標(biāo)題: Titlebook: Engineering Secure Software and Systems; 7th International Sy Frank Piessens,Juan Caballero,Nataliia Bielova Conference proceedings 2015 Sp [打印本頁] 作者: False-Negative 時間: 2025-3-21 16:28
書目名稱Engineering Secure Software and Systems影響因子(影響力)
書目名稱Engineering Secure Software and Systems影響因子(影響力)學(xué)科排名
書目名稱Engineering Secure Software and Systems網(wǎng)絡(luò)公開度
書目名稱Engineering Secure Software and Systems網(wǎng)絡(luò)公開度學(xué)科排名
書目名稱Engineering Secure Software and Systems被引頻次
書目名稱Engineering Secure Software and Systems被引頻次學(xué)科排名
書目名稱Engineering Secure Software and Systems年度引用
書目名稱Engineering Secure Software and Systems年度引用學(xué)科排名
書目名稱Engineering Secure Software and Systems讀者反饋
書目名稱Engineering Secure Software and Systems讀者反饋學(xué)科排名
作者: AGATE 時間: 2025-3-21 22:04 作者: Lyme-disease 時間: 2025-3-22 03:09
Idea: Unwinding Based Model-Checking and Testing for Non-Interference on EFSMsecifications are secure, unwanted flows can still be present in implementations. In this paper we present a model-based technique to discover unwanted information flows in specifications and to test systems for unwanted flows. We base our approach on an unwinding relation for Extended Finite State M作者: Agronomy 時間: 2025-3-22 05:57 作者: oracle 時間: 2025-3-22 09:05
Are Your Training Datasets Yet Relevant?tion scheme. Typically, we show that simply picking a random set of known malware to train a malware detector, as it is done in many assessment scenarios from the literature, yields . results. In the process of assessing the extent of this impact through various experiments, we were also able to con作者: 存心 時間: 2025-3-22 16:24
Learning How to Prevent Return-Oriented Programming Efficientlyposed in research often lack . for real-life deployment..In this paper, we take a novel, statistical approach on detecting ROP programs. Our approach is based on the observation that ROP programs, when executed, produce different micro-architectural events than ordinary programs produced by compiler作者: 存心 時間: 2025-3-22 20:00
Re-thinking Kernelized MLS Database Architectures in the Context of Cloud-Scale Data Storesonal properties and global integrity properties for schema-less, cloud-scale data stores are significantly relaxed in comparison to relational databases. This is a new and interesting setting for mandatory access control policies, and has been unexplored in prior research. We describe the design and作者: 饒舌的人 時間: 2025-3-22 22:12
Idea: Optimising Multi-Cloud Deployments with Security Controls as Constraintsferent CSP, instead of within a single CSP. Selecting the right set of CSP for a deployment then becomes a key step in the deployment process. This paper argues that deployment should take security into account when selecting CSP. This paper makes two contributions in this direction. First the paper作者: 高原 時間: 2025-3-23 04:41 作者: originality 時間: 2025-3-23 09:06 作者: 瘙癢 時間: 2025-3-23 11:53
The Heavy Tails of Vulnerability Exploitation. Our analysis comprises 374 exploited vulnerabilities for a total of 75.7 Million recorded attacks spanning three years (2009-2012). We find that for some software as little as 5% of exploited vulnerabilities is responsible for about 95% of the attacks against that platform. This strongly skewed di作者: d-limonene 時間: 2025-3-23 15:03
Idea: Benchmarking Indistinguishability Obfuscation – A Candidate Implementationl. [1]. We show how different parameters of the input circuits impact the performance and the size of the obfuscated programs. On the negative side, our benchmarks show that for the time being the algorithm is far away from being practical. On the positive side, there is still much room for improvem作者: TAG 時間: 2025-3-23 19:05
A Security Ontology for Security Requirements Elicitationtation. Early analysis of security makes it possible to predict threats and their impacts and define adequate security requirements before the system is in place. Security requirements are difficult to elicit, analyze, and manage. The fact that analysts’ knowledge about security is often tacit makes作者: 補充 時間: 2025-3-23 23:25
Producing Hook Placements to Enforce Expected Access Control Policiestions on those resources. Manual hook placements by programmers are often incomplete or incorrect, leading to insecure programs. We advocate an approach that automatically identifies the set of locations to place authorization hooks that mediates all security-sensitive operations in order to enforce作者: Arteriography 時間: 2025-3-24 02:50 作者: 宣誓書 時間: 2025-3-24 08:45 作者: BLA 時間: 2025-3-24 12:05
