500 research outputs found

    Generating profile-based signatures for online intrusion and failure detection

    No full text
    Context Program execution profiles have been extensively and successfully used in several dynamic analysis fields such as software testing and fault localization. Objective This paper presents a pattern-matching approach implemented as an application-based intrusion (and failure) detection system that operates on signatures generated from execution profiles. Such signatures are not descriptions of exploits, i.e. they do not depend on the syntax or semantics of the exploits, but instead are descriptions of program events that correlate with the exploitation of program vulnerabilities. Method A vulnerability exploit is generally correlated with the execution of a combination of program elements, such as statements, branches, and definition-use pairs. In this work we first analyze the execution profiles of a vulnerable application in order to identify such suspicious combinations, define signatures that describe them, and consequently deploy these signatures within an intrusion detection system that performs online signature matching. Results To evaluate our approach, which is also applicable to online failure detection, we implemented it for the Java platform and applied it onto seven open-source applications containing 30 vulnerabilities-defects for the purpose of the online detection of attacks- failures. Our results showed that our approach worked very well for 26 vulnerabilities-defects (86.67percent) and the overhead imposed by the system is somewhat acceptable as it varied from 46percent to 102percent. The exhibited average rates of false negatives and false positives were 0.43percent and 1.03percent, respectively. Conclusion Using profile-based signatures for online intrusion and failure detection was shown to be effective. © 2013 Elsevier B.V. All rights reserved.Abou-Assi R., 2011, 1 INT WORKSH TEST DE; Agrawal R., 1993, ACM SIGMOD RECORD, V22, P207, DOI DOI 10.1145-170035.170072; Apiwattanapong T, 2005, PROC INT CONF SOFTW, P432; Bodik P., 2005, Proceedings. Second International Conference on Autonomic Computing; Brumley D., 2007, P 20 IEEE COMP SECUR; Brumley D, 2006, P IEEE S SECUR PRIV, P2, DOI 10.1109-SP.2006.41; Chaturvedi A., 2005, P IEEE S SEC PRIV; Chen HF, 2007, IEEE T SYST MAN CY C, V37, P644, DOI 10.1109-TSMCC.2007.897496; Cohen W.W., 1995, MACH LEARN 12 INT C; DENNING DE, 1976, COMMUN ACM, V19, P236, DOI 10.1145-360051.360056; Do HS, 2005, EMPIR SOFTW ENG, V10, P405, DOI 10.1007-s10664-005-3861-2; El-Ghali M., 2009, 5 INT WORKSH SOFTW E; Ernst MD, 2001, IEEE T SOFTWARE ENG, V27, P99, DOI 