Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues


Book Description

Running to more than 360 pages, and complete with online files and updates, this book constitutes the thoroughly refereed post-proceedings of the 11th Asian Computing Science Conference, ASIAN 2006, held in Tokyo, Japan. The 17 revised full papers and 8 revised short papers presented together with 1 invited paper were carefully selected during two rounds of reviewing from 115 submissions. The papers cover theory, practice, applications, and experiences related to secure software.




Challenges of Software Verification


Book Description

This book provides an overview about the open challenges in software verification. Software verification is a branch of software engineering aiming at guaranteeing that software applications satisfy some requirements of interest. Over the years, the software verification community has proposed and considered several techniques: abstract interpretation, data-flow analysis, type systems, model checking are just a few examples. The theoretical advances have been always motivated by practical challenges that have led to an equal evolution of both these sides of software verification. Indeed, several verification tools have been proposed by the research community and any software application, in order to guarantee that certain software requirements are met, needs to integrate a verification phase in its life cycle, independently of the context of application or software size. This book is aimed at collecting contributions discussing recent advances in facing open challenges in software verification, relying on a broad spectrum of verification techniques. This book collects contributions ranging from theoretical to practical arguments, and it is aimed at both researchers in software verification and their practitioners.




Engineering in Dependability of Computer Systems and Networks


Book Description

This book presents papers on various problems of dependability in computer systems and networks that were discussed at the 14th DepCoS-RELCOMEX conference, in Brunów, Poland, from 1st to 5th July 2019. Discussing new ideas, research results and developments in the design, implementation, maintenance and analysis of complex computer systems, it is of interest to researchers and practitioners who are dealing with dependability issues in such systems. Dependability analysis came as a response to new challenges in the evaluation of contemporary complex systems, which should be considered as systems of people – with their needs and behaviours –interacting with technical communication channels (such as mobile activities, iCloud, Internet of Everything) and online applications, often operating in hostile environments. The diversity of topics covered, illustrates the variety of methods used in this area, often with the help of the latest results in artificial and computational intelligence.




Introduction to Certificateless Cryptography


Book Description

As an intermediate model between conventional PKC and ID-PKC, CL-PKC can avoid the heavy overhead of certificate management in traditional PKC as well as the key escrow problem in ID-PKC altogether. Since the introduction of CL-PKC, many concrete constructions, security models, and applications have been proposed during the last decade. Differing from the other books on the market, this one provides rigorous treatment of CL-PKC. Definitions, precise assumptions, and rigorous proofs of security are provided in a manner that makes them easy to understand.




Modelling and Verification of Secure Exams


Book Description

In this book the author introduces a novel approach to securing exam systems. He provides an in-depth understanding, useful for studying the security of exams and similar systems, such as public tenders, personnel selections, project reviews, and conference management systems. After a short chapter that explains the context and objectives of the book, in Chap. 2 the author introduces terminology for exams and the foundations required to formulate their security requirements. He describes the tasks that occur during an exam, taking account of the levels of detail and abstraction of an exam specification and the threats that arise out of the different exam roles. He also presents a taxonomy that classifies exams by types and categories. Chapter 3 contains formal definitions of the authentication, privacy, and verifiability requirements for exams, a framework based on the applied pi-calculus for the specification of authentication and privacy, and a more abstract approach based on set-theory that enables the specification of verifiability. Chapter 4 describes the Huszti-Pethő protocol in detail and proposes a security enhancement. In Chap. 5 the author details Remark!, a protocol for Internet-based exams, discussing its cryptographic building blocks and some security considerations. Chapter 6 focuses on WATA, a family of computer-assisted exams that employ computer assistance while keeping face-to-face testing. The chapter also introduces formal definitions of accountability requirements and details the analysis of a WATA protocol against such definitions. In Chaps. 4, 5, and 6 the author uses the cryptographic protocol verifier ProVerif for the formal analyses. Finally, the author outlines future work in Chap. 7. The book is valuable for researchers and graduate students in the areas of information security, in particular for people engaged with exams or protocols.




