Visible to the public Biblio

Filters: Keyword is Safe Coding  [Clear All Filters]
2023-02-17
Djoyo, Brata Wibawa, Nurzaqia, Safira, Budiarti, Salsa Imbartika, Agustin, Syerina.  2022.  Examining the Determinant Factors of Intention to Use of Quick Response Code Indonesia Standard (QRIS) as a Payment System for MSME Merchants. 2022 International Conference on Information Management and Technology (ICIMTech). :676–681.
This study purpose was to examine the determinant factors that affect the Micro, Small, and Medium Enterprise (MSME) merchants who had the intention to use Quick Response Code Indonesian Standard (QRIS) as a payment system. QRIS was expected to be applied by merchants to diminish the virus spread and keep the circulation of money safe; but there were not many merchants using the QRIS as a payment method. The factors MSME merchant might not use the QRIS were related to perceived usefulness, perceived security, perceived ease of use, and trust. The population was MSMEs in South Tangerang City who did not use QRIS yet and the population was unknown. Using the Lemeshow formula, obtained a sample of 115 people, and the sampling technique used purposive sampling. Then data were analyzed using multi-regression analysis and processed by SPSS. The results indicated that perceived usefulness and perceived security had a significant affect on trust, whereas trust and ease of use significant affect the intention to use QRIS. Moreover, trust was able to mediate the perceived usefulness to intention to use. Since ease of use had no significant affect on trust, then the mediation given by trust to perceived ease of use had no significant affect on intention to use.
Chanumolu, Kiran Kumar, Ramachandran, Nandhakumar.  2022.  A Study on Various Intrusion Detection Models for Network Coding Enabled Mobile Small Cells. 2022 International Conference on Augmented Intelligence and Sustainable Systems (ICAISS). :963–970.
Mobile small cells that are enabled with Network Coding (NC) are seen as a potentially useful technique for Fifth Generation (5G) networks, since they can cover an entire city and can be put up on demand anywhere, any time, and on any device. Despite numerous advantages, significant security issues arise as a result of the fact that the NC-enabled mobile small cells are vulnerable to attacks. Intrusions are a severe security threat that exploits the inherent vulnerabilities of NC. In order to make NC-enabled mobile small cells to realize their full potential, it is essential to implement intrusion detection systems. When compared to homomorphic signature or hashing systems, homomorphic message authentication codes (MACs) provide safe network coding techniques with relatively smaller overheads. A number of research studies have been conducted with the goal of developing mobile small cells that are enabled with secure network coding and coming up with integrity protocols that are appropriate for such crowded situations. However, the intermediate nodes alter packets while they are in transit and hence the integrity of the data cannot be confirmed by using MACs and checksums. This research study has analyzed numerous intrusion detection models for NC enabled small cells. This research helps the scholars to get a brief idea about various intrusion detection models.
Luo, Zhiyong, Wang, Bo.  2022.  A Secure and Efficient Analytical Encryption Method for Industrial Internet Identification based on SHA-256 and RSA. 2022 IEEE 6th Information Technology and Mechatronics Engineering Conference (ITOEC). 6:1874–1878.
With the development of Industrial Internet identification analysis, various encryption methods have been widely used in identification analysis to ensure the security of identification encoding and data. However, the past encryption methods failed to consider the problem of encryption efficiency in the case of high concurrency, so it will reduce the identification resolution efficiency and increase the computational pressure of secondary nodes when applying these methods to the identification analysis. In this paper, in order to improve the efficiency of identification analysis under the premise of ensuring information security, a safe and efficient analytical encryption method for industrial Internet identification based on Secure Hash Algorithm 256 (SHA-256), and Rivest-Shamir-Adleman (RSA) is presented. Firstly, by replacing the secret key in the identification encoding encryption with the SHA-256 function, the number of secret keys is reduced, which is beneficial to improve the efficiency of identification analysis. Secondly, by replacing the large prime number of the RSA encryption algorithm with multiple small prime numbers, the generation speed of RSA key pair is improved, which is conducive to reduce the computation of secondary nodes. Finally, by assigning a unique RSA private key to the identification code during the identification registration phase, SHA-256 and RSA are associated, the number of key exchanges is reduced during the encryption process, which is conducive to improve the security of encryption. The experiment verifies that the proposed method can improve security of encryption and efficiency of identification analysis, by comparing the complexity of ciphertext cracking and the identification security analysis time between the traditional encryption method and this method.
