Ziqi Wang^*, Weihan Tian, Baojiang Cui

CMC-Computers, Materials & Continua, Vol.78, No.2, pp. 1797-1820, 2024, DOI:10.32604/cmc.2023.047051

Abstract The API used to access cloud services typically follows the Representational State Transfer (REST) architecture style. RESTful architecture, as a commonly used Application Programming Interface (API) architecture paradigm, not only brings convenience to platforms and tenants, but also brings logical security challenges. Security issues such as quota bypass and privilege escalation are closely related to the design and implementation of API logic. Traditional code level testing methods are difficult to construct a testing model for API logic and test samples for in-depth testing of API logic, making it difficult to detect such logical vulnerabilities. We propose RESTlogic for this purpose.… More >

Pavlo Mykytyn^1,2,*, Marcin Brzozowski¹, Zoya Dyka^1,2, Peter Langendoerfer^1,2

CMES-Computer Modeling in Engineering & Sciences, Vol.138, No.2, pp. 1019-1050, 2024, DOI:10.32604/cmes.2023.029075

Abstract The application field for Unmanned Aerial Vehicle (UAV) technology and its adoption rate have been increasing steadily in the past years. Decreasing cost of commercial drones has enabled their use at a scale broader than ever before. However, increasing the complexity of UAVs and decreasing the cost, both contribute to a lack of implemented security measures and raise new security and safety concerns. For instance, the issue of implausible or tampered UAV sensor measurements is barely addressed in the current research literature and thus, requires more attention from the research community. The goal of this survey is to extensively review… More >

Yong Chen^1,*, Chao Xu¹, Jing Selena He², Sheng Xiao³

Journal of Quantum Computing, Vol.4, No.2, pp. 75-84, 2022, DOI:10.32604/jqc.2022.031312

Abstract With the rapid development of information technology, audit objects and audit itself are more and more inseparable from software. As an important means of software security audit, code security audit will become an important aspect of future audit that cannot be ignored. However, the existing code security audit is mainly based on source code, which is difficult to meet the audit needs of more and more programming languages and binary commercial software. Based on the idea of normalized transformation, this paper constructs a cross language code security audit framework (CLCSA). CLCSA first uses compile/decompile technology to convert different high-level programming… More >

Qiuyun Lyu¹, Chenhao Ma¹, Yanzhao Shen², Shaopeng Jiao³, Yipeng Sun¹, Liqin Hu^1,*

CMES-Computer Modeling in Engineering & Sciences, Vol.135, No.2, pp. 1625-1647, 2023, DOI:10.32604/cmes.2022.021562

Abstract Smart contracts running on public blockchains are permissionless and decentralized, attracting both developers and malicious participants. Ethereum, the world’s largest decentralized application platform on which more than 40 million smart contracts are running, is frequently challenged by smart contract vulnerabilities. What’s worse, since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies, a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum. However, little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected. Thus, we first present the contract dependency… More >

Emmanuel U. Opara^1,*, Oredola A. Soluade²

Journal of Cyber Security, Vol.3, No.3, pp. 167-176, 2021, DOI:10.32604/jcs.2021.019158

Abstract The ecosystem security platform described in this research is already impacting the threat spectrum in quantifiable ways. The global network has undergone a dramatic transformation over the course of 2020, with an unprecedented destabilization of events. Security breaches of all kinds are growing in complexity, sophistication, and impact. The bad actors are bypassing predictable security devices at will by breaching network systems at an escalating rate. This study will analyze these developments by creating awareness among security practitioners so they can be prepared to defend their enterprise systems. More >

Maher Alsharif¹, Shailendra Mishra^2,*, Mohammed AlShehri¹

Computer Systems Science and Engineering, Vol.40, No.3, pp. 1153-1166, 2022, DOI:10.32604/csse.2022.019938

Abstract Today, security is a major challenge linked with computer network companies that cannot defend against cyber-attacks. Numerous vulnerable factors increase security risks and cyber-attacks, including viruses, the internet, communications, and hackers. Internets of Things (IoT) devices are more effective, and the number of devices connected to the internet is constantly increasing, and governments and businesses are also using these technologies to perform business activities effectively. However, the increasing uses of technologies also increase risks, such as password attacks, social engineering, and phishing attacks. Humans play a major role in the field of cybersecurity. It is observed that more than 39%… More >

Jaiteg Singh¹, Tanya Gera¹, Farman Ali², Deepak Thakur¹, Karamjeet Singh³, Kyung-sup Kwak^4,*

CMC-Computers, Materials & Continua, Vol.66, No.3, pp. 2655-2670, 2021, DOI:10.32604/cmc.2021.014504

Abstract Android has been dominating the smartphone market for more than a decade and has managed to capture 87.8% of the market share. Such popularity of Android has drawn the attention of cybercriminals and malware developers. The malicious applications can steal sensitive information like contacts, read personal messages, record calls, send messages to premium-rate numbers, cause financial loss, gain access to the gallery and can access the user’s geographic location. Numerous surveys on Android security have primarily focused on types of malware attack, their propagation, and techniques to mitigate them. To the best of our knowledge, Android malware literature has never… More >

Joo-Chan Lee¹, Hyun-Pyo Choi¹, Jang-Hoon Kim¹, Jun-Won Kim¹, Da-Un Jung¹, Ji-Ho Shin¹, Jung-Taek Seo^{1, *}

CMC-Computers, Materials & Continua, Vol.65, No.1, pp. 53-67, 2020, DOI:10.32604/cmc.2020.011251

Abstract Cyberattacks on the Industrial Control System (ICS) have recently been increasing, made more intelligent by advancing technologies. As such, cybersecurity for such systems is attracting attention. As a core element of control devices, the Programmable Logic Controller (PLC) in an ICS carries out on-site control over the ICS. A cyberattack on the PLC will cause damages on the overall ICS, with Stuxnet and Duqu as the most representative cases. Thus, cybersecurity for PLCs is considered essential, and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks. In this study,… More >

Juan R. Bermejo Higuera^{1, *}, Javier Bermejo Higuera¹, Juan A. Sicilia Montalvo¹, Javier Cubo Villalba¹, Juan José Nombela Pérez¹

CMC-Computers, Materials & Continua, Vol.64, No.3, pp. 1555-1577, 2020, DOI:10.32604/cmc.2020.010885

Abstract To detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities as possible. To compare static analysis tools for web applications, an adapted benchmark to the vulnerability categories included in the known standard Open Web Application Security Project (OWASP) Top Ten project is required. The information of the security effectiveness of a commercial static analysis tool is not usually a publicly accessible research and the state of the art on static security tool analyzers shows that the different design and… More >

Lin Chen^1,2, Chunfang Yang^1,2,*, Fenlin Liu^1,2, Daofu Gong^1,2, Shichang Ding³

CMC-Computers, Materials & Continua, Vol.56, No.2, pp. 199-210, 2018, DOI: 10.3970/cmc.2018.02574

Abstract When dealing with the large-scale program, many automatic vulnerability mining techniques encounter such problems as path explosion, state explosion, and low efficiency. Decomposition of large-scale programs based on safety-sensitive functions helps solve the above problems. And manual identification of security-sensitive functions is a tedious task, especially for the large-scale program. This study proposes a method to mine security-sensitive functions the arguments of which need to be checked before they are called. Two argument-checking identification algorithms are proposed based on the analysis of two implementations of argument checking. Based on these algorithms, security-sensitive functions are detected based on the ratio of… More >