发布求助
文献互助 智能选刊 最新文献

2009 IEEE/IFIP International Conference on Dependable Systems & Networks最新文献

筛选
英文 中文
Using web security scanners to detect vulnerabilities in web services 使用web安全扫描器检测web服务中的漏洞
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270294
M. Vieira, Nuno Antunes, H. Madeira
{"title":"Using web security scanners to detect vulnerabilities in web services","authors":"M. Vieira, Nuno Antunes, H. Madeira","doi":"10.1109/DSN.2009.5270294","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270294","url":null,"abstract":"Although web services are becoming business-critical components, they are often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow detecting security vulnerabilities in web services by stressing the service from the point of view of an attacker. However, research and practice show that different scanners have different performance on vulnerabilities detection. In this paper we present an experimental evaluation of security vulnerabilities in 300 publicly available web services. Four well known vulnerability scanners have been used to identify security flaws in web services implementations. A large number of vulnerabilities has been observed, which confirms that many services are deployed without proper security testing. Additionally, the differences in the vulnerabilities detected and the high number of false-positives (35% and 40% in two cases) and low coverage (less than 20% for two of the scanners) observed highlight the limitations of web vulnerability scanners on detecting security vulnerabilities in web services.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123721412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 173
Intrusion-tolerant self-healing devices for critical infrastructure protection 用于关键基础设施保护的容错自愈装置
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270333
Paulo Sousa, A. Bessani, W. Dantas, F. Souto, M. Correia, N. Neves
{"title":"Intrusion-tolerant self-healing devices for critical infrastructure protection","authors":"Paulo Sousa, A. Bessani, W. Dantas, F. Souto, M. Correia, N. Neves","doi":"10.1109/DSN.2009.5270333","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270333","url":null,"abstract":"Critical infrastructures like the power grid are essentially physical processes controlled by electronic devices. In the last decades, these electronic devices started to be controlled remotely through commodity computers, often directly or indirectly connected to the Internet. Therefore, many of these systems are currently exposed to threats similar to those endured by normal computer-based networks on the Internet, but the impact of failure of the former can be much higher to society. This paper presents a demonstration of a family of protection devices for critical information infrastructures developed in the context of the EU CRUTIAL project. These devices, called CRUTIAL Information Switches (CIS), enforce sophisticated access control policies of incoming/outgoing traffic, and are themselves designed with a range of different levels of intrusion-tolerance and self-healing, to serve different resilience requirements.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115059855","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Efficient resource management on template-based web servers 基于模板的web服务器上的高效资源管理
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270329
Eli Courtwright, C. Yue, Haining Wang
{"title":"Efficient resource management on template-based web servers","authors":"Eli Courtwright, C. Yue, Haining Wang","doi":"10.1109/DSN.2009.5270329","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270329","url":null,"abstract":"The most commonly used request processing model in multithreaded web servers is thread-per-request, in which an individual thread is bound to serve each web request. However, with the prevalence of using template techniques for generating dynamic contents in modern web servers, this conventional request processing model lags behind and cannot provide efficient resource management support for template-based web applications. More precisely, although content code and presentation code of a template-based dynamic web page can be separated into different files, they are still processed by the same thread. As a result, web server resources, especially database connection resources, cannot be efficiently shared and utilized. In this paper, we propose a new request scheduling method, in which a single web request is served by different threads in multiple thread pools for parsing request headers, performing database queries, and rendering templates. The proposed scheme ensures the high utilization of the precious database connections, while templates are being rendered or static contents are being served. We implemented the proposed scheme in CherryPy, a representative template-enabled multithreaded web server, and we evaluated its performance using the standard TPC-W benchmark implemented with the Django web templates. Our evaluation demonstrates that the proposed scheme reduces the average response times of most web pages by two orders of magnitude and increases the overall web server throughput by 31.3%under heavy loads.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122976299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Safety modeling and evaluation of Automated Highway Systems 自动化公路系统的安全建模与评价
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270352
Ossama Hamouda, M. Kaâniche, K. Kanoun