Idea: State-Continuous Transfer of State in Protected-Module Architecturesle exists that executes without interruption when it is transferred from one machine to another. In practice however an attacker may (i) crash the system at any point in time (i.e., a crash attack), (ii) present the system with a stale state (i.e., a rollback attack), or (iii) trick both machines to作者: 規(guī)章 時間: 2025-3-24 16:30
OMEN: Faster Password Guessing Using an Ordered Markov Enumerator the Ripper, which implements the password indexing function by Narayanan and Shmatikov. OMEN guesses more than 40% of passwords correctly with the first 90 million guesses, while JtR-Markov (for .?=?1 billion) needs at least eight times as many guesses to reach the same goal, and OMEN guesses more 作者: V切開 時間: 2025-3-24 20:41
The Heavy Tails of Vulnerability Exploitationr data collection from the security community may be needed. Finally, we present and discuss the . as a possible explanation for the heavy-tailed distributions we find in the data, and present examples of its effects for Apple Quicktime and Microsoft Internet Explorer vulnerabilities.作者: OPINE 時間: 2025-3-25 00:53
A Security Ontology for Security Requirements Elicitationts have been proposed in the literature. None of them stands out as complete. This paper presents a core and generic security ontology for security requirements engineering. Its core and generic status is attained thanks to its coverage of wide and high-level security concepts and relationships. We 作者: 無法治愈 時間: 2025-3-25 04:43
Producing Hook Placements to Enforce Expected Access Control Policiessatisfies constraints that describe desirable access control policies. These . reduce the space of enforceable access control policies; i.e., those policies that can be enforced given a hook placement that satisfies the constraints. We have built a tool that implements this authorization hook placem作者: Truculent 時間: 2025-3-25 07:39 作者: 確認(rèn) 時間: 2025-3-25 13:00
The Difficult Flowering of Surinamle exists that executes without interruption when it is transferred from one machine to another. In practice however an attacker may (i) crash the system at any point in time (i.e., a crash attack), (ii) present the system with a stale state (i.e., a rollback attack), or (iii) trick both machines to作者: 梯田 時間: 2025-3-25 19:20
The Digital Afterlives of Jane Austen the Ripper, which implements the password indexing function by Narayanan and Shmatikov. OMEN guesses more than 40% of passwords correctly with the first 90 million guesses, while JtR-Markov (for .?=?1 billion) needs at least eight times as many guesses to reach the same goal, and OMEN guesses more 作者: faddish 時間: 2025-3-25 22:03 作者: arterioles 時間: 2025-3-26 01:34 作者: negotiable 時間: 2025-3-26 04:34 作者: 倔強不能 時間: 2025-3-26 10:53 作者: habile 時間: 2025-3-26 13:02
https://doi.org/10.1007/978-3-319-26047-1. Despite its critical importance, however, the access control system implemented in Liferay is poorly documented and lacks automated tools to assist portal administrators in configuring it correctly. To make matters worse, although strongly based on the RBAC model and named around it, the access co作者: 勉勵 時間: 2025-3-26 20:45
Marco Frigessi di Rattalma,Gabriella Perottihat limited range, requiring the deployment of many charging stations. To effectively deliver electricity to vehicles and guarantee payment, a protocol was developed as part of the ISO 15118 standardization effort. A privacy-preserving variant of this protocol, POPCORN, has been proposed in recent w作者: 背叛者 時間: 2025-3-26 21:13
Role of Rigid Video Laryngoscopy,ecifications are secure, unwanted flows can still be present in implementations. In this paper we present a model-based technique to discover unwanted information flows in specifications and to test systems for unwanted flows. We base our approach on an unwinding relation for Extended Finite State M作者: 滑稽 時間: 2025-3-27 03:32 作者: ENACT 時間: 2025-3-27 08:08 作者: 切碎 時間: 2025-3-27 12:18
posed in research often lack . for real-life deployment..In this paper, we take a novel, statistical approach on detecting ROP programs. Our approach is based on the observation that ROP programs, when executed, produce different micro-architectural events than ordinary programs produced by compiler作者: 單調(diào)女 時間: 2025-3-27 15:18 作者: 圍裙 時間: 2025-3-27 21:35 作者: 蠟燭 時間: 2025-3-27 23:33
