15.0. Percent Exceptions
|
|
- Cornelia Hines
- 8 years ago
- Views:
Transcription
1 WhyCOTSSoftwareIncreasesSecurityRisks GaryMcGraw ReliableSoftwareTechnologies 21515RidgetopCircle,Suite250,Sterling,VA20166 phone:(703) ,fax:(703) Abstract UnderstandingtherisksinherentinusingCOTS softwareisimportantbecauseinformationsystemstodayarebeingbuiltfromevergreateramountsofreused andpre-packagedcode.securityanalysisofcomplex softwaresystemshasalwaysbeenaseriouschallenge withmanyopenresearchissues.unfortunately,cots softwareservesonlytocomplicatematters.often, codethatisacquiredfromavendorisdeliveredinexecutableformwithnosourcecode,makingsometraditionalanalysesimpossible.theupshotisthatrelyingontoday'scotssystemstoensuresecurityis ariskyproposition,especiallywhensuchsystemsare meanttoworkovertheinternet.thisshortpaper touchesontherisksinherentsomeoftoday'smore popularcotssystems,includingoperatingsystems andjavavirtualmachines.ialsopresentrobustness resultsgatheredbyaresearchprototypecalledrid- DLE(RandomandIntelligentDataDesignLibrary Environment),whichwasusedtoassesstherobustnessofnativeWindowsNTsystemutilitiesaswellas Win32portsoftheGNUutilities. 1COTSinAction (or,cotsinaction) LiketherestoftheDepartmentofDefense,the UnitedStatesNavyismandatedtouseCommercial O-The-Shelf(COTS)technologyinordertostandardizeandtosavemoney.TheNavy'sSmartShip initiative,whichiscurrentlybeingtestedasapilot studyontheaegismissilecruiserussyorktown,is aprimeexampleofthemovetocots.amajorpart ThisworkissponsoredundertheDefenseAdvancedResearchProjectsAgency(DARPA)ContractF C theviewsandconclusionscontainedinthisdocument arethoseoftheauthorsandshouldnotbeinterpreted asrepresentingtheofficialpolicies,eitherexpressed orimplied,ofthedefenseadvancedresearchprojects agencyortheu.s.government. oftheinitiativeistomigratesystemstothemicrosoft WindowsNTOperatingSystem.WhatrecentlyhappenedtotheYorktownservestounderscorethenature ofsecurityrisksinherentincots-basedsystems. InSeptember1997,theYorktownwasunderwayin maneuversothevirginiacoast.duringthemaneuvers,theyorktownsueredaserioussystemsfailure causedbyadividebyzeroerrorinanntapplication. AccordingtotheRISKSdigest(Volume18,Issue88), thezeroseemstohavebeenanerroneousdataitem enteredbyasystemuser.asaresultoftheerror,the shipwasdeadinthewaterforovertwoandahalf hours. Thissomewhatamusinganecdotewouldturnoutto beaveryseriousandpotentiallydeadlyproblemduringwartime.windowsntisknowntohaveanumber offailuremodes,anyoneofwhichcouldbeleveraged intoaninformationwarfareweapon.nevertheless, sincentisquicklybecomingadefactostandardin industry,thedodisunlikelytoabandonitseortto adoptit.insteadofbecominglesslikely,problems suchasthoseexperiencedontheyorktownareahint ofthingstocome. 2COTSProblemsPercolateUp DespitetheproliferationofNTWorkstationsin business-criticalandmission-criticalenvironments,littleanalysisofthesoftwarethatcomprisesthentplatformhasbeenperformed.thisimpliesthattheextent towhichnthasinherentsecurityrisks,systemsbuilt withacotsarchitecturethatincludentinheritthe samerisks. OperatingSystemsarenotaloneinthisproblem. Anythird-partysoftwareincludedinasystemhas thesamerisk-percolationproperty,whetherthesoftwareispackagedatthecomponentlevelorhigher. ThatmeansthatCOTSpartsofelectroniccommerce systemsnowonthedrawingboard,includingweb
2 browsersandjavavirtualmachines,introducesimilarconcerns[2]. IfCOTSintroducemorerisks,whyusethem? Unfortunately,theissueisnotcompletelycut-anddry.COTShaveanumberofimportantbenetsthat shouldnotbeoverlooked.considercomponentre-use inprogrammingsystemslikevisualbasic.today's applicationsaremorecomplicatedthanever,andthe timepressuretogetthemdoneandputthemintouse isgreaterthanever.visualbasiccomponentssave bothtimeandeort.thereisnoreasonthatthe softwareindustryshouldnotlearnfromelectricalengineeringwhereprefabricatedcomponentshavebeen usedforyears. Therealproblemisthis: COTSoftensuerfromdependability,security,andsafetyproblems.Whatcanwedoto analyzecotsandmeasurethemaccording totheseproperties? ThisproblemisexacerbatedbythefactthatCOTS areusuallydeliveredwithnoguaranteesabouttheir behaviorinblackboxform.itishardenoughtotry todeterminewhataprogramwilldogivenitssource code.withoutthesourcecode,theproblembecomes muchharder. 