{"title":"Safety modeling and evaluation of Automated Highway Systems","authors":"Ossama Hamouda, M. Kaâniche, K. Kanoun","doi":"10.1109/DSN.2009.5270352","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270352","url":null,"abstract":"This paper addresses safety modeling and evaluation of Automated Highway Systems, based on the use of platoons of vehicles driven by automated agents. We analyze the impact on safety of the strategy used to coordinate the vehicles' operations, inside each platoon and between platoons, when vehicles enter or exit the highway, or when maneuvers are carried out to recover from failures affecting the vehicles or their communication. To cope with the complexity of the studied system, a compositional approach based on stochastic activity networks is developed. Replicated submodels associated with each vehicle, describing the corresponding failure modes and recovery maneuvers and their severity, are composed with submodels characterizing the configuration of the platoons and their dynamic evolution. Numerical results are presented to highlight the impact of the coordination strategy and other dependability related parameters.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126028194","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
I-JVM: a Java Virtual Machine for component isolation in OSGi I-JVM:用于OSGi中组件隔离的Java虚拟机
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270296
Nicolas Geoffray, Gaël Thomas, Gilles Muller, P. Parrend, S. Frénot, B. Folliot
{"title":"I-JVM: a Java Virtual Machine for component isolation in OSGi","authors":"Nicolas Geoffray, Gaël Thomas, Gilles Muller, P. Parrend, S. Frénot, B. Folliot","doi":"10.1109/DSN.2009.5270296","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270296","url":null,"abstract":"The OSGi framework is a Java-based, centralized, component oriented platform. It is being widely adopted as an execution environment for the development of extensible applications. However, current Java Virtual Machines are unable to isolate components from each other. For instance, a malicious component can freeze the complete platform by allocating too much memory or alter the behavior of other components by modifying shared variables. This paper presents I-JVM, a Java Virtual Machine that provides a lightweight approach to isolation while preserving compatibility with legacy OSGi applications. Our evaluation of I-JVM shows that it solves the 8 known OSGi vulnerabilities that are due to the Java Virtual Machine and that the overhead of I-JVM compared to the JVM on which it is based is below 20%.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128179417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 76
A linguistic analysis engine for natural language use case description and its application to dependability analysis in industrial use cases 一个用于自然语言用例描述的语言分析引擎及其在工业用例可靠性分析中的应用
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270320
A. Sinha, A. Paradkar, Palani Kumanan, B. Boguraev
{"title":"A linguistic analysis engine for natural language use case description and its application to dependability analysis in industrial use cases","authors":"A. Sinha, A. Paradkar, Palani Kumanan, B. Boguraev","doi":"10.1109/DSN.2009.5270320","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270320","url":null,"abstract":"We present 1) a novel linguistic engine made of configurable linguistic components for understanding natural language use case specification; and 2) results of the first of a kind large scale experiment of application of linguistic techniques to industrial use cases. Requirement defects are well known to have adverse effects on dependability of software systems. While formal techniques are often cited as a remedy for specification errors, natural language remains the predominant mode for specifying requirements. Therefore, for dependable system development, a natural language processing technique is required that can translate natural language textual requirements into validation ready computer models. In this paper, we present the implementation details of such a technique and the results of applying a prototype implementation of our technique to 80 industrial and academic use case descriptions. We report on the accuracy and effectiveness of our technique. The results of our experiment are very encouraging.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126980721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 61
ICT resilience of power control systems: experimental results from the CRUTIAL testbeds 电力控制系统的ICT弹性:来自CRUTIAL试验台的实验结果
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270292
G. Dondossola, F. Garrone, J. Szanto, Geert Deconinck, T. Loix, H. Beitollahi
{"title":"ICT resilience of power control systems: experimental results from the CRUTIAL testbeds","authors":"G. Dondossola, F. Garrone, J. Szanto, Geert Deconinck, T. Loix, H. Beitollahi","doi":"10.1109/DSN.2009.5270292","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270292","url":null,"abstract":"Distributed intelligence and secure interconnected communication networks constitute recognized key factors for the economic operation of electricity infrastructures in competitive power markets. Hence, electric power utilities need to extend risk management frameworks with adequate tools for assessing consequences of ICT (Information and Communication Technologies) threats on their critical business. This requires realistic probability estimates to cyber threat occurrences and consequent failure modes. Due to data sensitivity and rapid discovery of new vulnerability exploits, historical data series of ICT failures affecting power control infrastructures are not sufficient for a timely risk treatment. Such lack of data can partially be overcome by setting up testbeds to run controlled experiments and collect otherwise unavailable data related to cyber misbehaviours in power system operation. Within the project CRUTIAL (CRitical UTility InfrastructurAL resilience) two testbed platforms have been set up for experimentally evaluating malicious threats on macro and micro grid control scenarios. Results from experimental campaigns are analyzed in the paper by means of an evaluation framework.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"246 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132961177","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