Abdominal Distension and Bloatingvices or infrastructure offered by a single provider, the same can be achieved by an aggregation of a multitude of .. Even though the contribution of an individual mini provider in an inverted cloud can be limited, the combination would nevertheless be significant. We propose an architecture for an 作者: 有法律效應(yīng) 時間: 2025-3-28 05:57 作者: 退潮 時間: 2025-3-28 09:14
Virtual Diasporas and Cyberspace,. Our analysis comprises 374 exploited vulnerabilities for a total of 75.7 Million recorded attacks spanning three years (2009-2012). We find that for some software as little as 5% of exploited vulnerabilities is responsible for about 95% of the attacks against that platform. This strongly skewed di作者: DAMP 時間: 2025-3-28 12:03 作者: Glucose 時間: 2025-3-28 16:58 作者: multiply 時間: 2025-3-28 20:56 作者: 多產(chǎn)子 時間: 2025-3-29 01:48 作者: Control-Group 時間: 2025-3-29 06:58
https://doi.org/10.1007/978-3-658-45553-8as operating systems or database management systems, more advanced concepts like history-based separation of duty are not. In this work, we present an approach that validates advanced organizational RBAC policies using a model-based approach against the technical realization applied within a databas作者: Ganglion 時間: 2025-3-29 09:46 作者: 粘連 時間: 2025-3-29 12:50
Conference proceedings 2015n, Italy, in March 2015. The 11 full papers presented together with 5 short papers were carefully reviewed and selected from 41 submissions. The symposium features the following topics: formal methods; cloud passwords; machine learning; measurements ontologies; and access control.作者: 干旱 時間: 2025-3-29 15:37
https://doi.org/10.1007/978-3-319-15618-7model checking for security; secure architecture and design; security requirements and policies; securi作者: SPALL 時間: 2025-3-29 21:07 作者: 多產(chǎn)魚 時間: 2025-3-29 23:53
Engineering Secure Software and Systems978-3-319-15618-7Series ISSN 0302-9743 Series E-ISSN 1611-3349 作者: Odyssey 時間: 2025-3-30 07:05
Idea: Unwinding Based Model-Checking and Testing for Non-Interference on EFSMs information flows in specifications and to test systems for unwanted flows. We base our approach on an unwinding relation for Extended Finite State Machines. We preliminary validate our approach by means of an implementation that allows us to benchmark the efficiency of our model-checking algorithm.作者: fledged 時間: 2025-3-30 11:40 作者: ALTER 時間: 2025-3-30 15:45 作者: 上釉彩 時間: 2025-3-30 16:35 作者: 搬運工 時間: 2025-3-30 22:53
The Difficult Dermatologic Condition,firm a number of intuitive assumptions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild.作者: Flatter 時間: 2025-3-31 02:44
https://doi.org/10.1007/978-3-658-45553-8e. This allows a security officer to examine the correct implementation – possibly across multiple applications – of more powerful policies on the database level. We achieve this by monitoring the current state of a database in a UML/OCL validation tool. We assess the applicability of the approach by a non-trivial feasibility study.作者: LAVE 時間: 2025-3-31 06:43 作者: 雄辯 時間: 2025-3-31 10:40
Mitchel S. Hoffman,William N. Spellacychitectural approach for highassurance; it enforces a lattice-based mandatory information flow policy, without any additional trusted components.We highlight several promising avenues for practical systems research in secure, distributed architectures implementing mandatory policies using Java-based untrusted subjects.作者: cleaver 時間: 2025-3-31 13:22
Formal Verification of Privacy Properties in Electric Vehicle Chargingn of privacy properties of the protocol. We provide a formal model of the expected privacy properties in the applied Pi-Calculus and use ProVerif to check them. We identify weaknesses in the protocol and suggest improvements to address them.作者: dominant 時間: 2025-3-31 17:57 作者: Cardiac-Output 時間: 2025-4-1 01:13 作者: 緯度 時間: 2025-4-1 02:12
https://doi.org/10.1007/978-3-319-26047-1he soundness and the completeness of the analysis. We then present a tool, called .RBAC, which implements our theory to verify the security of real Liferay portals. We show that the tool is effective at proving the absence of security flaws, while efficient enough to be of practical use.作者: Fallibility 時間: 2025-4-1 06:52
on real-world programs and attacks shows that the runtime overhead of this technique and the number false positives are very low, while preventing all known types of ROP attacks, including recently developed evasion techniques.
