Reverse Engineering Environment for Teaching Secure Coding in Java

Few toolsets for program analysis and Java learning system provide an integrated console, debugger, and reverse engineered visualizer. We present an interactive debugging environment for Java which helps students to understand the secure coding by detecting and visualizing the data flow anomaly. Previous research shows that the earlier students learn secure coding concepts, even at the same time as they first learn to write code, the better they will continue using secure coding practices. This paper proposes web-based Java programming environment for teaching secure coding practices which provides the essential and fundamental skills in secure coding. Also, this tool helps students to understand the data anomaly and security leak with detecting vulnerabilities in given code.Cockrell School of Engineerin

Making the Distribution Subsystem Secure

This report presents how the Distribution Subsystem is made secure. A set of different security threats to a shared data programming system are identifed. The report presents the extensions nessesary to the DSS in order to cope with the identified security threats by maintaining reference security. A reference to a shared data structure cannot be forged or guessed; only by proper delegation can a thread acquire access to data originating at remote processes. Referential security is a requirement for secure distributed applications. By programmatically restricting access to distributed data to trusted nodes, a distributed application can be made secure. However, for this to be true, referential security must be supported on the level of the implementation

Computer-aided proofs for multiparty computation with active security

Secure multi-party computation (MPC) is a general cryptographic technique that allows distrusting parties to compute a function of their individual inputs, while only revealing the output of the function. It has found applications in areas such as auctioning, email filtering, and secure teleconference. Given its importance, it is crucial that the protocols are specified and implemented correctly. In the programming language community it has become good practice to use computer proof assistants to verify correctness proofs. In the field of cryptography, EasyCrypt is the state of the art proof assistant. It provides an embedded language for probabilistic programming, together with a specialized logic, embedded into an ambient general purpose higher-order logic. It allows us to conveniently express cryptographic properties. EasyCrypt has been used successfully on many applications, including public-key encryption, signatures, garbled circuits and differential privacy. Here we show for the first time that it can also be used to prove security of MPC against a malicious adversary. We formalize additive and replicated secret sharing schemes and apply them to Maurer's MPC protocol for secure addition and multiplication. Our method extends to general polynomial functions. We follow the insights from EasyCrypt that security proofs can be often be reduced to proofs about program equivalence, a topic that is well understood in the verification of programming languages. In particular, we show that in the passive case the non-interference-based definition is equivalent to a standard game-based security definition. For the active case we provide a new NI definition, which we call input independence

Security enhancement for NOMA-UAV networks

Owing to its distinctive merits, non-orthogonal multiple access (NOMA) techniques have been utilized in unmanned aerial vehicle (UAV) enabled wireless base stations to provide effective coverage for terrestrial users. However, the security of NOMA-UAV systems remains a challenge due to the line-of-sight air-to-ground channels and higher transmission power of weaker users in NOMA. In this paper, we propose two schemes to guarantee the secure transmission in UAV-NOMA networks. When only one user requires secure transmission, we derive the hovering position for the UAV and the power allocation to meet rate threshold of the secure user while maximizing the sum rate of remaining users. This disrupts the eavesdropping towards the secure user effectively. When multiple users require secure transmission, we further take the advantage of beamforming via multiple antennas at the UAV to guarantee their secure transmission. Due to the non-convexity of this problem, we convert it into a convex one for an iterative solution by using the second order cone programming. Finally, simulation results are provided to show the effectiveness of the proposed scheme

A new approach to secure economic power dispatch

This article presents a new nonlinear convex network flow programming model and algorithm for solving the on-line economic power dispatch with N and N−1 security. Based on the load flow equations, a new nonlinear convex network flow model for secure economic power dispatch is set up and then transformed into a quadratic programming model, in which the search direction in the space of the flow variables is to be solved. The concept of maximum basis in a network flow graph was introduced so that the constrained quadratic programming model was changed into an unconstrained quadratic programming model which was then solved by the reduced gradient method. The proposed model and its algorithm were examined numerically with an IEEE 30-bus test system on an ALPHA 400 Model 610 machine. Satisfactory results were obtaine

If you won't pay them, buy them: Merger mania in distribution and content markets

Structural changes in TV markets are resulting in carriage disputes that have spread from the United States to Europe. A carriage dispute refers to a disagreement between a pay-TV operator and a broadcaster over the right to ‘carry’ a broadcaster’s channel. TV broadcasters are demanding ever increasing payments from pay-TV operators that complain about lower-profit margins due to spiralling programming costs. This article discusses vertical mergers between distributors and broadcasters as a possible way to reduce retransmission payments and to secure cheap and privileged access to programming in today’s hypercompetitive video markets