ResearchCoders - Papers Feed http://www.researchcoders.com Latest Research Papers Available in ResearchCoders AnswerBot: Automated Generation of Answer Summary to Developers’ Technical Questions http://researchcoders.dev/index.php/details/15/AnswerBot:_Automated_Generation_of_Answer_Summary_to_Developers’_Technical_Questions For Q&A websites like StackOverflow, current search engines provide users the list of relevant questions but the large amount of the answers makes it difficult for the user to find the most needed answers. In this paper the authors present a three-stage technique that generates summaries for the answers instead of just returning the answers based on the user's query. The Case for Dual-access File Systems over Object Storage http://researchcoders.dev/index.php/details/14/The_Case_for_Dual-access_File_Systems_over_Object_Storage Object Storage services such as Amazon S3 provide the users an economical, easy to use, durable way to store vast amount of data with near limitless capacity and RESTful API interface to communicate with object storage systems. Many applications which benefit from the features that object storage services provide need also a traditional filesystem interface (e.g. POSIX) to process the stored data. This paper proposes a solution which solve the problem of the difference between object storage systems and traditional filesystems interfaces with the focus on dual-access to data and efficient filesystem interface. A Proposed Framework Against Code Injection Vulnerabilities in Online Applications http://researchcoders.dev/index.php/details/13/A_Proposed_Framework_Against_Code_Injection_Vulnerabilities_in_Online_Applications SQL Injection is a well-known vulnerability that can be dangerous and violates the security of web applications.This paper proposes a framework to prevent SQL Injection attacks and provide better availability for the web application. The proposed framework is a hybrid which has Token based Detection module and Neural Network based Reconstruction module. The following SQL Injection types were considered in this paper: Tautologies, Union Queries, Illegal Queries, Piggy-back, Alternate Encoding, Stored Procedure and Inference Attack. The web application will be statically analyzed to detect and gather legal queries of the application. When a user sends a query, it will be compared with the gathered query to detect any SQL Injection by using a specific algorithm which depends on the tokens of the queries. Neural Network is used to provide better availability and reduce denial of service attack by facilitating the reconstruction option for the authenticated user query. Efficient and Flexible Discovery of PHP Application Vulnerabilities http://researchcoders.dev/index.php/details/12/Efficient_and_Flexible_Discovery_of_PHP_Application_Vulnerabilities PHP is one of most used programming language for web application. In this paper the authors aim to provide a way to analyze PHP applications source code in order to detect vulnerabilities in an efficient manner. To accomplish this goal, a concepts called "Code Property Graphs" has been employed. These graphs are generated for a given PHP code and stored in a graph database such as Neo4j. Then graph traversal can be used to detect vulnerabilities. Code Property Graph represents the source code of the application and to help in detecting vulnerabilities it have information such as the control flow and information flow of the application in question. A Code Property Graph is a combination of Abstract Syntax Tree, Control Flow Graphs, Program Dependence Graphs and Call Graphs. The paper examined a number of well-known vulnerabilities such as SQL Injection and XSS and shows the steps of detecting those vulnerabilities by using Code Property Graph in two steps. The proposed method in the paper has been evaluated on 1,854 PHP projects in GitHub (80 million lines of code). HotRestore: A Fast Restore System for Virtual Machine Cluster http://researchcoders.dev/index.php/details/11/HotRestore:_A_Fast_Restore_System_for_Virtual_Machine_Cluster Due to the frequency of failures in virtual machines and to enhance the reliability of virtualized environments, current systems restore failed virtual machine to last known state by using snapshots. This method requires a long time to restore the virtual machine due to the large size of snapshot file, in clustered environment the problem even worse since one restored virtual machine may send a packet to currently restoring virtual machine which leads to TCP backoff problem. This paper presents HotRestore which aims to restore virtual machine cluster rapidly and mitigate the TCP backoff problem. X-ray: Automating Root-Cause Diagnosis of Performance Anomalies in Production Software http://researchcoders.dev/index.php/details/10/X-ray:_Automating_Root-Cause_Diagnosis_of_Performance_Anomalies_in_Production_Software The current tools of performance analysis for production systems (such as profilers) tell the user what events caused the performance issue (e.g. calling a specific system call) instead of telling them the root cause of these issues (e.g. some misconfigured setting). By using the information provided by current tools to determine the root cause of the issues, the user (mostly the administrator) needs a deep knowledge on the software itself and sometimes the source code. This paper presents X-ray which is a tool that helps users to troubleshoot performance problems without the need of software's developer by providing the root cause of the performance issues for the user. Yesquel: scalable SQL storage for Web applications http://researchcoders.dev/index.php/details/9/Yesquel:_scalable_SQL_storage_for_Web_applications With the large amount of data web applications store nowadays the traditional SQL database systems started to cause performance issues, that lead the developers