 setting
standards |
by
Chung-Hung Tsai
SENCAW | AUTHOR
|
Matlab and Octave DO support 64 bit unsigned numbers, they don’t support any mathematical operations on them. Computations in matlab/octave are limited as follows because they follow the IEEE standard for binary arithmetic:
64 bits are allocated to a number,- The LSB is N1 (to match with Matlab/Octave nomenclature), MSB is N64
- Then N1 is used as a sign bit
- N2-N13 are used to store the exponent (ranging from -1021 to 1024)
- The remaining bits 52 are used to store the mantissa (the fractional component)
There is no way to perform computations on unsigned 64 bit number – doing so will result in truncation. If your unsigned number exceeds 53bits you’ll begin seeing truncation of your least significant bits.
Here is one cheesy way to do it:
Create a set of functions which convert numbers to string and perform operations on those string (Next Two Code Sources from J. Franco):
Converting to a big int:
[code language="cpp"] function number = toBigInt(n);
number = '';
while n ~= 0
number = [char(mod(n,10)+'0') number];
n = floor(n/10);
end
end[/code]
Adding two big ints:
[code language="cpp"]function s3 = addBigInt(s1,s2);
if length(s1) < 1 && length(s2) < 1 s3 = '0'; % if s1,s2 == [] answer = 0
elseif length(s1) < 1 s3 = s2; % if s1 == [] then s2 is the answer
elseif length(s2) < 1 s3 = s1; % if s2 == [] then s1 is the answer
else
carry = 0; % define the carry
s3 = ''; % define the answer
dh = max(length(s1),length(s2)); % maximum number of digits to worry about
% From least significant digit, change digit chars to numbers, add with
% carry to get new carry and new digit, convert new digit back to char
% and stick into solution. If a number runs out of digits, use 0.
for i=1:dh
if i <= length(s1) n1 = s1(length(s1)+1-i)-'0'; else n1 = 0; end
if i <= length(s2) n2 = s2(length(s2)+1-i)-'0'; else n2 = 0; end
n = n1 + n2 + carry; % add the ith digits of s1, s2 and carry
carry = floor(n/10); % save the carry
s3 = [char(mod(n,10)+'0') s3]; % compute the answer digit
end
% If there is a carry at the end, change to char and stick it at front
if carry > 0 s3 = [char(carry+'0') s3]; end
end
[/code]
Get it? – perform your your operations on strings, when necessary, split the strings into manageable chunks and change them back to numbers with the correct exponentiation.
It’s possible to do this cleaner and more efficient– this is just a quick and dirty solution.
Posted in access, analysis, code, ieee | No Comments »
Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Ettore Merlo; Dominic Letarte; Giuliano Antoniol
Summary:
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies. This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity More
Insider and Ousider Threat-Sensitive SQL Injection Vulnerability Analysis in PHP
Ettore Merlo; Dominic Letarte; Giuliano Antoniol
Summary:
In general, SQL-injection attacks rely on some weak validation of textual input used to build database queries. Maliciously crafted input may threaten the confidentiality and the security policies of Web sites relying on a database to store and retrieve information. Furthermore, insiders may introduce malicious code in a Web application, code that, when triggered by some specific input, for example, would violate security policies.
This paper presents an original approach based on static analysis to automatically detect statements in PHP applications that may be vulnerable to SQL-injections triggered by either malicious input (outsider threats) or malicious code (insider threats). Original flow analysis equations, that propagate and combine security levels along an inter-procedural control flow graph (CFG), are presented. The computation of security levels presents linear execution time and memory complexity
Posted in analysis, code, inection, input, ip, malicious, queries, soap-apache-mysql, sophisticated applications, vulnerability | No Comments »
SCO | RIP
Why SCO won’t show the code – At SCO’s annual reseller show, the company’s executives put up a couple of slides as a way of demonstrating how Unix code had been “stolen” and put into Linux. The two slides were photographed and have since appeared on Heise Online; see them here and here. The escape of these slides has allowed the Linux community to do something it has been craving since the beginning of the SCO case: track down the real origins of the code that SCO claims as its own. The results, in this case, came quick and clear. They do not bode well for SCO. More Abstract This paper reports on the design rationale and formative evaluation of an intelligent tool to aid intermediate and advanced student programmers, who already have knowledge of another programming language, in acquiring a working knowledge of key parts of the Ada programming language. Research on transfer between programming languages has shown that, while previous programming experience helps students to learn subsequent languages, it also can be a source of negative transfer. In particular, students have little trouble with the syntax of the new language, but they do have difficulty in planning a solution which takes advantage of the features of the new language. Our tool, ADAPT, applies existing artificial intelligence technologies to the pedagogical problem of transfer between programming languages, with emphasis on the problem of developing programming plans which are appropriate to Ada. ADAPT was designed based on the findings of research in the cognition of programming. A prototype of the tool was developed, and a formative evaluation was carried out to evaluate the cognitively-based design decisions guiding ADAPT.
More
Posted in ADAPT, SCO, Uncategorized, code, programming, show the code, syntax, vulnerability | No Comments »
