An investigation into PL/SQL Injection.

SQL injection is a common attack method used to leverage infor-mation out of a database or to compromise a company’s network. This paper investigates four injection attacks that can be conducted against the PL/SQL engine of Oracle databases, comparing two recent releases (10g, 11g) of Oracle. The results of the experiments showed that both releases of Oracle were vulner-able to injection but that the injection technique often differed in the packages that it could be conducted in.

Numerical encoding to tame SQL injection attacks.

Recent years have seen an astronomical rise in SQL Injection Attacks (SQLIAs) used to compromise the confidentiality, authentication and integrity of organisations’ databases. Intruders becoming smarter in obfuscating web requests to evade detection combined with increasing volumes of web traffic from the Internet of Things (IoT), cloud-hosted and on-premise business applications have made it evident that the existing approaches of mostly static signature lack the ability to cope with novel signatures. A SQLIA detection and prevention solution can be achieved through exploring an alternative bio-inspired supervised learning approach that uses input of labelled dataset of numerical attributes in classifying true positives and negatives. We present in this paper a Numerical Encoding to Tame SQLIA (NETSQLIA) that implements a proof of concept for scalable numerical encoding of features to a dataset attributes with labelled class obtained from deep web traffic analysis. In the numerical attributes encoding: the model leverages proxy in the interception and decryption of web traffic. The intercepted web requests are then assembled for front-end SQL parsing and pattern matching by applying traditional Non-Deterministic Finite Automaton (NFA). This paper is intended for a technique of numerical attributes extraction of any size primed as an input dataset to an Artificial Neural Network (ANN) and statistical Machine Learning (ML) algorithms implemented using Two-Class Averaged Perceptron (TCAP) and Two-Class Logistic Regression (TCLR) respectively. This methodology then forms the subject of the empirical evaluation of the suitability of this model in the accurate classification of both legitimate web requests and SQLIA payloads.

Endowing NoSQL DBMS with SQL features through standard Call Level Interfaces

To store, update and retrieve data from database management systems (DBMS), software architects use tools, like call-level interfaces (CLI), which provide standard functionalities to interact with DBMS. However, the emerging of NoSQL paradigm, and particularly new NoSQL DBMS providers, lead to situations where some of the standard functionalities provided by CLI are not supported, very often due to their distance from the relational model or due to design constraints. As such, when a system architect needs to evolve, namely from a relational DBMS to a NoSQL DBMS, he must overcome the difficulties conveyed by the features not provided by NoSQL DBMS. Choosing the wrong NoSQL DBMS risks major issues with components requesting non-supported features. This paper focuses on how to deploy features that are not so commonly supported by NoSQL DBMS (like Stored Procedures, Transactions, Save Points and interactions with local memory structures) by implementing them in standard CLI.

Critical applications of SW 846 US EPA methods to evaluation of marine samples quality

Technical evaluation of analytical data is of extreme relevance considering it can be used for comparisons with environmental quality standards and decision-making as related to the management of disposal of dredged sediments and the evaluation of salt and brackish water quality in accordance with CONAMA 357/05 Resolution. It is, therefore, essential that the project manager discusses the environmental agency's technical requirements with the laboratory contracted for the follow-up of the analysis underway and even with a view to possible re-analysis when anomalous data are identified. The main technical requirements are: (1) method quantitation limits (QLs) should fall below environmental standards; (2) analyses should be carried out in laboratories whose analytical scope is accredited by the National Institute of Metrology (INMETRO) or qualified or accepted by a licensing agency; (3) chain of custody should be provided in order to ensure sample traceability; (4) control charts should be provided to prove method performance; (5) certified reference material analysis or, if that is not available, matrix spike analysis, should be undertaken and (6) chromatograms should be included in the analytical report. Within this context and with a view to helping environmental managers in analytical report evaluation, this work has as objectives the discussion of the limitations of the application of SW 846 US EPA methods to marine samples, the consequences of having data based on method detection limits (MDL) and not sample quantitation limits (SQL), and present possible modifications of the principal method applied by laboratories in order to comply with environmental quality standards.

