A New Method to Analyze the Security of Protocol Implementations Based on Ideal Trace

Security and Communication Networks ◽

10.1155/2017/7042835 ◽

2017 ◽

Vol 2017 ◽

pp. 1-15

Author(s):

Fusheng Wu ◽

Huanguo Zhang ◽

Wengqing Wang ◽

Jianwei Jia ◽

Shi Yuan

Keyword(s):

Code Generation ◽

Source Code ◽

Security Analysis ◽

Memory Access ◽

New Method ◽

Pointer Analysis ◽

C Language ◽

Model Extraction ◽

Diffie Hellman ◽

Man In The Middle

The security analysis of protocols on theory level cannot guarantee the security of protocol implementations. To solve this problem, researchers have done a lot, and many achievements have been reached in this field, such as model extraction and code generation. However, the existing methods do not take the security of protocol implementations into account. In this paper, we have proposed to exploit the traces of function return values to analyze the security of protocol implementations at the source code level. Taking classic protocols into consideration, for example (like the Needham-Schroeder protocol and the Diffie-Hellman protocol, which cannot resist man-in-the-middle attacks), we have analyzed man-in-the-middle attacks during the protocol implementations and have carried out experiments. It has been shown in the experiments that our new method works well. Different from other methods of analyzing the security of protocol implementations in the literatures, our new method can avoid some flaws of program languages (like C language memory access, pointer analysis, etc.) and dynamically analyze the security of protocol implementations.

Download Full-text

Security Analysis on AUTH Protocol and Its Variant against the Man-in-the-Middle Attack

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e98.a.153 ◽

2015 ◽

Vol E98.A (1) ◽

pp. 153-161

Author(s):

Kosei ENDO ◽

Noboru KUNIHIRO

Keyword(s):

Security Analysis ◽

Man In The Middle

Download Full-text

A Neural Embedding for Source Code: Security Analysis and CWE Lists

2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) ◽

10.1109/dasc-picom-cbdcom-cyberscitech49142.2020.00095 ◽

2020 ◽

Author(s):

Martina Saletta ◽

Claudio Ferretti

Keyword(s):

Source Code ◽

Security Analysis ◽

Code Security

Download Full-text

New Method of Fault Knowledge Acquisition of Electronic Equipment

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.496-500.931 ◽

2014 ◽

Vol 496-500 ◽

pp. 931-934

Author(s):

Zhi Cheng Huo ◽

Qi Shun Sun ◽

Feng Jun Qi ◽

Guo Bao Ding

Keyword(s):

Knowledge Acquisition ◽

Electronic Equipment ◽

New Method ◽

Topological Information ◽

Amplifier Circuit ◽

C Language ◽

Transistor Amplifier ◽

Analog System ◽

Non Linear ◽

Electric Equipment

For the problems like discreteness, tolerance, non-linear of the parts, acquiring the fault knowledge of analog system in electric equipment is hard. This method realized the process of KA automatization through the combination of PSPICE software and C language and taking command lines as combining site. Using the batch file, the programs will form some topological information and parameter information about the fault states of a circuit system each time. The result of a experiment about an Basic Transistor Amplifier circuit proves its feasibility.

Download Full-text

The Design and Implementation of Code Generation Based on J2EE in the Development of JBPM Workflow System

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.263-266.1961 ◽

2012 ◽

Vol 263-266 ◽

pp. 1961-1968

Author(s):

Yong Chao Song ◽

Bu Dan Wu ◽

Jun Liang Chen

Keyword(s):

Software Development ◽

Code Generation ◽

System Development ◽

Source Code ◽

Design And Implementation ◽

Workflow System ◽

Development Cycle ◽

The Cost ◽

Static Form

According to the feature of the JBPM workflow system development, the target code generated is determined by analyzing the process of JBPM workflow development and the architecture of J2EE. The code generation tool generates code by parsing the static form source code and loading the code generation template. The code generation tool greatly shortens the JBPM workflow system development cycle and reduces the cost of software development which has the good practicality and scalability.

Download Full-text

An extensible, maintainable and elegant approach to hardware source code generation in Reconfig-P

The Journal of Logic and Algebraic Programming ◽

10.1016/j.jlap.2010.03.013 ◽

2010 ◽

Vol 79 (6) ◽

pp. 383-396 ◽

Cited By ~ 7

Author(s):

Van Nguyen ◽

David Kearney ◽

Gianpaolo Gioiosa

Keyword(s):

Code Generation ◽

Source Code

Download Full-text

Authentication of Diffie-Hellman Protocol Against Man-in-the-Middle Attack Using Cryptographically Secure CRC

Advances in Intelligent Systems and Computing - Proceedings of International Ethical Hacking Conference 2018 ◽

10.1007/978-981-13-1544-2_12 ◽

2018 ◽

pp. 139-150 ◽

Cited By ~ 2

Author(s):

Nazmun Naher ◽

Asaduzzaman ◽

Md. Mokammel Haque

Keyword(s):

Diffie Hellman ◽

Man In The Middle

Download Full-text

Automatic Source Code Generation from Owl Pseudocode

Internet of Things, Infrastructures and Mobile Applications - Advances in Intelligent Systems and Computing ◽

10.1007/978-3-030-49932-7_67 ◽

2020 ◽

pp. 717-725

Author(s):

