检索结果-内蒙古大学图书馆

Proceedings of the 47th ACM Technical Symposium on Computing Science Education

作者： Blair Taylor Siddharth Kaza Towson University Towson MD USA

ISBN: (纸本)9781450336857

The CS 2013 curriculum includes Information Assurance and Security as a pervasive knowledge area. However, introducing security in lower level courses is challenging because of lack of appropriate teaching resources and training. This workshop, part of the Cybersecurity Resources and Strategies for Teaching (CReST) project, ***, will provide a well-tested strategy for introducing secure coding concepts in CS0, CS1, and CS2. We will introduce attendees to secure coding through hands-on exercises, and provide self-contained, lab-based modules designed to be injected into CS0-CS2 with minimal impact on the course (***/securityinjections). Participants will be encouraged to bring in their own syllabus and labs to modify to include secure coding concepts. The first 15 participants will be reimbursed for the workshop cost on attendance. Laptop recommended.

关键词： security injections cs1 secure coding cs0 cs2

来源：评论

学校读者我要写书评

暂无评论

Introducing secure coding in CS0, CS1, and CS2. (Abstract Only) 15

Introducing Secure Coding in CS0, CS1, and CS2. (Abstract On...

引用

Proceedings of the 46th ACM Technical Symposium on Computer Science Education

作者： Siddharth Kaza Blair Taylor Elizabeth K. Hawthorne Towson University Towson MD USA Union County College Cranford NJ USA

ISBN: (纸本)9781450329668

The CS 2013 curriculum includes Information Assurance and Security as a pervasive knowledge area. However, introducing security in lower level courses is challenging because of lack of appropriate teaching resources and training. This workshop will provide a well-tested strategy for introducing secure coding concepts in CS0, CS1, and CS2. We will introduce attendees to secure coding through hands-on exercises, and provide self-contained, lab-based modules designed to be injected into CS0-CS2 with minimal impact on the course (***/securityinjections). Participants will be encouraged to bring in their own syllabus and labs to modify to include secure coding concepts. The first 15 participants will be reimbursed for the workshop cost on attendance. Laptop recommended.

关键词： cs2 security injections cs1 secure coding cs0

来源：评论

学校读者我要写书评

暂无评论

Security Injections 2.0: Using Segmentation, Instant-feedback, and Auto-grading to Enhance secure coding Modules for Lower-level Programming Courses (Abstract Only) 15

Security Injections 2.0: Using Segmentation, Instant-feedbac...

引用

Proceedings of the 46th ACM Technical Symposium on Computer Science Education

作者： Sagar Raina Blair Taylor Siddharth Kaza Towson University Towson MD USA

ISBN: (纸本)9781450329668

Learning interventions based on modules are common in computer science education. Traditional learning modules that present a large amount of content in a linear format can induce cognitive overload in learners. We present theoretical support for increasing the effectiveness of learning modules, describe a system that implements these principles, and discuss the results of a pilot study across two sections of CS0. Using the Security Injections @Towson cybersecurity modules that target key secure coding concepts including integer error, buffer overflow, input validation, for CS0, CS1, and CS2, we enhanced select modules by incorporating the e-learning design principles of segmentation and interactivity. The pilot study compares student engagement and knowledge of software security and secure coding between the current (1.0) modules and the enhanced (2.0) modules. The use of the enhanced 2.0 modules significantly increased both secure coding and software security knowledge. In addition, student engagement increased and feedback from instructors indicates higher student and instructor interest. This project is partially supported by NSF through grant DUE-1241738

关键词： cs2 secure coding cs0 security injections instant-feedback cs1 auto-grading learning sciences interactive learning

来源：评论

学校读者我要写书评

暂无评论

Detection and prevention of evasion attacks on machine learning models

引用

EXPERT SYSTEMS WITH APPLICATIONS 2025年 266卷

作者： Muthalagu, Raja Malik, Jasmita Pawar, Pranav M. BITS Pilani Dept Comp Sci Dubai U Arab Emirates

With the increasing use of machine learning models in critical applications such as image classification, natural language processing, and cybersecurity, there is a growing concern about the vulnerability of these models to adversarial attacks. Evasion attacks, in particular, pose a significant threat by manipulating input data to mislead the model's predictions. This paper presents an overview of evasion attacks on machine learning models, its variants and conducts an adaptive white-box evasion attack to highlight how defense measures be superseded with stronger evasion attack algorithms. It first discusses the different types of evasion attack algorithms, including Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), and Carlini- Wagner, highlighting their impact on model performance and security. It then reviews various detection mitigation techniques which aim to identify adversarial examples and improve model robustness. Finally, paper proposes effective mitigation techniques against evasion attacks and recommends a machine learning based cybersecurity architecture workflow that can be practically applied by organizations in real-world settings. Overall, this paper provides a comprehensive overview of evasion attacks on machine learning models and highlights the current state of research in defending against them.

