Rigel Gjomemo, Kedar Namjoshi, Phu H. Phung, Venkat Venkatakrishnan, and Lenore
From Verification to Optimizations.
In Proceedings of the 16th International Conference on
Verification, Model Checking, and Abstract Interpretation
Mumbai, India, January 12-14, 2015, Lecture Notes in Computer Science
(LNCS). Springer Verlag, January 2015.
[ bib ]
Compilers perform static analysis prior to applying an optimization. The analysis results are typically not very precise, however, as a compiler operates with a strict time budget, which constrains reasoning. In this paper, we explore a new direction: using information gathered by external sound static analysis tools to augment the internal compiler reasoning, and investigate whether this leads to better optimization. One of the key problems to be solved is that of propagating the source-level information gathered by a static analyzer deeper into the optimization pipeline. We propose an approach to achieve this and demonstrate its feasibility through an implementation using the LLVM compiler infrastructure. We show how assertions obtained from the Frama-C static analysis tool are propagated through LLVM and are then used to substantially improve the effectiveness of several optimizations.
Phu H. Phung, Maliheh Monshizadeh, Meera Sridhar, Kevin W. Hamlen, and V.N.
Multi-party Web Content.
IEEE Transactions on Dependable and Secure Computing
(TDSC), September 2014.
[ bib |
Mike Ter Louw, Phu H. Phung, Rohini Krishnamurti, and Venkat N.
In Hanne Riis Nielson and Dieter Gollmann, editors, Proceedings
of the 18th Nordic Conference on Secure IT Systems
(NordSec 2013), Ilulissat, Greenland,
October 18-21, 2013, volume 8208 of Lecture Notes in Computer Science
(LNCS), pages 67-83. Springer Verlag, October 2013.
[ bib |
Pieter Agten, Steven Van Acker, Yoran Brondsema, Phu H. Phung, Lieven Desmet,
and Frank Piessens.
without browser modifications.
In Robert H'obbes' Zakon, editor, Proceedings of the 28th Annual
Computer Security Applications Conference,
ACSAC 2012, Orlando, FL, USA, 3-7 December
2012, pages 1-10. ACM, December 2012.
[ bib |
The inclusion of third-party scripts in web pages is a common practice. A recent study has shown that more than half of the Alexa top 10000 sites include scripts from more than 5 different origins. However, such script inclusions carry risks, as the included scripts operate with the privileges of the including website.
Hong Linh Truong, Phu H. Phung, and Schahram Dustdar.
Governing Bot-as-a-Service in Sustainability Platforms - Issues and
In Proceedings of the 9th International Conference on Mobile Web
MobiWIS 2012, Niagara
Falls, Ontario, Canada, August 27-29, 2012, volume 10 of Procedia
Computer Science, pages 561-568. Elsevier, 2012.
[ bib |
The emerging cloud computing models for Internet-of-Things have fostered the development of lightweight applications using cloud services for monitoring and optimizing devices and equipment hosted in distributed facilities. Such applications – called bots in our work – can be composed and deployed with multiple types of governance policies from cloud platforms to distributed hosting environments and they can access not only local data and devices but also cloud data and features. Therefore, it is a great challenge to govern them. In this paper, we discuss governance issues and state-of-the-art on supporting the emerging Bot-as-a-Service in sustainability governance platforms. Based on that we outline our approaches to policy development and enforcement for the Bot-as-a-Service model
Phu H. Phung and Lieven Desmet.
JSTools 2012, Beijing,
China, 13 June 2012, pages 1-10. ACM, 2012.
[ bib |
Jonas Magazinius, Phu H. Phung, and David Sands.
In Tuomas Aura, Kimmo Järvinen, and Kaisa Nyberg, editors,
Proceedings of the 15th Nordic Conference in Secure IT Systems,
NordSec 2010, Espoo,
Finland, October 27-29, 2010, volume 7127 of Lecture Notes in Computer
Science (LNCS), pages 239-255. Springer Verlag, October 2010.
Revised Selected Papers from
OWASP AppSec Research 2010.
[ bib |
Phu H. Phung and Dennis Kengo Nilsson.
A model for safe and secure execution of downloaded vehicle
In Proceedings of the 2010 Road Transport Information and
Control Conference and the ITS United Kingdom Members' Conference (RTIC 2010)
- Better transport through technology, IET, London, UK, 25-27 May 2010,
pages 1-6. IET, May 2010.
[ bib |
Existing secure protocols and code signing mechanisms for vehicle systems to download and install software over the air certify only the origin and the integrity of software; thus, they do not address errors that might not be detected in the development process and cannot ensure that the downloaded software do not contain malicious code. In this paper, we identify such possible threats by developing a threat model for the vehicle software architecture. We propose countermeasures against the threats by preventing or modifying inappropriate behaviour caused by, e.g., malicious or poorly designed applications. We propose a model to deploy the approach which is based on modifying the application at the wireless gateway in the vehicle before being installed. As a result, security policies are embedded into the application and intercepts security relevant execution events. Thus, the execution of downloaded vehicle applications is monitored to ensure the safety and security for the vehicle system and to detect potential cyber attacks.
