148 research outputs found
Ernst Denert Award for Software Engineering 2019
This open access book provides an overview of the dissertations of the five nominees for the Ernst Denert Award for Software Engineering in 2019. The prize, kindly sponsored by the Gerlind & Ernst Denert Stiftung, is awarded for excellent work within the discipline of Software Engineering, which includes methods, tools and procedures for better and efficient development of high quality software. An essential requirement for the nominated work is its applicability and usability in industrial practice. The book contains five papers describing the works by Sebastian Baltes (U Trier) on Software Developers’Work Habits and Expertise, Timo Greifenberg’s thesis on Artefaktbasierte Analyse modellgetriebener Softwareentwicklungsprojekte, Marco Konersmann’s (U Duisburg-Essen) work on Explicitly Integrated Architecture, Marija Selakovic’s (TU Darmstadt) research about Actionable Program Analyses for Improving Software Performance, and Johannes Späth’s (Paderborn U) thesis on Synchronized Pushdown Systems for Pointer and Data-Flow Analysis – which actually won the award. The chapters describe key findings of the respective works, show their relevance and applicability to practice and industrial software engineering projects, and provide additional information and findings that have only been discovered afterwards, e.g. when applying the results in industry. This way, the book is not only interesting to other researchers, but also to industrial software professionals who would like to learn about the application of state-of-the-art methods in their daily work
Extended Substitution Cipher Chaining mode (ESCC)
In this paper, we present a new tweakable narrow-block mode of operation, the Extended Substitution Cipher Chaining mode (ESCC), that can be efficiently deployed in disk encryption applications. ESCC is an extention of Substitution Cipher Chaining mode (SCC)~\cite{scc}. Unlike SCC, ESCC is resistant to the attacks in~\cite{scc_attack,scc_attack2}
The M3dcrypt Password Hashing Function
M3dcrypt is a password hashing function built around the Advanced
Encryption Standard (AES) algorithm and the arcfour pseudorandom
function. It uses up to 256-bit pseudorandom salt values and supports
48-byte passwords
Countering Code Injection Attacks With Instruction Set Randomization
We describe a new, general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoff's principle, by creating process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key to the randomization algorithm will inject code that is invalid for that randomized processor, causing a runtime exception. To determine the difficulty of integrating support for the proposed mechanism in the operating system, we modified the Linux kernel, the GNU binutils tools, and the bochs-x86 emulator. Although the performance penalty is significant, our prototype demonstrates the feasibility of the approach, and should be directly usable on a suitable-modified processor (e.g., the Transmeta Crusoe).Our approach is equally applicable against code-injecting attacks in scripting and interpreted languages, e.g., web-based SQL injection. We demonstrate this by modifying the Perl interpreter to permit randomized script execution. The performance penalty in this case is minimal. Where our proposed approach is feasible (i.e., in an emulated environment, in the presence of programmable or specialized hardware, or in interpreted languages), it can serve as a low-overhead protection mechanism, and can easily complement other mechanisms
Processamento analÃtico seguro
Dissertação de mestrado integrado em Engenharia InformáticaHoje em dia é cada vez mais comum recorrermos a múltiplas aplicações e serviços online
para gerir o nosso quotidiano, levando à produção de grandes quantidades de informação.
Simultaneamente, as empresas que fornecem estes serviços geram e analisam quantidades
massivas de informação e metadados com o objetivo de melhorar os interesses dos seus
utilizadores e a sua competitividade económica. Contudo, torna-se cada vez mais difÃcil
armazenar e processar eficientemente esta enorme quantidade informação. De facto, segundo
a IDC, no segundo trimestre de 2016 foram vendidos 34.7 mil milhões de gigabytes de
armazenamento. Este desafio tem desencadeado diversas contribuições em campos como
machine learning e processamento analÃtico de dados.
Atualmente, existem duas opções para as empresas que querem tirar partido do armazenamento
e processamento de dados: adquirir e administrar uma infraestrutura privada,
assumindo a gestão interna da informação, ou recorrer a serviços de computação na nuvem.
