Physical Sciences and Mathematics Commons^™

Defining And Preventing Code-Injection Attacks, Donald Ray

USF Tampa Graduate Theses and Dissertations

This thesis shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as such. The flaws also make it possible for benign inputs to be treated as attacks. After describing these flaws in conventional definitions of code-injection attacks, this thesis proposes a new definition, which is based on whether the symbols input to an application get used as (normal-form) values in the application's output. Because values are already fully evaluated, they cannot be considered ``code'' when injected. This simple …

Optimization In Non-Parametric Survival Analysis And Climate Change Modeling, Iuliana Teodorescu

USF Tampa Graduate Theses and Dissertations

Many of the open problems of current interest in probability and statistics involve complicated data

sets that do not satisfy the strong assumptions of being independent and identically distributed. Often,

the samples are known only empirically, and making assumptions about underlying parametric

distributions is not warranted by the insufficient information available. Under such circumstances,

the usual Fisher or parametric Bayes approaches cannot be used to model the data or make predictions.

However, this situation is quite often encountered in some of the main challenges facing statistical,

data-driven studies of climate change, clinical studies, or financial markets, to name a few. …