3RisksinJava:Acasestudy TheJavaprogramminglanguagefromSunMicrosystemsmakesaninterestingcasestudyfroma COTSsecurityperspective.Javawas,afterall,designedwithsecurityinmind.Java'ssecuritymechanismsarebuiltonafoundationoftypesafety andincludeanumberoflanguage-basedenforcement mechanisms[4].unfortunately,aswithanycomplex system,javahashaditsproblemswithsecurity.it turnsouttobeveryhardtodothingsexactlyright, andexactlyrightiswhatisdemandedbysecurity. EdFeltenandIhavedenedfourbroadcategories ofattackswithwhichtounderstandjava'ssecurity risks.thesecategoriescanbeusedtocategorizeall mobilecoderisks: 1.Systemmodicationattacksoccurwhenan attackerexploitsasecurityholetotakeoverand modifythetargetsystem.theseattacksarevery seriousandcanbeusedforanynumberofnefariousends,including:installingavirus,installing atrapdoor,installingalisteningpost,reading privatedata,andsoon. 2.Invasionofprivacyattackshappenwhena pieceofjavacodegetsaccesstodatameanttobe keptprivate.suchdataincludespasswordles, personaldirectorynames,andthelike. 3.Denialofserviceattacksmakeitimpossible touseamachineforlegitimateactivities.these kindsofattacksarealmosttrivialintoday'ssystems(javaorotherwise)andareanessentialrisk categoryfore-commerceanddefense. 4.Antagonismattacksaremeanttoharassor annoyalegitimateuser.theseattacksmight includedisplayingobscenepicturesorplaying soundlesforever. Unfortunately,allfourcategoriesofattackcanbe carriedoutinjavasystems.byfarthemostdangerousattacks,systemmodication,leverageholesinthe JavaVirtualMachinetowork.ThoughJava'sinternal defensesagainstsuchattacksarestrong,atleastfteenmajorsecurityholeshavebeendiscoveredinjava (andsincepatched).thelatestsuchhole,aproblem withclassloadinginthejdk1.2beta3,wasdiscoveredinjuly1998. Ifsupposedly-securesystemslikeJavaVirtualMachines(itemscommonlyincludedasCOTSinsystemsrangingfromsmartcardsandembeddeddevices towebbrowsers)havesecurityrisks,whatdoesthis sayaboutlesssecurity-consciouscots?thesomewhatdisturbingansweristhatothersystemsaremuch worseo.microsoft'sactivexsystem,forexample, presentsanumberoffarmoreserioussecurityproblemsthanjavadoes. 4BlackBoxAnalysis Mostsoftwaresecurityvulnerabilitiesresultfrom twofactors:programbugsandmaliciousmisuse. Technologiesandmethodologiesforanalyzingsoftware inordertodiscoverthesevulnerabilities(andpotentialavenuesforexploitation)areacurrenttopicof computersecurityresearch.dynamicsoftwareanalysistechnologiesusuallyrequireprogramsourcecode. However,mostCOTSsoftwareapplicationsaredeliveredintheformofbinaryexecutables(including hookstodynamiclibraries),renderingsource-code{ basedtechniquesuseless.thus,alternativemethods foranalyzingsoftwarevulnerabilityundermalicious misuseorattackarerequired. Dynamicblack-boxanalysisisanimportantapproachtosoftwarevulnerabilitylocalizationthat, giventoday'sinexpensivehardware,canbeperformed relativelycheaply.thisanalysisisavariantontraditionalsoftwaretestingthatisparticularlyattractive becauseitcanbeappliedtobinaryexecutables,includingcotsandlegacyexecutables.thisapproach
3 isnottypicalvanillatesting,butratherfocusedtestingwiththeexpresspurposeofdeterminingacomponent'stolerancetoattack.thoughthisapproach neitherrequiresfunctionalspecicationsforcomponentsnorfunctionalrequirements,itdoesrequirethe usertocharacterizewhatasecurityviolationis(based onsite-specicsecuritypolicy). 