10.1109-32.908957; Feng HHP, 2003, P IEEE S SECUR PRIV, P62, DOI 10.1109-SECPRI.2003.1199328; Forrest S, 1996, P IEEE S SECUR PRIV, P120, DOI 10.1109-SECPRI.1996.502675; Giffin JT, 2006, LECT NOTES COMPUT SC, V4219, P41; Graves TL, 2001, ACM T SOFTW ENG METH, V10, P184, DOI 10.1145-367008.367020; Jackson D., 1994, P 2 ACM SIGSOFT S FD; Jones J. A., 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002, DOI 10.1109-ICSE.2002.1007991; Kang D.-K., 2005, P 6 IEEE SYST MAN CY; Kim H.-A., 2004, Proceedings of the 13th USENIX Security Symposium; Kruegel C, 2003, LECT NOTES COMPUT SC, V2808, P326; Lee W, 1998, P 7 USENIX SEC S SAN; Lee W, 1999, IEEE S SECUR PRIV, V7, P120; Leon D., 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium, DOI 10.1109-ICSE.2000.870403; Li Z, 2007, IEEE T SOFTWARE ENG, V33, P225, DOI 10.1109-TSE.2007.38; Liepins G., 1989, 12 NAT COMP SEC C BA, P495; Lippmann R, 2000, LECT NOTES COMPUT SC, V1907, P162; Lorenzoli D., 2007, P 18 IEEE INT S SOFT; Mannila H., 1995, P 1 INT C KNOWL DISC; Martin M, 2005, ACM SIGPLAN NOTICES, V40, P365, DOI 10.1145-1103845.1094840; Masri W., 2009, 7 INT WORKSH DYN AN; Masri W., 2012, ENHANCING FAULT LOCA; Masri W, 2008, EMPIR SOFTW ENG, V13, P369, DOI 10.1007-s10664-008-9071-y; Masri W, 2009, INFORM SOFTWARE TECH, V51, P385, DOI 10.1016-j.infsof.2008.05.008; Masri W., 2009, ACM T SOFTWARE ENG M, V19; Masri W, 2007, IEEE T SOFTWARE ENG, V33, P454, DOI 10.1109-TSE.2007.1020; Masri W, 2010, SOFTW TEST VERIF REL, V20, P121, DOI 10.1002-stvr.409; Masri W., 2009, INT WORKSH DEF LARG; Masri W., 2010, 3 INT C SOFTW TEST V; Masri W., 2006, 4 INT WORKSH DYN AN; Masri W, 2008, COMPUT SECUR, V27, P176, DOI 10.1016-j.cose.2008.06.002; Masri W, 2011, J SYST SOFTWARE, V84, P1171, DOI 10.1016-j.jss.2011.02.007; McConnell S., 2004, CODE COMPLETE; Miller Frederic P., 2009, ABANDONWARE COMPUTER; Mutz D., 2006, ACM Transactions on Information and Systems Security, V9, DOI 10.1145-1127345.1127348; Newsome J., 2005, P 12 ANN NETW DISTR; Newsome James, 2006, P 13 S NETW DISTR SY; Nusayr Amjad, 2009, USING AOP DET RUNT M, P8; Parnin C., ISSTA 2011, P199; Portnoy L., 2001, ACM CSS WORKSH DAT M; Sabelfeld A., 2003, IEEE J SEL AREA COMM, V21, P1; Sen K., 2005, 10 EUR SOFTW ENG C; Shull Forrest, 2002, P 8 INT S SOFTW METR; Singh A, 2006, J HEURISTICS, V12, P5, DOI 10.1007-s10732-006-3750-x; Steven S., 2000, 2000 INT S SOFTW TES, P158; Wagner D., 2002, P 9 ACM C COMP COMM, P255; Wagner D, 2001, P IEEE S SECUR PRIV, P156, DOI 10.1109-SECPRI.2001.924296; Xu HZ, 2004, LECT NOTES COMPUT SC, V3224, P21; Yin H, 2007, CCS'07: PROCEEDINGS OF THE 14TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P11620

