Application Data Flow Research Articles

Prioritization of Application Security Vulnerability Remediation Using Metrics, Correlation Analysis, and Threat Model

As part of a continuing research for evaluating threats posed for exposed attack surface, this study will provide a consolidated view of exploitability of vulnerable applications presenting a web attack surface of an organization exposed to an attacker. While testing and scanning technologies like Static Analysis Security Testing (SAST), Dynamic Analysis Security Testing (DAST), Application Ethical Hack (Penetration Testing), a monitoring technology like the Web Application Firewall (WAF) provides web traffic information of the number of transaction requests for every application under study. To ensure validity, reliability, and completeness of observation multiple applications must be observed. Research from a prior study is referenced that shows correlation between incoming WAF requests and existing vulnerabilities. Using correlation analysis, vulnerabilities metrics, and a threat model analysis help identify pathways to an attack. A vulnerability map-based attack tree can be developed using Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) information. The threat model analysis and vulnerability-based attack tree can help in simulation studies of possible attacks. This attack tree will show the linkages between vulnerabilities and a lineage pointing to how an attack could travel from the incoming WAF requests to deep down into the application code of exposed and existing, open vulnerabilities travelling laterally to create a more expanded attack crossing trust boundaries using application data flow.

Framework to perform taint analysis and security assessment of IoT devices in smart cities.

The Internet of Things has a bootloader and applications responsible for initializing the device's hardware and loading the operating system or firmware. Ensuring the security of the bootloader is crucial to protect against malicious firmware or software being loaded onto the device. One way to increase the security of the bootloader is to use digital signature verification to ensure that only authorized firmware can be loaded onto the device. Additionally, implementing secure boot processes, such as a chain of trust, can prevent unauthorized access to the device's firmware and protect against tampering during the boot process. This research is based on the firmware bootloader and application dataflow taint analysis and security assessment of IoT devices as the most critical step in ensuring the security and integrity of these devices. This process helps identify vulnerabilities and potential attack vectors that attackers could exploit and provides a foundation for developing effective remediation strategies.

Application of The Speed-Up Robust Features Method To Identify Signature Image Patterns On Single Board Computer

Through the development of a signature pattern recognition program on SBC Beagle-bone Black, this research seeks to determine how to differentiate between real and false signatures. Three techniques of gathering data were employed in this study: interviews, observations, and a review of the literature. The quick application development method is the approach that is applied. The rapid, efficient, and brief development cycle (RAD) is emphasized. This study uses a use-case diagram to illustrate the application's logic and data flow. In this study, OpenCV is used as a digital image processing library along with the C++ programming language and QT creator as an integrated development environment (IDE). This application was subjected to both accuracy and functional testing. The following conclusions are drawn from the findings of the investigation and testing that was done: Using the fast library approach for approximate nearest neighbors (FLANN) and the speeded-up robust features (SURF) feature extraction method, the signature pattern recognition program on the Beagle-bone black SBC can differentiate between real and fraudulent signatures. Through the processes of generating image scale space, feature localization, and feature description, the SURF approach extracts feature from signature images. This signature pattern recognition application is one of the digital image processing apps that can be run on the Beagle-bone Black single board computer. This indicates that the specifications of the SBC Beagle-bone Black for digital image processing are good.

Research on topology adaptive method of distributed feeder automation based on IEC 61850

AbstractDistributed feeder automation (FA) needs to automatically recognize the changes in the feeder topology in real-time and has to configure the application topology of the corresponding distributed functions. This paper analyzes the application topology’s requirements when implementing distributed FA for the feeder equipped with a smart terminal unit (STU) and a fault passage indicator (FPI). Based on IEC 61850, the functional logic node and topology configuration of intelligent electronic devices (IEDs) are studied. The application topology identification and data flow dynamic binding methods for fault location, fault isolation, and power supply restoration are proposed. A case study verifies the effectiveness of the proposed method.