K, Devaki, L, Leena Jenifer.  2022.  Re-Encryption Model for Multi-Block Data Updates in Network Security. 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC). :1331–1336.
Nowadays, online cloud storage networks can be accessed by third parties. Businesses that host large data centers buy or rent storage space from individuals who need to store their data. According to customer needs, data hub operators visualise the data and expose the cloud storage for storing data. Tangibly, the resources may wander around numerous servers. Data resilience is a prior need for all storage methods. For routines in a distributed data center, distributed removable code is appropriate. A safe cloud cache solution, AES-UCODR, is proposed to decrease I/O overheads for multi-block updates in proxy re-encryption systems. Its competence is evaluated using the real-world finance sector.
El-Korashy, Akram, Blanco, Roberto, Thibault, Jérémy, Durier, Adrien, Garg, Deepak, Hritcu, Catalin.  2022.  SecurePtrs: Proving Secure Compilation with Data-Flow Back-Translation and Turn-Taking Simulation. 2022 IEEE 35th Computer Security Foundations Symposium (CSF). :64–79.

Proving secure compilation of partial programs typically requires back-translating an attack against the compiled program to an attack against the source program. To prove back-translation, one can syntactically translate the target attacker to a source one-i.e., syntax-directed back-translation-or show that the interaction traces of the target attacker can also be emitted by source attackers—i.e., trace-directed back-translation. Syntax-directed back-translation is not suitable when the target attacker may use unstructured control flow that the source language cannot directly represent. Trace-directed back-translation works with such syntactic dissimilarity because only the external interactions of the target attacker have to be mimicked in the source, not its internal control flow. Revealing only external interactions is, however, inconvenient when sharing memory via unforgeable pointers, since information about shared pointers stashed in private memory is not present on the trace. This made prior proofs unnecessarily complex, since the generated attacker had to instead stash all reachable pointers. In this work, we introduce more informative data-flow traces, combining the best of syntax- and trace-directed back-translation in a simpler technique that handles both syntactic dissimilarity and memory sharing well, and that is proved correct in Coq. Additionally, we develop a novel turn-taking simulation relation and use it to prove a recomposition lemma, which is key to reusing compiler correctness in such secure compilation proofs. We are the first to mechanize such a recomposition lemma in the presence of memory sharing. We use these two innovations in a secure compilation proof for a code generation compiler pass between a source language with structured control flow and a target language with unstructured control flow, both with safe pointers and components.

Chandra, I., L, Mohana Sundari, Ashok Kumar, N., Singh, Ngangbam Phalguni, Arockia Dhanraj, Joshuva.  2022.  A Logical Data Security Establishment over Wireless Communications using Media based Steganographic Scheme. 2022 International Conference on Electronics and Renewable Systems (ICEARS). :823–828.
Internet speeds and technological advancements have made individuals increasingly concerned about their personal information being compromised by criminals. There have been a slew of new steganography and data concealment methods suggested in recent years. Steganography is the art of hiding information in plain sight (text, audio, image and video). Unauthorized users now have access to steganographic analysis software, which may be used to retrieve the carrier files valuable secret information. Unfortunately, because to their inefficiency and lack of security, certain steganography techniques are readily detectable by steganalytical detectors. We present a video steganography technique based on the linear block coding concept that is safe and secure. Data is protected using a binary graphic logo but also nine uncompressed video sequences as cover data and a secret message. It's possible to enhance the security by rearranging pixels randomly in both the cover movies and the hidden message. Once the secret message has been encoded using the Hamming algorithm (7, 4) before being embedded, the message is even more secure. The XOR function will be used to add the encoded message's result to a random set of values. Once the message has been sufficiently secured, it may be inserted into the video frames of the cover. In addition, each frame's embedding region is chosen at random so that the steganography scheme's resilience can be improved. In addition, our experiments have shown that the approach has a high embedding efficiency. The video quality of stego movies is quite close to the original, with a PSNR (Pick Signal to Noise Ratio) over 51 dB. Embedding a payload of up to 90 Kbits per frame is also permissible, as long as the quality of the stego video is not noticeably degraded.
