The Experts below are selected from a list of 3546 Experts worldwide ranked by ideXlab platform
Marco Vieira - One of the best experts on this subject based on the ideXlab platform.
-
Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples
IEEE Transactions on Services Computing, 2015Co-Authors: Nuno Antunes, Marco VieiraAbstract:Selecting a vulnerability detection tool is a key problem that is frequently faced by developers of security-critical web services. Research and practice shows that state-of-the-art tools present low effectiveness both in terms of vulnerability coverage and false positive rates. The main problem is that such tools are typically limited in the detection Approaches implemented, and are designed for being applied in very concrete scenarios. Thus, using the wrong tool may lead to the deployment of services with undetected vulnerabilities. This paper proposes a Benchmarking Approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This Approach was used to define two concrete benchmarks for SQL Injection vulnerability detection tools. The first is based on a predefined set of web services, and the second allows the benchmark user to specify the workload that best portrays the specific characteristics of his environment. The two benchmarks are used to assess and compare several widely used tools, including four penetration testers, three static code analyzers, and one anomaly detector. Results show that the benchmarks accurately portray the effectiveness of vulnerability detection tools (in a relative manner) and suggest that the proposed Benchmarking Approach can be applied in the field.
-
Detecting Vulnerabilities in Service Oriented Architectures
2012 IEEE 23rd International Symposium on Software Reliability Engineering Workshops, 2012Co-Authors: Nuno Antunes, Marco VieiraAbstract:The adoption of Service Oriented Architectures (SOAs) in a wide range of organizations, including business-critical systems, opens the door to new security challenges. Although the services used should be secure and reliable, they are often deployed with security bugs that can be maliciously exploited. The problem is that developers are frequently not specialized on security and the common time-to-market constraints limits an in depth test for vulnerabilities. Additionally, research and practice shows that the effectiveness of existing vulnerability detection tools is very poor. The goal of this work is to advance the state-of-the-art by investigating new techniques and tools to effectively detect vulnerabilities in SOAs in an automated manner. Instrumental in this work is to propose a Benchmarking Approach that allows assessing and comparing vulnerability detection tools, thus helping guiding tools development and improvement, and allowing users to select the most effective ones according to specific needs.
-
TO BEnchmark or NOT TO BEnchmark security: That is the question
2011 IEEE IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), 2011Co-Authors: Afonso Araújo Neto, Marco VieiraAbstract:The multiplicity of available software and component alternatives has boosted the interest in suitable benchmarks, able to assist in the selection of candidate solutions from the existing diversity, concerning several attributes. The huge success of performance and dependability Benchmarking, however, markedly contrasts with the small advances on security Benchmarking, which has only sparsely been studied in recent years. In this position paper we discuss the difficulties involved in applying the dependability Benchmarking Approach to the security context, and propose and discuss an appealing alternative: trustworthiness Benchmarking.
-
Benchmarking Vulnerability Detection Tools for Web Services
2010 IEEE International Conference on Web Services, 2010Co-Authors: Nuno Antunes, Marco VieiraAbstract:Vulnerability detection tools are frequently considered the silver-bullet for detecting vulnerabilities in web services. However, research shows that the effectiveness of most of those tools is very low and that using the wrong tool may lead to the deployment of services with undetected vulnerabilities. In this paper we propose a Benchmarking Approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This Approach was used to define a concrete benchmark for SQL Injection vulnerability detection tools. This benchmark is demonstrated by a real example of Benchmarking several widely used tools, including four penetration-testers, three static code analyzers, and one anomaly detector. Results show that the benchmark accurately portrays the effectiveness of vulnerability detection tools and suggest that the proposed Approach can be applied in the field.
-
ICWS - Benchmarking Vulnerability Detection Tools for Web Services
2010 IEEE International Conference on Web Services, 2010Co-Authors: Nuno Antunes, Marco VieiraAbstract:Vulnerability detection tools are frequently considered the silver-bullet for detecting vulnerabilities in web services. However, research shows that the effectiveness of most of those tools is very low and that using the wrong tool may lead to the deployment of services with undetected vulnerabilities. In this paper we propose a Benchmarking Approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This Approach was used to define a concrete benchmark for SQL Injection vulnerability detection tools. This benchmark is demonstrated by a real example of Benchmarking several widely used tools, including four penetration-testers, three static code analyzers, and one anomaly detector. Results show that the benchmark accurately portrays the effectiveness of vulnerability detection tools and suggest that the proposed Approach can be applied in the field.