SUIP: An Android malware detection method based on data flow features

Currently static detection is the most commonly used in Android malware detection. Among them, the extraction of various features is particularly important. In analysing the data flow features of applications, researchers usually use taint analysis method to extract. However, this method lack intermediate process features. So in this paper, we analyse the features of Android components to obtain application data transfer features for complementing the application data flow features and build a more complete combination of data flow features. Based on this, we propose a new Android malicious application detection method—SUIP. This method complements the missing features based on taint analysis, and combines the LightGBM algorithm to build a detection model. Finally, we use the sample set in Virusshare for experiments. Compared with the traditional static detection method of Android malicious code, the result shows that our detection method has a high detection accuracy of 98.50%.

A Platform Programming Paradigm for Heterogeneous Systems Integration

To cope with growing computing performance requirements, cyber-physical systems architectures are moving toward heterogeneous high-performance computer architectures and networks. Such architectures, however, incur intricate side effects that challenge traditional software design and integration. The programming paradigm can take a key role in mastering software design, as experience in automotive design demonstrates. To cope with the integration challenge, this industry has started introducing a programming paradigm that efficiently preserves application data flow under platform integration and changes with minimum performance loss. This article will revisit this paradigm that is currently used for lock-free multicore programming and explain its extension to the system level. It will then explore its application to two important developments in industrial design. This article will conclude with an evaluation of its properties, its overhead, and its application toward a robust design process.

Sistem Informasi Pencatatan Data Pelanggan pada Telkomsel Grapari Banda Aceh

The purpose of the research is to; 1) Generating a customer information system on Telkomsel GraPARI Banda Aceh, 2) To find out the application of the information system that has been built, and 3) Apply the system that was built using Visual Basic. This research was conducted at Telkomsel GraPARI Banda Aceh and conducted for 9 (nine) months of 2015-2016. The method used for system development, researchers use the methodology Rapid application development (RAD) and Data Flow Diagrams (DAD). This research has succeeded and completed the design of information systems for recording customer data at Telkomsel Grapari Banda Aceh, the application was built using the stages of the Rapid application development (RAD) model. The application was built using Visual BASIC and as a database using Microsoft Office Access. The application of the information system that has been built is still in the prototype and there is still a need for study and development of current technologies such as the use of mobile and cloud databases involving interconnection to make it easier for GraPARI units to connect.Keywords:Information Systems, Customer Data, Telkomsel

G-SEAP: Analyzing and characterizing soft-error aware approximation in GPGPUs

As General-Purpose Graphics Processing Units (GPGPUs) become pervasive for the High-Performance Computing (HPC), ensuring that programs can be protected from soft errors has become increasingly important. Soft errors may cause Silent Data Corruptions (SDCs), which produces erroneous execution results silently. Due to the massive parallelism of GPGPUs, fully protecting them against soft errors introduces nontrivial overhead. Fortunately, imprecise execution outcomes are inherently tolerable for some HPC programs due to the nature of these applications. Leveraging the feature, selective soft error protection can be applied to reduce energy consumptions.In this work, we first propose a GPGPU-based Soft-Error aware APproximation analysis framework (G-SEAP) to characterize the approximation characteristics of soft errors. Based on G-SEAP, we perform an exhaustive analysis for 17 representative HPC benchmarks and observe 72.7% of SDCs on average are approximable. We also observe that the dataflow of application, kernel function reliability requirement, instruction-type, and data bit-location are all important factors for program’s correctness. Lastly, according to the observations, we further design an approximate Error Correction Codes (ECCs) mechanism and an approximate instruction duplication technique to illustrate how G-SEAP provides useful guidance for energy-efficient soft-error elimination in GPGPUs.

