发布求助
文献互助 智能选刊 最新文献

2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)最新文献

筛选
英文 中文
SecretSafe: A Lightweight Approach against Heap Buffer Over-Read Attack SecretSafe:一个轻量级的方法来对付堆缓冲区过读攻击
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.206
Xiaoguang Wang, Yong Qi, Chi Zhang, Saiyu Qi, Peijian Wang
{"title":"SecretSafe: A Lightweight Approach against Heap Buffer Over-Read Attack","authors":"Xiaoguang Wang, Yong Qi, Chi Zhang, Saiyu Qi, Peijian Wang","doi":"10.1109/COMPSAC.2017.206","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.206","url":null,"abstract":"Software memory disclosure attacks, such as buffer over-read, often work quietly and would cause secret data leakage. The well-known OpenSSL Heartbleed vulnerability leaked out millions of servers’ private keys, which caused most of the Internet services insecure at that time. Existing solutions are either hard to apply to large code bases (e.g., through formal verification [20] or symbolic execution [8] on program code), or too heavyweight (e.g., by involving a hypervisor software [23], [24] or a modified operating system kernel [17]). In this paper, we propose SecretSafe, a lightweight and easy-to-use system which leverages the traditional x86 segmentation mechanism to isolate the application secrets from the remaining data. Software developers could prevent the secrets from being leaked out by simply declaring the secret variables with SECURE keyword. Our customized compiler will automatically separate the secrets from the remaining non-secret data with an isolated memory segment. Any legal instructions that have to access the secrets will be automatically instrumented to enable accesses to the isolated segment. We have implemented a SecretSafe prototype with the open source LLVM compiler framework. The evaluation shows that SecretSafe is both secure and efficient.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"5 1","pages":"628-636"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85213945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Deployment of Multilanguage Security Awareness Education Online Course by Federated Moodle in Japan 联邦Moodle在日本部署多语言安全意识教育在线课程
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.100
H. Ueda, Motonori Nakamura
{"title":"Deployment of Multilanguage Security Awareness Education Online Course by Federated Moodle in Japan","authors":"H. Ueda, Motonori Nakamura","doi":"10.1109/COMPSAC.2017.100","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.100","url":null,"abstract":"In this study, we aim to improve security awareness education by developing standard, multilanguage and sustainable online course. This talk focuses on as follows: (1) the management of e-learning services on Moodle even with limited system resources. (2) the improvement of the course content. (3) user's behavior analysis of 2013-2015 academic year. Our course \"Learn with Princess Rin Rin\" provided by Shibboleth federated Moodle, named \"GakuNinMoodle\" from November 2012. As of December 30, 2016, GakuNinMoodle was accessed 129,581 login attempts from 102 institutions. We obtained several findings of management Moodle and development online course through these years. First, database optimization is the best method for improving LMS performance with limited system resources. Second, Shareable Content Object Reference Model (SCORM) standard could be an obstacle to keep up-to-date content. Finally, the trial of analyze learning records to improve the course according to learner's behavior was presented.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"32 1","pages":"49-52"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90692490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
TLS Connection Validation by Web Browsers: Why do Web Browsers Still Not Agree? Web浏览器的TLS连接验证:为什么Web浏览器仍然不同意?
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.240
A. Wazan, R. Laborde, D. Chadwick, F. Barrère, A. Benzekri
{"title":"TLS Connection Validation by Web Browsers: Why do Web Browsers Still Not Agree?","authors":"A. Wazan, R. Laborde, D. Chadwick, F. Barrère, A. Benzekri","doi":"10.1109/COMPSAC.2017.240","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.240","url":null,"abstract":"The TLS protocol is the primary technology used for securing web transactions. It is based on X.509 certificates that are used for binding the identity of web servers' owners to their public keys. Web browsers perform the validation of X.509 certificates on behalf of web users. Our previous research in 2009 showed that the validation process of web browsers is inconsistent and flawed. We showed how this situation might have a negative impact on web users. From 2009 until now, many new X.509 related standards have been created or updated. In this paper, we performed an increased set of experiments over our 2009 study in order to highlight the improvements and/or regressions in web browsers' behaviours.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"1 1","pages":"665-674"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83413785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Authenticating Preference-Oriented Multiple Users Spatial Queries 验证面向偏好的多用户空间查询
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.68
Xiaoran Duan, Yong Wang, Juguang Chen, Junhao Zhang