Nuno Antunes - One of the best experts on this subject based on the ideXlab platform.
-
Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples
IEEE Transactions on Services Computing, 2015Co-Authors: Nuno Antunes, Marco VieiraAbstract:Selecting a vulnerability detection tool is a key problem that is frequently faced by developers of security-critical web services. Research and practice shows that state-of-the-art tools present low effectiveness both in terms of vulnerability coverage and false positive rates. The main problem is that such tools are typically limited in the detection Approaches implemented, and are designed for being applied in very concrete scenarios. Thus, using the wrong tool may lead to the deployment of services with undetected vulnerabilities. This paper proposes a Benchmarking Approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This Approach was used to define two concrete benchmarks for SQL Injection vulnerability detection tools. The first is based on a predefined set of web services, and the second allows the benchmark user to specify the workload that best portrays the specific characteristics of his environment. The two benchmarks are used to assess and compare several widely used tools, including four penetration testers, three static code analyzers, and one anomaly detector. Results show that the benchmarks accurately portray the effectiveness of vulnerability detection tools (in a relative manner) and suggest that the proposed Benchmarking Approach can be applied in the field.
-
Detecting Vulnerabilities in Service Oriented Architectures
2012 IEEE 23rd International Symposium on Software Reliability Engineering Workshops, 2012Co-Authors: Nuno Antunes, Marco VieiraAbstract:The adoption of Service Oriented Architectures (SOAs) in a wide range of organizations, including business-critical systems, opens the door to new security challenges. Although the services used should be secure and reliable, they are often deployed with security bugs that can be maliciously exploited. The problem is that developers are frequently not specialized on security and the common time-to-market constraints limits an in depth test for vulnerabilities. Additionally, research and practice shows that the effectiveness of existing vulnerability detection tools is very poor. The goal of this work is to advance the state-of-the-art by investigating new techniques and tools to effectively detect vulnerabilities in SOAs in an automated manner. Instrumental in this work is to propose a Benchmarking Approach that allows assessing and comparing vulnerability detection tools, thus helping guiding tools development and improvement, and allowing users to select the most effective ones according to specific needs.
-
Benchmarking Vulnerability Detection Tools for Web Services
2010 IEEE International Conference on Web Services, 2010Co-Authors: Nuno Antunes, Marco VieiraAbstract:Vulnerability detection tools are frequently considered the silver-bullet for detecting vulnerabilities in web services. However, research shows that the effectiveness of most of those tools is very low and that using the wrong tool may lead to the deployment of services with undetected vulnerabilities. In this paper we propose a Benchmarking Approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This Approach was used to define a concrete benchmark for SQL Injection vulnerability detection tools. This benchmark is demonstrated by a real example of Benchmarking several widely used tools, including four penetration-testers, three static code analyzers, and one anomaly detector. Results show that the benchmark accurately portrays the effectiveness of vulnerability detection tools and suggest that the proposed Approach can be applied in the field.
-
ICWS - Benchmarking Vulnerability Detection Tools for Web Services
2010 IEEE International Conference on Web Services, 2010Co-Authors: Nuno Antunes, Marco VieiraAbstract:Vulnerability detection tools are frequently considered the silver-bullet for detecting vulnerabilities in web services. However, research shows that the effectiveness of most of those tools is very low and that using the wrong tool may lead to the deployment of services with undetected vulnerabilities. In this paper we propose a Benchmarking Approach to assess and compare the effectiveness of vulnerability detection tools in web services environments. This Approach was used to define a concrete benchmark for SQL Injection vulnerability detection tools. This benchmark is demonstrated by a real example of Benchmarking several widely used tools, including four penetration-testers, three static code analyzers, and one anomaly detector. Results show that the benchmark accurately portrays the effectiveness of vulnerability detection tools and suggest that the proposed Approach can be applied in the field.
Matin Mohaghegh - One of the best experts on this subject based on the ideXlab platform.
-
SOLI - Raw material flow optimization as a capacitated vehicle routing problem: A visual Benchmarking Approach for sustainable manufacturing
2017 IEEE International Conference on Service Operations and Logistics and Informatics (SOLI), 2017Co-Authors: Michele Dassisti, Yasamin Eslami, Matin MohagheghAbstract:Optimisation problem concerning material flows, to increase the efficiency while reducing relative resource consumption is one of the most pressing problems today. The focus point of this study is to propose a new visual Benchmarking Approach to select the best material-flow path from the depot to the production lines, referring to the well-known Capacitated Vehicle Routing Problem (CVRP). An example industrial case study is considered to this aim. Two different solution techniques were adopted (namely Mixed Integer Linear Programming and the Ant Colony Optimization) in searching optimal solutions to the CVRP. The visual Benchmarking proposed, based on the persistent homology Approach, allowed to support the comparison of the optimal solutions based on the entropy of the output in different scenarios. Finally, based on the non-standard measurements of Crossing Length Percentage (CLP), the visual Benchmarking procedure makes it possible to find the most practical and applicable solution to CVRP by considering the visual attractiveness and the quality of the routes.