AN INTEGRATED THREE-FLOW APPROACH FOR FRONT-END SERVICE COMPOSITION

End-User Service Composition (EUSC) aims to enable end-user programmers who are not professional developers develop applications by composing or aggregating existing web services. Despite the effort, studies have shown that, end-user programmers are not able to deal with the technical complexities involved in EUSC. One way to deal with this issue is Front-End Service Composition (FESC), which allows end-user programmers to compose web services at the presentation layer of an application by configuring user interface (UI) widgets that represent the back-end web services. However, there are not many studies on FESC and the existing ones suffer two main problems, namely, lack of control flow and/or application flow visualization, and they still require end-user programmers to have certain technical knowledge in the service composition process that these end-user programmers generally do not possess. Following that, this study proposes an integrated three-flow approach (application flow, control flow and data flow) to deal with the current limitations of FESC. The approach generates the GUI of web services automatically, thus allowing the UI of the application to be developed at the same time the required web services are assembled. The approach allows end-user programmers to explicitly configure the three different types of flows involved in service composition. A proof-of-concept prototype, QuickWSC, that incorporates the three-flow approach was developed. It adopts a side-by-side multiple-view design to support visual configuration of the three flows in an uncluttered yet synchronized manner that adhered to established design guidelines. A user evaluation study was conducted on QuickWSC. The results show that it is easy to compose web services by explicitly specifying the three flows, that the configurations of the three flows integrated in the two views helps in composing application from web services, and that no technical knowledge is required to use QuickWSC

Energy and Reliability Improvement of Voltage-Based, Clustered, Coarse-Grain Reconfigurable Architectures by Employing Quality-Aware Mapping

An energy–quality scalable coarse grain reconfigurable architecture (CGRA) based on the voltage overscaling (VOS) technique is presented. The approximation level of each processing element (PE) in the CGRA is determined by the applied VOS-determined voltage level. By employing the technique, the architecture may be configured for accurate or approximate modes of computation depending on a user-specified output quality-of-service target for a given application. More precisely, operating voltages used for performing various operations in the application dataflow graph are minimized subject to the output quality constraint by using an energy–quality tradeoff algorithm. To make the hardware implementation of the scheme more efficient, PEs are clustered into groups of (e.g., $3\times 1$ and $2\times 1$ ) voltage islands. To assess the efficacy of the proposed method in improving the power (energy) consumption and reliability of CGRAs, different combinations of minimum output quality constraints, voltage levels, and cluster sizes for several benchmarks are studied. Simulation results indicate considerable reductions in energy consumption (up to 43%) and aging rate (up to 73%) when compared with the conventional CGRA with perfect output quality (i.e., with no approximate computations).

基于事务数据流的可重构SoC性能分析方法研究与实现

粗粒度可重构体系结构由于其配置速度快、计算加速比高、适应性好、低功耗特性等优点已成为高性能可重构SoC协处理器的重要解决方案。可重构SoC的性能分析，普遍使用传统的寄存器传输级代码仿真分析方法，存在使用不方便、分析效率较低等不足之处。本文提出一种基于事务数据流图的可重构SoC性能分析方法，该方法结合应用程序数据流图与体系结构特征，构建可重构协处理器的事务数据流图并标注图节点功能属性相应的硬件性能参数；然后采用基于层次搜索的广度优先性能搜索算法，通过分析类树形结构的事务数据流图，得到可重构协处理器运行应用程序的性能分析结果。实验表明所提出的方法可以较为准确高效的分析可重构SoC体系结构应用计算性能，有助于可重构SoC早期体系结构设计和设计空间探索。 Coarse grained reconfigurable architecture has become an important solution for high performance re-configurable SoC coprocessor because of its high configuration speed, fast calculation speed, good adaptability and low power consumption. However, the traditional performance analysis method of register transfer level modeling is still widely used. To overcome the shortage of traditional performance analysis in flexibility and efficiency, we propose a new method for reconfigurable SoC performance analysis based on transaction data flow graph. This method combined application data flow graph with architectural characteristics through constructing the transaction dataflow graph of reconfigurable coprocessor and labeling hardware performance parameters corresponding to functional properties. Using the breadth first search algorithm based on hierarchical search to analyze the tree-like transaction dataflow graph, we can get the performance of reconfigurable coprocessor running applications. The result of the experiment indicates that the proposed method calculates the structure of the reconfigurable SoC quite accurately, and benefits the design of architecture and design space exploration.