Wei, Lizhuo, Xu, Fengkai, Zhang, Ni, Yan, Wei, Chai, Chuchu.  2022.  Dynamic malicious code detection technology based on deep learning. 2022 20th International Conference on Optical Communications and Networks (ICOCN). :1–3.
In this paper, the malicious code is run in the sandbox in a safe and controllable environment, the API sequence is deduplicated by the idea of the longest common subsequence, and the CNN and Bi-LSTM are integrated to process and analyze the API sequence. Compared with the method, the method using deep learning can have higher accuracy and work efficiency.
Irraivan, Ezilaan, Phang, Swee King.  2022.  Development of a Two-Factor Authentication System for Enhanced Security of Vehicles at a Carpark. 2022 International Conference on Electrical and Information Technology (IEIT). :35–39.
The increasing number of vehicles registered demands for safe and secure carparks due to increase in vehicle theft. The current Automatic Number Plate Recognition (ANPR) systems is a single authentication system and hence it is not secure. Therefore, this research has developed a double authentication system by combing ANPR with a Quick Response (QR) code system to create ANPR-DAS that improves the security at a carpark. It has yielded an accuracy of up to 93% and prevents car theft at a car park.
Radis, Alexandre Henrique, Costa Gondim, João José, Café, Daniel Chaves.  2022.  Proposed Security Measures for Code Injection for CubeSats. 2022 Workshop on Communication Networks and Power Systems (WCNPS). :1–7.
Sometimes we have the need to inject new services in an operational satellite, but as the injection of new codes in equipment that has communication link is a critical process due to the possibility of injection of broke or malicious codes, this document proposes a protocol for the safe injection of code in satellite microcontrollers of the CubeSat’ type. This protocol is based on the use of HMAC with SHA-3 to guarantee integrity and authenticity and is enhanced by the same security measures to mitigate communication link problems and satellite attacks, such as the guarantee of delivery and displacement between communication windows and periods of high processing.
2023-01-06
Sharma, Himanshu, Kumar, Neeraj, Tekchandani, Raj Kumar, Mohammad, Nazeeruddin.  2022.  Deep Learning enabled Channel Secrecy Codes for Physical Layer Security of UAVs in 5G and beyond Networks. ICC 2022 - IEEE International Conference on Communications. :1—6.

Unmanned Aerial Vehicles (UAVs) are drawing enormous attention in both commercial and military applications to facilitate dynamic wireless communications and deliver seamless connectivity due to their flexible deployment, inherent line-of-sight (LOS) air-to-ground (A2G) channels, and high mobility. These advantages, however, render UAV-enabled wireless communication systems susceptible to eavesdropping attempts. Hence, there is a strong need to protect the wireless channel through which most of the UAV-enabled applications share data with each other. There exist various error correction techniques such as Low Density Parity Check (LDPC), polar codes that provide safe and reliable data transmission by exploiting the physical layer but require high transmission power. Also, the security gap achieved by these error-correction techniques must be reduced to improve the security level. In this paper, we present deep learning (DL) enabled punctured LDPC codes to provide secure and reliable transmission of data for UAVs through the Additive White Gaussian Noise (AWGN) channel irrespective of the computational power and channel state information (CSI) of the Eavesdropper. Numerical result analysis shows that the proposed scheme reduces the Bit Error Rate (BER) at Bob effectively as compared to Eve and the Signal to Noise Ratio (SNR) per bit value of 3.5 dB is achieved at the maximum threshold value of BER. Also, the security gap is reduced by 47.22 % as compared to conventional LDPC codes.

2022-03-14
Staniloiu, Eduard, Nitu, Razvan, Becerescu, Cristian, Rughiniş, Razvan.  2021.  Automatic Integration of D Code With the Linux Kernel. 2021 20th RoEduNet Conference: Networking in Education and Research (RoEduNet). :1—6.