Comparing anomaly-detection algorithms for keystroke dynamics 比较击键动力学的异常检测算法
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270346
Kevin S. Killourhy, R. Maxion
{"title":"Comparing anomaly-detection algorithms for keystroke dynamics","authors":"Kevin S. Killourhy, R. Maxion","doi":"10.1109/DSN.2009.5270346","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270346","url":null,"abstract":"Keystroke dynamics-the analysis of typing rhythms to discriminate among users-has been proposed for detecting impostors (i.e., both insiders and external attackers). Since many anomaly-detection algorithms have been proposed for this task, it is natural to ask which are the top performers (e.g., to identify promising research directions). Unfortunately, we cannot conduct a sound comparison of detectors using the results in the literature because evaluation conditions are inconsistent across studies. Our objective is to collect a keystroke-dynamics data set, to develop a repeatable evaluation procedure, and to measure the performance of a range of detectors so that the results can be compared soundly. We collected data from 51 subjects typing 400 passwords each, and we implemented and evaluated 14 detectors from the keystroke-dynamics and pattern-recognition literature. The three top-performing detectors achieve equal-error rates between 9.6% and 10.2%. The results-along with the shared data and evaluation methodology-constitute a benchmark for comparing detectors and measuring progress.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122702489","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 507
Fitness-guided path exploration in dynamic symbolic execution 动态符号执行中的适应度引导路径探索
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270315
Tao Xie, N. Tillmann, J. D. Halleux, Wolfram Schulte
{"title":"Fitness-guided path exploration in dynamic symbolic execution","authors":"Tao Xie, N. Tillmann, J. D. Halleux, Wolfram Schulte","doi":"10.1109/DSN.2009.5270315","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270315","url":null,"abstract":"Dynamic symbolic execution is a structural testing technique that systematically explores feasible paths of the program under test by running the program with different test inputs to improve code coverage. To address the space-explosion issue in path exploration, we propose a novel approach called Fitnex, a search strategy that uses state-dependent fitness values (computed through a fitness function) to guide path exploration. The fitness function measures how close an already discovered feasible path is to a particular test target (e.g., covering a not-yet-covered branch). Our new fitness-guided search strategy is integrated with other strategies that are effective for exploration problems where the fitness heuristic fails. We implemented the new approach in Pex, an automated structural testing tool developed at Microsoft Research. We evaluated our new approach by comparing it with existing search strategies. The empirical results show that our approach is effective since it consistently achieves high code coverage faster than existing search strategies.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125987576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 238
MAP-AMVA: Approximate mean value analysis of bursty systems MAP-AMVA:突发系统的近似均值分析
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270309
G. Casale, E. Smirni
{"title":"MAP-AMVA: Approximate mean value analysis of bursty systems","authors":"G. Casale, E. Smirni","doi":"10.1109/DSN.2009.5270309","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270309","url":null,"abstract":"MAP queueing networks are recently proposed models for performance assessment of enterprise systems, such as multi-tier applications, where workloads are significantly affected by burstiness. Although MAP networks do not admit a simple product-form solution, performance metrics can be estimated accurately by linear programming bounds, yet these are expensive to compute under large populations. In this paper, we introduce an approximate mean value analysis (AMVA) approach to MAP network solution that significantly reduces the computational cost of model evaluation. We define a number of balance equations that relate mean performance indices such as utilizations and response times. We show that the quality of a MAP-AMVA solution is competitive with much more complex bounds which evaluate the state space of the underlying Markov chain. Numerical results on stress cases indicate that the MVA approach is much more scalable than existing evaluation methods for MAP networks.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126133281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信