4.1RIDDLE:NTrobustness ResearchatReliableSoftwareTechnologiesisaddressingtheproblemofCOTSsecurityanalysisby beginningwiththeproblemofcomponentrobustness [1].Thisfollowsthefootstepsoftworesearcheorts: Fuzz[5]andBallista[3],bothofwhichconsideredthe robustnessofunixsystemsoftware.riddle'starget isnt. TheRandomandIntelligentDataDesignLibrary Environment(RIDDLE)enablesanalysisofcommercialo-the-shelf(COTS)softwarebyusingblack-box testingtechniques.riddlepermitsstresstestingof applicationsoftware,systemutilities,com/dcom components,sharedlibraries,andsystemfunctions. Unliketraditionalblack-boxtestingapproaches,RID- DLEstresstestssoftwareusingunexpected,intelligentlycraftedtestcases.Thegoalofthisresearch istodeterminewhatrobustnessgaps,ifany,existin WindowsNTsoftware. Testcasesaregeneratedwithrandom,intelligent inputusingtheinputgrammarofthecomponentunderanalysis.ratherthansimplygeneratingrandom inputthatdoesnotmeetthebasicsyntaxoftheprogram'sinput,generatinginputintelligentlyusingthe inputgrammarofthecomponentpermitsstresstestingofmoreofthesoftware'sfunctions.riddleprovidesanenvironmenttocombinerandominput,maliciousinput,andboundaryvalueconditionsinthelegalgrammaroftheprogramtotestitsbehaviormore thoroughlyunderanomalousconditions. 4.2Results RIDDLEwasusedtoperformrobustnesstestson twocategoriesofwindowsntsoftware.therst categoryismadeupofwindowsntcommandline utilitiesthataresuppliedwiththeoperatingsystem. Theutilitiestestedareattrib,chkdsk,comp,expand, fc,find,help,label,andreplace.thesecondcategoryofsoftwarethatwastestedwasagroupofgnu commandlineutilitiesthathavebeenportedtothe WindowsNToperatingsystemaspartoftheCygnus project.theportedgnuutilitiestested arecat,chmod,chksum,cp,ls,mv,rm,andwc. Theexperimentationcoveredmanycombinationsof thestringlengthsandcharactersets.inall,therewere 64,000testsrunontheGNUutilities,and114,000 Utility Group Figure1:Percentageofunhandledexceptionsforall testcasesrunagainstthenativewindowsntand utilities.thevastmajorityofunhandled exceptionswerememoryaccessviolationsthatresult intheabortedexecutionoftheprogrambeingtested. testsrunonthenativewindowsntutilities.rid- DLEdetecteddistinctterminationstatesfromthe programsthatweretested.theexitstatesdetermine whentheprogramterminatesnormally,whentheprogramishung,andwhentheprogramterminatesdue toanunhandledexception.threetypesofexceptions werecaughtbytheriddlemonitorintheseexperiments:memoryaccessviolationexceptions,privileged instructionexceptions,andillegalinstructionexceptions.iftheseexceptionsariseduringtheexecution ofaprogram,thentheprogramhasfailedtoperform robustlybyfailingtohandletheexceptioninternally. Figure1summarizestheresultsofthetestingofnativeWindowsNTutilitiesandtheutilities.InallthetestcasesrunagainstthenativeWindowsNTutilities,only0.338%ofthetestcasesresultedinfailureaccordingtoourfailuremetric.On theotherhand,theutilitiesexitwithan unhandledexception10.64%ofthetime.thedistributionofexceptionsfavoredmemoryaccessviolations soheavily(approximately7000to1for, and100to1forwindowsnt)thattheothertypesof exceptionsarestatisticallyinsignicant. Furtheranalysisoftheresultsshow thatthe10.64%failurerateisfairlyconsistentacross theeightgnuutilitiesthatweretested.thevast majorityoftheexceptionsoccurredwhenthechar-
4 Figure2:Distributionofunhandledexceptionsamong Figure3:Thepercentageoftestcasesthatresulted 2.0 Alphabetical Printable character. rangeofthelastcolumn,[0,255],includesthenull cludesallcharactersexceptthenullcharacter.the dierentcontenttypes.thecharacterrange[1,255]in- Character Set dramaticallywhenthecharactersetisalteredtoincludethenullcharacter,orwhenitconsistsonlyocialcharacters.thenumberofexceptionsdecreases mostlikelyduetotheprogram'sinterpretationofspe- range[1,255](excludingthenullcharacter).thisis actersetbeingusedforstringgenerationwasinthe input.thiswouldexplainwhytherearefewerunhandledexceptionswhenthischaracterisusedinlighacterofastring,eectivelylimitingthelengthofthe charactermaybeinterpretedastheterminationchar- printablecharactersintherange[33,127].thenull Figure3).Anotherpossibilityisthatifthenullcharacterisinterpretedaseithertheendofastringorthe ofthecorrelationbetweenlengthandexceptions(see endoftheparameterlist,thentheparametersmay theutilitymayimmediatelyrejectthetestcase. nolongerconstituteavaliduseoftheapplicationand eryprintableandnon-printablecharacterexceptfor