检索结果-内蒙古大学图书馆

International Conference on Distributed Computing Systems workshop

作者： Muhammad Hataba Reem Elkhouly Ahmed El-Mahdy Computer Science and Engineering Department Egypt-Japan University of Science and Technology (E-JUST) Alexandria Egypt

Information leakage via timing side-channel attacksis one of the main threats that target code executing on remoteplatforms such as the cloud computing environment. Theseattacks can be further leveraged to reverse-engineer or eventamper with the running code. In this paper, we propose asecurity obfuscation technique, which helps making the generatedcode more resistant to these attacks, by means of increasinglogical complexity to hinder the formulation of a solid hypothesisabout code behavior. More importantly, this software solutionis portable, generic and does not require special setup orhardware or software modifications. In particular, we considermangling the control-flow inside a program via converting arandom set of conditional branches into linear code, using ifconversiontransformation. Moreover, our method exploits thedynamic compilation technology to continually and randomlyalter the branches. All of this mangling should diversify codeexecution, hence it becomes difficult for an attacker to infertiming correlations through statistical analysis. We extend theLLVM JIT compiler to provide for an initial investigation of thisapproach. This makes our system applicable to a wide varietyof programming languages and hardware platforms. We havestudied the system using a simple test program and selectedbenchmarks from the standard SPEC CPU 2006 suite withdifferent input loads and experimental setups. Initial results showsignificant changes in program's control-flow and hence datadependences, resulting in noticeable different execution timeseven for the same input data, thereby complicating such *** notably, the performance penalty is within reasonablemargins.

关键词： Runtime security Hardware Program processors Optimization Cloud computing Benchmark testing

来源：评论

学校读者我要写书评

暂无评论

plas 2006 - Proceedings of the 2006 programming languages and analysis for security workshop

PLAS 2006 - Proceedings of the 2006 Programming Languages an...

引用

plas 2006 - 2006 programming languages and analysis for security workshop

ISBN: (纸本)1595933743

The proceedings contain 11 papers. The topics discussed include: Object capabilities for security;applying flow-sensitive CQUAL to verify MINIX authorization check placement;certified in-lined reference monitoring on .NET;combining type-based analysis and model checking for finding counterexamples against non-interference;precise alias analysis for static detection of web application vulnerabilities;specifying distributed trust management in LolliMon;a microkernel virtual machine: building security with clear interfaces;empirical relation between coupling and attackability in software systems: a case study on DOS;trusted declassification: high-level policy for a security-typed language;refactoring programs to secure information flows;and efficient type inference for secure information flow.

关键词： Computer programming languages

来源：评论

学校读者我要写书评

暂无评论

Conference on programming Language Design and Implementation - plas 2006: Proceedings of the 2006 programming languages and analysis for security workshop

Conference on Programming Language Design and Implementation...

引用

ACM SIGPLAN Conference on programming Language Design and Implementation, PLDI 2006 - plas 2006: 2006 programming languages and analysis for security workshop

ISBN: (纸本)1595933743

The proceedings contain 36 papers. The topics discussed include: optimizing memory transactions;compiler and runtime support for efficient software transactional memory;better extensibility through modular syntax;fast and flexible instruction selection with on-demand tree-parsing automata;a framework for unrestricted whole-program optimization;practical dynamic software updating for C;an experimental analysis of self-adjusting computation;shared memory programming for large scale machines;optimizing data permutations for SIMD devices;auto-vectorization of interleaved data for SIMD;pruning dynamic slices with confidence;context-sensitive domain-independent algorithm composition and selection;reducing NoC energy consumption through compiler-directed channel voltage scaling;a global progressive register allocator;and automatic instruction scheduler retargeting by reverse-engineering.

关键词： Computer programming languages

来源：评论

学校读者我要写书评

暂无评论

programming languages and program analysis for security : A three-year retrospective

Programming languages and program analysis for security : A ...

引用

作者： Pistoia, Marco Erlingsson, Úlfar IBM T. J. Watson Research Center United States Reykjavík University Iceland

Software security has been traditionally enforced at the level of operating systems. However, operating systems have become increasingly large and complex, and it is very difficult-if not impossible-to enforce software security solely through them. Moreover, operating-system security allows dealing primarily with access-control policies on resources such as files and network connections. However, attacks may happen at both lower and higher levels of abstraction, and may target the internal behavior of applications, such as today'sWeb-based applications. Therefore, defenses must offer protection at the level of applications. Languagebased security is the area of research that studies how to enforce application-level security using programminglanguage and program-analysis techniques. This area of research has become very active with the advent of Web applications. In 2006, the ACM SIGPLAN has introduced a new yearly forum entirely dedicated to the discussion of language-based-security research: programming languages and analysis for security (plas). This paper is a three-year survey of plas papers that discusses the progress made in the area of language-based security. © 2008 ACM.

关键词： Access control

来源：评论

学校读者我要写书评

暂无评论

Object-Oriented Technology: ECOOP 2006 workshop Reader ECOOP 2006 workshops

Object-Oriented Technology: ECOOP 2006 Workshop Reader ECOOP...

引用

ECOOP 2006 workshop Reader - 10th European Conference on Obiect-Oriented programming

ISBN: (纸本)9783540717720

The proceedings contain 15 papers. The topics discussed include: implementation, compilation, optimization of object-oriented languages, programs and systems;aspects, dependencies, and interactions;formal techniques for Java-like programs;program analysis for security and privacy;object-oriented reengineering;quantitative approaches in object-oriented software engineering;component-oriented programming;fractal component-based software engineering;object technology for ambient intelligence and pervasive computing: language constructs and infrastructures;parallel/high-performance object-oriented scientific computing today;and tenth workshop on pedagogies and tools for the teaching and learning of object oriented concepts.