The Linux kernel is implemented in C, an unsafe programming language, which puts the burden of memory management, type and bounds checking, and error handling in the hands of the developer. Hundreds of buffer overflow bugs have compromised Linux systems over the years, leading to endless layers of mitigations applied on top of C. In contrast, the D programming language offers automated memory safety checks and modern features such as OOP, templates and functional style constructs. In addition, interoper-ability with C is supported out of the box. However, to integrate a D module with the Linux kernel it is required that the needed C header files are translated to D header files. This is a tedious, time consuming, manual task. Although a tool to automate this process exists, called DPP, it does not work with the complicated, sometimes convoluted, kernel code. In this paper, we improve DPP with the ability to translate any Linux kernel C header to D. Our work enables the development and integration of D code inside the Linux kernel, thus facilitating a method of making the kernel memory safe.
Salunke, Sharad, Venkatadri, M., Hashmi, Md. Farukh, Ahuja, Bharti.  2021.  An Implicit Approach for Visual Data: Compression Encryption via Singular Value Decomposition, Multiple Chaos and Beta Function. 2021 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). :1—5.
This paper proposes a digital image compression-encryption scheme based on the theory of singular value decomposition, multiple chaos and Beta function, which uses SVD to compress the digital image and utilizes three way protections for encryption viz. logistic and Arnold map along with the beta function. The algorithm has three advantages: First, the compression scheme gives the freedom to a user so that one can select the desired compression level according to the application with the help of singular value. Second, it includes a confusion mechanism wherein the pixel positions of image are scrambled employing Cat Map. The pixel location is shuffled, resulting in a cipher text image that is safe for communication. Third the key is generated with the help of logistic map which is nonlinear and chaotic in nature therefore highly secured. Fourth the beta function used for encryption is symmetric in nature which means the order of its parameters does not change the outcome of the operation, meaning faithful reconstruction of an image. Thus, the algorithm is highly secured and also saving the storage space as well. The experimental results show that the algorithm has the advantages of faithful reconstruction with reasonable PSNR on different singular values.
R, Padmashri., Srinivasulu, Senduru, Raj, Jeberson Retna, J, Jabez., Gowri, S..  2021.  Perceptual Image Hashing Using Surffor Feature Extraction and Ensemble Classifier. 2021 3rd International Conference on Signal Processing and Communication (ICPSC). :41—44.

Image hash regimes have been widely used for authenticating content, recovery of images and digital forensics. In this article we propose a new algorithm for image haunting (SSL) with the most stable key points and regional features, strong against various manipulation of content conservation, including multiple combinatorial manipulations. In order to extract most stable keypoint, the proposed algorithm combines the Speed Up Robust Features (SURF) with Saliency detection. The keyboards and characteristics of the local area are then combined in a hash vector. There is also a sperate secret key that is randomly given for the hash vector to prevent an attacker from shaping the image and the new hash value. The proposed hacking algorithm shows that similar or initial images, which have been individually manipulated, combined and even multiple manipulated contents, can be visently identified by experimental result. The probability of collision between hacks of various images is almost nil. Furthermore, the key-dependent security assessment shows the proposed regime safe to allow an attacker without knowing the secret key not to forge or estimate the right havoc value.

McQuistin, Stephen, Band, Vivian, Jacob, Dejice, Perkins, Colin.  2021.  Investigating Automatic Code Generation for Network Packet Parsing. 2021 IFIP Networking Conference (IFIP Networking). :1—9.
Use of formal protocol description techniques and code generation can reduce bugs in network packet parsing code. However, such techniques are themselves complex, and don't see wide adoption in the protocol standards development community, where the focus is on consensus building and human-readable specifications. We explore the utility and effectiveness of new techniques for describing protocol data, specifically designed to integrate with the standards development process, and discuss how they can be used to generate code that is safer and more trustworthy, while maintaining correctness and performance.
Tempel, Sören, Herdt, Vladimir, Drechsler, Rolf.  2021.  Towards Reliable Spatial Memory Safety for Embedded Software by Combining Checked C with Concolic Testing. 2021 58th ACM/IEEE Design Automation Conference (DAC). :667—672.
