检索结果-内蒙古大学图书馆

SSITE International Conference on Computers and Advanced Technology in Education (ICCATE 2011)

作者： Tao, Lixin Chen, Li-Chiou Pace Univ New York NY 10038 USA

ISBN: (纸本)9783642259074

We have developed a complete set of open-source tutorials and hands-on lab exercises, called Secure WEb dEvelopment Teaching (SWEET), to introduce security concepts and practices for web and java application development. SWEET provides introductory tutorials, teaching modules utilizing virtualized hands-on exercises, and project ideas in web and java application security. In addition, SWEET provides pre-configured virtual computer for laboratory exercises. This paper describes the SWEET design and resources in general and its java security module in particular. SWEET has been integrated into computing courses at multiple universities and it has supported innovative student projects like a secure web-based online trader simulator.

关键词： Virtualization web security java security and software assurance

来源：评论

学校读者我要写书评

暂无评论

End-to-End java security Performance Enhancements for Oracle SPARC Servers 16

End-to-End Java Security Performance Enhancements for Oracle...

引用

7th ACM/SPEC International Conference on Performance Engineering (ICPE)

作者： Wang, Luyang Bhattacharya, Pallab Chen, Yao-Min Joshi, Shrinivas Cheng, James Oracle 4180 Network Circle Santa Clara CA 95054 USA Facebook 1 Hacker Way Menlo Pk CA 94025 USA

ISBN: (纸本)9781450340809

In this paper we investigate the performance of cryptographic operations, when used in java applications. We demonstrate the advantage of using built-in hardware accelerator for cryptographic operations on SPARC servers. In particular, we demonstrate the advantage of hardware cryptographic instructions invoked via AES and SHA intrinsics, implemented in the java Virtual Machine (JVM), over the more traditional java Native Interface (JNI) calls. For the purpose of our study, we modified the SPECweb2005 benchmark by adding modern banking requirements, and created a new workload which we call the End-to-End java security (EEJS) workload. Using the workload, we compare different java Cryptographic Service Providers (CSPs) and arrive at the conclusion that hardware cryptography has significant performance advantage for java applications. With the EEJS workload, we also identify several enhancements applicable to the java Secure Socket Extension (JSSE).

关键词： java security java Cryptography Performance SPARC Processors JVM Intrinsics RSA AES SHA JSSE SPECweb2005

来源：评论

学校读者我要写书评

暂无评论

Comparing java and .NET security: Lessons learned and missed

引用

COMPUTERS & security 2006年第5期25卷 338-350页

作者： Paul, Nathanael Evans, David Univ Virginia Dept Comp Sci Charlottesville VA 22903 USA

Many systems execute untrusted programs in virtual machines (VMS) to mediate their access to system resources. Sun introduced the java VM in 1995, primarily intended as a lightweight platform for executing untrusted code inside web pages. More recently, Microsoft developed the NET platform with similar goals. Both platforms share many design and implementation properties, but there are key differences between java and NET that have an impact on their security. This paper examines how NET's design avoids vulnerabilities and limitations discovered in java and discusses lessons learned (and missed) from experience with java security. (c) 2006 Elsevier Ltd. All rights reserved.

关键词： virtual machine security java security .NET security security design principles bytecode verifier malicious code code safety

来源：评论

学校读者我要写书评

暂无评论

Effective Web and java security Education with the SWEET Course Modules/Resources

Effective Web and Java Security Education with the SWEET Cou...

引用

2011 SSITE International Conference on Computers and Advanced Technology in Education(ICCATE 2011)

作者： Lixin Tao Li-Chiou Chen Pace University

We have developed a complete set of open-source tutorials and hands-on lab exercises, called Secure WEb d Evelopment Teaching(SWEET), to introduce security concepts and practices for web and java application developmentSWEET provides introductory tutorials, teaching modules utilizing virtualized hands-on exercises, and project ideas in web and java application securityIn addition, SWEET provides pre-configured virtual computer for laboratory exercisesThis paper describes the SWEET design and resources in general and its java security module in particularSWEET has been integrated into computing courses at multiple universities and it has supported innovative student projects like a secure web-based online trader simulator.