关键词： Adversarial machine learning Cybersecurity Evasion attacks secure coding

来源：评论

学校读者我要写书评

暂无评论

Measurement of Embedding Choices on Cryptographic API Completion Tasks

引用

ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY 2024年第3期33卷 1-30页

作者： Xiao, Ya Song, Wenjia Ahmed, Salman Ge, Xinyang Viswanath, Bimal Meng, Na Yao, Danfeng (Daphne) Virginia Tech Blacksburg VA 24061 USA

In this article, we conduct a measurement study to comprehensively compare the accuracy impacts of multiple embedding options in cryptographic API completion tasks. Embedding is the process of automatically learning vector representations of program elements. Our measurement focuses on design choices of three important aspects, program analysis preprocessing, token-level embedding, and sequence-level embedding. Our findings show that program analysis is necessary even under advanced embedding. The results show 36.20% accuracy improvement, on average, when program analysis preprocessing is applied to transfer bytecode sequences into API dependence paths. With program analysis and the token-level embedding training, the embedding dep2vec improves the task accuracy from 55.80% to 92.04%. Moreover, only a slight accuracy advantage (0.55%, on average) is observed by training the expensive sequence-level embedding compared with the token-level embedding. Our experiments also suggest the differences made by the data. In the cross-app learning setup and a data scarcity scenario, sequence-level embedding is more necessary and results in a more obvious accuracy improvement (5.10%).

关键词： Neural code completion embedding deep learning neural networks program analysis API dependency cryptography secure coding Java

来源：评论

学校读者我要写书评

暂无评论

Thriving in the era of hybrid work: Raising cybersecurity awareness using serious games in industry trainings☆

引用

JOURNAL OF SYSTEMS AND SOFTWARE 2024年 210卷

作者： Zhao, Tiange Gasiba, Tiago Lechner, Ulrike -Albuquerque, Maria Pinto Siemens AG Otto Hahn Ring 6 D-81739 Munich Germany Univ Bundeswehr Munich Werner Heisenberg Weg 39 D-85579 Neubiberg Germany Inst Univ Lisboa IUL ISTAR ISCTE Ave Forcas Armadas P-1649026 Lisbon Portugal

The important missions of modern software engineering education are to prepare software engineers to work in a hybrid mode and to address the need to enable them to write secure code and deliver secure products and services to the customer. Providing training akin to an authentic experience poses several challenges, such as hybrid infrastructures, lack of engagement, and interactions. Cybersecurity and cybersecurity awareness have also gained importance due to the shift towards work-from-home (WFH) or work-from-anywhere (WFA): The work environment is forced to be distributed across large heterogeneous networks with different security levels. We perceive hybrid work as a work mode where the team members follow WFH or WFA and work from the office. Therefore various security levels at the workplace and restrictions on informal team communications need to be taken into account. We report on experiences from an industrial company producing software and cyber-physical systems. Initially set to update the existing secure code guidelines, the study lead to the discovery that it is crucial to go beyond an up-to-date set of security guidelines: it is mandatory to raise the cybersecurity awareness of those who are to follow the guidelines. We present a novel approach, via serious games, to train software engineers working in the industry, which is delivered in a hybrid mode and equips practitioners to face the challenges of hybrid work. Serious games have more than just entertainment purposes. They have proven effective ways to maintain engagement and boost training, particularly in cybersecurity. We developed and used two innovative serious games to raise cybersecurity awareness: (1) CyberSecurity Challenges (CSC), about how to develop secure software;and (2) Cloud of Assets and Threats (CATS), about cloud security, including its shared responsibility model. It is decisive for the industry that the software is written, developed, and deployed securely. The cloud service has r

关键词： Serious game secure coding Cloud security Industry Hybrid work Awareness of cybersecurity

来源：评论

学校读者我要写书评

暂无评论

A Study on the Optimization Method for the Rule Checker in the secure coding

引用

INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS 2014年第1期8卷 333-342页

作者： Kim, JaeHyun Lee, YangSun Seokyeong Univ Dept Comp Engn 16-1 Jungneung Dong Seoul 136704 South Korea

Today's software allows data transfer with the use of internet. Therefore, there is always a threat of attack by hackers. These security weaknesses cause a critical economic loss which is a direct cause of software security invasion accidents. Recently in order to solve these security weaknesses, rather than strengthening the security system from the external environment, many have started to realize it is essential and most efficient for programmers to develop stronger software. Internationally, resolving software weakness from the coding stage to prevent security incidents by providing a coding guide is rising as a security issue. Especially, user demands of software are becoming enormous and complicated. In order to reduce weaknesses that could lie in the software have to be removed and the costs for these increases as the development process progresses. This leads to issues nowadays with removing the security weaknesses from the coding stage. This technique is called secure coding and not only is the academic and the industrial world showing interest in this technique, but also national agencies are showing great interest. Especially in Korea, the electronic government business has decided to introduce secure coding and all developed programs will apply the security coding methodology. Rule checker, the object of study of this research, is a core tool for secure coding which is used to analyze security weaknesses existing in programs using a rule base. Especially, it can be used in the developmental stage and examination stage which makes an efficient composition of rule checker very important. In this research, a maximized technique to compose a rule checker with most efficiency has been proposed.