thecharactersetrange[1,255].thissetincludesevtiesaremostvulnerabletoinputthatissampledfrom showninfigure2.clearly,theutili- Thedistributionofexceptionsbycontenttypeis set(includingnon-printablecharacters)thatresulted lengthwithnearlytheentirerangeofthecharacter ceptions.instead,itisthecombinationofverylong thealphabeticalandprintablesetresultedinfewex- thenullcharacter.evenverylonglengthinputin 1.0 inexceptionsasafunctionofthelengthoftheinput strings String Length (Characters) inthemostunhandledexceptions. oftheexceptionratiosshowthatasthe stringincreasesasillustratedinfigure3.thegraph istheincreaseinunhandledexceptionsasthelengthof fromthetestsperformedontheutilities Themostsignicanttrendinthedatacollected whenthelengthofthestringusedwaseither8or putgrammar.signicantlyfewerexceptionsoccurred failuretohandleanomalousinputwithinproperin- lengthofinputisincreasedfrom8to4096bytes,the 250characters.Becausetheexceptionthatoccurred numberofexceptionsrisesdramaticallyindicatinga longinputprobablypointstoaregionofthememory theinstructionpointerthatwasoverwrittenwiththe legalpointerontheprogramstack.inotherwords, ismostlikelyanover-writtenbuerthatplacedanil- mostoftenwasamemoryaccessviolation,thecause thatisinaccessiblefortheprogram,oritmaypoint todatathatisnotavalidinstructionopcode.this utilitiestobueroverrunattacks. resultpointstopotentialvulnerabilitiesinthegnu Theexpandutilityhadafailurepatternsimilartothe ofthem,compandexpandproducedanyexceptions. ture.ofthenineutilitiesthatweretested,onlytwo tivewindowsntutilitiespaintsaverydierentpic- Thedatacollectedfromthetestsrunonthena- complex.thecomputilityfailedmostfrequentlywhen stringswerelongerandthecharactersetsweremore utilities.itfailedmoreoftenwhenthe
5 was250. 5TowardsManagingCOTSRisks thecharactersetwasalphabetic,andthestringlength inmind(likethejavavm)suerfromserioussecurityproblems,wecanonlycringeatthethoughtof GiventhatCOTSspecicallydesignedwithsecurity COTSarebecomingasubiquitousassoftwareitself. derstandingthesecurityimplicationsofusingcots. Itisclearthatmuchworkremainstobedoneinun- therisksthatlesscarefully-designedcotsintroduce. desktopapplications,andole/com/dcomcomponents.futureresearchwillinvolvetestingtheseother supporttestingofnetworkservers,sharedlibraries, behaviorofablackboxcotssystemisauseful exercise.riddleiscurrentlybeingexpandedto TheRIDDLEexperimentsshowthatprobingthe securityholes. gapstodeterminetheirpotentialtobeexploitedinto classesofntsoftwareaswellasexploringrobustness AcknowledgementsTheRIDDLEworksketchedherewas ReliableSoftwareTechnologies.See[1]foramorethorough performedbyanupghosh,mattschmid,andvirenshahof [1]A.Ghosh,M.Schmid,andV.Shah.Testingthe References treatmentofthesubject. [2]A.K.Ghosh.E-CommerceSecurity:WeakLinks, November robustnessofwindowsntsoftware.toappear, [3]P.Koopman,J.Sung,C.Dingman,D.Siewiorek, BestDefenses.JohnWiley&Sons,NewYork, robustnessbenchmarks.inproceedingsofthe16th andt.marz.comparingoperatingsystemsusing NY,1998.ISBN [4]G.McGrawandE.Felten.JavaSecurity:Hostile pages72{79,october1997. IEEESymposiumonReliableDistributedSystems, [5]B.P.Miller,D.Koski,C.P.Lee,V.Maganty, R.Murthy,A.Natarajan,andJ.Steidl.Fuzzrevisted:Are-examinationofthereliabilityofunix ofwisconsin,computersciencesdept,november Sons,NewYork,1996. Applets,Holes,andAntidotes.JohnWileyand utilitiesandservices.technicalreport,university
Solution for Homework 2
Solution for Homework 2 Problem 1 a. What is the minimum number of bits that are required to uniquely represent the characters of English alphabet? (Consider upper case characters alone) The number of
More informationThe use of binary codes to represent characters
The use of binary codes to represent characters Teacher s Notes Lesson Plan x Length 60 mins Specification Link 2.1.4/hi Character Learning objective (a) Explain the use of binary codes to represent characters
More informationCardinality. The set of all finite strings over the alphabet of lowercase letters is countable. The set of real numbers R is an uncountable set.
