We introduce MIG-L, a declarative language for the specification of security tests, and MIG-T, a testing tool, for identity management solutions based on SAML and OAuth/OpenID Connect. We verify compliance with best c...
详细信息
We introduce MIG-L, a declarative language for the specification of security tests, and MIG-T, a testing tool, for identity management solutions based on SAML and OAuth/OpenID Connect. We verify compliance with best current practices and detect known vulnerabilities.
In order to gain a competitive edge in the banking industry, direct face-to-face interactions between customers and banks are being gradually replaced by virtual interactions. Instead, they communicate using electroni...
详细信息
In order to gain a competitive edge in the banking industry, direct face-to-face interactions between customers and banks are being gradually replaced by virtual interactions. Instead, they communicate using electronic devices such as smartphones, tablets, and web applications. Transaction banking, which provides commercial services for banking products to small, medium, and large corporations, is a highly typical work unit in banking. Shipping and international payments, risk management for international trade, and other services are provided. We use the Service Oriented Modelling Architecture (SOMA) methodology to solve the problem of the transaction banking unit by relocating it from a system with general dependencies to a system that is independent of the entire service and operates on a small function scale. The study found that a decision as a service (DAAS) model with an Enterprise Service Bus (ESB), Business Process Management (BPM), and Business Rule Management (BRM) solution can provide guidelines for the design of decision rules pertaining to integrated or separate business modeling, thereby aiding business unit delivery.
Malware detection is an effective way to prevent the intrusion of malware into computer systems, and the API-based dynamic analysis method can effectively detect obfuscated and packaged malware. However, existing meth...
详细信息
Malware detection is an effective way to prevent the intrusion of malware into computer systems, and the API-based dynamic analysis method can effectively detect obfuscated and packaged malware. However, existing methods still suffer from limited detection accuracy and weak generalization. To address this issue, this paper presents a gradient attack-based malware dynamic analysis method. Through exerting adversarial noise into the embedding layer, the malware detection model can learn more robust representations of API sequences during training, achieving broader coverage of sample representations. The strategy of normalizing attack noise and recovering attacked representation is designed, which controls the strength of the gradient attack within a reasonable range and prevents a negative impact on the model's detection performance. The proposed method can be applied to existing API-based malware detection models to enhance their detection performance, indicating the strong generality of the proposed method. Experimental results on two benchmark datasets (i.e., Aliyun and Catak) demonstrate the effectiveness of the proposed gradient attack method, which further improves the detection performance of the mainstream API-based models, with an average accuracy increase of 2.80% and 3.66% on these two datasets, respectively.
We examine the use of the Java exception types in the Android platform's applicationprogramming Interface (API) reference documentation and their impact on the stability of Android applications. We develop a meth...
详细信息
We examine the use of the Java exception types in the Android platform's applicationprogramming Interface (API) reference documentation and their impact on the stability of Android applications. We develop a method that automatically assesses an API's quality regarding the exceptions listed in the API's documentation. We statically analyze ten versions of the Android platform's API (14-23) and 3539 Android applications to determine inconsistencies between exceptions that analysis can find in the source code and exceptions that are documented. We cross-check the analysis of the Android platform's API and applications with crash data from 901,274 application execution failures (crashes). We discover that almost 10% of the undocumented exceptions that static analysis can find in the Android platform's API source code manifest themselves in crashes. Additionally, we observe that 38% of the undocumented exceptions that developers use in their client applications to handle API methods also manifest themselves in crashes. These findings argue for documenting known might-thrown exceptions that lead to execution failures. However, a randomized controlled trial we run shows that relevant documentation improvements are ineffective and that making such exceptions checked is a more effective way for improving applications' stability. (C) 2018 Elsevier Inc. All rights reserved.
Parallel computers are increasingly being used to run large-scale applications that also have huge input/output (I/O) requirements. However, many applications obtain poor I/O performance on modem parallel machines. Th...
详细信息
Parallel computers are increasingly being used to run large-scale applications that also have huge input/output (I/O) requirements. However, many applications obtain poor I/O performance on modem parallel machines. This two-part special issue of the International Journal of High Performance Computing applications contains papers that describe the I/O requirements and the techniques used to perform I/O in real parallel applications. The authors first explain how the I/O application program interface (API) plays a critical role in enabling such applications to achieve high I/O performance. They describe how the commonly used UNIX I/O interface is inappropriate for parallel I/O and how an explicitly parallel API with support for collective I/O can help the underlying I/O hardware and software perform I/O efficiently. They then describe MPI-IO, a recently defined, standard, portable API specifically designed for high performance parallel I/O. They conclude with an overview of the papers in Part 1 and Part 2 of this special issue.
We characterize the class $CG(s)$ of matrices A for which the linear system $A{\bf x} = {\bf b}$ can be solved by an s-term conjugate gradient method. We show that, except for a few anomalies, the class $CG(s)$ consis...
详细信息
We characterize the class $CG(s)$ of matrices A for which the linear system $A{\bf x} = {\bf b}$ can be solved by an s-term conjugate gradient method. We show that, except for a few anomalies, the class $CG(s)$ consists of matrices A for which conjugate gradient methods are already known. These matrices are the Hermitian matrices, $A^ *= A$, and the matrices of the form $Ae^{i\theta} (dI + B)$, with $B^ *= - B$.
Clusters of symmetric shared memory multiprocessors (SMPs) are fast becoming a highly available platform for parallel computing. There is a need for a uniform programming paradigm that allows users to transparently ex...
详细信息
Clusters of symmetric shared memory multiprocessors (SMPs) are fast becoming a highly available platform for parallel computing. There is a need for a uniform programming paradigm that allows users to transparently extend parallelism across multiple SMP nodes. A shared memory paradigm leverages the available hardware to handle sharing within an SMP, in addition to providing programming ease. Software distributed shared memory systems support the illusion of shared memory across the cluster via a software runtime layer between the application and the hardware. This approach can potentially provide a cost-effective alternative to larger hardware shared memory systems for executing certain classes of workloads. We describe here one such system and discuss its interface, performance and portability through an example real-world application from the scientific domain.
With the introduction of Web Real-Time Communications (WebRTC), both Web technology and RTC have entered a new era. WebRTC is a joint effort of the W3C and IETF, supported by a large industry consortium. The technolog...
详细信息
With the introduction of Web Real-Time Communications (WebRTC), both Web technology and RTC have entered a new era. WebRTC is a joint effort of the W3C and IETF, supported by a large industry consortium. The technology offers real-time, peer-to-peer communication capabilities directly in the user's browser, accessible to websites via JavaScript APIs. Because of the numerous potential applications and the accessibility of the technology, WebRTC is expected to quickly become a game-changing technology in the communication landscape.
Performance monitor (PM) support in on-chip PowerPC(R) microprocessors is used to analyze processor, software, and system attributes for a variety of workloads. The interface to the PowerPC 604(R) microprocessor, whic...
详细信息
Performance monitor (PM) support in on-chip PowerPC(R) microprocessors is used to analyze processor, software, and system attributes for a variety of workloads. The interface to the PowerPC 604(R) microprocessor, which we abbreviate ''604,'' has been externalized to end users. We discuss the enhanced PM support available in an upgrade of the 604, the PowerPC 604e(TM) microprocessor, which we abbreviate ''604e.'' We discuss the challenges related to the externalization of the PM support as it relates to other PowerPC processors not derived from the 604 and briefly contrast these PMs with other PMs. We also describe an applicationprogramming interface (API) to the on-chip PM support, its design methodology, and its usage considerations, intended to meet these challenges.
暂无评论