Proceedings of the 12th ACM International Conference on Computing Frontiers最新文献

筛选

英文中文

PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications PHP-sensor:一个发现PHP web应用中工作流违规和跨站漏洞的原型方法

Proceedings of the 12th ACM International Conference on Computing Frontiers Pub Date : 2015-05-06 DOI: 10.1145/2742854.2745719

Shashank Gupta, B. Gupta

{"title":"PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications","authors":"Shashank Gupta, B. Gupta","doi":"10.1145/2742854.2745719","DOIUrl":"https://doi.org/10.1145/2742854.2745719","url":null,"abstract":"As the usage of web applications for security-sensitive facilities has enlarged, the quantity and cleverness of web-based attacks against the web applications have grown-up as well. Several annual cyber security reports revealed that modern web applications suffer from two main categories of attacks: Workflow Violation Attacks and Cross-Site Scripting (XSS) attacks. Presently, in comparison to XSS attacks, there have been actual restricted work carried out that discover workflow violation attacks, as web application logic errors are particular to the expected functionality of a specific web application. This paper presents PHP-Sensor, a novel defensive model that discovers both the vulnerabilities of workflow violation attack and XSS attack concurrently in the real world PHP web applications. For the workflow violation attack, we extract a certain set of axioms by monitoring the sequences of HTTP request/responses and their corresponding session variables during the offline mode. The set of axioms is then utilized for evaluating the HTTP request/response in online mode. Any HTTP request/ response that bypass the corresponding axiom is recognized as a workflow violation attack in PHP web application. For the XSS attack, PHP-Sensor discovers the self-propagating features of XSS worms by monitoring the outgoing HTTP web request with the scripts that are injected in the currently HTTP response web page. We develop prototype of our proposed defensive model on the web proxy as well as on the client-side for the recognition of workflow violation and XSS attacks respectively. We evaluate the detection capability of PHP-Sensor on open source real-world PHP web applications and the simulation outcomes reveal that our defensive model is efficient and feasible at discovering workflow violation attacks, XSS attacks and experiences tolerable performance overhead.","PeriodicalId":417279,"journal":{"name":"Proceedings of the 12th ACM International Conference on Computing Frontiers","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125736037","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 50

Dysource: a high performance and scalable NAND flash controller architecture based on source synchronous interface Dysource:一种基于源同步接口的高性能可扩展NAND闪存控制器架构

Proceedings of the 12th ACM International Conference on Computing Frontiers Pub Date : 2015-05-06 DOI: 10.1145/2742854.2742873

Lizhou Wu, Nong Xiao, Fang Liu, Yimo Du, Shuo Li, Yang Ou

{"title":"Dysource: a high performance and scalable NAND flash controller architecture based on source synchronous interface","authors":"Lizhou Wu, Nong Xiao, Fang Liu, Yimo Du, Shuo Li, Yang Ou","doi":"10.1145/2742854.2742873","DOIUrl":"https://doi.org/10.1145/2742854.2742873","url":null,"abstract":"Flash controllers play critical roles in determining the performance of flash storage. But current controller architectures based on asynchronous interface cannot meet the ever-increasing demands of performance for new large-scale flash storage systems, due to their limitations of I/O bandwidth and scalability. In this paper, we propose an advanced NAND flash controller architecture, called Dysource, to improve performance and scalability of flash storage. Based on the high-speed source synchronous interface supported by ONFI standard, we propose a dynamic scheduling strategy to extend exploration of parallelism to target level. Moreover, we design a novel instruction \"MOVE\" and incorporate it into existing instruction set to speed up garbage collection for higher performance. The experimental results suggest that the performance of the Dysource controller is 4.6 to 9.4 times better than the traditional asynchronous controller as for organization of 8 channels x 8 targets. Moreover, by employing architecture of multiple Dysources, the storage system can scale to arbitrary number of channels and 32 targets at most per channel with high growth rate of performance.","PeriodicalId":417279,"journal":{"name":"Proceedings of the 12th ACM International Conference on Computing Frontiers","volume":"174 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133251150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Proceedings of the 12th ACM International Conference on Computing Frontiers 第十二届ACM计算前沿国际会议论文集

Proceedings of the 12th ACM International Conference on Computing Frontiers Pub Date : 1900-01-01 DOI: 10.1145/2742854

引用次数: 1

首页上一页