The advent of language implementation tools such as PyPy and Truffle/Graal have reinvigorated and broadened interest in topics related to automatic compiler generation and optimization. Given this broader interest, we revisit the Futamura Projections using a novel diagram scheme. Through these diagrams we emphasize the recurring patterns in the Futamura Projections while addressing their complexity and abstract nature. We anticipate that this approach will improve the accessibility of the Futamura Projections and help foster analysis of those new tools through the lens of partial evaluation.
Post-Quantum Cryptography (PQC) attempts to find cryptographic protocols resistant to attacks by means of for instance Shor's polynomial time algorithm for numerical field problems like integer factorization (IFP) or the discrete logarithm (DLP). Other aspects are the backdoors discovered in deterministic random generators or recent advances in solving some instances of DLP. The use of alternative algebraic structures like non-commutative or non-associative partial groupoids, magmas, monoids, semigroups, quasigroups or groups, are valid choices for these new kinds of protocols. In this paper, we focus in an asymmetric cipher based on a generalized ElGamal non-arbitrated protocol using a non-commutative general linear group. The developed protocol forces a hard subgroup membership search problem into a non-commutative structure. The protocol involves at first a generalized Diffie-Hellman key interchange and further on the private and public parameters are recursively updated each time a new cipher session is launched. Security is based on a hard variation of the Generalized Symmetric Decomposition Problem (GSDP). Working with GF(2518) a 64-bits security is achieved, and if GF(25116) is chosen, the security rises to 127-bits. An appealing feature is that there is no need for big number libraries as all arithmetic if performed in Z251 and therefore the new protocol is particularly useful for computational platforms with very limited capabilities like smartphones or smartcards.
In this paper, we describe secure gateway for Internet of Things (IoT) devices with internal AAA mechanism, implemented to connect IoT sensors with Internet users. Secure gateway described in this paper allows to (1) authenticate each connected device, (2) authorise connection or reconguration performed by the device and (3) account each action. The same applies to Internet users who want to connect, download data from or upload data to an IoT device. Secure Gateway with internal AAA mechanism could be used in Smart Cities environments and in other IoT deployments where security is a critical concern. The mechanism presented in this paper is a new concept and has been practically validated in Polish national research network PL-LAB2020.
In this paper we propose right-angled Artin groups as a platform for secret sharing schemes based on the efficiency (linear time) of the word problem. Inspired by previous work of Grigoriev-Shpilrain in the context of graphs, we define two new problems: Subgroup Isomorphism Problem and Group Homomorphism Problem. Based on them, we also propose two new authentication schemes. For right-angled Artin groups, the Group Homomorphism and Graph Homomorphism problems are equivalent, and the later is known to be NP-complete. In the case of the Subgroup Isomorphism problem, we bring some results due to Bridson who shows there are right-angled Artin groups in which this problem is unsolvable.
We demonstrate a modularity bug in the interface system of Java 8 on the practical example of a textbook design of a modular interface for vector spaces. Our example originates in our teaching of modular object-oriented design in Java 8 to undergraduate students, simply following standard programming practices and mathematical denitions. The bug shows up as a compilation error and should be xed with a language extension due to the importance of best practices (design delity).
SQL Injection is one of the vulnerabilities in OWASP's Top Ten List forWeb Based Application Exploitation. These type of attacks take place on Dynamic Web applications as they interact with databases for various operations. Current Content Management System like Drupal, Joomla or Wordpress have all information stored in their databases. A single intrusion into these type of websites can lead to overall control of websites by an attacker. Researchers are aware of basic SQL Injection attacks, but there are numerous SQL Injection attacks which are yet to be prevented and detected. Over here, we present the extensive review for the Advanced SQL Injection attack such as Fast Flux SQL Injection, Compounded SQL Injection and Deep Blind SQL Injection. We also analyze the detection and prevention using the classical methods as well as modern approaches. We will be discussing the Comparative Evaluation for prevention of SQL Injection.
The paper concerns a risk assessment and management methodology in critical infrastructures. The aim of the paper is to present researches on risk management within the experimentation tool based on the OSCAD software. The researches are focused on interdependent infrastructures where the specific phenomena, like escalating and cascading effects, may occur. The objective of the researches is to acquire knowledge about risk issues within interdependent infrastructures, to assess the usefulness of the OSCAD-based risk manager in this application domain, and to identify directions for further R&D works. The paper contains a short introduction to risk management in critical infrastructures, presents the state of the art, and the context, plan and scenarios of the performed validation experiments. Next, step by step, the validation is performed. It encompasses two collaborating infrastructures (railway, energy). It is shown how a hazardous event impacts the given infrastructure (primary and secondary eects) and the neighbouring infrastructure. In the conclusions the experiments are summarized, the OSCAD software assessed and directions of the future works identified.
The availability of cheap and widely applicable person identification techniques is essential due to a wide-spread usage of online services. The dynamics of typing is characteristic to particular users, and users are hardly able to mimic the dynamics of typing of others. State-of-the-art solutions for person identification from the dynamics of typing are based on machine learning. The presence of hubs, i.e., few instances that appear as nearest neighbours of surprisingly many other instances, have been observed in various domains recently and hubness-aware machine learning approaches have been shown to work well in those domains. However, hubness has not been studied in the context of person identification yet, and hubnessaware techniques have not been applied to this task. In this paper, we examine hubness in typing data and propose to use ECkNN, a recent hubness-aware regression technique together with dynamic time warping for person identification. We collected time-series data describing the dynamics of typing and used it to evaluate our approach. Experimental results show that hubness-aware techniques outperform state-of-the-art time-series classifiers.