to use NoSQL databases as web storage instead. Although NoSQL databases are considered as a good alternative but they miss some important features provided by traditional database systems such as transactions, secondary indexes, joins and subqueries. This paper presents Yesquel which is a storage dedicated for web applications which handles SQL queries and performs almost as Redis and much better than MySQL Cluster. Towards Tierless Web Development without Tierless Languages http://researchcoders.dev/index.php/details/8/Towards_Tierless_Web_Development_without_Tierless_Languages Modern web applications use multitier architecture and each tier has its own technology stack, for example, in front-end tier, a combination of HTML, CSS and Javascript is used while in middle tier a server-side programming language such as PHP and a framework are used, and in back-end tier some database management system with SQL are used. This made the development of web applications a complex process which requires from the programmer to master many languages and technologies to produce a single web application. To mitigate this complexity, a new paradigm called Tierless Programming has been emerged to web application development, this paradigm propose to use just a single programming language to develop such complex web applications instead of developing each tier separately, after that, the source code of this one application can be compiled to the traditional multitier architecture. In this paper, the authors propose to use a well-known general purpose programming language which is Javascript to present Tireless Programming paradigm, a method called program slicing is used to realize the separation between client and server code. Honeyfiles: Deceptive Files for Intrusion Detection http://researchcoders.dev/index.php/details/7/Honeyfiles:_Deceptive_Files_for_Intrusion_Detection This paper presents the concept of honeyfile which can be used by the users of a given system as a simple intrusion detection system (IDS). Honeyfiles technique is a deception defense mechanism. When honeyfiles are introduced to a system and the users start to employ this functionality, it is going to help them to detect the attacks on the system. As its name indicates, honeyfiles uses files to deceive the attackers in order to detect them. ElasTraS: An Elastic, Scalable, and Self Managing Transactional Database for the Cloud http://researchcoders.dev/index.php/details/6/ElasTraS:_An_Elastic,_Scalable,_and_Self_Managing_Transactional_Database_for_the_Cloud Cloud Computing comes with major features that made the migration to cloud appealing. These features are elasticity, pay per use, perception of unlimited resources and infinite scalability. These features are not provided by current Relational Database Management Systems (RDBMS) which made people to use key-value stores instead which provide such features. The problem with key-value stores that they lack the rich functionality and transactional guarantees of RDBMS. In this paper, the authors present ElasTraS which is a transactional relational database system that provides cloud's well-known features such as scalling out, fault tolerance and elasticity. The Design and Implementation of Microdrivers http://researchcoders.dev/index.php/details/5/The_Design_and_Implementation_of_Microdrivers Device drivers can be considered as an extension of the operating system's kernel, they work in kernel-mode where they have privileges similar to the kernel itself. Furthermore, to write device drivers, the programmer cannot use user-mode development tools. Although running device drivers in kernel-mode is good for performance, but the drawback is that they decrease the reliability of the operating system. For example, one device driver that is written in a bad way can cause the kernel of operating system to crash, which means the whole machine will stop. According to the paper 89% of Windows XP crashes are caused by device drivers, while in Linux driver code has 2 to 7 times the bug density of other kernel's parts. To mitigate the reliability problem of device drivers, the authors of this paper proposed Microdrivers which is an idea that is obviously inspired by microkernel design. A microdriver has two parts, the first one called k-driver which is a portion of device driver's code that works in kernel-mode due to its performance requirements, the second part is u-driver which is the other portion of device driver's code that work in user-mode as a process. In this way, most of device driver's code can be moved to the userspace, which serves the reliability of the operating system. Grep versus FlatSQL versus MySQL: Queries using UNIX tools vs. a DBMS http://researchcoders.dev/index.php/details/4/Grep_versus_FlatSQL_versus_MySQL:_Queries_using_UNIX_tools_vs._a_DBMS This paper presents FlatSQL which is an SQL-like language that intended to be used with text files (flat files). In this way, the user get user interface that is similar to database management systems (DBMS) through FlatSQL while the advantages of text files remains, such as the simple and common format, and the diversity of the tools that work with text files. Honeywords: Making Password-Cracking Detectable http://researchcoders.dev/index.php/details/3/Honeywords:_Making_Password-Cracking_Detectable This paper focuses on the scenario where an attacker of a specific system steals a file (or data on database) that contains the hashed passwords of system's user. The authors present the idea of honeywords to make such situation detectable. The paper suggests that instead of associating just one password to users accounts, more than one password is associated to all users accounts of the system, just one of these passwords is correct, others are just honeywords. The presented mechanism in this work lies under the umbrella of deception defense mechanisms.