检索结果-内蒙古大学图书馆

Proceedings of the 2014 Information Security Curriculum Development Conference

作者： Bryson R. Payne Aaron R. Walker University of North Georgia Dahlonega GA

ISBN: (纸本)9781450330497

secure application development is becoming even more critical as the impact of insecure code becomes deeper and more pervasive in our personal and professional lives. The approach described in this paper seeks to motivate computer science students to write secure code almost from the very beginning by focusing on concrete examples of common software vulnerabilities in the second freshman-level programming course. Sample exercises and assignments are given as examples that can be reused in similar courses. While long-term data collection is still ongoing, initial results are promising enough that the method is presented here in detail to support university faculty interested in incorporating lessons and real-world examples in secure app development in their programming courses at any level.

关键词： security-aware programming application security secure coding secure application development

来源：评论

学校读者我要写书评

暂无评论

Introducing secure coding in CS0, CS1, and CS2 (Abstract Only) 16

Introducing Secure Coding in CS0, CS1, and CS2 (Abstract Onl...

引用

Proceedings of the 47th ACM Technical Symposium on Computing Science Education

作者： Blair Taylor Siddharth Kaza Towson University Towson MD USA

ISBN: (纸本)9781450336857

The CS 2013 curriculum includes Information Assurance and Security as a pervasive knowledge area. However, introducing security in lower level courses is challenging because of lack of appropriate teaching resources and training. This workshop, part of the Cybersecurity Resources and Strategies for Teaching (CReST) project, ***, will provide a well-tested strategy for introducing secure coding concepts in CS0, CS1, and CS2. We will introduce attendees to secure coding through hands-on exercises, and provide self-contained, lab-based modules designed to be injected into CS0-CS2 with minimal impact on the course (***/securityinjections). Participants will be encouraged to bring in their own syllabus and labs to modify to include secure coding concepts. The first 15 participants will be reimbursed for the workshop cost on attendance. Laptop recommended.

关键词： security injections cs1 secure coding cs0 cs2

来源：评论

学校读者我要写书评

暂无评论

Detection and prevention of evasion attacks on machine learning models

引用

EXPERT SYSTEMS WITH APPLICATIONS 2025年 266卷

作者： Muthalagu, Raja Malik, Jasmita Pawar, Pranav M. BITS Pilani Dept Comp Sci Dubai U Arab Emirates

With the increasing use of machine learning models in critical applications such as image classification, natural language processing, and cybersecurity, there is a growing concern about the vulnerability of these models to adversarial attacks. Evasion attacks, in particular, pose a significant threat by manipulating input data to mislead the model's predictions. This paper presents an overview of evasion attacks on machine learning models, its variants and conducts an adaptive white-box evasion attack to highlight how defense measures be superseded with stronger evasion attack algorithms. It first discusses the different types of evasion attack algorithms, including Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), and Carlini- Wagner, highlighting their impact on model performance and security. It then reviews various detection mitigation techniques which aim to identify adversarial examples and improve model robustness. Finally, paper proposes effective mitigation techniques against evasion attacks and recommends a machine learning based cybersecurity architecture workflow that can be practically applied by organizations in real-world settings. Overall, this paper provides a comprehensive overview of evasion attacks on machine learning models and highlights the current state of research in defending against them.

关键词： Adversarial machine learning Cybersecurity Evasion attacks secure coding

来源：评论

学校读者我要写书评

暂无评论

Evaluating Serious Slow Game Jams as a Mechanism for Co-Designing Serious Games to Improve Understanding of Cybersecurity

引用

Games: Research and Practice 2025年第1期3卷 1-30页

作者： Shenando Stals Lynne Baillie Jamie Iona Ferguson Daisy Abbott Manuel Maarek Ryan Shah Sandy Louchart Heriot-Watt University Edinburgh United Kingdom of Great Britain and Northern Ireland School of Simulation and Visualisation The Glasgow School of Art Glasgow United Kingdom of Great Britain and Northern Ireland

We present a first evaluation of a Serious Slow Game Jam (SSGJ) methodology as a mechanism for co-designing serious games in the application domain of cybersecurity to assess how the SSGJ contributed to improving the understanding of cybersecurity. To this end, we engaged 13 participants with no experience in cybersecurity in a multidisciplinary SSGJ involving domain-specific, pedagogical and game design knowledge and encouraged engagement in between scheduled days of the SSGJ. Findings show improved confidence of participants in their knowledge of cybersecurity (from 12.5% to 62.5%) after undertaking the SSGJ, with free-text answers specifically indicating an improved understanding in terms of vulnerabilities, attacks and defences for three-quarters of the participants. Also, confidence in knowledge of game design improved (12.5% to 75%), and the SSGJ successfully engaged participants in between scheduled days. Finally, a serious game is presented that was co-designed with participants during our SSGJ and produced as an output of the SSGJ methodology.