Abstract Domains in Constraint Programming


Book Description

Constraint Programming aims at solving hard combinatorial problems, with a computation time increasing in practice exponentially. The methods are today efficient enough to solve large industrial problems, in a generic framework. However, solvers are dedicated to a single variable type: integer or real. Solving mixed problems relies on ad hoc transformations. In another field, Abstract Interpretation offers tools to prove program properties, by studying an abstraction of their concrete semantics, that is, the set of possible values of the variables during an execution. Various representations for these abstractions have been proposed. They are called abstract domains. Abstract domains can mix any type of variables, and even represent relations between the variables. In this work, we define abstract domains for Constraint Programming, so as to build a generic solving method, dealing with both integer and real variables. We also study the octagons abstract domain, already defined in Abstract Interpretation. Guiding the search by the octagonal relations, we obtain good results on a continuous benchmark. We also define our solving method using Abstract Interpretation techniques, in order to include existing abstract domains. Our solver, AbSolute, is able to solve mixed problems and use relational domains. - Exploits the over-approximation methods to integrate AI tools in the methods of CP - Exploits the relationships captured to solve continuous problems more effectively - Learn from the developers of a solver capable of handling practically all abstract domains




Using Event-B for Critical Device Software Systems


Book Description

Defining a new development life-cycle methodology, together with a set of associated techniques and tools to develop highly critical systems using formal techniques, this book adopts a rigorous safety assessment approach explored via several layers (from requirements analysis to automatic source code generation). This is assessed and evaluated via a standard case study: the cardiac pacemaker. Additionally a formalisation of an Electrocardiogram (ECG) is used to identify anomalies in order to improve existing medical protocols. This allows the key issue - that formal methods are not currently integrated into established critical systems development processes - to be discussed in a highly effective and informative way. Using Event-B for Critical Device Software Systems serves as a valuable resource for researchers and students of formal methods. The assessment of critical systems development is applicable to all industries, but engineers and physicians from the health domain will find the cardiac pacemaker case study of particular value.




Computer Security


Book Description

The Comprehensive Guide to Computer Security, Extensively Revised with Newer Technologies, Methods, Ideas, and Examples In this updated guide, University of California at Davis Computer Security Laboratory co-director Matt Bishop offers clear, rigorous, and thorough coverage of modern computer security. Reflecting dramatic growth in the quantity, complexity, and consequences of security incidents, Computer Security, Second Edition, links core principles with technologies, methodologies, and ideas that have emerged since the first edition’s publication. Writing for advanced undergraduates, graduate students, and IT professionals, Bishop covers foundational issues, policies, cryptography, systems design, assurance, and much more. He thoroughly addresses malware, vulnerability analysis, auditing, intrusion detection, and best-practice responses to attacks. In addition to new examples throughout, Bishop presents entirely new chapters on availability policy models and attack analysis. Understand computer security goals, problems, and challenges, and the deep links between theory and practice Learn how computer scientists seek to prove whether systems are secure Define security policies for confidentiality, integrity, availability, and more Analyze policies to reflect core questions of trust, and use them to constrain operations and change Implement cryptography as one component of a wider computer and network security strategy Use system-oriented techniques to establish effective security mechanisms, defining who can act and what they can do Set appropriate security goals for a system or product, and ascertain how well it meets them Recognize program flaws and malicious logic, and detect attackers seeking to exploit them This is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference. It will help you align security concepts with realistic policies, successfully implement your policies, and thoughtfully manage the trade-offs that inevitably arise. Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.




Designing, Engineering, and Analyzing Reliable and Efficient Software


Book Description

Due to the role of software systems in safety-critical applications and in the satisfaction of customers and organizations, the development of efficient software engineering is essential. Designing, Engineering, and Analyzing Reliable and Efficient Software discusses and analyzes various designs, systems, and advancements in software engineering. With its coverage on the integration of mathematics, computer science, and practices in engineering, this book highlights the importance of ensuring and maintaining reliable software and is an essential resource for practitioners, professors and students in these fields of study.




Software Design and Development: Concepts, Methodologies, Tools, and Applications


Book Description

Innovative tools and techniques for the development and design of software systems are essential to the problem solving and planning of software solutions. Software Design and Development: Concepts, Methodologies, Tools, and Applications brings together the best practices of theory and implementation in the development of software systems. This reference source is essential for researchers, engineers, practitioners, and scholars seeking the latest knowledge on the techniques, applications, and methodologies for the design and development of software systems.