Section 2.5 Cardinality (another) Definition: The cardinality of a set A is equal to the cardinality of a set B, denoted A = B, if and only if there is a bijection from A to B. If there is an injection
More informationIntroduction to Finite Automata
Introduction to Finite Automata Our First Machine Model Captain Pedro Ortiz Department of Computer Science United States Naval Academy SI-340 Theory of Computing Fall 2012 Captain Pedro Ortiz (US Naval
More information9.0 eportal Element of the ecommerce website
9.0 eportal Element of the ecommerce website The eportal element of the website is a query tool to allow access to your Account s trading information with Viglen and is available to you in two flavours:
More informationORGANISATION DATA SERVICE ACCESS DATABASE
ORGANISATION DATA SERVICE ACCESS DATABASE Version 6.0 June 2014 1. Introduction The Organisation Data Service Access Database was created from the current download files distributed by ODS. It is available
More informationCITRUS COUNTY PROPERTY APPRAISER S OFFICE How to perform a search
Address Search Use this search option to locate properties using a street number, name or direction. 1. For best results leave off the street suffix. 2. Use the * as a wild card to match any string of
More informationHow to Perform a Search and View Property Details in Excel
How to perform a search Owner Search Use this search option to locate properties with a known owner name. Ownership example with partial name: 1. Type in the full name or part of the full name into the
More informationCSC4510 AUTOMATA 2.1 Finite Automata: Examples and D efinitions Definitions
CSC45 AUTOMATA 2. Finite Automata: Examples and Definitions Finite Automata: Examples and Definitions A finite automaton is a simple type of computer. Itsoutputislimitedto yes to or no. It has very primitive
More informationSave Actions User Guide
Microsoft Dynamics CRM for Sitecore 6.6-8.0 Save Actions User Guide Rev: 2015-04-15 Microsoft Dynamics CRM for Sitecore 6.6-8.0 Save Actions User Guide A practical guide to using Microsoft Dynamics CRM
More informationNATIONAL BANK OF ROMANIA
NATIONAL BANK OF ROMANIA Unofficial translation Regulation regarding the usage of the IBAN codes in Romania Having regard to the provisions of Article 2, paragraph (2) and Article 23 of the Law no. 101/1998
More informationSearching for Classes and Course Information Online
Technology Help Desk 412-624-HELP [4357] technology.pitt.edu Searching for Classes and Course Information Online With PeopleSoft Student Center Overview Through the PeopleSoft Student Center, students
More informationProseminar on Semantic Theory Fall 2013 Ling 720. Problem Set on the Formal Preliminaries : Answers and Notes
1. Notes on the Answers Problem Set on the Formal Preliminaries : Answers and Notes In the pages that follow, I have copied some illustrative answers from the problem sets submitted to me. In this section,
More information2. The scanner examines the scanned data to determine if the barcode represents an XL Type I command or not. In Pseudo-Code:
Using Arbitrary Barcodes with XL XL TECH NOTE This tech note applies to firmware version 0.5.0 and later. P R O B L E M.In many installations, it is desired to be able to scan non XL Printed barcodes into
More informationQuik-Biz Contract Management System
Quik-Biz Contract Management System Administration and User Guide TPS of Illinois, Incorporated www.tps-of-il.com Publish Date: 12/01/2007 Table of Contents Quik-Biz Contract Management System - Introduction...3
More informationGETTING STARTED: Office365 OneDrive for Business
GETTING STARTED: Office365 OneDrive for Business Introduction: This guide will guide you through the process of using and navigating your Office365 OneDrive for Business app from the Portal and from your
More informationKnuth-Morris-Pratt Algorithm
December 18, 2011 outline Definition History Components of KMP Example Run-Time Analysis Advantages and Disadvantages References Definition: Best known for linear time for exact matching. Compares from
More informationChapter 4: Computer Codes
Slide 1/30 Learning Objectives In this chapter you will learn about: Computer data Computer codes: representation of data in binary Most commonly used computer codes Collating sequence 36 Slide 2/30 Data
More informationFinding Information about your Purchase Orders (POs) and Requisitions
Finding Information about your Purchase Orders (POs) and Requisitions There are two main sources for information regarding your POs and requisitions. 1. The Purchasing System Inquiry: Choose the Purchasing
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS 1. What is the YES BANK MasterCard SecureCode? The MasterCard SecureCode is a service offered by YES BANK in partnership with MasterCard. This authentication is basically a password
More informationShark Talent Management System Performance Reports
Shark Talent Management System Performance Reports Goals Reports Goal Details Report. Page 2 Goal Exception Report... Page 4 Goal Hierarchy Report. Page 6 Goal Progress Report.. Page 8 Goal Status Report...