    An algorithm for capturing variables dependences in test suites

    No full text
    The use of dynamic dependence analysis spans several areas of software research including software testing, debugging, fault localization, and security. Many of the techniques devised in these areas require the execution of large test suites in order to generate profiles that capture the dependences that occurred between given types of program elements. When the aim is to capture direct and indirect dependences between finely granular elements, such as statements and variables, this process becomes highly costly due to: (1) the large number of elements, and (2) the transitive nature of the indirect dependence relationship. The focus of this paper is on computing dynamic dependences between variables, i.e., dynamic information flow analysis or DIFA. First, because the problem of tracking dependences between statements, i.e., dynamic slicing, has already been addressed by numerous researchers. Second, because DIFA is a more difficult problem given that the number of variables in a program is unbounded. We present an algorithm that, in the context of test suite execution, leverages the already computed dependences to efficiently compute subsequent dependences within the same or later test runs. To evaluate our proposed algorithm, we conducted an empirical comparative study that contrasted it, with respect to efficiency, to three other algorithms: (1) a naïve basic algorithm, (2) a memoization based algorithm that does not leverage computed dependences from previous test runs, and (3) an algorithm that uses reduced ordered binary decision diagrams (roBDDs) to maintain and manage dependences. The results indicated that our new DIFA algorithm performed considerably better in terms of both runtime and memory consumption. © 2011 Elsevier Inc.Agrawal H., 1990, P ACM SIGPLAN 90 C P, P246, DOI DOI 10.1145-93542.93576; *BCEL, 2003, AP JAK PROJ; Beszedes A., 2001, Proceedings Fifth European Conference on Software Maintenance and Reengineering, DOI 10.1109-CSMR.2001.914974; Clause J., 2007, P INT S SOFTW TEST A, P196, DOI 10.1145-1273463.1273490; Cormen T., 2001, INTRO ALGORITHMS; Elbaum S, 2002, IEEE T SOFTWARE ENG, V28, P159, DOI 10.1109-32.988497; El-Ghali M., 2009, 5 INT WORKSH SOFTW E; Farago C., 2002, Acta Cybernetica, V15; FERRANTE J, 1987, ACM T PROGR LANG SYS, V9, P319, DOI 10.1145-24039.24041; HALDAR V, 2005, 0502 U CAL DEP INF C; HARMAN M, 1995, SOFTW TEST VERIF REL, V3, P143; Harrold MJ, 2000, SOFTW TEST VERIF REL, V10, P171, DOI 10.1002-1099-1689(200009)10:3171::AID-STVR2093.0.CO;2-J; KOREL B, 1988, INFORM PROCESS LETT, V29, P155, DOI 10.1016-0020-0190(88)90054-3; Korels B, 1994, P INT S SOFTW TEST A, P66, DOI 10.1145-186258.186514; LAMPSON BW, 1973, COMMUN ACM, V16, P613, DOI 10.1145-362375.362389; Masri W., 2009, 7 INT WORKSH DYN AN; Masri W, 2008, EMPIR SOFTW ENG, V13, P369, DOI 10.1007-s10664-008-9071-y; Masri W, 2009, INFORM SOFTWARE TECH, V51, P385, DOI 10.1016-j.infsof.2008.05.008; Masri W, 2007, IEEE T SOFTWARE ENG, V33, P454, DOI 10.1109-TSE.2007.1020; Masri W, 2010, SOFTW TEST VERIF REL, V20, P121, DOI 10.1002-stvr.409; Masri W, 2009, ACM T SOFTW ENG METH, V19, DOI 10.1145-1571629.1571631; Masri W, 2008, COMPUT SECUR, V27, P176, DOI 10.1016-j.cose.2008.06.002; Meinel Christoph, 1998, ALGORITHMS DATA STRU; Newsome J., 2005, P NETW DISTR SYST SE; PODGURSKI A, 1989, THESIS U MASS; PODGURSKI A, 1990, IEEE T SOFTWARE ENG, V16, P965, DOI 10.1109-32.58784; Rothermel G, 2001, IEEE T SOFTWARE ENG, V27, P929, DOI 10.1109-32.962562; Sinha S, 2001, ACM T SOFTW ENG METH, V10, P209, DOI 10.1145-367008.367022; STEVEN J, 2000, P 2000 INT S SOFTW T; ZHANG X, 2004, INT C SOFTW ENG ED U; Zhang X., 2003, IEEE ACM INT C SOFTW, P319; ZIMMERMANN J, 2003, 8 EUR S RES COMP SEC; ZIMMERMANN J, 2003, 19 COMP SEC APPL C L65

