Visible to the public Biblio

Filters: Keyword is static  [Clear All Filters]
2019-02-13
Ahmed, N., Talib, M. A., Nasir, Q..  2018.  Program-flow attestation of IoT systems software. 2018 15th Learning and Technology Conference (L T). :67–73.
Remote attestation is the process of measuring the integrity of a device over the network, by detecting modification of software or hardware from the original configuration. Several remote software-based attestation mechanisms have been introduced, that rely on strict time constraints and other impractical constraints that make them inconvenient for IoT systems. Although some research is done to address these issues, they integrated trusted hardware devices to the attested devices to accomplish their aim, which is costly and not convenient for many use cases. In this paper, we propose “Dual Attestation” that includes two stages: static and dynamic. The static attestation phase checks the memory of the attested device. The dynamic attestation technique checks the execution correctness of the application code and can detect the runtime attacks. The objectives are to minimize the overhead and detect these attacks, by developing an optimized dynamic technique that checks the application program flow. The optimization will be done in the prover and the verifier sides.
2018-06-07
Ghafarian, A..  2017.  A hybrid method for detection and prevention of SQL injection attacks. 2017 Computing Conference. :833–838.

SQL injection attack (SQLIA) pose a serious security threat to the database driven web applications. This kind of attack gives attackers easily access to the application's underlying database and to the potentially sensitive information these databases contain. A hacker through specifically designed input, can access content of the database that cannot otherwise be able to do so. This is usually done by altering SQL statements that are used within web applications. Due to importance of security of web applications, researchers have studied SQLIA detection and prevention extensively and have developed various methods. In this research, after reviewing the existing research in this field, we present a new hybrid method to reduce the vulnerability of the web applications. Our method is specifically designed to detect and prevent SQLIA. Our proposed method is consists of three phases namely, the database design, implementation, and at the common gateway interface (CGI). Details of our approach along with its pros and cons are discussed in detail.