More informationLecture 4: Exact string searching algorithms. Exact string search algorithms. Definitions. Exact string searching or matching
COSC 348: Computing for Bioinformatics Definitions A pattern (keyword) is an ordered sequence of symbols. Lecture 4: Exact string searching algorithms Lubica Benuskova http://www.cs.otago.ac.nz/cosc348/
More informationWEBSITES FOR CHILDCARE PROVIDERS
WEBSITES FOR CHILDCARE PROVIDERS PRESCHOOL LESSON PLANS: ALL SUBJECT AREASwww.everythingpreschool.com This comprehensive web site includes: Preschool Themes, Lesson Plans, Alphabet Ideas, Coloring Pages,
More informationP2 Asset Support System (PASS) New Registration Manual
P2 Asset Support System (PASS) New Registration Manual Click on Register button on the portal site of P2 Asset Support System (PASS) to go into New Registration site. PASS Portal: http://panasonic.biz/sav/pass_e
More informationMatrix Technical Support Mailer 124 Basic steps to configure SIP extensions in ETERNITY NE
Matrix Technical Support Mailer 124 Basic steps to configure SIP extensions in ETERNITY NE Dear Friends, This mailer will help you to configure the SIP extensions in ETERNITY NE. Introduction:- Space The
More informationImporting data from Linux LDAP server to HA3969U
Importing data from Linux LDAP server to HA3969U Application Notes Abstract: This document describes how to import data and records from Linux LDAP servers to Storageflex HA3969U systems, and by doing
More informationACCESS FEA ACCESS DISCOUNT WEBSITE
FEA ACCESS DISCOUNT WEBSITE FEA ACCESS DISCOUNT WEBSITE DESIGNED WITH MEMBERS IN MIND. After extensive member research and feedback, we ve designed the Access savings website to be intuitive and user friendly,
More informationThe following program is aiming to extract from a simple text file an analysis of the content such as:
Text Analyser Aim The following program is aiming to extract from a simple text file an analysis of the content such as: Number of printable characters Number of white spaces Number of vowels Number of
More informationSearching your Archive in Outlook (Normal)
Searching your Archive in Outlook (Normal) 1. View the Archive Add in toolbar. In Outlook 2007, the toolbar displays below the standard Outlook toolbars. In Outlook 2010, select the McAfee tab. 2. In the
More informationRegular Languages and Finite State Machines
Regular Languages and Finite State Machines Plan for the Day: Mathematical preliminaries - some review One application formal definition of finite automata Examples 1 Sets A set is an unordered collection
More informationTechnical specifications for the electronic transmission of the Financial Transactions Tax. Annex 6
Technical specifications for the electronic transmission of the Financial Transactions Tax Annex 6 INDEX 1. GENERAL INFORMATION... 3 1.1 GENERAL... 3 1.2 RECORDS SEQUENCE... 3 1.3 SRECORDS STRUCTURE...
More informationAutomata Theory. Şubat 2006 Tuğrul Yılmaz Ankara Üniversitesi
Automata Theory Automata theory is the study of abstract computing devices. A. M. Turing studied an abstract machine that had all the capabilities of today s computers. Turing s goal was to describe the
More informationRegular Expressions and Automata using Haskell
Regular Expressions and Automata using Haskell Simon Thompson Computing Laboratory University of Kent at Canterbury January 2000 Contents 1 Introduction 2 2 Regular Expressions 2 3 Matching regular expressions
More informationMultimedia Systems WS 2010/2011
Multimedia Systems WS 2010/2011 31.01.2011 M. Rahamatullah Khondoker (Room # 36/410 ) University of Kaiserslautern Department of Computer Science Integrated Communication Systems ICSY http://www.icsy.de
More informationHOW TO ORGANIZE YOUR PAPER FILES
HOW TO ORGANIZE YOUR PAPER FILES Genealogy is fun when you can find things, but it can be frustrating when you can't. Therefore, you need a simple system for organizing papers so that you can quickly find
More informationLempel-Ziv Coding Adaptive Dictionary Compression Algorithm
Lempel-Ziv Coding Adaptive Dictionary Compression Algorithm 1. LZ77:Sliding Window Lempel-Ziv Algorithm [gzip, pkzip] Encode a string by finding the longest match anywhere within a window of past symbols
More informationECBS TR 201V2.2.22, MARCH 2003 REGISTER OF EUROPEAN ACCOUNT NUMBERS ITALY 61
REGISTER OF EUROPEAN ACCOUNT NUMBERS ITALY 61 Italy DOMESTIC ACCOUNT NUMBER Account Number Structure 1 12345 12345 123456789012 X 05428 11101 000000123456 Identifying Min/max Fills Example c 1 Check digit
More informationTips for Web Filers. Tips for Web Filers. New Company Registration Page
Please read all information and instructions prior to entering the data. The instructions provide important details about completing the form and will help make your web experience a positive one. 1. How
More informationUnified Monitoring Portal Online Help Account Admin
Unified Monitoring Portal Online Help Account Admin This PDF file contains content from the Unified Monitoring Portal (UMP) Online Help system. It is intended only to provide a printable version of the
More informationData Domain Profiling and Data Masking for Hadoop
Data Domain Profiling and Data Masking for Hadoop 1993-2015 Informatica LLC. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or
More informationTTUHSC Online Contract Accounts Receivable
TTUHSC Online Contract Accounts Receivable The Contracts Accounts Receivable system is a component of the Contracting Website which contains the systems noted below: Contract Database Contract Accounts
More informationMAGENTO Migration Tools
MAGENTO Migration Tools User Guide Copyright 2014 LitExtension.com. All Rights Reserved. Magento Migration Tools: User Guide Page 1 Content 1. Preparation... 3 2. Setup... 5 3. Plugins Setup... 7 4. Migration
More informationQUICK REFERENCE GUIDE
QUICK REFERENCE GUIDE Using the Search for an Asset Page December 4, 2015 Use the Search for an Asset Page This topic covers searching for an asset and selecting an Asset Management component (page) to
More informationWorking with Strings and Text in Alice
A string is a sequence of characters, while a character is (in general) any of the letters, numbers, or symbols represented on your keyboard. In computer programs, strings are used to represent very common
More informationitrust Medical Records System: Requirements for Technical Safeguards
itrust Medical Records System: Requirements for Technical Safeguards Physicians and healthcare practitioners use Electronic Health Records (EHR) systems to obtain, manage, and share patient information.