    Intrusion detection using signatures extracted from execution profiles

    No full text
    An application based intrusion detection system is a security mechanism designed to detect malicious behavior that could compromise the security of a software application. Our aim is to develop such a system that operates on signatures extracted from execution profiles. These signatures are not descriptions of exploits, but instead are descriptions of the program conditions that lead to the exploitation of software vulnerabilities, i.e., they depend on the structure of the vulnerabilities themselves. A program vulnerability is generally induced by the execution of a combination of program statements. In this work we first analyze the execution profiles of a subject application in order to identify such suspicious combinations and consequently extract and define their corresponding signatures. Then, we insert probes in select locations in the application to enable online signature matching. To evaluate our technique, we implemented it for Java programs and applied it on Tomcat 3.0 in order to detect well-known attacks. Our results were promising, as no false negatives and a maximum of 4.5percent false positives were observed, and the runtime overhead was less than 5percent. © 2009 IEEE.BCEL, 2003, AP JAK PROJ; BRUMLEY D, 2007, PRACTICAL AUTOMATIC; BRUMLEY D, 2007, P 20 IEEE COMP SEC F; Brumley D, 2006, P IEEE S SECUR PRIV, P2, DOI 10.1109-SP.2006.41; Butenko S, 2006, EUR J OPER RES, V173, P1, DOI 10.1016-j.ejor.2005.05.026; Ernst M. D., 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002), DOI 10.1109-ICSE.1999.841011; Feng HHP, 2003, P IEEE S SECUR PRIV, P62, DOI 10.1109-SECPRI.2003.1199328; Forrest S, 1996, P IEEE S SECUR PRIV, P120, DOI 10.1109-SECPRI.1996.502675; GIFFIN JT, 2006, P 9 INT S REC ADV IN, P41; GUO Q, 2003, P 3 INT WORKSH FORM, P1098; Hifi M, 1997, J OPER RES SOC, V48, P612; Jones J. A., 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002, DOI 10.1109-ICSE.2002.1007991; Kim H.-A., 2004, Proceedings of the 13th USENIX Security Symposium; Kruegel C., 2003, P 8 EUR S RES COMP S, P326; Lam MS, 2008, PEPM'08: PROCEEDINGS OF THE 2008 ACM SIGPLAN SYMPOSIUM ON PARTIAL EVALUATION AND SEMANTICS-BASED PROGRAM MANIPULATION, P3, DOI 10.1145-1328408.1328410; Li Z, 2007, IEEE T SOFTWARE ENG, V33, P225, DOI 10.1109-TSE.2007.38; LIVSHITS B, 2005, P US SEC S AUG, P271; Lorenzoli D., 2007, P 18 IEEE INT S SOFT; LORIMER RJ, INSTRUMENTATION MODI; Martin M., 2005, P 20 ANN ACM SIGPLAN, P365, DOI 10.1145-1094811.1094840; Masri W, 2007, IEEE T SOFTWARE ENG, V33, P454, DOI 10.1109-TSE.2007.1020; Masri W, 2008, COMPUT SECUR, V27, P176, DOI 10.1016-j.cose.2008.06.002; Singh A, 2006, J HEURISTICS, V12, P5, DOI 10.1007-s10732-006-3750-x; Wagner D., 2002, P 9 ACM C COMP COMM, P255; Wagner D, 2001, P IEEE S SECUR PRIV, P156, DOI 10.1109-SECPRI.2001.9242960

    El derecho internacional y el terrorismo

    No full text
    Se pretende demostrar en este trabajo, utilizando el caso real de El-Masri c. Ex-República Yugoslava de Macedonia, como el Estado demandado ha violado en nombre de la seguridad nacional e internacional, normas internacionales de derechos humanos en pos de derrotar al terrorismo y cómo estos actos han cambiado la vida del señor El-Masri y cómo las víctimas de los ataques del 11-S no han resultado ser solamente las personas que han fallecido en los atentados, sino que, a partir de aquéllos, se debe tomar conciencia de que las víctimas han sido y siguen siendo muchas más que aquéllas. Por último y para ejemplificar, se mencionaran las primeras medidas adoptadas por los Estados Unidos luego de los atentados del 11-S y las últimas medidas adoptadas frente al terrorismo por los gobiernos de, Australia, Francia, Reino Unido, Argentina y Brasil en pos de la seguridad nacional.Instituto de Relaciones Internacionale

    El derecho internacional y el terrorismo

    No full text
    Se pretende demostrar en este trabajo, utilizando el caso real de El-Masri c. Ex-República Yugoslava de Macedonia, como el Estado demandado ha violado en nombre de la seguridad nacional e internacional, normas internacionales de derechos humanos en pos de derrotar al terrorismo y cómo estos actos han cambiado la vida del señor El-Masri y cómo las víctimas de los ataques del 11-S no han resultado ser solamente las personas que han fallecido en los atentados, sino que, a partir de aquéllos, se debe tomar conciencia de que las víctimas han sido y siguen siendo muchas más que aquéllas. Por último y para ejemplificar, se mencionaran las primeras medidas adoptadas por los Estados Unidos luego de los atentados del 11-S y las últimas medidas adoptadas frente al terrorismo por los gobiernos de, Australia, Francia, Reino Unido, Argentina y Brasil en pos de la seguridad nacional.Instituto de Relaciones Internacionale

