Submit Search
Upload
Last Days of Academy
•
2 likes
•
1,006 views
Asankhaya Sharma
Follow
Why higher education is ripe for disruption
Read less
Read more
Education
Report
Share
Report
Share
1 of 10
Download now
Download to read offline
Recommended
Sara Fay
Sara Fay
Briana Mitchell
my first...
my first...
malaysian education ministry
IMAGENES
IMAGENES
Katy Barreno
Familia de saxofones
Familia de saxofones
fjhugo
Achieving peak performance consistently is important to being a successful Trader. Join us at the Traders Club to see how we continue to achieve peak performance. www.tradersclub.london
Peak Performance with the Traders Club
Peak Performance with the Traders Club
Daniel Sesay
Island Trends
Island Trends
LeahFhon
YOUTH INCARCERATION
YOUTH INCARCERATION
Liz Ryan
What is a Digipak?
What is a Digipak?
TammyMatheson
Recommended
Sara Fay
Sara Fay
Briana Mitchell
my first...
my first...
malaysian education ministry
IMAGENES
IMAGENES
Katy Barreno
Familia de saxofones
Familia de saxofones
fjhugo
Achieving peak performance consistently is important to being a successful Trader. Join us at the Traders Club to see how we continue to achieve peak performance. www.tradersclub.london
Peak Performance with the Traders Club
Peak Performance with the Traders Club
Daniel Sesay
Island Trends
Island Trends
LeahFhon
YOUTH INCARCERATION
YOUTH INCARCERATION
Liz Ryan
What is a Digipak?
What is a Digipak?
TammyMatheson
Begoña - SNTE
Begoña - SNTE
Wenceslao Verdugo Rojas
UNIDAD 2 SISTEMAS DE INFORMACION
UNIDAD 2 SISTEMAS DE INFORMACION
gerardofelix24
Kjemidagen15
Kjemidagen15
Silje Uhlen Maurset
SAN DIEGO COMIC CON
SAN DIEGO COMIC CON
Omar Andres Beltrán Ramón
Blinds for Doors
Blinds for Doors
Veneta Blinds
Untitled Presentation
Untitled Presentation
Jaime McSorley
Untitled Presentation
Untitled Presentation
Danny Adetya
Clinical Field Experience Week #3 Reflection
Clinical Field Experience Week #3 Reflection
Matthew Petersen
Zlatan Ibrahimovic
Zlatan Ibrahimovic
pinnacle10
What Do You Know . . .
What Do You Know . . .
Nancy Fitzgerald
Austin, Texas: Finding Your New Place!
Austin, Texas: Finding Your New Place!
Apartment Specialists
Vunkuwa® International Academy presents a unique massage technique
Vunkuwa® International Academy presents a unique massage technique
Carol Mathebula
German Shepherd
German Shepherd
MaddyChilders
NANOTECNOLOGIA
NANOTECNOLOGIA
jerimar Torres
The Pomodoro Technique
The Pomodoro Technique
Tzezo
and our life could be in danger
and our life could be in danger
alejandricai
HUM Consulting
HUM Consulting
Pranavi Santi
Top 5 Buildings in Philly
Top 5 Buildings in Philly
Adrian Rubin
Как сказать на английском о предмете, что он бесполезен или ненужен.
Бесполезный - Useless
Бесполезный - Useless
Ruslan Lyashchuk
Celebrity Health Records
Celebrity Health Records
mrscallie
What can the different character classes in Team Fortress teach us about team building?
9 types of people you find on your team
9 types of people you find on your team
Asankhaya Sharma
Today software is built in fundamentally different ways from how it was a decade ago. It is increasingly common for applications to be assembled out of open-source components, resulting in the use of large amounts of third-party code. This third-party code is a means for vulnerabilities to make their way downstream into applications. Recent vulnerabilities such as Heartbleed, FREAK SSL/TLS, GHOST, and the Equifax data breach (due to a flaw in Apache Struts) were ultimately caused by third-party components. We argue that an automated way to audit the open-source ecosystem, catalog existing vulnerabilities, and discover new flaws is essential to using open-source safely. To this end, we describe the Security Graph Language (SGL), a domain-specific language for analysing graph-structured datasets of open-source code and cataloguing vulnerabilities. SGL allows users to express complex queries on relations between libraries and vulnerabilities in the style of a program analysis language. SGL queries double as an executable representation for vulnerabilities, allowing vulnerabilities to be automatically checked against a database and deduplicated using a canonical representation. We outline a novel optimisation for SGL queries based on regular path query containment, improving query performance up to 3 orders of magnitude. We also demonstrate the effectiveness of SGL in practice to find zero-day vulnerabilities by identifying sever
Design and Implementation of the Security Graph Language
Design and Implementation of the Security Graph Language
Asankhaya Sharma
More Related Content
What's hot
Begoña - SNTE
Begoña - SNTE
Wenceslao Verdugo Rojas
UNIDAD 2 SISTEMAS DE INFORMACION
UNIDAD 2 SISTEMAS DE INFORMACION
gerardofelix24
Kjemidagen15
Kjemidagen15
Silje Uhlen Maurset
SAN DIEGO COMIC CON
SAN DIEGO COMIC CON
Omar Andres Beltrán Ramón
Blinds for Doors
Blinds for Doors
Veneta Blinds
Untitled Presentation
Untitled Presentation
Jaime McSorley
Untitled Presentation
Untitled Presentation
Danny Adetya
Clinical Field Experience Week #3 Reflection
Clinical Field Experience Week #3 Reflection
Matthew Petersen
Zlatan Ibrahimovic
Zlatan Ibrahimovic
pinnacle10
What Do You Know . . .
