A new static analysis is proposed for programming languages with access control based on stack inspection. This analysis allows for various security-aware program optimizations. A novel feature of our static analysis is that it is parametric with respect to the security policy in force, so it needs not to be recomputed when the access rights are dynamically updated.

Abstract Many security vulnerabilities can be detected by static analysis. This paper is a case study and performance comparison of four open-source analysis tools plugins (PMD, SpotBugs, Find Security Bugs, SonarQube) on Java source code. Experiments have been conducted the widely used Juliet Test Suite with respect to six selected weaknesses from official Top 25 list Common Weakness Enumerati...

In this paper, we propose a new approach for the static detection of malicious code in executable programs. Our approach rests on a semantic analysis based on behaviour that even makes possible the detection of unknown malicious code. This analysis is carried out directly on binary code. Static analysis offers techniques for predicting properties of the behaviour of programs without running the...

Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise valuable network resources. The uncertainty about the attacker’s behaviour and capabilities make Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of traditi...

Food security is a key component of state security, and every country, especially some great powers in the world, has been paying more attention to national food security and its security system. This paper aimed at applying grey model to food security assessment in the province scale from statistical data and developing a prototype of food security assessment system in Liaoning Province. First...

Organisations of all sizes are now significantly reliant upon information technology and networks for the operation of their business activities. All therefore have a consequent requirement to ensure that their systems and data are appropriately protected against security breaches. Unfortunately, however, there is evidence to suggest that security practices are not strongly upheld within small ...

This paper reviews the state of the art in cyber security risk assessment of Cloud Computing systems. We select and examine in detail the quantitative security risk assessment models developed for or applied especially in the context of a Cloud Computing system. We review and then analyze existing models in terms of aim; the stages of risk management addressed; key risk management concepts cove...