Issues Affecting Security Design Pattern Engineering

Security Design Patterns present the tried and tested design decisions made by security engineers within a well documented format. Patterns allow for complex security concepts, and mechanisms, to be expressed such that non domain experts can make use of them. Our research is concerned with the development of pattern languages for advanced crypto-systems. From our experience developing pattern languages we have encountered several recurring issues within security design pattern engineering. These issues, if not addressed, will affect the adoption of security design patterns. This paper describes these issues and discusses how they could be addressed

Strong mutation testing strategies

Mutation Testing (or Mutation Analysis) is a source code testing technique which analyses code by altering code components. The output from the altered code is compared with output from the original code. If they are identical then Mutation Testing has been successful in discerning a weakness in either the test code or the test data. A mutation test therefore helps the tester to develop a program devoid of simple faults with a well developed test data set. The confidence in both program and data set is then increased. Mutation Analysis is resource intensive. It requires program copies, with one altered component, to be created and executed. Consequently, it has been used mainly by academics analysing small programs. This thesis describes an experiment to apply Mutation Analysis to larger, multi-function test programs. Mutations, alterations to the code, are induced using a sequence derived from the code control flow graph. The detection rate of live mutants, programs whose output match the original, was plotted and compared against data generated from the standard technique of mutating in statement order. This experiment was repeated for different code components such as relational operators, conditional statement or pointer references. A test was considered efficient if the majority of live mutants was detected early in the test sequence. The investigations demonstrated that control flow driven mutation could improve the efficiency of a test. However, the experiments also indicated that concentrations of live mutants of a few functions or statements could effect the efficiency of a test. This conclusion lead to the proposal that mutation testing should be directed towards functions or statements containing groupings of the code component that give rise to the live mutants. This effectively forms a test focused onto particular functions or statements

Emergent requirements for supporting introductory programming

The problems associated with learning and teaching first year University Computer Science (CS1) programming classes are summarized showing that various support tools and techniques have been developed and evaluated. From this review of applicable support the paper derives ten requirements that a support tool should have in order to improve CS1 student success rate with respect to learning and understanding

Human visual based perception of steganographic images

In 2014 it was estimated that 1.8 billion images were uploaded daily to the Internet, and in 2018 it is estimated that 3.2 billion images are shared daily. Some of these uploaded images may contain hidden information that can potentially be malicious (e.g. an image that contains hidden information regarding terrorism recruitment) or may cause serious damage (e.g. an employee wishing to hide sensitive company details in an image file and exporting the image to third parties). This research studied the most effective methods in manipulating images to hide information (Data Loss). Significant work has been done on computational algorithmic detection. Yet the desired output from this work was to find the point at which a human can no longer visually establish the difference between an original image and a manipulated image. This research examines the extent of use for file formats, bit depth alterations, least significant bits, message and audio concealment and watermark and filtering techniques for image steganography. The findings of this study indicated that audio insertion and picture insertion into cover image files are the strongest in deceiving the human eye. These results have been categorised for human visual perception in image-based steganography.PostprintPeer reviewe

Issues affecting Security Design Pattern engineering

Security Design Patterns present the tried and tested design decisions made by security engineers within a well documented format. Patterns allow for complex security concepts, and mechanisms, to be expressed such that non domain experts can make use of them. Our research is concerned with the development of pattern languages for advanced crypto-systems. From our experience developing pattern languages we have encountered several recurring issues within security design pattern engineering. These issues, if not addressed, will affect the adoption of security design patterns. This paper describes these issues and discusses how they could be addressed.Publisher PD

Security pattern evaluation

Current Security Pattern evaluation techniques are demonstrated to be incomplete with respect to quantitative measurement and comparison. A proposal for a dynamic testbed system is presented as a potential mechanism for evaluating patterns within a constrained environment.Postprin

What's the PREMES behind your pattern?

Design patterns are supposed to be the well documented, tried and tested solutions to recurrent problems. Current evaluation techniques do not provide a demonstrable and holistic means to evaluate pattern quality. This paper introduces Pattern Report Cards an evaluation process for software design patterns that is demonstrable, measurable, and reproducible. A set of quality indicators for determining pattern quality has been identified, and a set of qualitative and quantitative evaluation techniques assembled to determine the quality of adherence to these indicators. Further, management and execution of the evaluation process is controlled by the PREMES framework. This framework describes a management cycle that facilitates the construction of bespoke evaluation systems for design patterns. Process tailoring is achieved by providing guidance over the selection and construction of the techniques used to assess pattern quality. Use of these techniques will help bolster existing evaluation processes, and lead to the improvement of design pattern evaluation techniques.Postprin

A novel method to prevent phishing by using OCR technology

Phishing is one of the most common attacks in the world, especially with the increasing usage of mobile platforms and e-commerce. Although many users are weary of phishing attacks from suspicious paths in the URL address, phishing still accounts for a large proportion of all of malicious attacks as it is easy to deploy. Most browser vendors mainly adopt two approaches against phishing; the blacklist and the heuristic-based. However, both have related limitations. In this paper, a novel method was proposed to protect against phishing attacks. By using image recognition (OCR) technology, phishing attacks can be distinguished from the actual website by reading the logos on the website and comparing with the site URL. An easy to implement prototype demonstrated a high accuracy of detection in the experimental trials.Postprin

Improving visual representations of code

This work was done in 1997 at the Centre for Software Maintenance at the University of DurhamThe contents of this paper describe the work carried out by the Visual Research Group in the Centre for Software Maintenance at the University of Durham.Publisher PD

KDD 1999 generation faults : a review and analysis

DARPA 1998 was one of the first Intrusion Detection datasets that was made publicly available. The KDD 1999 dataset was derived from DARPA 1998 to be used by researchers in developing machine learning (ML), classification and clustering algorithms with a security focus. DARPA 1998 has been criticised in literature due to raised concerns of problems in the dataset. Many researchers have accused KDD 1999 of having similar concerns but insufficient published evidence has been found. In this paper, we review the KDD 1999 generation process and present new proofs of existing inconsistencies in KDD 1999. We then present the process used to link some of the KDD 1999 (TELNET) records back to their origins in DARPA 1998 and discuss the interesting results and findings of this experiment.PostprintPeer reviewe