-
Raw material flow optimization as a capacitated vehicle routing problem: A visual Benchmarking Approach for sustainable manufacturing
2017 IEEE International Conference on Service Operations and Logistics and Informatics (SOLI), 2017Co-Authors: Michele Dassisti, Yasamin Eslami, Matin MohagheghAbstract:Optimisation problem concerning material flows, to increase the efficiency while reducing relative resource consumption is one of the most pressing problems today. The focus point of this study is to propose a new visual Benchmarking Approach to select the best material-flow path from the depot to the production lines, referring to the well-known Capacitated Vehicle Routing Problem (CVRP). An example industrial case study is considered to this aim. Two different solution techniques were adopted (namely Mixed Integer Linear Programming and the Ant Colony Optimization) in searching optimal solutions to the CVRP. The visual Benchmarking proposed, based on the persistent homology Approach, allowed to support the comparison of the optimal solutions based on the entropy of the output in different scenarios. Finally, based on the non-standard measurements of Crossing Length Percentage (CLP), the visual Benchmarking procedure makes it possible to find the most practical and applicable solution to CVRP by considering the visual attractiveness and the quality of the routes.
Xiaoyang Zhou - One of the best experts on this subject based on the ideXlab platform.
-
water resource environmental carrying capacity based reward and penalty mechanism a dea Benchmarking Approach
Journal of Cleaner Production, 2019Co-Authors: Xiaoyang Zhou, Qingxian An, Shouyang WangAbstract:Abstract Due to the discharge of pollutants, over-exploitation of water resources and large regional imbalances, it is critical to design an effective Reward and Penalty Mechanism (RPM) for the regions in a basin based on the Water Resource Environmental Carrying Capacity (WRECC) performance. To determine how to set the reference points of reward and penalty plans and design the RPM, the following Approach is proposed. Firstly, since the evaluated regions always orient their activities towards certain goals at the initial stage of the evaluation period, this paper finds the closest goal for each indicator according to the previous performance using a DEA Benchmarking model. Secondly, a reward and penalty plan addressing both reward and penalty within a unified Benchmarking framework is designed according to the different alert levels determined from WRECC performances. Thirdly, an extended DEA model is developed to adjust the Benchmarking of the current period to the goals to determine DEA targets that are achievable and represent best practices as reference points. The gaps between the DEA targets and actual observed values allow for us to identify the alert level of the evaluated region. The rewards or penalties of the current period can be obtained based on reward and penalty plans at the final stage. A case study concerning the WRECC-based PRM of the top 10 cities in China's Huaihe River basin is selected to demonstrate the validity of the proposed Approach. The results indicate that the top 10 cities of the Huaihe River basin in 2016 are benchmarked against Zhengzhou, Yangzhou and Jining; Zhengzhou, Xuzhou, Yangzhou and Jining should receive rewards and the remainder of the evaluated cities should pay penalties. According to the results, the gap between the actual performance and the DEA targets can be defined; how much improvement the regions should make can be identified; and regions that should be rewarded or punished as well as the specific amount of money required can be determined.
Rhona Flin - One of the best experts on this subject based on the ideXlab platform.
-
Benchmarking safety climate in hazardous environments a longitudinal interorganizational Approach
Risk Analysis, 2001Co-Authors: Kathryn Mearns, S Whitaker, Rhona FlinAbstract:Safety climate is an important element of organizational reliability. This study applied Benchmarking strategies for monitoring safety climate across nine North Sea oil and gas installations that were surveyed in consecutive years. Examination of absolute changes in safety climate complemented the Benchmarking Approach. Discriminant function analyses (DFA) identified the elements of safety climate predictive of self†reported accidents; correlational analyses were applied to the scale scores and accident proportions across the year period. Absolute improvements were substantial, with safety climate profiles converging in the second year. Large relative improvements were also observed. DFA highlighted perceived management commitment to safety and willingness to report accidents as significant predictors of personal accident involvement. Changes in perceived management commitment to safety were closely associated with changes in safety behavior.