The letter proposes a novel binary vulnerability analyzer for executable programs that is based on the Hidden Markov Model. A vulnerability instruction library (VIL) is primarily constructed by collecting binary frames located by double precision analysis. Executable programs are then converted into structurized code sequences with the VIL. The code sequences are essentially context-sensitive, which can be modeled by Hidden Markov Model (HMM). Finally, the HMM based vulnerability analyzer is built to recognize potential vulnerabilities of executable programs. Experimental results show the proposed approach achieves lower false positive/negative rate than latest static analyzers.

Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.

Attacks using hill-climbing methods have been reported as a vulnerability of biometric authentication systems. In this paper, we propose a robust online signature verification algorithm against such attacks. Specifically, the attack considered in this paper is a hill-climbing forged data attack. Artificial forgeries are generated offline by using the hill-climbing method, and the forgeries are input to a target system to be attacked. In this paper, we analyze the menace of hill-climbing forged data attacks using six types of hill-climbing forged data and propose a robust algorithm by incorporating the hill-climbing method into an online signature verification algorithm. Experiments to evaluate the proposed system were performed using a public online signature database. The proposed algorithm showed improved performance against this kind of attack.

The signalling protocol vulnerability opens DDoS problem in Mobile WiMAX networks. This letter proposes an authentication method that uses the unrevealed upper 64 bits of Cipher-based MAC as a solution. It runs for MSs in idle mode and reduces the calculation complexity by 59% under DDoS attack while incurring 1% overhead under normal condition.

Computer security concerns have been rapidly increasing because of repeated security breaches and leakages of sensitive personal information. Such security breaches are mainly caused by an inappropriate management of the PCs, so maintaining integrity of the platform configuration is essential, and, verifying the integrity of the computer platform and software becomes more significant. To address these problems, the Trusted Computing Group (TCG) has developed various specifications that are used to measure the integrity of the platform based on hardware trust. In the trusted computing technology, the integrity data of each component running on the platform is recorded in the security chip and they are securely checked by a remote attestation. The infrastructure working group in the TCG is trying to define an Integrity Management Infrastructure in which the Platform Trust Services (PTS) is a new key component which deals with an Integrity Report. When we use the PTS in the target platform, it is a service component that collects and measures the runtime integrity of the target platform in a secure way. The PTS can also be used to validate the Integrity Reports. We introduce the notion of the Platform Validation Authority, a trusted third party, which verifies the composition of the integrity measurement of the target platform in the Integrity Reports. The Platform Validation Authority complements the role of the current Certificate Authority in the Public Key Infrastructure which attests to the integrity of the user identity as well as to related artifacts such as digital signatures. In this paper, we cover the research topics in this new area, the relevant technologies and open issues of the trusted computing, and the detail of our PTS implementation.

Quantum-dot Cellular Automata (QCA) is attracting a lot of attentions due to its extremely small feature sizes and ultra low power consumption. Up to now several designs using QCA technology have been proposed. However, we found not all of the designs function properly. Further, no general design guidelines have been proposed so far. A straightforward extension of a simple functional design pattern may fail. This makes designing a large scale circuits using QCA technology an extremely time-consuming process. In this paper we show several critical vulnerabilities in the structures of primitive QCA gates and QCA interconnects, and propose a disciplinary guideline to prevent any additional plausible but malfunctioning QCA designs.

Current Web services testing techniques are unable to assure the desired level of trustworthiness, which presents a barrier to WS applications in mission and business critical environments. This paper presents a framework that assures the trustworthiness of Web services. New assurance techniques are developed within the framework, including specification verification via completeness and consistency checking, test case generation, and automated Web services testing. Traditional test case generation methods only generate positive test cases that verify the functionality of software. The proposed Swiss Cheese test case generation method is designed to generate both positive and negative test cases that also reveal the vulnerability of Web services. This integrated development process is implemented in a case study. The experimental evaluation demonstrates the effectiveness of this approach. It also reveals that the Swiss Cheese negative testing detects even more faults than positive testing and thus significantly reduces the vulnerability of Web services.

Experimental evidence of a two-step enhancement in electromigration lifetime is presented through pulsed testing that extends over a wide frequency range from 7 mHz to 50 MHz. It is also found, through an accompanying failure analysis, that the failure mechanism is not affected by current pulsing. Test samples were the lowew metal lines and the through-holes in double-level interconnects. The same results were obtained for both samples. The testing temperature of the test conductor was determined considering the Joule heating to eliminate errors in lifetime estimation due to temperature errors. A two-step enhancement in lifetime is extracted by normalizing the pulsed electromigration lifetime by the continuous one. The first step occurs in the frequency range from 0.1 to 10 kHz where the lifetime increases with (duty ratio)-2 and the second step occurs above 100 kHz with (duty ratio)-3. The transition frequency in the first-step enhancement shifts to the higher frequency region with a decrease in stress temperature or an increase in current density, whereas the transition frequency in the second step is not affected by these stress conditions. The lifetime enhancement is analyzed in relation to the relaxation process during the current pulsing. According to the two-step behavior, two distinct relaxation times are assumed as opposed to the single relaxation time in other proposed models. The results of the analysis agree with the experimental results for the dependence on the frequency and duty ratio of pulses. The two experimentally derived relaxation times are about 5 s and 1 µs.