What Do You Know . . .
Nancy Fitzgerald
Austin, Texas: Finding Your New Place!
Austin, Texas: Finding Your New Place!
Apartment Specialists
Vunkuwa® International Academy presents a unique massage technique
Vunkuwa® International Academy presents a unique massage technique
Carol Mathebula
German Shepherd
German Shepherd
MaddyChilders
NANOTECNOLOGIA
NANOTECNOLOGIA
jerimar Torres
The Pomodoro Technique
The Pomodoro Technique
Tzezo
and our life could be in danger
and our life could be in danger
alejandricai
HUM Consulting
HUM Consulting
Pranavi Santi
Top 5 Buildings in Philly
Top 5 Buildings in Philly
Adrian Rubin
Как сказать на английском о предмете, что он бесполезен или ненужен.
Бесполезный - Useless
Бесполезный - Useless
Ruslan Lyashchuk
Celebrity Health Records
Celebrity Health Records
mrscallie
What's hot
(20)
Begoña - SNTE
Begoña - SNTE
UNIDAD 2 SISTEMAS DE INFORMACION
UNIDAD 2 SISTEMAS DE INFORMACION
Kjemidagen15
Kjemidagen15
SAN DIEGO COMIC CON
SAN DIEGO COMIC CON
Blinds for Doors
Blinds for Doors
Untitled Presentation
Untitled Presentation
Untitled Presentation
Untitled Presentation
Clinical Field Experience Week #3 Reflection
Clinical Field Experience Week #3 Reflection
Zlatan Ibrahimovic
Zlatan Ibrahimovic
What Do You Know . . .
What Do You Know . . .
Austin, Texas: Finding Your New Place!
Austin, Texas: Finding Your New Place!
Vunkuwa® International Academy presents a unique massage technique
Vunkuwa® International Academy presents a unique massage technique
German Shepherd
German Shepherd
NANOTECNOLOGIA
NANOTECNOLOGIA
The Pomodoro Technique
The Pomodoro Technique
and our life could be in danger
and our life could be in danger
HUM Consulting
HUM Consulting
Top 5 Buildings in Philly
Top 5 Buildings in Philly
Бесполезный - Useless
Бесполезный - Useless
Celebrity Health Records
Celebrity Health Records
More from Asankhaya Sharma
What can the different character classes in Team Fortress teach us about team building?
9 types of people you find on your team
9 types of people you find on your team
Asankhaya Sharma
Today software is built in fundamentally different ways from how it was a decade ago. It is increasingly common for applications to be assembled out of open-source components, resulting in the use of large amounts of third-party code. This third-party code is a means for vulnerabilities to make their way downstream into applications. Recent vulnerabilities such as Heartbleed, FREAK SSL/TLS, GHOST, and the Equifax data breach (due to a flaw in Apache Struts) were ultimately caused by third-party components. We argue that an automated way to audit the open-source ecosystem, catalog existing vulnerabilities, and discover new flaws is essential to using open-source safely. To this end, we describe the Security Graph Language (SGL), a domain-specific language for analysing graph-structured datasets of open-source code and cataloguing vulnerabilities. SGL allows users to express complex queries on relations between libraries and vulnerabilities in the style of a program analysis language. SGL queries double as an executable representation for vulnerabilities, allowing vulnerabilities to be automatically checked against a database and deduplicated using a canonical representation. We outline a novel optimisation for SGL queries based on regular path query containment, improving query performance up to 3 orders of magnitude. We also demonstrate the effectiveness of SGL in practice to find zero-day vulnerabilities by identifying sever
Design and Implementation of the Security Graph Language
Design and Implementation of the Security Graph Language
Asankhaya Sharma
In recent years, the number of open-source components used by developers to build software has seen immense growth. Millions of open-source libraries are distributed through centralised systems like Maven Central (Java), NPM (JavaScript), and GitHub (Go), and their widespread use means that bugs and vulnerabilities impact large numbers of downstream applications. In this talk, I will introduce the common security problems facing enterprises using open source code. We will also talk about how to manage the open source software risks using people, process and tools.