{"title":"Authenticating Preference-Oriented Multiple Users Spatial Queries","authors":"Xiaoran Duan, Yong Wang, Juguang Chen, Junhao Zhang","doi":"10.1109/COMPSAC.2017.68","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.68","url":null,"abstract":"Location-based social networks (LBSNs) are attracting significant attentions, which make location-aware applications prosperous. We proposed the Multiple User-defined Spatial Query (MUSQ) in [1]. However, it is impractical that non-expert users provide exact vectors to denote their preferences in MUSQ. In this paper, we design a group users weight matrix generation algorithm to represent users' preferences conveniently. In addition, we propose a refinement method to improve the effectiveness of the query results. Further, considering the trust issue introduced by data outsourcing, an authenticated query processing framework is proposed. A set of experiments are conducted to show the effectiveness and scalability of our methods under various parameter settings.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"15 1","pages":"602-607"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89113928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A Method of Mobile Core Network Load Reduction Using Autonomous Clustering-Based Two-Layered Structure for Information Dissemination in Wireless Networks 一种基于自主聚类的无线网络信息传播双层结构移动核心网减载方法
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.22
Toshikazu Terami, T. Ohta, Y. Kakuda
{"title":"A Method of Mobile Core Network Load Reduction Using Autonomous Clustering-Based Two-Layered Structure for Information Dissemination in Wireless Networks","authors":"Toshikazu Terami, T. Ohta, Y. Kakuda","doi":"10.1109/COMPSAC.2017.22","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.22","url":null,"abstract":"Most of mobile nodes and wireless devices are equipped with 4G/LTE cellular connections and WiFi short range connections. Along with the growth of the Internet of Things (IoT) and M2M communication, in case that these nodes/devices use cellular connections simultaneously to access to the mobile core network, there is the possibility that many of them cannot establish the cellular connections due to the limited wireless resources of the cellular base stations. In this paper, at first, we introduce an autonomous clustering-based two-layered structure in wireless networks. Each node communicates with the other nodes within the transmission range by using WiFi short range connections as ad hoc connections and configures a Mobile Ad hoc NETwork (MANET) without depending the mobile core network as the MANET layer. In the MANET layer, all nodes are divided into multiple groups (clusters) and one cluster head node is selected in each cluster by autonomous clustering. Only cluster head nodes can establish the cellular connections as super peers, and also these super peer nodes configure the P2P network as the P2P layer. Next, we propose a mobile core network load reduction method based on the two-layered structure for information dissemination, and then evaluate the proposed method and the effect of the two-layered structure from the viewpoint of information dissemination. In the proposed method each node can use a cellular connection and an ad hoc connection according to the network condition and node density. Finally, we can confirm that the proposed method reduces the mobile core network load as well as provides the reliable information dissemination from a node to the other nodes through simulation experiments.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"31 1","pages":"19-24"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83100416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Understanding the Feasibility of a Location-Aware Mobile-Based 911-Like Emergency Service in Bangladesh 了解孟加拉国基于位置感知的类似911的移动紧急服务的可行性
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.257
Md Monsur Hossain, Moushumi Sharmin, Shameem Ahmed
{"title":"Understanding the Feasibility of a Location-Aware Mobile-Based 911-Like Emergency Service in Bangladesh","authors":"Md Monsur Hossain, Moushumi Sharmin, Shameem Ahmed","doi":"10.1109/COMPSAC.2017.257","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.257","url":null,"abstract":"In this paper, we present the design and implementation of a location-aware mobile-based emergency service for Bangladesh, a developing country, which lacks any central 911-like emergency service. Our goal was to investigate the feasibility and acceptability of such services that do not require building any new infrastructure or changing the existing infrastructure available in Bangladesh. To achieve our goal, we iteratively designed and deployed two location-aware mobile-based emergency services in Dhaka, the capital city of Bangladesh. These deployments provided a deep insight about user experience, acceptance, and sustainability issues. We learned that users considered these services effective, felt comfortable using these during emergencies, and expressed a need for integration of additional services. Our findings indicate that it is feasible to design a location-aware mobile-based emergency service in Bangladesh. We believe that our proposed design will help to provide a low-cost alternative to the central 911-services, especially for the developing countries.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"12 1","pages":"861-868"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72664211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Measurement of Source Code Readability Using Word Concreteness and Memory Retention of Variable Names 使用词的具体性和变量名的记忆保留来测量源代码的可读性
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.166
Weifeng Xu, Dianxiang Xu, Lin Deng