Keywords: Vehicle software/firmware;language-based security;policy enforcement
Phu H. Phung, David Sands, and Andrey Chudnov.
In R. Safavi-Naini and V. Varadharajan, editors, Proceedings of
the 4th International Symposium on Information, Computer, and Communications
2009, Sydney, Australia, March 2009, pages 47-60. ACM, March 2009.
[ bib |
Extended version |
Phung Huu Phu, Myeongjae Yi, and Myung-Kyun Kim.
Securing AODV Routing Protocol in Mobile Ad-Hoc Networks.
In David Hutchison, Spyros G. Denazis, Laurent Lefèvre, and
Gary J. Minden, editors, Proceedings of the IFIP TC6 7th International
Working Conference on Active and Programmable Networks, IWAN 2005, Sophia
Antipolis, France, November 21-23, 2005. Revised Papers, volume 4388 of
Lecture Notes in Computer Science (LNCS), pages 182-187. Springer Verlag,
[ bib |
In this paper, we have proposed a security scheme for Ad-hoc On-Demand Distance Vector (AODV) routing protocol. In this scheme, each node in a network has a list of its neighbor nodes including a shared secret key which is obtained by executing a key agreement when joining a network. One key principle in our scheme is that before executing route discovery steps in AODV protocol, each node executes message authentication process with the sender to guarantee the integrity and non-repudiation of routing messages and therefore, could prevent attacks from malicious nodes. Comparing with other recently proposed security routing protocols, our security scheme needs less computation power in routing transactions and does not need any centralized element in mobile ad-hoc networks.
Phu H. Phung and David Sands.
Security Policy Enforcement in the OSGi Framework Using
In Proceedings of the 32nd Annual IEEE International Computer
Software and Applications Conference,
COMPSAC 2008, Turku,
Finland, 28 July - 1 August 2008, pages 1076-1082. IEEE Computer Society,
[ bib |
The lifecycle mismatch between vehicles and their IT system poses a problem for the automotive industry. Such systems need to be open and extensible to provide customised functionalities and services. What is less clear is how to achieve this with quality and security guarantees. Recent studies in language-based security - the use of programming language technology to enforce application specific security policies - show that security policy enforcement mechanisms such as inlined reference monitors provide a potential solution for security in extensible systems. In this paper we study the implementation of security policy enforcement using aspect-oriented programming for the OSGi (Open Services Gateway initiative) framework. We identify classes of reference monitor-style policies that can be defined and enforced using AspectJ, a well-known aspect-oriented programming language. We demonstrate the use of security states to describe history-based policies. We also introduce and implement various levels of security states in Java to describe session level history versus global application level history. We illustrate the effectiveness of the implementation by deploying the security policy enforcement solution in an example scenario of software downloading in a standard vehicle system.
Dennis K. Nilsson, Phu H. Phung, and Ulf E. Larson.
Vehicle ECU Classification Based on Safety-Security
In Proceedings of Road Transport Information and Control - RTIC
2008 and ITS United Kingdom Members' Conference, Manchester, UK, 20-22 May
2008, pages 1-7. IET, May 2008.
[ bib ]
An upcoming trend for automotive manufacturers is to perform remote diagnostics and firmware updates over the air, which allows identifying hardware problems and correction of software flaws with minimal customer inconvenience. These procedures require that the previously isolated in-vehicle network permits external communication, which introduces a number of security risks, e.g., cyber attack threats. In this paper, we identify cyber attack threats and classify the electronic control units (ECUs) in the in-vehicle network to assist in determining which ones to protect and restrict access to. We divide the ECUs into five categories: powertrain, vehicle safety, comfort, infotainment, and telematics. We then use four safety integrity levels to classify the ECU categories. Moreover, we define safety effect levels of security threats which are used to classify identified attacks in the remote diagnostics and firmware updates over the air procedures. The safety and security levels are combined to classify the ECU categories. From the results we conclude that ECU categories such as powertrain and vehicle safety require further protection prior to introducing remote connectivity. As a conclusion, we suggest that automotive manufacturers should emphasize security or restrict the remote diagnostics and firmware updates over the air procedures to certain ECUs.
Phung Huu Phu, DaeSeung Yoo, and Myeongjae Yi.
Design and Implementation of a Web Services-Based Framework Using
In HansGeorg Bock, Ekaterina Kostina, HoangXuan Phu, and Rolf
Rannacher, editors, Modeling, Simulation and Optimization of Complex
Processes, pages 479-488. Springer Berlin Heidelberg, 2008.