Securing Open Source Code in Enterprise
Securing Open Source Code in Enterprise
Asankhaya Sharma
Build Software, Safely.
Secure Software Development
Secure Software Development
Asankhaya Sharma
Traits allow decomposing programs into smaller parts and mixins are a form of composition that resemble multiple inheritance. Unfortunately, in the presence of traits, programming languages like Scala give up on subtyping relation between objects. In this paper, we present a method to check subtyping between objects based on entailment in separation logic. We implement our method as a domain specific language in Scala and apply it on the Scala standard library. We have verified that 67% of mixins used in the Scala standard library do indeed conform to subtyping between the traits that are used to build them.
Verified Subtyping with Traits and Mixins
Verified Subtyping with Traits and Mixins
Asankhaya Sharma
Automated verification of programs that utilize data structures with intrinsic sharing is a challenging problem. We develop an extension to separation logic that can reason about aliasing in heaps using a notion of compatible sharing. Compatible sharing can model a variety of fine grained sharing and aliasing scenarios with concise specifications. Given these specifications, our entailment procedure enables fully automated verification of a number of challenging programs manipulating data structures with non-trivial sharing. We benchmarked our prototype with examples derived from practical algorithms found in systems code, such as those using threaded trees and overlaid data structures.
Specifying compatible sharing in data structures
Specifying compatible sharing in data structures
Asankhaya Sharma
Symbolic execution is an important and popular technique used in several software engineering tools for test case generation, debugging and program analysis. As such improving the performance of symbolic execution can have huge impact on the effectiveness of such tools. In this paper, we present a technique to systematically introduce undefined behaviors during compilation to speed up the subsequent symbolic execution of the program. We have implemented our technique inside LLVM and tested with an existing symbolic execution engine (Pathgrind). Preliminary results on the SIR repository benchmark are encouraging and show 48% speed up in time and 30% reduction in the number of constraints.
Exploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic execution
Asankhaya Sharma
In this project we present a new architecture for database intrusion detection. We implement this framework called DIDAR (Database Intrusion Detection with Automated Recovery) and discuss the performance issues. Recently there has been considerable interest in the design of intrusion detection system for databases. Most of the current systems take a laid back approach and concentrate more on containment and recovery once the database has been infected by malicious transaction. We propose a more proactive solution; DIDAR aims to detect the intrusions as soon as possible with support for damage containment and auto recovery as well. DIDAR provides intrusion tolerance by working in two phases – learning and detection. During the learning phase we build a model of the legitimate queries for each user based on the currently executing transactions and later use that model to detect the malicious transactions. DIDAR guarantees quality of information assurance at four different levels for each user. We have positive results based on our prototype and preliminary testing on synthetic database. With almost no load to the database DIDAR achieves high detection rates, quick damage containment and full recovery.
DIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated Recovery
Asankhaya Sharma
Over the past few years, the way we build software has changed a lot. These days, developers make heavy use of open-source libraries and 3rd party components to design and assembly software. Unfortunately, reusable components also mean reusable vulnerabilities. Hackers have shifted their attention from exploiting applications to exploiting vulnerabilities in libraries. In this talk, we will review some of the popular security vulnerabilities that affected open-source libraries recently. We will also look at how current security products and techniques do not focus on vulnerabilities in libraries and components. Detecting vulnerabilities in libraries and remediating them requires a change in thinking about software security. Developers are the key stakeholders in the security of the software they build and empowering them with the right tools and information can help them build secure software. We will take a look at a XSS (Cross-site Scripting) vulnerability in the popular JavaScript library Handlebars.js and the impact it had on other libraries and applications. We will then show how developers can make use of secure HTTP headers and content security policy to prevent XSS, clickjacking and other code injection attacks. Integrating security features directly in software development can enable developers to build software safely.
Developer-focused Software Security
Developer-focused Software Security
Asankhaya Sharma
Exploring symbolic execution using Bokeh, a Python based framework for data visualization.
Visualizing Symbolic Execution with Bokeh
Visualizing Symbolic Execution with Bokeh
Asankhaya Sharma
Advise on how to build a successful and enriching engineering career in the software industry.
Crafting a Successful Engineering Career
Crafting a Successful Engineering Career
Asankhaya Sharma
Formal methods help improve the quality and reliability of software by providing proof of correctness. However, ensuring the correctness of verification tools that apply these formal methods, is itself a much harder problem. A typical way to justify the correctness is to provide soundness proofs based on semantic models. For program verifiers these soundness proofs are quite large and complex. In this thesis, we introduce certified reasoning to provide machine checked proofs of various components of an automated verification system. We develop new certified decision procedures (Omega++) and certified proofs (for compatible sharing) and integrate with an existing automated verification system (HIP/SLEEK). We show that certified reasoning improves the correctness and expressivity of automated verification without sacrificing on performance.