    Benralizumab therapy rapidly improved the quality of life in a woman with adult-onset non-allergic eosinophilic asthma

    No full text
    We describe the case of a 52-year-old woman diagnosed with adult-onset severe non-allergic eosinophilic asthma received 16 years after the symptoms began. These years have been characterized by frequent episodes of exacerbation and loss of symptom control, despite adequate therapies prescribed by several pulmonology specialists. Moreover, the progressive worsening of asthma, combined with a complex family situation that often brought the patient to neglect her therapies and examinations, led to a drastic quality of life (QoL) impairment and the onset of frustration and depressive symptoms. After formulation in 2020 of a differential diagnosis by a first-level center, the patient has been referred to a Severe Asthma Outpatient second level clinic where she began a monoclonal anti IL5-Ra antibody therapy with benralizumab 30 mg SC. Since the first dose, the patient showed a progressive improvement in symptoms control which also had a beneficial effect on her QoL. Reduced eosinophil levels that got 0 cells/mm3 and improved Asthma Control Test (ACT) and mini AQLQ-QoL test confirmed the therapy effectiveness. The description of this case should raise awareness among primary care physicians and specialists to refer patients with severe forms of asthma refractory to oral and inhaled therapies to second-and third-level centers to start an adequate therapy with biological drugs

    El ABC de la ortopedia: conceptos y técnicas esenciales para profesionales de la salud

    No full text
    «El ABC de la Ortopedia: conceptos y técnicas esenciales para profesionales de la salud» aborda la evolución de la ortopedia y la traumatología como disciplinas médicas que han pasado de enfoques básicos a prácticas altamente especializadas y tecnológicamente avanzadas. A lo largo de las décadas, los progresos en la comprensión del sistema musculoesquelético y la incorporación de nuevas técnicas quirúrgicas han transformado los resultados clínicos, resaltando la importancia de la educación continua y del trabajo interdisciplinario. El texto subraya que la formación en ortopedia no puede entenderse de manera aislada, ya que el éxito de las intervenciones depende de la colaboración estrecha entre ortopedistas e instrumentadores quirúrgicos. Esta sinergia favorece una planificación precisa, una ejecución eficiente y una atención integral al paciente, lo que se traduce en mejores resultados postoperatorios. Con un enfoque pedagógico, el libro se propone como una herramienta complementaria para fortalecer las competencias técnicas, comunicativas y colaborativas de los futuros profesionales de la salud. Su propósito es promover un aprendizaje que integre el conocimiento científico con las habilidades clínicas y el trabajo en equipo. Finalmente, los autores invitan a concebir el aprendizaje en ortopedia como un proceso compartido, donde la cooperación, la excelencia y la conformación de equipos multidisciplinarios se erigen como pilares fundamentales para ofrecer una atención médica de calidad centrada en el bienestar del paciente

    Naphthalene, 1-methylnaphthalene, and 2-methylnaphthalene

    No full text
    prepared by Syracuse Research Corporation under contract no. 205-1999-00024 ; prepared for U.S. Department of Health and Human Services, Public Health Service, Agency for Toxic Substances and Disease Registry.Chemical manager(s)/author(s): Hisham El-Masri ... [et al.]--P. ix."A toxicological profile for naphthalene, 1-methylnaphthalene, and 2-methylnaphthalene, draft for public comment was released in September 2003. This edition supersedes any previously released draft or final profile"--P. iii."This toxicological profile is prepared in accordance with guidelines developed by the Agency for Toxic Substances and Disease Registry (ATSDR) and the Environmental Protection Agency (EPA). The original guidelines were published in the Federal Register on April 17, 1987"--P. v.2005205-1999-0002
    corecore