More informationThird Southern African Regional ACM Collegiate Programming Competition. Sponsored by IBM. Problem Set
Problem Set Problem 1 Red Balloon Stockbroker Grapevine Stockbrokers are known to overreact to rumours. You have been contracted to develop a method of spreading disinformation amongst the stockbrokers
More informationBT Cloud Voice. Call Forward Selective. What is it? How do I set up a rule?
BT Cloud Voice Call Forward Selective What is it? Call Forward Selective lets you apply rules to how calls are handled so any incoming call matching the criteria you ve set will be forwarded to your chosen
More informationSafeSession User's Guide for iphone
SafeSession User's Guide for iphone version 01.002 November, 2011 Table of Contents What is SafeSession?...3 Installation...4 Using itunes...4 Call page...5 SafeSession TabBar...7 Contacts...7 Keypad...9
More informationSection 2.5.08 Transaction Codes. Contents. Transaction Codes... 2 Procedures Tab... 3 Adjustments Tab... 5 Non-billing Codes Tab...
Section 2.5.08 Transaction Codes Contents Transaction Codes... 2 Procedures Tab... 3 Adjustments Tab... 5 Non-billing Codes Tab... 7 V Ā L A N T M E D I C A L S O L U T I O N S, I N C. P O B O X 2 1 4
More informationPaging & Messaging at the VCU Medical Center
Paging & Messaging at the VCU Medical Center Telepage Communications Telepage Call Centers: > 1.5 Million Calls in FY 12-13 Paging ( Telepage ) Patient Information Answering Service Emergency Response
More informationecw Weekly Users Tip: My Settings: Template-Friendly Settings & My Favorites: Templates
ecw Weekly Users Tip: My Settings: Template-Friendly Settings & My Favorites: Templates Templates, regardless of how basic or how comprehensive, can make your notes overwhelming and visually harder to
More informationITB BERLIN 2014. 5 9 March 2014. ITB Berlin Catalogue. Quickfinder. ITB Mobile Guide. Premium Package ITB BERLIN THE WORLD S LEADING TRAVEL TRADE SHOW
THE WORLD S LEADING TRAVEL TRADE SHOW ITB BERLIN 2014 Quickfinder ITB Mobile Guide Premium Package ITB BERLIN 2014 THE WORLD S LEADING TRAVEL TRADE SHOW ITB Berlin 2014 now offers even better ways to present
More informationImporting Lease Data into Forms Online
Blue Moon Software presents May 2012 Importing Lease Data into Forms Online A Developer's Guide Edited by Michael Phillipson wwwbluemooncom Table of Contents XML and the Blue Moon DTD 1 Login Data1 Login
More informationCreate Mailing Labels from an Electronic File
Create Mailing Labels from an Electronic File Microsoft Word 2002 (XP) Electronic data requests for mailing labels will be filled by providing the requester with a commadelimited text file. When you receive
More informationSecurity Token User Guide
TABLE OF CONTENTS 1 INTRODUCTION... 3 1.1 FUNCTIONS OF THE TOKEN... 3 1.2 SECURITY FEATURES OF THE TOKENS... 3 1.3 TOKEN INTERFACE... 3 1.4 VASCO TOKEN REPLACEMENT... 4 1.5 DEFINITIONS AND ACRONYMS...
More informationBackground. IBAN Overview
International Bank Account Number ( IBAN ) IBAN Overview The International Bank Account Number ( IBAN ) is an international standard for identifying bank accounts across national borders in a way that
More informationDatabase Applications Microsoft Access
Database Applications Microsoft Access Lesson 4 Working with Queries Difference Between Queries and Filters Filters are temporary Filters are placed on data in a single table Queries are saved as individual
More informationBSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
More informationE-Commerce: Designing And Creating An Online Store
E-Commerce: Designing And Creating An Online Store Introduction About Steve Green Ministries Solo Performance Artist for 19 Years. Released over 26 Records, Several Kids Movies, and Books. My History With
More informationFAQ for Refund Reissue. Procedure to apply for refund reissue: 1. Logon on to www.incometaxindiaefiling.gov.in with your user ID and Password.