Phosphor

Dynamic taint analysis is a well-known information flow analysis problem with many possible applications. Taint tracking allows for analysis of application data flow by assigning labels to data, and then propagating those labels through data flow. Taint tracking systems traditionally compromise among performance, precision, soundness, and portability. Performance can be critical, as these systems are often intended to be deployed to production environments, and hence must have low overhead. To be deployed in security-conscious settings, taint tracking must also be sound and precise. Dynamic taint tracking must be portable in order to be easily deployed and adopted for real world purposes, without requiring recompilation of the operating system or language interpreter, and without requiring access to application source code. We present Phosphor , a dynamic taint tracking system for the Java Virtual Machine (JVM) that simultaneously achieves our goals of performance, soundness, precision, and portability. Moreover, to our knowledge, it is the first portable general purpose taint tracking system for the JVM. We evaluated Phosphor 's performance on two commonly used JVM languages (Java and Scala), on two successive revisions of two commonly used JVMs (Oracle's HotSpot and OpenJDK's IcedTea) and on Android's Dalvik Virtual Machine, finding its performance to be impressive: as low as 3% (53% on average; 220% at worst) using the DaCapo macro benchmark suite. This paper describes our approach toward achieving portable taint tracking in the JVM.

Elastic Scaling for Data Stream Processing

This article addresses the profitability problem associated with auto-parallelization of general-purpose distributed data stream processing applications. Auto-parallelization involves locating regions in the application's data flow graph that can be replicated at run-time to apply data partitioning, in order to achieve scale. In order to make auto-parallelization effective in practice, the profitability question needs to be answered: How many parallel channels provide the best throughput? The answer to this question changes depending on the workload dynamics and resource availability at run-time. In this article, we propose an elastic auto-parallelization solution that can dynamically adjust the number of channels used to achieve high throughput without unnecessarily wasting resources. Most importantly, our solution can handle partitioned stateful operators via run-time state migration, which is fully transparent to the application developers. We provide an implementation and evaluation of the system on an industrial-strength data stream processing platform to validate our solution.

Statistical Reliability Estimation of Microprocessor-Based Systems

What is the probability that the execution state of a given microprocessor running a given application is correct, in a certain working environment with a given soft-error rate? Trying to answer this question using fault injection can be very expensive and time consuming. This paper proposes the baseline for a new methodology, based on microprocessor error probability profiling, that aims at estimating fault injection results without the need of a typical fault injection setup. The proposed methodology is based on two main ideas: a one-time fault-injection analysis of the microprocessor architecture to characterize the probability of successful execution of each of its instructions in presence of a soft-error, and a static and very fast analysis of the control and data flow of the target software application to compute its probability of success. The presented work goes beyond the dependability evaluation problem; it also has the potential to become the backbone for new tools able to help engineers to choose the best hardware and software architecture to structurally maximize the probability of a correct execution of the target software.

Framed slotted aloha based MAC protocol for low energy critical infrastructure monitoring networks

SUMMARYRecently, the IEEE TG4k has been formed to amend the IEEE 802.15 family to address the low energy critical infrastructure monitoring networks. The purpose is to facilitate point to multi‐thousands of point communication to collect the scheduled and event data from a large number of nonmains powered endpoints that are widely dispersed. It should support low energy operation, which is necessary for multiyear battery life. Other major features are application data rate up to 40 Kb/s, thousands of endpoints per mains powered infrastructure, asymmetric application data flow, small and infrequent messages, tolerant to data latency, etc. In this paper, we present a discussion on low energy critical infrastructure monitoring networks. We propose a medium access control protocol based on framed slotted aloha for these networks. We investigated probable packet sizes, energy consumptions, battery lifetime and the success rate for our protocol. The proposed protocol is simple to implement. Simulation results show that it is efficient in terms of packet success rate, energy consumption, and battery lifetime.Copyright © 2012 John Wiley & Sons, Ltd.