关键词： Object oriented programming

来源：评论

学校读者我要写书评

暂无评论

An associate constraint network approach to extract multi-lingual information for crime analysis

引用

DECISION SUPPORT SYSTEMS 2007年第4期43卷 1348-1361页

作者： Yang, Christopher C. Li, Kar Wing Chinese Univ Hong Kong Dept Syst Engn & Engn Management Hong Kong Peoples R China City Univ Hong Kong Dept Informat Sci Hong Kong Peoples R China

International crime and terrorism have drawn increasing attention in recent years. Retrieving relevant information from criminal records and suspect communications is important in combating international crime and terrorism. However, most of this information is written in languages other than English and is stored in various locations. Information sharing between countries therefore presents the challenge of cross-lingual semantic interoperability. In this work, we propose a new approach - the associate constraint network - to generate a cross-lingual concept space from a parallel corpus, and benchmark it with a previously developed technique, the Hopfield network. The associate constraint network is a constraint programming based algorithm, and the problem of generating the cross-lingual concept space is formulated as a constraint satisfaction problem. Nodes and arcs in an associate constraint network represent extracted terms from parallel corpora and their associations. Constraints are defined for the nodes in the associate constraint network, and node consistency and network satisfaction are also defined. Backmarking is developed to search for a feasible solution. Our experimental results show that the associate constraint network outperforms the Hopfield network in precision, recall and efficiency. The cross-lingual concept space that is generated with this method can assist crime analysts to determine the relevance of criminals, crimes, locations and activities in multiple languages, which is information that is not available in traditional thesauri and dictionaries. (C) 2006 Elsevier B.V. All rights reserved.

关键词： cross-lingual concept space cross-lingual information retrieval associate constraint network constraint satisfaction problem crime analysis

来源：评论

学校读者我要写书评

暂无评论

Types for Proofs and Programs: International workshop, TYPES 2006 Revised Selected Papers

引用

International workshop on Types for Proofs and Programs, TYPES 2006

ISBN: (纸本)9783540744634

The proceedings contain 17 papers. The topics discussed include: crafting a proof assistant;crafting a proof assistant;on constructive cut admissibility in deduction modulo;fast reflexive arithmetic tactics the linear case and beyond;combining de Bruijn indices and higher-order abstract syntax in Coq;deciding equality in the constructor theory;a formalisation of a dependently typed language as an inductive-recursive family;truth values algebras and proof normalization;curry-style types for nominal terms;constructive type classes in Isabelle;a finite first-order theory of classes;coinductive correctness of homographic and quadratic algorithms for exact real numbers;using intersection types for cost-analysis of higher-order polymorphic functional programs;subset coercions in COQ;and a certified distributed security logic for authorizing code.

关键词： Computer programming languages

来源：评论

学校读者我要写书评

暂无评论

plas 2006 - Proceedings of the 2006 programming Language and analysis for security workshop: Foreword

PLAS 2006 - Proceedings of the 2006 Programming Languages an...

引用

plas 2006 - Proceedings of the 2006 programming languages and analysis for security workshop 2006年 2006卷 iii页

作者： Sreedhar, Vugranam Zdancewic, Steve IBM Research Japan University of Pennsylvania United States

No abstract available

关键词：

来源：评论

学校读者我要写书评

暂无评论

Refactoring programs to secure information flows

Refactoring programs to secure information flows

引用

plas 2006 - 2006 programming languages and analysis for security workshop

作者： Smith, Scott F. Thober, Mark Johns Hopkins University United States

ISBN: (纸本)1595933743

Adding a sound information flow security policy to an existing program is a difficult task that requires major analysis of and changes to the program. In this paper we show how refactoring programs into distinct components of high and low security is a useful methodology to aid in the production of programs with sound information flow policies. Our methodology proceeds as follows. Given a program with no information flow controls, a program slicer is used to identify code that depends on high security inputs. High security code so identified is then refactored into a separate component, which may be accessed by the low security component via public method calls. A security policy that labels input data and checks the output points can then enforce the desired end-to-end security property. Controlled information releases can occur at explicit declassification points if deemed safe. The result is a well-engineered program with explicit interfaces between components of different security levels. Copyright © 2006 ACM.

关键词： Computer programming languages

来源：评论

学校读者我要写书评

暂无评论

A microkernel virtual machine: Building security with clear interfaces

A microkernel virtual machine: Building security with clear ...

引用

plas 2006 - 2006 programming languages and analysis for security workshop

作者： Lu, Xiaoqi Smith, Scott F. Department of Computer Science Johns Hopkins University

ISBN: (纸本)1595933743

In this paper we propose a novel microkernel-based virtual machine (μKVM), a new code-based security framework with a simple and declarative security architecture. The main design goals of the μKVM are to put a clear, inviolable programming interface between different codebases or security components, and to limit the size of the trusted codebase in the spirit of a microkernel. security policies are enforced solely on the interface because all data must explicitly pass through the inviolable interface. The architecture of the μKVM effectively removes the need for expensive runtime stack inspection, and applies the principle of least privilege to both library and application code elegantly and efficiently. We have implemented a prototype of the proposed μKVM. A series of benchmarks show that the prototype preserves the original functionality of Java and compares favorably with the J2SDK performance-wise. Copyright © 2006 ACM.

关键词： security of data

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：