Abstract: Control Flow Integrity (CFI) is one of the most
promising technique to defend Code-Reuse Attacks (CRAs).
Traditional CFI Systems and recent Context-Sensitive CFI use coarse
control flow graphs (CFGs) to analyze whether the control flow
hijack occurs, left vast space for attackers at indirect call-sites. Coarse
CFGs make it difficult to decide which target to execute at indirect
control-flow transfers, and weaken the existing CFI systems actually.
It is an unsolved problem to extract CFGs precisely and perfectly
from binaries now. In this paper, we present an algorithm to get a
more precise CFG from binaries. Parameters are analyzed at indirect
call-sites and functions firstly. By comparing counts of parameters
prepared before call-sites and consumed by functions, targets of
indirect calls are reduced. Then the control flow would be more
constrained at indirect call-sites in runtime. Combined with CCFI,
we implement our policy. Experimental results on some popular
programs show that our approach is efficient. Further analysis show
that it can mitigate COOP and other advanced attacks.
Abstract: Measuring the reusability of Object-Oriented (OO) program code is important to ensure a successful and timely adaptation and integration of the reused code in new software projects. It has become even more relevant with the availability of huge amounts of open-source projects. Reuse saves cost, increases the speed of development and improves software reliability. Measuring this reusability is not s straight forward process due to the variety of metrics and qualities linked to software reuse and the lack of comprehensive empirical studies to support the proposed metrics or models. In this paper, a conceptual model is proposed to measure the reusability of OO program code. A comprehensive set of metrics is used to compute the most significant factors of reusability and an empirical investigation is conducted to measure the reusability of the classes of randomly selected open-source Java projects. Additionally, the impact of using inner and anonymous classes on the reusability of their enclosing classes is assessed. The results obtained are thoroughly analyzed to identify the factors behind lack of reusability in open-source OO program code and the impact of nesting on it.
Abstract: Tanzania secondary schools in rural areas are geographically and socially isolated, hence face a number of problems in getting learning materials resulting in poor performance in National examinations. E-learning as defined to be the use of information and communication technology (ICT) for supporting the educational processes has motivated Tanzania to apply ICT in its education system. There has been effort to improve secondary school education using ICT through several projects. ICT for e-learning to Tanzania rural secondary school is one of the research projects conceived by the University of Dar-es-Salaam through its College of Engineering and Technology. The main objective of the project is to develop a tool to enable ICT support rural secondary school. The project is comprehensive with a number of components, one being development of e-learning management system (e-LMS) for Tanzania secondary schools. This paper presents strategies of developing e-LMS. It shows the importance of integrating action research methodology with the modeling methods as presented by model driven architecture (MDA) and the usefulness of Unified Modeling Language (UML) on the issue of modeling. The benefit of MDA will go along with the development based on software development life cycle (SDLC) process, from analysis and requirement phase through design and implementation stages as employed by object oriented system analysis and design approach. The paper also explains the employment of open source code reuse from open source learning platforms for the context sensitive development of the e-LMS for Tanzania secondary schools.