use of resources, but still support safe and efficient interprocess communication

Developing Database Applications by Using Software Components

Today, the software application development process is more assembly work than a build from scratch approach. By placing pre-existing software components together, it is possible to create a complete application. Such components provide interfaces so that programs use them for their intended purposes. The objective of this thesis is to illustrate how software components work together to make a complete application. To illustrate the ideas and the components, this project presents a three-tiered web database application. This application, as a whole, is made up of the client side web browser, a database and the actual application programs which are Java servlets. The emphasis is placed on these servlets and how they use the Java Database Connectivity, or JDBC, to interface with the databases

Process modeling using ProSLCSE on web-enabled platform

Process modeling is a relatively complex task that needs to be addressed from a different point of view. The classical approach would be to design the model, to send it for evaluation, then to return feedback to the developing team, and to reevaluate the model with the feedback received from the parties involved. However, it is our understanding that the steps taken during the process modeling could benefit from the advantages that the Internet offers. To demonstrate the usefulness of Internet in process modeling, I have taken an existing tool, ProSLCSE, and implemented it with Java so that it can run on a web-enabled environment. This Web-enabled version of ProSLCSE, also called ProWEB, will not only facilitate the implementation, controlling or standardization of the models, but also accelerate the task of modeling in an efficient and effective way. The developing team of the models would benefit from the tool in a real-time environment. Other parties, like the monitoring agencies, or controlling bodies would add their modification to the application in a sequential form. The implementation of this Web-enabled process modeling will bring a new level of abstraction to the modeling and will minimize the difficulties due to geographical differences for \u27time-depending\u27 projects

Shadow Honeypots

We present Shadow Honeypots, a novel hybrid architecture that combines the best features of honeypots and anomaly detection. At a high level, we use a variety of anomaly detectors to monitor all traffic to a protected network or service. Traffic that is considered anomalous is processed by a "shadow honeypot" to determine the accuracy of the anomaly prediction. The shadow is an instance of the protected software that shares all internal state with a regular ("production") instance of the application, and is instrumented to detect potential attacks. Attacks against the shadow are caught, and any incurred state changes are discarded. Legitimate traffic that was misclassified will be validated by the shadow and will be handled correctly by the system transparently to the end user. The outcome of processing a request by the shadow is used to filter future attack instances and could be used to update the anomaly detector. Our architecture allows system designers to fine-tune systems for performance, since false positives will be filtered by the shadow. We demonstrate the feasibility of our approach in a proof-of-concept implementation of the Shadow Honeypot architecture for the Apache web server and the Mozilla Firefox browser. We show that despite a considerable overhead in the instrumentation of the shadow honeypot (up to 20% for Apache), the overall impact on the system is diminished by the ability to minimize the rate of false-positives

Analysing and Improving the Security of Contactless Payment Cards

Europay, MasterCard, and Visa (EMV) is the most used payment protocol around the world with 85.9% of the payment cards in the EU and the UK being EMV based cards in 2019. The EMV payment protocol has made contactless transactions faster and more convenient for cardholders as they only need to place the card next to the Point of Sale (POS) to make a payment. According to the latest report of the UK Finance, the total value of contactless card transactions in 2019 was higher than the cash ones for the first time ever. On the other hand, the introduction of the wireless interface in the EMV contactless transactions opens the door for several attacks to be launched on contactless cards such as skimming, eavesdropping, replay, and relay attacks. Since April 2020, the limit of contactless transactions has increased to £45 as a response to the Covid-19 crisis. This might create an extra motivation for launching more attackers on contactless cards. This thesis is primarily concerned with investigating and analysing the security of contactless card’s payments and uncovering the impact of key vulnerabilities in the EMV contactless card specifications. The two main vulnerable are the one-way authentication methods and the lack of cardholder verification in such transactions. The thesis also proposes the following four practical protocols to improve the security and the privacy of the EMV contactless cards. 1- A new tokenization protocol to replace the actual Primary Account Number (PAN) with a token to prevent the EMV contactless cards from revealing the actual PAN. 2- A mutual authentication protocol to address the vulnerabilities related to the EMV one-way card authentication methods in the EMV payment protocol. 3- A novel gyroscope sensor into EMV contactless cards to be used for activating the cards by perfuming a simple move by the cardholder. 4- A protocol to use cardholders’ NFC enabled smartphones to activate contactless cards. The two main aims of these four proposed protocols are to prevent such cards from being read by unauthorised NFC enabled readers/smartphones and to give cardholders more control of their contactless cards in order to prevent several attacks. Moreover, the thesis also describes a Java framework to mimic a genuine EMV contactless card and validate the four proposed solutions. The thesis argues that the first two proposed solutions require minimal changes to the existing EMV infrastructures and do not have any impact on the user’s experience while the last two proposed solutions require some changes the users’ experience when making contactless card transactions