Integration and visualization of systems biology data in context of the genome

Background: High-density tiling arrays and new sequencing technologies are generating rapidly increasing volumes of transcriptome and protein-DNA interaction data. Visualization and exploration of this data is critical to understanding the regulatory logic encoded in the genome by which the cell dynamically affects its physiology and interacts with its environment. Results: The Gaggle Genome Browser is a cross-platform desktop program for interactively visualizing high-throughput data in the context of the genome. Important features include dynamic panning and zooming, keyword search and open interoperability through the Gaggle framework. Users may bookmark locations on the genome with descriptive annotations and share these bookmarks with other users. The program handles large sets of user-generated data using an in-process database and leverages the facilities of SQL and the R environment for importing and manipulating data. A key aspect of the Gaggle Genome Browser is interoperability. By connecting to the Gaggle framework, the genome browser joins a suite of interconnected bioinformatics tools for analysis and visualization with connectivity to major public repositories of sequences, interactions and pathways. To this flexible environment for exploring and combining data, the Gaggle Genome Browser adds the ability to visualize diverse types of data in relation to its coordinates on the genome. Conclusions: Genomic coordinates function as a common key by which disparate biological data types can be related to one another. In the Gaggle Genome Browser, heterogeneous data are joined by their location on the genome to create information-rich visualizations yielding insight into genome organization, transcription and its regulation and, ultimately, a better understanding of the mechanisms that enable the cell to dynamically respond to its environment.

The effects of information request ambiguity and construct incongruence on query development

This paper examines the effects of information request ambiguity and construct incongruence on end user's ability to develop SQL queries with an interactive relational database query language. In this experiment, ambiguity in information requests adversely affected accuracy and efficiency. Incongruities among the information request, the query syntax, and the data representation adversely affected accuracy, efficiency, and confidence. The results for ambiguity suggest that organizations might elicit better query development if end users were sensitized to the nature of ambiguities that could arise in their business contexts. End users could translate natural language queries into pseudo-SQL that could be examined for precision before the queries were developed. The results for incongruence suggest that better query development might ensue if semantic distances could be reduced by giving users data representations and database views that maximize construct congruence for the kinds of queries in typical domains. (C) 2001 Elsevier Science B.V. All rights reserved.

Programa Eurosocial II: plan anual de acci??n 2014

O presente Plano Anual de A????o (PAA 2014) inscreve-se em clara continuidade com os precedentes exerc??cios program??ticos do programa EUROsocial II. No entanto, na medida que se passou o equador e se entra na reta final do Programa, se realizou um grande esfor??o para concentrar a????es e se focar em pa??ses que apresentam menos riscos e maiores condi????es de viabilidade para o alcance dos resultados esperados. Neste sentido, no ano 2014 vai representar um ponto de inflex??o, no que culminar?? grande parte das a????es do Programa, documentar-se-?? uma boa parte dos resultados conseguidos, projetando para o ano 2015 linhas de trabalho mais intersetoriais e estrat??gicas. Por conseguinte tem-se um PAA mais simplificado e melhor estruturado (de 10 ??reas tem??ticas passou-se a 4 macro-??reas), com uma dimens??o regional mais potente que tem permitido elevar a dimens??o estrat??gica do programa, e com a????es mais interconectadas e coerentes que respondem melhor a uma vis??o unit??ria do Programa. Neste exerc??cio de programa????o tanto os s??cios operativos como os s??cios coordenadores t??m sabido conjugar melhor os dif??ceis equil??brios que deve manter o programa: orienta????o a demanda vs. gest??o para resultados; dimens??o regional vs. abordagem de problem??ticas a n??vel nacional; dimens??o estrat??gica vs. dimens??o operativa. Tamb??m se incorporou algumas das recomenda????es realizadas por parte da avalia????o de meio de percurso que se realizou no segundo semestre do 2013.

Caminhos da sustentabilidade para o cinema brasileiro

O artigo pretende mostrar as dificuldades de sustentabilidade da atividade cinematogr??fica brasileira. Com base na an??lise da cadeia produtiva, na estrutura tribut??ria e nas falhas da legisla????o de incentivo fiscal, prop??e-se a exist??ncia de um ciclo vicioso de depend??ncia aos incentivos fiscais. Tendo em vista as dificuldades de acesso a salas de cinema, devido, entre outros fatores, ao baixo poder aquisitivo da popula????o e ?? concentra????o geogr??fica de cinemas nas grandes cidades, prop??e-se uma parceria efetiva entre cinema e televis??o, facilitada pela tecnologia digital. Isso implicar?? altera????es na legisla????o atual, bem como a cria????o de regras regulat??rias, como forma de ampliar o acesso de filmes nacionais ?? grade de programa????o televisiva e tamb??m de viabilizar, em termos industriais, essa atividade econ??mica.