Baboucar Diatta ◽

Adrien Basse ◽

Chérif Bachir Deme ◽

Samuel Ouya

Keyword(s):

Code Generation ◽

Source Code

Download Full-text

GERADOR DE CÓDIGOS PARA O DESENVOLVIMENTO DE APLICAÇÕES WEB A PARTIR DA MODELAGEM ENTIDADE-RELACIONAMENTO

e-xacta ◽

10.18674/exacta.v9i1.1663 ◽

2016 ◽

Vol 9 (1) ◽

pp. 37

Author(s):

Cristiano Martins Monteiro ◽

Flavianne Braga Campos de Lima ◽

Carlos Renato Storck

Keyword(s):

Programming Languages ◽

Code Generation ◽

Design Pattern ◽

Design Patterns ◽

Source Code ◽

Automatic Generation ◽

Code Generator ◽

Routine Tasks ◽

Entity Relationship ◽

Web Systems

A geração automática de código-fonte é uma prática adotada no desenvolvimento de softwares para agilizar, facilitar e padronizar a implementação dos projetos. Embora seja uma prática comum nas fábricas de software, não se conhece uma ferramenta que permita escolher o padrão de projeto a ser usado. O objetivo principal deste trabalho é apresentar um gerador de códigos para o desenvolvimento de sistemas Web a partir de uma modelagem entidade-relacionamento, uma linguagem de programação e um padrão de projeto determinados pelo usuário. Os objetivos específicos são propor uma arquitetura do sistema capaz de adequar e reaproveitar diferentes padrões de projeto, linguagens de programação e projetos cadastrados; permitir que o usuário cadastre, altere, exclua, importe e exporte um projeto; e gerar automaticamente o seu código-fonte e scripts de banco de dados. Este trabalho se justifica pela importância de reduzir erros de codificação; e evitar perca tempo ao realizar atividades rotineiras de implementação de padrões de projeto. Possibilitando assim, maior dedicação no planejamento das regras de negócios e redução de custos. A ferramenta proposta (GCER) foi desenvolvida em linguagem Java com o uso banco de dados Oracle 11g, e seguindo os padrões DAO e MVC. Os resultados foram avaliados através da geração e compilação de códigos de um projeto para cadastro de veículos. A geração com êxito evidencia a viabilidade da ferramenta proposta para a geração automática de códigos no processo de desenvolvimento de software.AbstractThe automatic generation of source code is a practice adopted in the development of software to streamline, facilitate and standardize the implementation of projects. Although it be a common practice in software factories, it is not known a tool able to choose the design pattern to be used. The main objective of this paper is to present a code generator for the development of Web systems from an entity-relationship modeling, a programming language and a design pattern determined by the user. The specific objectives are to propose a system architecture able to suit and reuse different design patterns, programming languages and saved projects; allow the user to insert, update, delete, import and export a project; and automatically generate the source code and database scripts. This work is justified by the importance to reduce errors of coding; and to avoid waste of time in the development of Web systems performing routine tasks. Allowing, then, a greater dedication in the planning of business rules and the reduction of costs. The tool proposed (GCER) was developed in Java with the database using Oracle 11g, and following the DAO and MVC patterns. The results were evaluated by generating and compiling codes of a project for vehicle registration. The successful code generation demonstrate the feasibility of the proposed tool for the automatic generation of code in the software development process.

Download Full-text

Information processing for Similar Source code using LSH Algorithm

Journal of University of Shanghai for Science and Technology ◽

10.51201/jusst/21/06500 ◽

2021 ◽

Vol 23 (07) ◽

pp. 23-34

Author(s):

Mrs. Vani Dave ◽

◽

Mr Sanjeev Kumar shukla ◽

Keyword(s):

Information Processing ◽

Execution Time ◽

Source Code ◽

Locality Sensitive Hashing ◽

Source File ◽

C Language ◽

Fast Search

In this study, we propose a method to quickly search for similar source files for a given source file as a method to examine the origin of reused code. By outputting not only the same contents but also similar contents, it corresponds to the source file that has been changed during reuse. In addition, locality-sensitive hashing is used to search from a large number of source files, enabling fast search. By this method, it is possible to know the origin of the reused code. A case study was conducted on a library that is being reused written in C language. Some of the changes were unique to the project, and some were no longer consistent with the source files. As a result, it was possible to detect the source files that were reused from among the 200 projects with 92% accuracy. In addition, when we measured the execution time of the search using 4 files, the search was completed within 1 second for each file.

Download Full-text

Means of integrating static source security analysis technology into the software development environment

Modern information security ◽

10.31673/2409-7292.2020.035499 ◽

2020 ◽

Author(s):

N. V. Goryuk ◽

Keyword(s):

Software Development ◽

Static Analysis ◽

Software Security ◽

Source Code ◽

Security Analysis ◽

Development Environment ◽

Static Source ◽

Software Development Environment ◽

Further Development ◽

Code Development

The article investigates automation methods and means of integration of static source security analysis technology. The process of software security analysis, which is implemented by the technology of static analysis of the source code, is studied, and the methods of solving the problem of automation and integration of the technology into the source code development environment are offered. The perspective direction of further development of the technology of static analysis of the source code is established.

Download Full-text