In this paper we propose to combine the safe C dialect Checked C with concolic testing to obtain an effective methodology for attaining safer C code. Checked C is a modern and backward compatible extension to the C programming language which provides facilities for writing memory-safe C code. We utilize incremental conversions of unsafe C software to Checked C. After each increment, we leverage concolic testing, an effective test generation technique, to support the conversion process by searching for newly introduced and existing bugs.Our RISC-V experiments using the RIOT Operating System (OS) demonstrate the effectiveness of our approach. We uncovered 4 previously unknown bugs and 3 bugs accidentally introduced through our conversion process.
Bauer, Markus, Rossow, Christian.  2021.  NoVT: Eliminating C++ Virtual Calls to Mitigate Vtable Hijacking. 2021 IEEE European Symposium on Security and Privacy (EuroS P). :650—666.
The vast majority of nowadays remote code execution attacks target virtual function tables (vtables). Attackers hijack vtable pointers to change the control flow of a vulnerable program to their will, resulting in full control over the underlying system. In this paper, we present NoVT, a compiler-based defense against vtable hijacking. Instead of protecting vtables for virtual dispatch, our solution replaces them with switch-case constructs that are inherently control-flow safe, thus preserving control flow integrity of C++ virtual dispatch. NoVT extends Clang to perform a class hierarchy analysis on C++ source code. Instead of a vtable, each class gets unique identifier numbers which are used to dispatch the correct method implementation. Thereby, NoVT inherently protects all usages of a vtable, not just virtual dispatch. We evaluate NoVT on common benchmark applications and real-world programs including Chromium. Despite its strong security guarantees, NoVT improves runtime performance of most programs (mean overhead −0.5%, −3.7% min, 2% max). In addition, protected binaries are slightly smaller than unprotected ones. NoVT works on different CPU architectures and protects complex C++ programs against strong attacks like COOP and ShrinkWrap.
Zhao, Hua, Xu, Chunxiao, Zhou, Feifei.  2021.  Research on Embedded Startup Method of Trusted Module. 2021 IEEE 5th Information Technology,Networking,Electronic and Automation Control Conference (ITNEC). 5:953—957.
In order to meet the requirements of secure start-up of embedded devices, this paper designs a secure and trusted circuit to realize the secure and trusted start-up of the system. This paper analyzes the principle and method of the circuit design, and verifies the preset information of the embedded device before the start of the embedded device, so as to ensure that the start process of the embedded device is carried out according to the predetermined way, and then uses the security module to measure the integrity of the data in the start process, so as to realize a trusted embedded system. The experimental results show that the security module has stronger security features and low latency. The integrity measurement is implemented in the trusted embedded system to realize the safe startup of embedded devices.
Sun, Xinyi, Gu, Shushi, Zhang, Qinyu, Zhang, Ning, Xiang, Wei.  2021.  Asynchronous Coded Caching Strategy With Nonuniform Demands for IoV Networks. 2021 IEEE/CIC International Conference on Communications in China (ICCC). :352—357.
The Internet of Vehicles (IoV) can offer safe and comfortable driving experiences with the cooperation communications between central servers and cache-enabled road side units (RSUs) as edge severs, which also can provide high-speed, high-quality and high-stability communication access for vehicle users (VUs). However, due to the huge popular traffic volume, the burden of backhaul link will be seriously enlarged, which will greatly degrade the service experience of the IoV. In order to alleviate the backhaul load of IoV network, in this paper, we propose an asynchronous coded caching strategy composed of two phases, i.e., content placement and asynchronous coded transmission. The asynchronous request and request deadline are closely considered to design our asynchronous coded transmission algorithm. Also, we derive the close-form expression of average backhaul load under the nonuniform demands of IoV users. Finally, we formulate an optimization problem of minimizing average backhaul load and obtain the optimized content placement vector. Simulation results verify the feasibility of our proposed strategy under the asynchronous situation.
Soares, Luigi, Pereira, Fernando Magno Quintãn.  2021.  Memory-Safe Elimination of Side Channels. 2021 IEEE/ACM International Symposium on Code Generation and Optimization (CGO). :200—210.