Gest??o p??blica e pesquisa operacional: avalia????o de desempenho em ag??ncias da Previd??ncia Social

O presente trabalho utiliza a metodologia DEA (Data Envelopment Analysis ), para avaliar a efici??ncia das 22 Ag??ncias da Previd??ncia Social ??? Ger??ncia Executiva Fortaleza (APS-GEXFOR). DEA utiliza programa????o linear cujo n??cleo das estruturas anal??ticas ?? formado a partir do modelo original CCR (Charnes, Cooper, e Rhodes). Aplicada ??s DMU (Decision Making Units), define uma Fronteira de Efici??ncia identificando Unidades Eficientes e Ineficientes. Foi utilizado o modelo DEA-CCR implementado pelo software DEA Solver??. A Previd??ncia Social (INSS) disp??e de indicadores de desempenho. Algumas vari??veis utilizadas no modelo implementado derivam desses indicadores, outras informa????es foram disponibilizadas pelos sistemas de informa????o da institui????o. A avalia????o de efici??ncia DEA das APS-GEXFOR permitiu identificar as melhores pr??ticas, mensurar a participa????o de cada vari??vel envolvida na avalia????o da unidade e projetar as unidades ineficientes na fronteira de efici??ncia, identificando metas a serem atingidas para torn??-las eficientes no conjunto observado.

A lei geral de comunica????o eletr??nica de massa e a qualidade da programa????o televisiva

O presente artigo pretende analisar a quest??o da qualidade da programa????o na televis??o brasileira a partir da proposta de um novo marco regulat??rio para o setor de comunica????o social eletr??nica. Essa nova lei, entre outras disposi????es, ir?? regulamentar o artigo 221 da Constitui????o Federal, que trata dos princ??pios pelos quais o conte??do televisivo deve pautar-se. Com isso, define-se qualidade levando-se em considera????o dois aspectos: diversidade e ressalvas ?? liberdade de express??o, ambos previstos na Constitui????o Federal. A partir dessa conceitua????o, prop??e-se a instrumentaliza????o do controle social sobre o conte??do televisivo e a garantia de meios para a diversidade da programa????o. Com rela????o ao primeiro aspecto, recomenda-se a atua????o transparente de uma futura ag??ncia reguladora e a implementa????o de mecanismo de controle individual da programa????o. No que tange ?? diversidade, ressalta-se a import??ncia do fortalecimento das televis??es p??blicas e medidas governamentais no sentido de estimular a multiprograma????o propiciada pelo advento da tecnologia digital.

Configuração e interrogação com sistemas federados

Apesar da existência de produtos comerciais e da investigação na área, a construção de sistemas de informação com diversos componentes distribuídos, heterogéneos e autónomos - conhecidos como sistemas de informação federados - é ainda um desafio. Estes sistemas de informação oferecem uma visão global unificada sobre os vários modelos de dados (parciais). No entanto, a modelação destes sistemas é um desafio, já que modelos de dados como o relacional não incluem informação sobre a distribuição e tratamento de heterogeneidade. É também necessário interagir com estes sistemas de informação, através de interrogações sobre os diversos componentes dos sistemas, sem ser necessário conhecer os detalhes dos mesmos. Este trabalho propõe uma abordagem a estes desafios, através da utilização de modelos para descrição semântica, e.g. linguagem OWL (Ontology Web Language), para construir uma descrição unificada dos seus diversos modelos parciais. O modelo criado para dar suporte a esta descrição é, em parte, baseado em ontologias existentes, que foram alteradas e extendidas para resolver diversos desafios de modelação. Sobre este modelo, é criado um componente de software que permite a execução de interrogações SQL (Structured Query Language) sobre o sistema federado, resolvendo os problemas de distribuição e heterogeneidade existentes.

Aplicação web para tratamento estatístico de dados de teste

Mestrado em Engenharia Electrotécnica e de Computadores

Optimização da lista de células vizinhas em redes LTE

Trabalho Final de Mestrado para obtenção do grau de Mestre em Engenharia de Electrónica e Telecomunicações

SGBD de alta escalabilidade com suporte a dados georreferenciados

Trabalho Final de Mestrado para obtenção do grau de Mestre em Engenharia Informática e de Computadores

Using a prioritized MAC protocol to execute the database operation join in networked embedded computer systems

Database query languages on relations (for example SQL) make it possible to join two relations. This operation is very common in desktop/server database systems but unfortunately query processing systems in networked embedded computer systems currently do not support this operation; specifically, the query processing systems TAG, TinyDB, Cougar do not support this. We show how a prioritized medium access control (MAC) protocol can be used to efficiently execute the database operation join for networked embedded computer systems where all computer nodes are in a single broadcast domain.