Certified Reasoning for Automated Verification
Certified Reasoning for Automated Verification
Asankhaya Sharma
Promotional presentation for SayCheese. 3D Cravings for your Cravings
SayCheese Ad
SayCheese Ad
Asankhaya Sharma
More from Asankhaya Sharma
(13)
9 types of people you find on your team
9 types of people you find on your team
Design and Implementation of the Security Graph Language
Design and Implementation of the Security Graph Language
Securing Open Source Code in Enterprise
Securing Open Source Code in Enterprise
Secure Software Development
Secure Software Development
Verified Subtyping with Traits and Mixins
Verified Subtyping with Traits and Mixins
Specifying compatible sharing in data structures
Specifying compatible sharing in data structures
Exploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic execution
DIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated Recovery
Developer-focused Software Security
Developer-focused Software Security
Visualizing Symbolic Execution with Bokeh
Visualizing Symbolic Execution with Bokeh
Crafting a Successful Engineering Career
Crafting a Successful Engineering Career
Certified Reasoning for Automated Verification
Certified Reasoning for Automated Verification
SayCheese Ad
SayCheese Ad
Recently uploaded
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
Thiyagu K
SGK
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
This presentation was provided by William Mattingly of the Smithsonian Institution, during the fourth segment of the NISO training series "AI & Prompt Design." Session Four: Structured Data and Assistants, was held on April 25, 2024.
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
National Information Standards Organization (NISO)
Mixin classes are helpful for developers to extend the models. Using these classes helps to modify fields, methods and other functionalities of models without directly changing the base models. This slide will show how to extend models using mixin classes in odoo 17.
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Celine George
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Thiyagu K
Students will get the knowledge of the following- meaning of the pricing, its importance, objectives, methods of pricing, factors affecting the price of products, An overview of DPCO (Drug Price Control Order) and NPPA (National Pharmaceutical Pricing Authority)
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
VishalSingh1417
My CV as of the end of April 2024
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
test
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
The global implications of DORA and NIS 2 Directive are significant, extending beyond the European Union. Amongst others, the webinar covers: • DORA and its Implications • Nis 2 Directive and its Implications • How to leverage directive and regulation as a marketing tool and competitive advantage • How to use new compliance framework to request additional budget Presenters: Christophe Mazzola - Senior Cyber Governance Consultant Armed with endless Excel files, a meme catalog worthy of the best X'os (formerly twittos), and a risk register to make your favorite risk manager jealous, I swapped my computer scientist cape a few years ago for that of a (cyber) threat hunter with the honorary title of CISO. Ah, and I am also a quadruple senior certified ISO27001/2/5, Pas mal non ? C'est francais. Malcolm Xavier Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc. His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management. Date: April 25, 2024 Tags: Information Security, Digital Operational Resilience Act (DORA) ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: Digital Operational Resilience Act (DORA) - EN | PECB NIS 2 Directive - EN | PECB Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
General introduction about Microwave assisted reactions.
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Maksud Ahmed
exam for kinder
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
TeacherCyreneCayanan
Kallidus experts, Lucinda Hensley and Justine Swain, share their insights about the do's and don'ts of accessible design.
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
dawncurless
Kctjbv
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
Class 11th formulas physics
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
AyushMahapatra5
Psychiatric Nursing History collection format
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
PoojaSen20
Pie
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
APM Welcome Tuesday 30 April 2024 APM North West Network Conference, Synergies Across Sectors Presented by: Professor Adam Boddison OBE, Chief Executive Officer, APM Conference overview: https://www.apm.org.uk/community/apm-north-west-branch-conference/ Content description: APM welcome from CEO The main conference objective was to promote the Project Management profession with interaction between project practitioners, APM Corporate members, current project management students, academia and all who have an interest in projects.
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Association for Project Management
In this webinar, members learned the ABCs of keeping books for a nonprofit organization. Some of the key takeaways were: - What is accounting and how does it work? - How do you read a financial statement? - What are the three things that nonprofits are required to track? -And more
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
TechSoup
SGK
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
Numerical on HEV
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
RamjanShidvankar
Recently uploaded
(20)
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
Last Days of Academy
1.
Photo by kevin
dooley
2.
3.
4.
5.
6.
Photo by emmettanderson
7.
Photo by cybrarian77
8.
Photo by mathplourde
9.
10.
Photo by Jair
Alcon Photography
11.
Inspired? Create your own
Haiku Deck presentation on SlideShare! GET STARTED
Download now