A program is said to be isochronous if its running time does not depend on classified information. The programming languages literature contains much work that transforms programs to ensure isochronicity. The current state-of-the-art approach is a code transformation technique due to Wu et al., published in 2018. That technique has an important virtue: it ensures that the transformed program runs exactly the same set of operations, regardless of inputs. However, in this paper we demonstrate that it has also a shortcoming: it might add out-of-bounds memory accesses into programs that were originally memory sound. From this observation, we show how to deliver the same runtime guarantees that Wu et al. provide, in a memory-safe way. In addition to being safer, our LLVM-based implementation is more efficient than its original inspiration, achieving shorter repairing times, and producing code that is smaller and faster.
Narang, Anuraag, Venu, Balaji, Khursheed, Saqib, Harrod, Peter.  2021.  An Exploration of Microprocessor Self-Test Optimisation Based On Safe Faults. 2021 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT). :1—6.
Microprocessor software test libraries (STLs) must provide maximum fault coverage with minimum overhead. Pruning safe faults, which cannot cause errors in the output of the processor, from the fault list can increase fault coverage without adding test overhead. Applying more application-specific constraints can lead to the identification of more safe faults, and some such constraints are yet to be explored. This work explores the use of signal combination-based constraints alongside well-known constant signal-based constraints for identifying safe faults. Also, for the first time, information on safe faults is utilised during test compaction in order to further minimise test overhead. Results for an OpenRISC processor design show up to 2.33% improvement in fault coverage with the use of the proposed constraints. In one test program, a code segment contributing only to the coverage of safe faults is identified, with its removal providing a 1.09 % code size reduction on top of existing compaction techniques. The results may vary for a larger and more complex commercial design with greater scope for redundant logic. This work explores the use of signal combination-based constraints alongside well-known constant signal-based constraints for identifying safe faults. Also, for the first time, information on safe faults is utilised during test compaction in order to further minimise test overhead. Results for an OpenRISC processor design show up to 2.33% improvement in fault coverage with the use of the proposed constraints. In one test program, a code segment contributing only to the coverage of safe faults is identified, with its removal providing a 1.09 % code size reduction on top of existing compaction techniques. The results may vary for a larger and more complex commercial design with greater scope for redundant logic.
Ali, Ahtasham, Al-Perumal, Sundresan.  2021.  Source Code Analysis for Mobile Applications for Privacy Leaks. 2021 IEEE Madras Section Conference (MASCON). :1—6.
Intelligent gadgets for example smartphones, tablet phones, and personal digital assistants play an increasingly important part in our lives and have become indispensable in our everyday routines. As a result, the market for mobile apps tends to grow at a rapid rate, and mobile app utilization has long eclipsed that of desktop software. The applications based on these smartphones are becoming vulnerable due to the use of open-source operating systems in these smart devices. These applications are vulnerable to smartphones because of memory leaks; they can steal personal data, hack our smartphones, and monitor our private activity, giving anyone significant financial loss. Because of these issues, smartphone security plays a vital role in our daily lives. The Play Store contains unrated applications which any unprofessional developer can develop, and these applications do not pass through the rigorous process of testing and analysis of code leaks. The existing developed system does not include a stringent procedure to examine and investigate source code to detect such vulnerabilities among mobile applications. This paper presented a dynamic analysis-based robust system for Source Code Analysis of Mobile Applications for Privacy Leaks using a machine learning algorithm. Furthermore, our framework is called Source Code Analysis of Mobile Applications (SCA-MA), which combines DynaLog and our machine learning-based classifier for Source Code Analysis of Mobile Applications. Our dataset will contain around 20000 applications to test and analyze vulnerabilities. We will perform dynamic analysis and separate the classification of vulnerable applications and safe applications. Our results show that we can detect vulnerabilities through our proposed system while reviewing code and provide better results than other existing frameworks. We have evaluated our large dataset with the pervasive way so we can detect even small privacy leak which can harm our app. Finally, we have compared results with existing methods, and framework performance is better than other methods.
2021-05-05
Herrera, Adrian.  2020.  Optimizing Away JavaScript Obfuscation. 2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM). :215—220.

