Recently SQL injection attack (SIA) has become a major threat to Web applications. Via carefully crafted user input, attackers can expose or manipulate the back-end database of a Web application. This paper proposes t...
详细信息
Recently SQL injection attack (SIA) has become a major threat to Web applications. Via carefully crafted user input, attackers can expose or manipulate the back-end database of a Web application. This paper proposes the construction and outlines the design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time. SAFELI statically inspects MSIL bytecode of an *** Web application, using symbolic execution. At each hotspot that submits SQL query, a hybrid constraint solver is used to find out the corresponding user input that could lead to breach of information security. Once completed, SAFELI has the future potential to discover more delicate SQL injection attacks than black-box Web security inspection tools.
This report summarizes the proceedings of a workshop discussion session presentation and visualization of aspects relating to duplicated, copied, or cloned code. The main outcomes of the working session were: (a) a re...
详细信息
Today, refactorings are supported in some integrated development environments (IDEs). The refactoring operations can only work correctly if all source code that needs to be changed is available to the IDE. However, th...
详细信息
ISBN:
(纸本)1595933751
Today, refactorings are supported in some integrated development environments (IDEs). The refactoring operations can only work correctly if all source code that needs to be changed is available to the IDE. However, this precondition neither holds for application programming interface (API) evolution, nor in team development. The research presented in this paper aims to support refactoring in API evolution and team development by extending IDE and version control to allow refactoring-aware merging and migration.
In this paper, we describe our so-called IOBA logic (a logic of Believable Agents). IOBA has expanded the work of KARO [1][2][3][4][18] and IORA logic [5][6][7][8] and interpreted cognitive actions which only occur in...
详细信息
Message Passing is a popular mechanism used to enable inter-process communication in parallel and distributed computing. Many complex scientific and engineering applications that are executed on clusters have been dev...
详细信息
The advent of service-oriented Grid computing has resulted in the need for Grid resources such as clusters to enforce user-specific service needs and expectations. Service Level Agreements (SLAs) define conditions whi...
详细信息
During reverse engineering, developers often need to understand the undocumented design of a software. In particular, recognizing design patterns in the software can provide reverse engineers with considerable insight...
详细信息
ISBN:
(纸本)1595934006
During reverse engineering, developers often need to understand the undocumented design of a software. In particular, recognizing design patterns in the software can provide reverse engineers with considerable insight on the software structure and its internal characteristics. Researchers have therefore proposed techniques based on static analysis to automatically recover design patterns in a program. Unfortunately, most design patterns comprise not only structural, but also significant behavioral aspects. Although static analysis is well suited for the recognition of structural aspects, it is typically limited and imprecise in analyzing behavior. To address this limitation, we present a new technique that complements our existing static analysis with a dynamic analysis, so as to perform a more accurate design-pattern recognition. The dynamic analysis is based on (1) transforming behavioral aspects of design patterns into finite automata, (2) identifying and instrumenting relevant method calls, and (3) monitoring relevant calls at runtime and matching them against the automata. The results of the dynamic analysis are then used to compute the likelihood of a pattern to be in the code. This paper describes our technique and presents a preliminary empirical study performed to assess the technique. Copyright 2006 ACM.
With the emergence of aspect-oriented (AO) techniques, crosscutting concerns can be now explicitly modularized and exposed as additional variabilities in program families Hence, the development of highly customizable ...
详细信息
ISBN:
(纸本)9781627486606
With the emergence of aspect-oriented (AO) techniques, crosscutting concerns can be now explicitly modularized and exposed as additional variabilities in program families Hence, the development of highly customizable software family architectures requires the explicit handling of crosscutting variabilities through domain engineering and application engineering steps In this context, this paper presents a generative model that addresses the implementation and instantiation of variabilities encountered in AO software family architectures The use of our model allows for an early specification and preparation of AO variabilities, which in turn can be explicitly customized by means of domain engineering activities All the variabilities of the architecture are modeled using feature models In application engineering, developers can request an instance of the AO architecture in a process of two stages: (i) the definition of a feature model instance which specifies the resolution of variabilities for the AO family architecture;and (ii) the definition of a set of crosscutting relationships between features.
作者:
El-Owny, H.Bergische Universität Wuppertal
Faculty C - Department of Mathematics and Computer Science Scientific Computing / Software Engineering Gaußstraße 20 42097 Wuppertal Germany
This paper addresses the problem of solving parametric linear systems of equations whose coefficients are, in the general case, nonlinear functions of interval parameters. Such systems, are encountered in many practic...
详细信息
ISBN:
(纸本)076952821X
This paper addresses the problem of solving parametric linear systems of equations whose coefficients are, in the general case, nonlinear functions of interval parameters. Such systems, are encountered in many practical problems, e.g in electrical engineering and mechanical systems. A C-XSC[8] implementation of a parametric fixed-point iteration method for computing an outer enclosure for the solution set is proposed in this paper. Numerical examples illustrating the applicability of the proposed method are solved, and compared with other methods.
This paper considers the composition of a DIDS (Distributed Intrusion Detection System) by integrating heterogeneous IDSs (Intrusion Detection Systems). A Grid middleware is used for this integration. In addition, an ...
详细信息
暂无评论