689 research outputs found

    A Guided Web Service Security Testing Method

    Get PDF

    Stateful web service robustness

    Get PDF
    Web Services fall under the so-called emerging technologies category and are getting more and more used for Internet applications or business transactions. Since web services are often the foundation of large applications, they need to be reliable and robust. So, we propose in this paper, a robustness testing method of stateful web services, modeled with STS (Symbolic Transition Systems). We analyze the web service observability and the hazard effectiveness in a SOAP environment. Then, we propose a test case generation method based on the two hazards "Using unusual values" and "Replacing /Adding operation names", which are the only ones which can be applied. The Amazon E-commerce web service is taken as example

    APSET, an Android aPplication SEcurity Testing tool for detecting intent-based vulnerabilities.

    Get PDF
    International audienceThe Android messaging system, called in- tent, is a mechanism that ties components together to build applications for smartphones. Intents are kinds of messages composed of actions and data, sent by a com- ponent to another component to perform several opera- tions, e.g., launching a user interface. The intent mech- anism o er a lot of exibility for developing Android applications, but it might also be used as an entry point for security attacks. The latter can be easily sent with intents to components, that can indirectly forward at- tacks to other components and so on. In this context, this paper proposes APSET, a tool for Android aPplication SEcurity Testing, which aims at detecting intent-based vulnerabilities. It takes as inputs Android applications and intent-based vulnerabilities formally expressed with models called vulnerability patterns. Then, and this is the originality of our approach, class diagrams and par- tial speci cations are automatically generated from ap- plications with algorithms re ecting some knowledge of the Android documentation. These partial speci cations avoid false positives and re ne the test result with spe- cial verdicts notifying that a component is not compli- ant to its speci cation. Furthermore, we propose a test case execution framework which supports the receipt of any exception, the detection of application crashes, and provides a nal XML test report detailing the test case verdicts. The vulnerability detection e ectiveness of APSET is evaluated with experimentations on randomly chosen Android applications of the Android Market

    Measurement of differential cross sections for top quark pair production using the lepton plus jets final state in proton-proton collisions at 13 TeV

    Get PDF
    National Science Foundation (U.S.

    Particle-flow reconstruction and global event description with the CMS detector

    Get PDF
    The CMS apparatus was identified, a few years before the start of the LHC operation at CERN, to feature properties well suited to particle-flow (PF) reconstruction: a highly-segmented tracker, a fine-grained electromagnetic calorimeter, a hermetic hadron calorimeter, a strong magnetic field, and an excellent muon spectrometer. A fully-fledged PF reconstruction algorithm tuned to the CMS detector was therefore developed and has been consistently used in physics analyses for the first time at a hadron collider. For each collision, the comprehensive list of final-state particles identified and reconstructed by the algorithm provides a global event description that leads to unprecedented CMS performance for jet and hadronic tau decay reconstruction, missing transverse momentum determination, and electron and muon identification. This approach also allows particles from pileup interactions to be identified and enables efficient pileup mitigation methods. The data collected by CMS at a centre-of-mass energy of 8 TeV show excellent agreement with the simulation and confirm the superior PF performance at least up to an average of 20 pileup interactions

    Search for heavy resonances decaying to a top quark and a bottom quark in the lepton+jets final state in proton–proton collisions at 13 TeV

    Get PDF
    info:eu-repo/semantics/publishe

    Evidence for the Higgs boson decay to a bottom quark–antiquark pair

    Get PDF
    info:eu-repo/semantics/publishe

    Identification of heavy-flavour jets with the CMS detector in pp collisions at 13 TeV

    Get PDF
    Many measurements and searches for physics beyond the standard model at the LHC rely on the efficient identification of heavy-flavour jets, i.e. jets originating from bottom or charm quarks. In this paper, the discriminating variables and the algorithms used for heavy-flavour jet identification during the first years of operation of the CMS experiment in proton-proton collisions at a centre-of-mass energy of 13 TeV, are presented. Heavy-flavour jet identification algorithms have been improved compared to those used previously at centre-of-mass energies of 7 and 8 TeV. For jets with transverse momenta in the range expected in simulated tt\mathrm{t}\overline{\mathrm{t}} events, these new developments result in an efficiency of 68% for the correct identification of a b jet for a probability of 1% of misidentifying a light-flavour jet. The improvement in relative efficiency at this misidentification probability is about 15%, compared to previous CMS algorithms. In addition, for the first time algorithms have been developed to identify jets containing two b hadrons in Lorentz-boosted event topologies, as well as to tag c jets. The large data sample recorded in 2016 at a centre-of-mass energy of 13 TeV has also allowed the development of new methods to measure the efficiency and misidentification probability of heavy-flavour jet identification algorithms. The heavy-flavour jet identification efficiency is measured with a precision of a few per cent at moderate jet transverse momenta (between 30 and 300 GeV) and about 5% at the highest jet transverse momenta (between 500 and 1000 GeV)

    Pseudorapidity and transverse momentum dependence of flow harmonics in pPb and PbPb collisions

    Get PDF
    info:eu-repo/semantics/publishe

    Optimasi Portofolio Resiko Menggunakan Model Markowitz MVO Dikaitkan dengan Keterbatasan Manusia dalam Memprediksi Masa Depan dalam Perspektif Al-Qur`an

    Full text link
    Risk portfolio on modern finance has become increasingly technical, requiring the use of sophisticated mathematical tools in both research and practice. Since companies cannot insure themselves completely against risk, as human incompetence in predicting the future precisely that written in Al-Quran surah Luqman verse 34, they have to manage it to yield an optimal portfolio. The objective here is to minimize the variance among all portfolios, or alternatively, to maximize expected return among all portfolios that has at least a certain expected return. Furthermore, this study focuses on optimizing risk portfolio so called Markowitz MVO (Mean-Variance Optimization). Some theoretical frameworks for analysis are arithmetic mean, geometric mean, variance, covariance, linear programming, and quadratic programming. Moreover, finding a minimum variance portfolio produces a convex quadratic programming, that is minimizing the objective function ðð¥with constraintsð ð 𥠥 ðandð´ð¥ = ð. The outcome of this research is the solution of optimal risk portofolio in some investments that could be finished smoothly using MATLAB R2007b software together with its graphic analysis
    corecore