Revised papers from the Third International Conference on High
Performance Scientific Computing,
HPSC 2006, Hanoi,
Vietnam, March 6-10, 2006.
[ bib |
In the recent years, Web services technology has been playing an important role as a middleware for distributed systems such as peer-to-peer computing, grid computing as well as interoperability transactions. As the technology continues to evolve, a number of specifications are being proposed to address the areas necessary to support Web services. These specifications are designed modularly, therefore it is necessary to have a framework to supply an efficient way for developers in building Web services-based distributed applications. The aim of our approach is to combine and integrate appropriate Web service specifications within one framework; thus, distributed applications can be built on this framework regardless of these specifications. In our previous work, a Web services framework in which Web services-based interoperability transactions can be executed in reliable, effective, and secure manner have been proposed. In this paper we present the design and implementation of modules for the framework based on remoting pattern approach. Remoting patterns are used since they provide a systematic way in developing distributed object middleware solutions and they can link to other patterns in the context of distributed applications. By using remoting pattern language, our framework can be easily integrated to Web services-based distributed systems as well as extended additional functionalities in future. A case study of e-banking transactions based on our framework has been developed to illustrate how our framework can be used in practice.
Phung Huu Phu, DaeSeung Yoo, and Myeongjae Yi.
A Framework Supporting Quality of Service for SOA-Based
In Young-Tak Kim and Makoto Takano, editors, Proceedings of the
Asia-Pacific Network Operations and Management Symposium,
APNOMS 2006, Busan, South Korea,
September 27-29, 2006, volume 4238 of Lecture Notes in Computer Science
(LNCS), pages 232-241. Springer Verlag, 2006.
[ bib |
Web Services and Service-Oriented Architecture (SOA) has been playing an important role as a middleware for interoperable transactions such as Business-to-Business and Enterprise Application Integration. Popular Web Services frameworks, such as Apache Axis, did not consider the Quality of Service (QoS), though these aspects are high demands in practice. In this paper, we present a framework supporting QoS built on the top of Axis. The framework is transparent with developers on both client and server side, and supports QoS including performance, accessibility, reliability, and security for SOA-based transactions. The design and implementation of our framework provide an easily integrated and flexibly extended approach to SOA-based applications. The key features and implementation methodology are described, with scenarios provided as usage examples of the framework.
Phung Huu Phu and Myeongjae Yi.
A service management framework for SOA-based interoperability
In Proceedings of the 9th Russian-Korean International Symposium
on Science and Technology, KORUS 2005,
Novosibirsk, Russia, June 26 - July 2, 2005, pages 680-684. IEEE, June
[ bib |
Although service oriented architecture (SOA) supports an architecture for robust interoperability transactions, there are many challenges that need to be investigated to develop the infrastructure for such transactions. One of the important problems still not considered is that how to manage these services in an efficient manner in transactions. In this paper, a framework for a more efficient management of services in interoperability transactions has been proposed. The purpose of this framework is to provide a secure and reliable environment for the communication of services in a SOA-based architecture. The framework is a combination of Web services reliable messaging protocol and the security model of our previous work (Phu et al., 2005).
Keywords: Internet;computer network management;electronic messaging;open systems;protocols;security of data;transaction processing;SOA;Web services;interoperability transactions;messaging protocol;security model;service communication;service management;service oriented architecture;Computer architecture;Distributed computing;Information technology;Protocols;Quality of service;Security;Service oriented architecture;Technology management;Web services;XML
Phung Huu Phu, Hong Hee Lee, and Myeongjae Yi.
Service-Oriented architecture: an approach to inter-agency
transactions in e-Government.
In Proceedings of 2005 School on Computational Sciences and
Engineering, COSCI 2005,
Ho Chi Minh City, Vietnam, March 2-4 2005, March 2005.
[ bib ]
The evolution of the Internet and Web has led governments to reshape traditional public services, supplying the faster, better and more responsive access to public services to citizens called e-Government. It is electronic interactions for citizens and government agency officers and also co-operations among independent, heterogeneous government agencies. This paper shows an investigation on the e-Government aspects and requirements. Then, an e-Government co-operations architecture based on Service-Oriented Architecture approach, the new trend of software architecture and distributed computing technology is proposed. Finally, a security model for proposed e-government architecture based on the combination of related security standards and specifications including PKI architecture, XML signature, XML Encryption and XML Key Management Service (XKMS) is described
|||Phung Huu Phu and Myeongjae Yi. Using Web services in the Internet banking Transaction System. In Proceedings of the 22nd Korea Information Processing Society (KIPS) Fall Conference, KIPS Fall 2004, Teagu, South Korea, November, 2004, 2004. [ bib ]|
This file was generated by bibtex2html 1.96.