关键词： Virtualization web security java security and software assurance

来源：评论

学校读者我要写书评

暂无评论

Lightweight Modeling of java Virtual Machine security Constraints

Lightweight Modeling of Java Virtual Machine Security Constr...

引用

2nd International Conference on Abstract State Machines, B and Z

作者： Reynolds, Mark C. Boston Univ Dept Comp Sci Boston MA 02215 USA

ISBN: (纸本)9783642118104

The java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in java, particularly in the component known as the Bytecode Verifier. This paper describes a method for representing java. security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of a real world malicious applet is given to demonstrate the efficacy of the approach. This type of analysis represents a significant departure from standard malware detection methods based on signatures or anomaly detection.

关键词： Alloy JVM lightweight modeling java security

来源：评论

学校读者我要写书评

暂无评论

Spout: A transparent proxy for safe execution of java applets

引用

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS 2002年第7期20卷 1426-1433页

作者： Chiueh, TC Sankaran, H Neogi, A SUNY Stony Brook Dept Comp Sci Stony Brook NY 11794 USA Nortel Networks Ltd Routing Grp Wilmington MA USA

The advent of executable contents such as java applets exposes World Wide Web (WWW) users to a new class of attacks that were not possible before. Despite an array of security checking, detection, and enforcement mechanisms built into the language model, the compiler, and the run-time system of java, serious security breach incidents due to implementation bugs still arose repeatedly in the past several years. Without a provably correct implementation of java's security architecture specification, it is difficult to make any conclusive statements about the security characteristic of current java virtual machines. The Spout project takes an alternative approach to address java's security problems. Rather than attempt a provable secure implementation, we aim to conflne the damages of malicious java applets to selective machines, thus, preventing the machines behind an organization's firewall from being attacked by malicious or buggy applets. More concretely, Spout is a distributed java execution engine that transparently decouples the processing of an incoming applet's application logic from that of graphical use interface (GUI), such that the only part of an applet that is actually running on the requesting user's host is the harmless GUI code. A unique feature of the Spout architecture that does not exist in other similar systems, is that it is completely transparent to and does not require any modifications to WWW browsers or class libraries on the end hosts. This paper describes the detailed design, implementation, and performance measurements of the first Spout prototype, which also incorporates run-time resource monitoring mechanisms to counter denial-of-service attacks.

关键词： denial-of-service attacks distributed virtual machine java security proxy server World Wide Web

来源：评论

学校读者我要写书评

暂无评论

On object initialization in the java bytecode

引用

COMPUTER COMMUNICATIONS 2000年第17期23卷 1594-1605页

作者： Doyon, S Debbabi, M Univ Laval Dept Comp Sci LSFM Res Grp St Foy PQ G1K 7P4 Canada

java is an ideal platform for implementing mobile code systems, not only because of its portability but also because it is designed with security in mind. Untrusted java programs can be statically analyzed and validated. The program's behavior is then monitored to prevent potentially malicious operations. Static analysis of untrusted classes is carried out by a component of the java virtual machine called the verifier. The most complex part of the verification process is the dataflow analysis, which is performed on each method in order to ensure type-safety. This paper clarifies in detail one of the tricky aspects of the dataflow analysis: the verification of object initialization. We present and explain the rules that need to be enforced and we then show how verifier implementations can enforce them. Rules for object creation require, among other things, that uninitialized objects never be used before they are initialized. Constructors must properly initialize their this argument before they are allowed to return. This paper also deals with initialization failures (indicated by exceptions): the object being initialized must be discarded, and constructors must propagate initialization failures. (C) 2000 Elsevier Science B.V. All rights reserved.