关键词： secure coding Rule Checker DFA Optimization Optimizer Generator

来源：评论

学校读者我要写书评

暂无评论

ValAsp: A Tool for Data Validation in Answer Set Programming

引用

THEORY AND PRACTICE OF LOGIC PROGRAMMING 2023年第5期23卷 965-985页

作者： Alviano, Mario Dodaro, Carmine Zamayla, Arnel Univ Calabria Dept Math & Comp Sci Via P BucciCubo 30B I-87036 Arcavacata Di Rende CS Italy

The development of complex software requires tools promoting fail-fast approaches, so that bugs and unexpected behavior can be quickly identified and fixed. Tools for data validation may save the day of computer programmers. In fact, processing invalid data is a waste of resources at best, and a drama at worst if the problem remains unnoticed and wrong results are used for business. Answer Set Programming (ASP) is not an exception, but the quest for better and better performance resulted in systems that essentially do not validate data. Even under the simplistic assumption that input/output data are eventually validated by external tools, invalid data may appear in other portions of the program, and go undetected until some other module of the designed software suddenly breaks. This paper formalizes the problem of data validation for ASP programs, introduces a language to specify data validation, and presents valasp, a tool to inject data validation in ordinary programs. The proposed approach promotes fail-fast techniques at coding time without imposing any lag on the deployed system if data are pretended to be valid. Validation can be specified in terms of statements using YAML, ASP and Python. Additionally, the proposed approach opens the possibility to use ASP for validating data of imperative programming languages.

关键词： Answer Set Programming data validation secure coding fail-fast

来源：评论

学校读者我要写书评

暂无评论

A Pilot Study on secure Code Generation with ChatGPT forWeb Applications 24

A Pilot Study on Secure Code Generation with ChatGPT forWeb ...

引用

Annual ACM Southeast Conference (ACMSE)

作者： Jamdade, Mahesh Liu, Yi Univ Massachusetts Dartmouth Dartmouth MA 02747 USA

ISBN: (纸本)9798400702372

Conversational Large Language Models (LLMs), such as ChatGPT, have demonstrated their potent capabilities in natural language processing tasks. This paper presents a pilot study that uses ChatGPT for generating web application code with a specific emphasis on mitigating four prevalent web application vulnerability types: SQL Injection, Cross Site Scripting, Carriage Return Line Feed Injection, and Exposure of Sensitive Information. The paper uses a case study to illustrate how the vulnerabilities in the code are mitigated with the prompts and the subsequent refinements. The study's findings summarize the security concerns in the code generated by ChatGPT, and the paper proposes a prompt pattern designed to help mitigating the potential vulnerabilities.

关键词： secure coding web application vulnerabilities generative AI ChatGPT

来源：评论

学校读者我要写书评

暂无评论

Rethinking Answer Set Programming Templates 26th

Rethinking Answer Set Programming Templates

引用

26th International Symposium on Practical Aspects of Declarative Languages (PADL)

作者： Alviano, Mario Ianni, Giovambattista Pacenza, Francesco Zangari, Jessica Univ Calabria DEMACS Via Bucci 30-B I-87036 Arcavacata Di Rende CS Italy

ISBN: (纸本)9783031520372;9783031520389

In imperative programming, the Domain-Driven Design methodology helps in coping with the complexity of software development by materializing in code the invariants of a domain of interest. Code is cleaner and more secure because any implicit assumption is removed in favor of invariants, thus enabling a fail fast mindset and the immediate reporting of unexpected conditions. This article introduces a notion of template for Answer Set Programming that, in addition to the don't repeat yourself principle, enforces locality of some predicates by means of a simple naming convention. Local predicates are mapped to the usual global namespace adopted bymainstream engines, using universally unique identifiers to avoid name clashes. This way, local predicates can be used to enforce invariants on the expected outcome of a template in a possibly empty context of application, independently by other rules that can be added to such a context. Template applications transpiled this way can be processed by mainstream engines and safely shared with other knowledge designers, even when they have zero knowledge of templates.

关键词： Answer Set Programming secure coding clean code Domain-Driven Design Test-Driven Development

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：