Design and Implement of the Reconfigurable Algorithm Based on uC/OS-II

More and more applications need The ability to customize the architecture to match the computation and the data flow of the application, so increasingly new system implementations based on reconfigurable computing are being considered. Reconfigurable computing has potential to accelerate a wide variety of applications; its main feature is the ability to perform computations in hardware to improve performance, while retaining the flexibility of software solutions. An operating system (OS) for reconfigurable computing uses new versions of algorithms for the scheduling, the operating system must decide how to allocate the hardware at run-time based on the status of the system. This paper discusses the scheduling algorithm for reconfigurable computing platform, covers two aspects of reconfigurable computing: architectures and design methods. The tasks are divided into two categories in this survey, consider the issues involved in reusing the configurable hardware during program execution. And improve μC/OS-II to manage the use of reconfigurable resources, responsible for task scheduling, helping the programmer to concentrate more on application development.

A QoS Routing Protocol for Mobile Ad Hoc Networks Based on Multipath

With the development of Ad Hoc networks, the demand of QoS becomes more and more than ever before, it is more important to provide QoS guarantee for multimedia application. Most of present QoS routing algorithm based on single path, which do not take full advantage of resource of networks. This paper proposes a QoS-based multipath routing protocol for Ad Hoc network. Routing mechanism is described in detail and node disjoint path algorithm is a key. New routing protocol takes bandwidth and delay constraint into account, it can find several paths to provide QoS guarantee. Also, it can simultaneously use the node disjoint paths to transmit application data flow. The results of experiment show new protocol can significantly increase the packet delivery ratio and decrease the average delay, the performance is better than other protocols. This paper provides a good idea to study further QoS routing protocol.

FISH: Fast Instruction SyntHesis for Custom Processors

This paper presents Fast Instruction SyntHesis (FISH), a system that supports automatic generation of custom instruction processors from high-level application descriptions to enable fast design space exploration. FISH is based on novel methods for automatically adapting the instruction set to match an application in a high-level language such as C or C++. FISH identifies custom instruction candidates using two approaches: 1) by enumerating maximal convex subgraphs of application data flow graphs and 2) by integer linear programming (ILP). The experiments, involving ten multimedia and cryptography benchmarks, show that our contributed algorithms are the fastest among the state-of-the-art techniques. In most cases, enumeration takes only milliseconds to execute. The longest enumeration run-time observed is less than six seconds. ILP is usually slower than enumeration, but provides us with a complementary solution technique. Both enumeration and ILP allow the use of multiple different merit functions in the evaluation of data-flow subgraphs. The experiments demonstrate that, using only modest additional hardware resources, up to 30-fold performance improvement can be obtained with respect to a single-issue base processor.

Instruction identification algorithm of instruction-set extensions based on relationship matrix

A novel instruction identification algorithm of instruction-set extensions based on a relationship matrix is proposed. Through using a relationship matrix the infeasible regions in the complete search space are pruned and the search speed for subgraphs of the application data flow graph is accelerated greatly. Compared with Atasu's algorithm, the experiments prove that the search number of valid nodes is the same but the search number of invalid nodes is decreased by about 40–82%.

Application-Driven Control of Network Resources in Multiservice Optical Networks

Network architectures whose resources are open to control by user applications require the design of a service platform that performs resource virtualization and service abstraction. While a few commercial architectures for packet networks already exist, service platforms for connection-oriented networks (e.g., optical) are currently under investigation. After introducing the service concept in the optical network scenario, the paper proposes and experimentally validates a service platform for application-driven resource management in a GMPLS-controlled optical network. Specifically, upon a service request issued by an application, the proposed service platform performs admission control and enforces proper traffic policies to ensure the quality of service (QoS) required by the application data flow. This enables QoS control on a per-application basis while preserving scalability and timing of application signaling. The experimental results show that service setup is realized in a time of the order of a few seconds. Scalability remarks show that this order of magnitude can also be guaranteed for networks of larger size.