Information Security Commons^™

Using Software-Based Decision Procedures To Control Instruction-Level Execution, William B. Kimball

AFIT Patents

An apparatus, method and program product are provided for securing a computer system. A digital signature of an application is checked, which is loaded into a memory of the computer system configured to contain memory pages. In response to finding a valid digital signature, memory pages containing instructions of the application are set as executable and memory pages other than those containing instructions of the application are set as non-executable. Instructions in executable memory pages are executed. Instructions in non-executable memory pages are prevented from being executed. A page fault is generated in response to an attempt to execute an …

Towards A Hybrid Framework For Detecting Input Manipulation Vulnerabilities, Sun Ding, Hee Beng Kuan Tan, Lwin Khin Shar, Bindu Madhavi Padmanabhuni

Research Collection School Of Computing and Information Systems

Input manipulation vulnerabilities such as SQL Injection, Cross-site scripting, Buffer Overflow vulnerabilities are highly prevalent and pose critical security risks. As a result, many methods have been proposed to apply static analysis, dynamic analysis or a combination of them, to detect such security vulnerabilities. Most of the existing methods classify vulnerabilities into safe and unsafe. They have both false-positive and false-negative cases. In general, security vulnerability can be classified into three cases: (1) provable safe, (2) provable unsafe, (3) unsure. In this paper, we propose a hybrid framework-Detecting Input Manipulation Vulnerabilities (DIMV), to verify the adequacy of security vulnerability defenses …

A Robust Rgbd Slam System For 3d Environment With Planar Surfaces, Po-Chang Su, Ju Shen, Sen-Ching S. Cheung

Computer Science Faculty Publications

With the increasing popularity of RGB-depth (RGB-D) sensors such as the Microsoft Kinect, there have been much research on capturing and reconstructing 3D environments using a movable RGB-D sensor. The key process behind these kinds of simultaneous location and mapping (SLAM) systems is the iterative closest point or ICP algorithm, which is an iterative algorithm that can estimate the rigid movement of the camera based on the captured 3D point clouds. While ICP is a well-studied algorithm, it is problematic when it is used in scanning large planar regions such as wall surfaces in a room. The lack of depth …

How To Implement Access Rights In An Mis Project, Umakant Mishra

Umakant Mishra

The MIS data is critical to an organization and should be protected from misuse by wrong persons. Although The MIS data is typically meant for the senior managers each MIS report may not be required by every manager. The access to MIS data is determined by the role of an individual in the organization and controlled by the MIS administrator accordingly. The access is generally determined by the following parameters, (a) the type of user (such as staff or manager etc.), (b) the type of data (whether general data or managerial data), (c) level of access (read/ write/ admin access) …

How Do Viruses Attack Anti-Virus Programs, Umakant Mishra

Umakant Mishra

As the anti-viruses run in a trusted kernel level any loophole in the anti-virus program can enable attackers to take full control over the computer system and steal data or do serious damages. Hence the anti-virus engines must be developed with proper security in mind. The ant-virus should be able to any type of specially created executable files, compression packages or documents that are intentionally created to exploit the anti-virus’s weakness.

Viruses are present in almost every system even though there are anti-viruses installed. This is because every anti-virus, however good it may be, leads to some extent of false …

Protecting Anti-Virus Programs From Viral Attacks, Umakant Mishra

Umakant Mishra

During a fight between viruses and anti-viruses it is not always predictable that the anti-virus is going to win. There are many malicious viruses which target to attack and paralyze the anti-viruses. It is necessary for an anti-virus to detect and destroy the malware before its own files are detected and destroyed by the malware. The anti-virus may follow thorough testing and auditing procedures to fix all its bugs before releasing the software in the market. Besides the anti-virus may use all the obfuscation techniques like polymorphism that the viruses generally use to hide their codes. This article also shows …

The Case For Mobile Forensics Of Private Data Leaks: Towards Large-Scale User-Oriented Privacy Protection, Joseph Joo Keng Chan, Kiat Wee Tan, Lingxiao Jiang, Rajesh Krishna Balan

Research Collection School Of Computing and Information Systems

Privacy protection against mobile applications on mobile devices is becoming a serious concern as user sensitive data may be leaked without proper justification. Most current leak detection tools only report leaked private data, but provide inadequate information about the causes of the leaks for end users to take preventive measures. Hence, users often cannot reconcile the way they have used an application to a reported leak — i.e., they are unable to comprehend the (il)legitimacy of the leak or make a decision on whether to allow the leak. This paper aims to demonstrate the feasibility and benefits of identifying the …

Finding And Solving Contradictions Of False Positives In Virus Scanning, Umakant Mishra

Umakant Mishra

False positives are equally dangerous as false negatives. Ideally the false positive rate should remain 0 or very close to 0. Even a slightest increase in false positive rate is considered as undesirable.

Although the specific methods provide very accurate scanning by comparing viruses with their exact signatures, they fail to detect the new and unknown viruses. On the other hand the generic methods can detect even new viruses without using virus signatures. But these methods are more likely to generate false positives. There is a positive correlation between the capability to detect new and unknown viruses and false positive …

Raising The Game: Applying Theory And Analytics To Real-World Threats, Singapore Management University

Perspectives@SMU

Safety and security are, on many levels, essential priorities for governments, businesses and individuals. While an increase of defence and security budgets may bring some assurance of peaceful times to come, it seems the world has no lack of insane perpetrators who can still somehow evade, breach, ambush, assail and attack as they please. Enter the “Bayesian Stackelberg Game”, a game theory model that can, and has been applied rather successfully to the allocation of security resources in the United States by Prof Milind Tambe, University of Southern California.

Technology Enhanced Learning With Open Source Software For Scientists And Engineers, Maurice Dawson, Imad Al Saeed, Jorja Wright, Mrwan Omar

Maurice Dawson

This paper represents the evaluation and integration of Open Source Software (OSS) technologies to enhance the learning of engineers and scientists within the university. The utilization of OSS is essential as costs around the world continue to rise for education, institutions must become innovative in the ways they teach and grow Science, Technology, Engineering, & Mathematics (STEM) majors. To do this effectively professors and administrative staff should push toward the utilization of OSS and other available tools to enhance or supplement currently available tools with minimal integration costs. The OSS applications would allow students the ability to learn critical technological …