JavaScript is a popular attack vector for releasing malicious payloads on unsuspecting Internet users. Authors of this malicious JavaScript often employ numerous obfuscation techniques in order to prevent the automatic detection by antivirus and hinder manual analysis by professional malware analysts. Consequently, this paper presents SAFE-DEOBS, a JavaScript deobfuscation tool that we have built. The aim of SAFE-DEOBS is to automatically deobfuscate JavaScript malware such that an analyst can more rapidly determine the malicious script's intent. This is achieved through a number of static analyses, inspired by techniques from compiler theory. We demonstrate the utility of SAFE-DEOBS through a case study on real-world JavaScript malware, and show that it is a useful addition to a malware analyst's toolset.

Jana, Angshuman, Maity, Dipendu.  2020.  Code-based Analysis Approach to Detect and Prevent SQL Injection Attacks. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1—6.

Now-a-days web applications are everywhere. Usually these applications are developed by database program which are often written in popular host programming languages such as C, C++, C\#, Java, etc., with embedded Structured Query Language (SQL). These applications are used to access and process crucial data with the help of Database Management System (DBMS). Preserving the sensitive data from any kind of attacks is one of the prime factors that needs to be maintained by the web applications. The SQL injection attacks is one of the important security threat for the web applications. In this paper, we propose a code-based analysis approach to automatically detect and prevent the possible SQL Injection Attacks (SQLIA) in a query before submitting it to the underlying database. This approach analyses the user input by assigning a complex number to each input element. It has two part (i) input clustering and (ii) safe (non-malicious) input identification. We provide a details discussion of the proposal w.r.t the literature on security and execution overhead point of view.

Konwar, Kishori M., Kumar, Saptaparni, Tseng, Lewis.  2020.  Semi-Fast Byzantine-tolerant Shared Register without Reliable Broadcast. 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). :743—753.
Shared register emulations on top of message-passing systems provide an illusion of a simpler shared memory system which can make the task of a system designer easier. Numerous shared register applications have a considerably high read-to-write ratio. Thus, having algorithms that make reads more efficient than writes is a fair trade-off.Typically, such algorithms for reads and writes are asymmetric and sacrifice the stringent consistency condition atomicity, as it is impossible to have fast reads for multi-writer atomicity. Safety is a consistency condition that has has gathered interest from both the systems and theory community as it is weaker than atomicity yet provides strong enough guarantees like "strong consistency" or read-my-write consistency. One requirement that is assumed by many researchers is that of the reliable broadcast (RB) primitive, which ensures the "all or none" property during a broadcast. One drawback is that such a primitive takes 1.5 rounds to complete and requires server-to-server communication.This paper implements an efficient multi-writer multi-reader safe register without using a reliable broadcast primitive. Moreover, we provide fast reads or one-shot reads – our read operations can be completed in one round of client-to-server communication. Of course, this comes with the price of requiring more servers when compared to prior solutions assuming reliable broadcast. However, we show that this increased number of servers is indeed necessary as we prove a tight bound on the number of servers required to implement Byzantine-fault tolerant safe registers in a system without reliable broadcast.We extend our results to data stored using erasure coding as well. We present an emulation of single-writer multi-reader safe register based on MDS codes. The usage of MDS codes reduces storage and communication costs. On the negative side, we also show that to use MDS codes and at the same time achieve one-shot reads, we need even more servers.
Zhao, Bushi, Zhang, Hao, Luo, Yixi.  2020.  Automatic Error Correction Technology for the Same Field in the Same Kind of Power Equipment Account Data. 2020 IEEE 3rd International Conference of Safe Production and Informatization (IICSPI). :153—157.
Account data of electrical power system is the link of all businesses in the whole life cycle of equipment. It is of great significance to improve the data quality of power equipment account data for improving the information level of power enterprises. In the past, there was only the error correction technology to check whether it was empty and whether it contained garbled code. The error correction technology for same field of the same kind of power equipment account data is proposed in this paper. Combined with the characteristics of production business, the possible similar power equipment can be found through the function location type and other fields of power equipment account data. Based on the principle of search scoring, the horizontal comparison is used to search and score in turn. Finally, the potential spare parts and existing data quality are identified according to the scores. And judge whether it is necessary to carry out inspection maintenance.