关键词： Serious slow game jam serious games evaluation workload motivation engagement cybersecurity secure coding secure code citizens

来源：评论

学校读者我要写书评

暂无评论

Measurement of Embedding Choices on Cryptographic API Completion Tasks

引用

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY 2024年第3期33卷 1-30页

作者： Xiao, Ya Song, Wenjia Ahmed, Salman Ge, Xinyang Viswanath, Bimal Meng, Na Yao, Danfeng (Daphne) Virginia Tech Blacksburg VA 24061 USA

In this article, we conduct a measurement study to comprehensively compare the accuracy impacts of multiple embedding options in cryptographic API completion tasks. Embedding is the process of automatically learning vector representations of program elements. Our measurement focuses on design choices of three important aspects, program analysis preprocessing, token-level embedding, and sequence-level embedding. Our findings show that program analysis is necessary even under advanced embedding. The results show 36.20% accuracy improvement, on average, when program analysis preprocessing is applied to transfer bytecode sequences into API dependence paths. With program analysis and the token-level embedding training, the embedding dep2vec improves the task accuracy from 55.80% to 92.04%. Moreover, only a slight accuracy advantage (0.55%, on average) is observed by training the expensive sequence-level embedding compared with the token-level embedding. Our experiments also suggest the differences made by the data. In the cross-app learning setup and a data scarcity scenario, sequence-level embedding is more necessary and results in a more obvious accuracy improvement (5.10%).

关键词： Neural code completion embedding deep learning neural networks program analysis API dependency cryptography secure coding Java

来源：评论

学校读者我要写书评

暂无评论

Intersecured joint image compression with encryption purpose based on fractal mating coding

引用

OPTICAL ENGINEERING 2007年第3期46卷 037002-1-037002页

作者： Chang, Hsuan T. Lin, Chung C. Natl Yunlin Univ Sci & Technol Photon & Informat Lab Dept Elect Engn Douliu Yunlin 64045 Taiwan

A secure coding concept for pairwise images is revealed and implemented by the use of the proposed fractal mating coding scheme, in which the domain pools consist of the domain blocks selected from the pairwise images to explore both the intra- and interimage similarities. In addition to the pairwise relation, the mating ratios denoting the percentages of the domain blocks selected from both images are utilized. Further encryption can be achieved by the use of block mean permutation and mating of the fractal codes. The security level is high because the jointly coded images cannot be correctly reconstructed without all the required information. The computer experiments show that the coding performance can be greatly improved from conventional fractal coding schemes, and the intersecured purpose for pairwise images is successfully achieved. (C) 2007 Society of Photo-Optical Instrumentation Engineers.

关键词： fractal mating ratio secure coding joint image compression image encryption

来源：评论

学校读者我要写书评

暂无评论

Thriving in the era of hybrid work: Raising cybersecurity awareness using serious games in industry trainings☆

引用

JOURNAL OF SYSTEMS AND SOFTWARE 2024年 210卷

作者： Zhao, Tiange Gasiba, Tiago Lechner, Ulrike -Albuquerque, Maria Pinto Siemens AG Otto Hahn Ring 6 D-81739 Munich Germany Univ Bundeswehr Munich Werner Heisenberg Weg 39 D-85579 Neubiberg Germany Inst Univ Lisboa IUL ISTAR ISCTE Ave Forcas Armadas P-1649026 Lisbon Portugal