关键词： java bytecode Object initialization Dataflow analysis static analysis java security

来源：评论

学校读者我要写书评

暂无评论

security for the rest of us: An industry perspective on the secure-software challenge

引用

IEEE SOFTWARE 2008年第1期25卷 10-12页

作者： Beznosov, Konstantin Chess, Brian Univ British Columbia Dept Elect & Comp Engn Vancouver BC V6T 1Z4 Canada Fortify Software San Mateo CA 94404 USA

While security was once a specialty of interest to only a few programmers, it\'\'s now a critical topic for almost all software engineers, project managers, and decision makers. Getting security right is hard because an attacker—having virtually unlimited time—needs to find only one vulnerability in a system to succeed, whereas the defender—constrained in time—must ensure that the system has no weak points. This article provides an introduction into the special issue, which focuses on creating and maintaining secure software by the wide range of developers who constitute the software industry—many who work in domains where cost (both production and maintenance) and time-to-market are the main driving factors. This article is part of a special issue on security for the Rest of Us.

关键词： java security security economics security requirements software security threat modeling decision makers Software safety safety requirements Software engineering security rest

来源：评论

学校读者我要写书评

暂无评论

Modeling the java Bytecode Verifier

引用

SCIENCE OF COMPUTER PROGRAMMING 2013年第3期78卷 327-342页

作者： Reynolds, Mark C. Boston Univ Dept Comp Sci Boston MA 02215 USA

The java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in java, particularly in the Bytecode Verifier, a critical component used to verify class semantics before loading is complete. This paper describes a method for representing java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of java bytecodes by converting these bytecodes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to potentially insecure code. Analysis of the approach is provided in the context of known security exploits, including type confusion attacks, invalid memory accesses and control flow misdirection. This type of analysis represents a significant departure from standard malware analysis methods based on signatures or anomaly detection. (c) 2011 Elsevier B.V. All rights reserved.

关键词： java security JVM bytecode Alloy Lightweight modeling

来源：评论

学校读者我要写书评

暂无评论

A Proposed Paradigm for Tracing the Effect of security Threats in Various Mobile Agent Systems 5

A Proposed Paradigm for Tracing the Effect of Security Threa...

引用

5th National Symposium on Information Technology - Towards New Smart World (NSITNSW)

作者： Nasr, Mona M. Helwan Univ Fac Comp & Informat Qism Helwan Cairo Governora Egypt

ISBN: (纸本)9781479976270

Many people consider that security is one of the complexes problems for practical use of mobile agents that move around the networks and do their tasks. This complexity is due mainly to the size of the problem, moreover, in open networks, security problems and costs of potential solutions might outweigh the benefits of mobility. The question of security goes both directions. How can data base servers be protected from malicious actions of mobile agents, and conversely, how can mobile agent, packed with private data and information, be protected from servers, and other agents while traveling through cyberspace. This paper presents a survey for the malicious (host / agent) facing Mobile Agent(MA). Platform to Agent P2A (Masquerading, Denial of Service, Eavesdropping, Alteration) Agent to Agent A2A (Masquerading, Denial of Service, Repudiation, Unauthorized Access). This paper, describes MA-based paradigm as a simulation based model for tracing the effect of one of the security threats that has been entirely developed in java programming language. The proposed paradigm considers a range of techniques that provide high degree of security during the mobile agent system life cycle in its simulation environment. This paper highlights the spot to two main design objectives: The importance of including various supportive types of agents within a system e.g., police agents, service agents,. etc. Second: Evaluation analysis and number of checks to be done to trace the MA if masqueraded during its path. eg. evaluation analysis for detecting tolerance differences for the calculated agent's route before and during its journey, storing agent transactions, storing snapshots of agent state information, checking from time to time agent status and task completeness and lastly guard agent check the changed variables of migrated agent. During tracing and monitoring MA(s), the initiator node may destroy it and continue with another. In this paper we propose a new paradigm that detects an

关键词： Mobile Agent security java security Policy Strong Mobility

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：