A primeira opção pode não ser a ideal devido aos elevados custos de aquisição e
administração de uma infraestrutura e serviços privados. De forma a evitar este tipo de
problemas, a opção de recorrer a serviços de computação na nuvem torna-se bastante atrativa
devido à sua flexibilidade de armazenamento e poder computacional. Contudo, com o uso
deste tipo de serviços, o controlo dos dados passa para terceiros podendo levar a falhas
de segurança e de privacidade, tal como foi o caso do ataque à iCloud em que foi revelado
conteúdo privado dos seus clientes.
Assim, de forma a resolver estas limitações, esta dissertação tem como principal objetivo
estudar e desenvolver novos mecanismos que permitam o processamento analÃtico seguro de
informação. Em detalhe, são apresentadas as seguintes contribuições: um estudo do estado
da arte dos sistemas de processamento analÃtico seguro, bem como as técnicas criptográficas
suportadas por estes. Uma nova plataforma modular e flexÃvel de processamento analÃtico
seguro denominada SafeAnalytics. Um protótipo desta plataforma que integra os sistemas
SafeNoSQL, um sistema que permite armazenamento e processamento seguro de informação
em infraestruturas não confiáveis, e Apache Spark, um sistema de processamento analÃtico. E,
por fim, uma avaliação do protótipo recorrendo a cargas de trabalho realistas que mostra
que é possÃvel alavancar as garantias de segurança do SafeAnalytics com um impacto no
desempenho inferior a 20%, quando comparado com soluções atuais que não contemplam
garantias de confidencialidade de dados.Nowadays, users resort to multiple online applications and services to improve their lives,
leading to the generation and processing of a large amounts of information. Simultaneously,
enterprises that provide these applications and services generate and analyze massive
amounts of both structured and unstructured data in order to increase the quality of service
to the end-user and improve the enterprises economic competitiveness. However, new
challenges emerge with the high processing and storage demands. In fact, according to IDC,
34.7 billion gigabytes of storage were sold in the second quarter of 2016. The challenges
have motivated the scientific community to focus on several research fields such as machine
learning, and analytics.
Currently, companies that want to leverage big data storage and analytics, can follow two
different options: (i) acquire and manage a private infrastructure, being also responsible for
the internal information management; (ii) resort to cloud computing services. The first option
may not be sustainable, in many cases, due to the high costs that a private infrastructure
imposes, from the equipment to the manpower necessary to maintain it. In order to
avoid such problems, companies can instead resort to cloud computing services, which
provide a elastic and pay-as-you-go model for storage and computing power. However, this
computational shift causes data control to be migrated to a third party (the cloud providers),
leading to several security and privacy vulnerabilities (e.g., The iCloud attack that revealed
the private content of its clients).
Thus, in order to solve these constraints, this dissertation main goals are to study and
develop new mechanisms that allow secure analytical processing of information. In detail,
the following contributions are presented: a state-of-the-art study of secure analytical
systems, as well as the cryptographic techniques supported by them. A new modular
and flexible platform, SafeAnalytics, that integrates SafeNoSQL, a system that allows secure
storage and processing of information in untrusted infrastructures, and Apache Spark, an
analytical processing system. And, finally, a prototype evaluation using realistic workloads
that shows that it is possible to leverage SafeAnalytics security guarantees while having a
performance impact inferior to 20% compared to current solutions that not provide data
confidentiality guarantees
Computer Aided Verification
This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications
Cyber-security for embedded systems: methodologies, techniques and tools
L'abstract è presente nell'allegato / the abstract is in the attachmen
Law and Policy for the Quantum Age
Law and Policy for the Quantum Age is for readers interested in the political and business strategies underlying quantum sensing, computing, and communication. This work explains how these quantum technologies work, future national defense and legal landscapes for nations interested in strategic advantage, and paths to profit for companies
- …