Catálogo de publicaciones - libros

“Invalidated Input” is Top One Critical Web Application Security Vulnerabilities according to have been released by Open Web Applications Security Project (OWASP) on July 14, 2004. Many web application security vulnerabilities result from generic input validation problems. Some sites attempt to protect themselves by filtering malicious input, but it may not be viable to modify the source of such components. We have tried to develop an automatic defense mechanism that can produce a proper input validation function on security gateway to filter malicious injection. To verify the efficiency of the tool, we picked the websites made up of some Web applications often contain third-party vulnerable components which was shipped in binary form. Among our experiments, the defense mechanism can automatically organize validation functions to avoid malicious injection attack. environment.

Secure communications requires the exchange of keying material, which in general is not trivial problem. A simple solution is to use alternative communication channels to exchange the cryptographic keys, like standard mail services or reciprocal visual inspection of text strings. Here, we propose to use the standard Public Mobile Network (PMN) as an alternative channel, because the use of mobile phones has become pervasive and affordable for most of users. The basic assumption is that the PMN is more secure than other wireless and wired networks. We envision a system for subscribers who wish to exchange their cryptographic keys, which can be used afterwards for sending encrypted messages over other (insecure) communication channels, like Internet. We assume that every user or its mobile phone is able 1) to generate a public/private key pair, and 2) to store it inside his/her mobile phone rubric. The public key is exchanged by sending special requests by means of standard PMN services, like the text messaging system. We analyze the scalability of such a system, by assuming that the subscribers can send group queries, i.e. queries which request the whole (public) keys stored in the rubrics of a subset of the closest neighbors of an user. The performance of such an approach depends on the properties of the graph model of interactions among people. By means of simulations, we show that it is preferable to send few group queries instead of many single requests. This result can be used to dimension the service provided by the PMN.

Due to the fast progress of the Internet, and with the increasing numbers of public terminals spread everywhere, people can access personal sensitive data or perform transactions easily through these public terminals. Identifying these public terminals is therefore a most urgent topic. We propose an efficient and secure scheme that meets real environmental conditions for authenticating these public terminals before conducting a transaction.

In this paper, we propose methodology for improving usability of security tools based on human interface study. Today, users in general cannot use or operate presently available security tools effectively because they lack interface with high usability making them difficult to use or operate. However, if the security tools are effectively used, it is possible to find potential vulnerability information of a client computer. Therefore, we consider security scanners, and develop an interface for them with high usability based on human interface study, so that even general users can use them to find and fix vulnerability of their computers. We perform usability evaluation based on human interface study to the interface we have developed and we show that high usability has been realized from an objective viewpoint.

Most of wireless sensor networks (WSNs) are deployed in an environment where communication between sensors may be monitored. For applications which require higher security, it is therefore necessary to employ some cryptographic scheme in the network. However, key management in WSNs is a challenging task due to the constrained resources. In this paper, based on the concept of small worlds, we present a group-based key predistribution scheme which enables any pair of sensors to establish a unique shared key. The key path establishment uses only local information with logarithmic memory overhead to the number of groups. Other performance, including communication and computing overhead, are evaluated also. The results show that the proposed key management method performs better than other known methods.

In the context of secure group communication, a shared secret key is generated anew for data protection whenever group membership changes. This paper presents an approach to fast rekeying in a wireless network that is subject to time-varying channel conditions. We address a scenario where a station joins one group at a time, but may leave multiple groups at once for abrupt link failure or cascading application termination. In our architecture, each station is assigned a private number and a code, so as to exploit Fermat’s Little Theorem and an orthogonal coding methodology, respectively. The former is used to protect the delivery of updated group keys, while the latter to encode keying material meant for different sites in an aggregate form as a payload for message distribution. Since rekeying messages are delivered via multicast, intended stations can decode information of interest at the same time. Therefore rekeying among multiple groups can still be carried out timely with (1) message complexity. Our design provides a complementary facility to current schemes for performance improvement. Pragmatic considerations of our approach are discussed as well.

With the ongoing evolvement of Rich Internet Application (RIA) technology, browser-based game development has reached a point where exciting real-time applications with remote players can be produced and distributed quickly and easily. However, as the browser is a very different operating environment and interactive experience from that of classical game software, browser-based real-time multiplayer games involve gaming architectures that are distinct from their classical counterparts. Elaborating on the case of an online tabletop soccer game with two remote players, this paper presents the design and implementation of two distinct architectural models that RIA developers can fall back on when implementing distributed, browser-based real-time applications.

Digital contents contains a large number of learning concepts most of which contribute to the main learning ideas. How to focus on the learning faults and improve the learning process is important. In this paper, we propose a novel approach to retrieving the main ideas from, as well as to constructing a domain tree to represent, the contents of materials. The nodes of the domain tree consist of meaningful texts. We collect the meaningful texts by segmenting words of the digital contents and then recombining these texts to form a binary number. We define a scoring method for the digital contents by assigning a sequence of 0’s and 1’s to the texts. These binary numbers can then be easily calculated by a function of sequence with power and base 2, where  ∈ . Each sequence can get a unit score which indicates the location in the context. An expression of digital contents represents a unit, a chapter, a section, or a paragraph. This expression can be provided as a feedback to teachers or students. Based on the feedback, teachers can make questions in the exam sheet more evenly distributed while students can improve the way they learn.

Context-aware computing is a class of new conceptual pervasive computing system, which spring up and develop rapidly recently. In order to screen heterogeneity of ubiquitous networks and support rapid development of applications in context-awareness, the idea of middleware is widely adopted. In this paper, the middleware is proposed to support the application development of context-awareness under the wireless sensor networks environment. It applies the updated service-oriented and light-weight structure with excellent expansibility and efficiency in the running process. The runtime structure of the middleware is presented. During the process of context-awareness, the new method of awareness synchronization is designed to ensure the sensitivity to context switch. The algorithm of the energy efficiency during the context-awareness process is designed and evaluated. At the end of the paper, a healthcare scenario is used to validate the design methodology and demonstrate the supporting function of middleware.

IP over optical networks controlled by the GMPLS control plane have become the common infrastructure for a variety of services, such as triple play and grid applications. The traffic aggregation requires the services to be differentiated in a multilayer fashion, so as to guarantee higher levels of GoS and QoS to ‘gold’ traffic. This means that the traditional DiffServ technology needs to be combined with differentiation mechanisms in the optical domain. This paper proposes a framework for multilayer QoS and GoS support in GMPLS based IP/WDM networks. The scheme is based on a multilayer strategy which combines two routing policies that optimize the resource utilization. The system also provides a lightpath differentiation which allows the operator to accommodate sensitive traffic on lightpaths able to guarantee a certain level of transmission quality. The benefits of the scheme are illustrated by a simulation study, discussing blocking probability and resource utilization.