{"title":"Measurement of Source Code Readability Using Word Concreteness and Memory Retention of Variable Names","authors":"Weifeng Xu, Dianxiang Xu, Lin Deng","doi":"10.1109/COMPSAC.2017.166","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.166","url":null,"abstract":"Source code readability is critical to software quality assurance and maintenance. In this paper, we present a novel approach to the automated measurement of source code readability based on Word Concreteness and Memory Retention (WCMR) of variable names. The approach considers programming and maintenance as processes of organizing variables and their operations to describe solutions to specific problems. The overall readability of given source code is calculated from the readability of all variables contained in the source code. The readability of each variable is determined by how easily its meaning is memorized (i.e., word concreteness) and how quickly they are forgotten over time (i.e., memory retention). Our empirical study has used 14 open source applications with over a half-million lines of code and 10,000 warning defects. The result shows that the WCMR-based source code readability negatively correlates strongly with overall warning defect rates, and particularly with such warning as bad programming practices, code vulnerability, and correctness bug warning.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"35 1","pages":"33-38"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73231430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Cache Function Activation on a Client Based DNSSEC Validation and Alert System by Multithreading 基于多线程的客户端DNSSEC验证报警系统的缓存功能激活
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.78
Kunitaka Kakoi, Yong Jin, N. Yamai, Naoya Kitagawa, M. Tomoishi
{"title":"Cache Function Activation on a Client Based DNSSEC Validation and Alert System by Multithreading","authors":"Kunitaka Kakoi, Yong Jin, N. Yamai, Naoya Kitagawa, M. Tomoishi","doi":"10.1109/COMPSAC.2017.78","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.78","url":null,"abstract":"Domain Name System (DNS) is one of the most important services of the Internet since most communications normally begin with domain name resolutions provided by DNS. However, DNS has vulnerability against some kind of attacks such as DNS spoofing, DNS cache poisoning, and so on. DNSSEC is an security extension of DNS to provide secure name resolution services by using digital signature based on public key cryptography. However, there are several problems with DNSSEC such as failing resolution in case of validation failure, increasing the load of DNS full resolver, and so on. To mitigate these problems, we proposed a Client Based DNSSEC Validation System. This system performs DNSSEC validation on the client, and in case of validation failure, it forwards the failed response and alerts the user to the fact. However, this system has a problem that it inactivates the cache function of validation library so that it always performs DNSSEC validation even for the same query. In this paper, we report how to solve this problem by multithreading of DNSSEC validation system.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"02 1","pages":"37-42"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78308788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Blockchain as an Audit-Able Communication Channel 区块链作为可审计的通信渠道
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.72
Shigeya Suzuki, J. Murai
{"title":"Blockchain as an Audit-Able Communication Channel","authors":"Shigeya Suzuki, J. Murai","doi":"10.1109/COMPSAC.2017.72","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.72","url":null,"abstract":"Applications requiring strict access control, such as medical record query, often require auditing of the query. The current typical design relies on server side logging. However, logging on server-side do not provide strict means of auditing, since the server can be tampered with attackers, and also anybody who has permission to write can modify the log. We propose a scheme using blockchain technology, as a request-response channel for a client-server system, to record both client request and server reply in an audi-table manner. We have implemented a proof-of-concept system on top of a publicly available blockchain testbed. By using a blockchain as a client-server request-response channel, the request-response sequence can be verified by anybody who has access to the blockchain, providing a way to implement audit log for strictly controlled resources.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"17 1","pages":"516-522"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77966094","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 33
Visualization Method for Bicycle Rider Behavior Analysis Using a Smartphone 基于智能手机的自行车骑行者行为分析可视化方法
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC) Pub Date : 2017-07-04 DOI: 10.1109/COMPSAC.2017.262
Hajime Kato, Yuto Sakajyo, S. Kaneda
{"title":"Visualization Method for Bicycle Rider Behavior Analysis Using a Smartphone","authors":"Hajime Kato, Yuto Sakajyo, S. Kaneda","doi":"10.1109/COMPSAC.2017.262","DOIUrl":"https://doi.org/10.1109/COMPSAC.2017.262","url":null,"abstract":"We previously proposed a bicycle rider behavior visualization method using a probe bicycle equipped with an accurate speed sensor, a rotary encoder to measure handle angle, and a sensor to detect tilt of the bicycle body. However, the probe bicycle is expensive and inhibits wide use of this visualization method. To resolve this problem, we employ a smartphone as the sensor device. This newly proposed method focuses on the azimuth angle because the magnetic sensor is robust to the unwanted effects of bicycle body vibration. A prototype system has been implemented with an Android smartphone-the Sony Corp.'s Xperia. The visualization results generated by the proposed approach are comparable to those of the conventional probe bicycle approach. Using the prototype system, we evaluated the difference between young and aged riders. This experiment statistically clarified a decline in bicycle control for aged riders.","PeriodicalId":6556,"journal":{"name":"2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)","volume":"30 1","pages":"354-359"},"PeriodicalIF":0.0,"publicationDate":"2017-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87030361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信