The important missions of modern software engineering education are to prepare software engineers to work in a hybrid mode and to address the need to enable them to write secure code and deliver secure products and services to the customer. Providing training akin to an authentic experience poses several challenges, such as hybrid infrastructures, lack of engagement, and interactions. Cybersecurity and cybersecurity awareness have also gained importance due to the shift towards work-from-home (WFH) or work-from-anywhere (WFA): The work environment is forced to be distributed across large heterogeneous networks with different security levels. We perceive hybrid work as a work mode where the team members follow WFH or WFA and work from the office. Therefore various security levels at the workplace and restrictions on informal team communications need to be taken into account. We report on experiences from an industrial company producing software and cyber-physical systems. Initially set to update the existing secure code guidelines, the study lead to the discovery that it is crucial to go beyond an up-to-date set of security guidelines: it is mandatory to raise the cybersecurity awareness of those who are to follow the guidelines. We present a novel approach, via serious games, to train software engineers working in the industry, which is delivered in a hybrid mode and equips practitioners to face the challenges of hybrid work. Serious games have more than just entertainment purposes. They have proven effective ways to maintain engagement and boost training, particularly in cybersecurity. We developed and used two innovative serious games to raise cybersecurity awareness: (1) CyberSecurity Challenges (CSC), about how to develop secure software;and (2) Cloud of Assets and Threats (CATS), about cloud security, including its shared responsibility model. It is decisive for the industry that the software is written, developed, and deployed securely. The cloud service has r

关键词： Serious game secure coding Cloud security Industry Hybrid work Awareness of cybersecurity

来源：评论

学校读者我要写书评

暂无评论

ValAsp: A Tool for Data Validation in Answer Set Programming

引用

THEORY AND PRACTICE OF LOGIC PROGRAMMING 2023年第5期23卷 965-985页

作者： Alviano, Mario Dodaro, Carmine Zamayla, Arnel Univ Calabria Dept Math & Comp Sci Via P BucciCubo 30B I-87036 Arcavacata Di Rende CS Italy

The development of complex software requires tools promoting fail-fast approaches, so that bugs and unexpected behavior can be quickly identified and fixed. Tools for data validation may save the day of computer programmers. In fact, processing invalid data is a waste of resources at best, and a drama at worst if the problem remains unnoticed and wrong results are used for business. Answer Set Programming (ASP) is not an exception, but the quest for better and better performance resulted in systems that essentially do not validate data. Even under the simplistic assumption that input/output data are eventually validated by external tools, invalid data may appear in other portions of the program, and go undetected until some other module of the designed software suddenly breaks. This paper formalizes the problem of data validation for ASP programs, introduces a language to specify data validation, and presents valasp, a tool to inject data validation in ordinary programs. The proposed approach promotes fail-fast techniques at coding time without imposing any lag on the deployed system if data are pretended to be valid. Validation can be specified in terms of statements using YAML, ASP and Python. Additionally, the proposed approach opens the possibility to use ASP for validating data of imperative programming languages.

关键词： Answer Set Programming data validation secure coding fail-fast

来源：评论

学校读者我要写书评

暂无评论

Script-templates for the Content Security Policy

引用

JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2014年第3期19卷 209-223页

作者： Johns, Martin SAP Res Karlsruhe Germany

Content Security Policies (CSPs) provide powerful means to mitigate most XSS exploits. However, CSP's protection is incomplete. Insecure server-side JavaScript generation and attacker control over script-sources can lead to XSS conditions which cannot be mitigated by CSP. In this paper we propose PreparedJS, an extension to CSP which takes these weaknesses into account. Through the combination of a safe script templating mechanism with a light-weight script checksumming scheme, PreparedJS is able to fill the identified gaps in CSP's protection capabilities. (C) 2014 Elsevier Ltd. All rights reserved.

关键词： Cross-site Scripting XSS Content Security Policy CSP secure coding Web application security

来源：评论

学校读者我要写书评

暂无评论

Adaption of Integrated secure Guide for secure Software Development Lifecycle

引用

INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS 2016年第6期10卷 145-154页

作者： Lee, Ki-Hyun Park, Young B. Dankook Univ Dept Software Secur Juk Jeon South Korea Dankook Univ Dept Comp Engn Cheonan South Korea

As interests in security increases, several software development lifecycle considering security have been proposed. Actual results of applying software development lifecycle considering security reduced threats have been reported. But to apply software development lifecycle considering security, requires expertise and experiences. In this paper a secure software development lifecycle applying integrated secure guide is proposed. secure Guides such as Misuse Case, Security Patterns and secure coding are integrated in the proposed method. And then, by applying integrated secure Guide in each software development phase, the security becomes available in every phase of software development. Since, proposed secure guide provides more security information than available secure guides, software developer can use more security information while they are developing software. As a result, it is expected that developers could consider security more easily when developing software even though developers lacks expertise in security or experience.

关键词： Integrated secure Guide secure Software Development lifecycle Misuse Case Security Patterns secure coding

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：