FAQ for Refund Reissue Procedure to apply for refund reissue: 1. Logon on to www.incometaxindiaefiling.gov.in with your user ID and Password. 2. Go to MY Account Refund Reissue Request 3. Screen below
More informationLab 4.4 Secret Messages: Indexing, Arrays, and Iteration
Lab 4.4 Secret Messages: Indexing, Arrays, and Iteration This JavaScript lab (the last of the series) focuses on indexing, arrays, and iteration, but it also provides another context for practicing with
More informationChapter 2 Introduction to SPSS
Chapter 2 Introduction to SPSS Abstract This chapter introduces several basic SPSS procedures that are used in the analysis of a data set. The chapter explains the structure of SPSS data files, how to
More informationEE 261 Introduction to Logic Circuits. Module #2 Number Systems
EE 261 Introduction to Logic Circuits Module #2 Number Systems Topics A. Number System Formation B. Base Conversions C. Binary Arithmetic D. Signed Numbers E. Signed Arithmetic F. Binary Codes Textbook
More informationRegular Expression Syntax
1 of 5 12/22/2014 9:55 AM EmEditor Home - EmEditor Help - How to - Search Regular Expression Syntax EmEditor regular expression syntax is based on Perl regular expression syntax. Literals All characters
More informationASSEMBLY LANGUAGE PROGRAMMING (6800) (R. Horvath, Introduction to Microprocessors, Chapter 6)
ASSEMBLY LANGUAGE PROGRAMMING (6800) (R. Horvath, Introduction to Microprocessors, Chapter 6) 1 COMPUTER LANGUAGES In order for a computer to be able to execute a program, the program must first be present
More informationWelcome to the First Step Webinar!
Welcome to the First Step Webinar! Your presenter will be with you shortly. Please print out the presentation for notetaking purposes at: http://abacuslaw.com/client-center/training Customization Brand
More informationGuarantee Trust Life Insurance Company. Agent Portal www.gtlic.com. Agent Portal Guide
Guarantee Trust Life Insurance Company Agent Portal www.gtlic.com Agent Portal Guide Rev. 3/2014 Table of Contents Log in to Agent Portal... 3 Obtain Quote... 4 Print Quote... 5 Save and Retrieve Quote...
More informationGentran_Director_Create_a_partner.ppt Page 1 of 60
IBM Sterling Gentran:Director version 5.4 provides companies with electronic data interchange (EDI) and data translation. It supports numerous EDI standards to meet the communication needs of various trading
More informationOnline Trading Manual Guide
Merchant Securities Financial Services Online Trading Manual Guide Prepared by: Information Technology Department. 1 Login page: Type : www.msfs.ae Double Click on ONLINE TRADING 2 Online Trading Screen
More informationEDIFACT Standards Overview Tutorial Learn About Key E-commerce Trends and Technologies at Your Own Pace
A G X S T U T O R I A L EDIFACT Standards Overview Tutorial Learn About Key E-commerce Trends and Technologies at Your Own Pace Welcome!...3 How To Use This Tutorial...3 Tutorial Objectives...3 Part 1:
More informationGETTING STARTED WITH ONENOTE CLASS NOTEBOOK
GETTING STARTED WITH ONENOTE CLASS NOTEBOOK Launch the OneNote Class Notebook 1. Sign in to Office 365. 2. Click the app launcher in the upper left. 3. In the list of apps that appears, click the Class
More informationDIY etranscripts: A Guide to Building your own Electronic Transcript and Certified Document Solution
DIY etranscripts: A Guide to Building your own Electronic Transcript and Certified Document Solution Kristin Schuette Associate Registrar for Technology schuett1@msu.edu AACRAO Tech 2012 July 1, 2012 Registrar
More informationConfiguring Wireless Security on ProSafe wireless routers (WEP/WPA/Access list)
Configuring Wireless Security on ProSafe wireless routers (WEP/WPA/Access list) Hackers can easily trap information transmitted over wireless network, it has to be encrypted to avoid unauthorized users
More informationTo give you further peace of mind we have made improvements to the security of our email system.
The secure handling of our members credit card details is very important to us. We already have a number of effective measures in place to ensure the security of these details once we receive them. To
More informationMemory is implemented as an array of electronic switches
Memory Structure Memory is implemented as an array of electronic switches Each switch can be in one of two states 0 or 1, on or off, true or false, purple or gold, sitting or standing BInary digits (bits)
More informationCyber Security Workshop Encryption Reference Manual
Cyber Security Workshop Encryption Reference Manual May 2015 Basic Concepts in Encoding and Encryption Binary Encoding Examples Encryption Cipher Examples 1 P a g e Encoding Concepts Binary Encoding Basics
More informationIf you want to skip straight to the technical details of localizing Xamarin apps, start with one of these platform-specific how-to articles:
Localization This guide introduces the concepts behind internationalization and localization and links to instructions on how to produce Xamarin mobile applications using those concepts. If you want to
More information03 - Lexical Analysis
03 - Lexical Analysis First, let s see a simplified overview of the compilation process: source code file (sequence of char) Step 2: parsing (syntax analysis) arse Tree Step 1: scanning (lexical analysis)
More informationContact Management. User Guide V3.0. Subject to change without prior notice. www.teczo.com
Contact Management V3.0 Subject to change without prior notice Table of Contents Table of Contents... 2 1.0 Module Overview... 3 2.0 Using the Module... 4 2.1 Contact Management Summary Page... 4 2.1.1
More information10 Java API, Exceptions, and Collections
10 Java API, Exceptions, and Collections Activities 1. Familiarize yourself with the Java Application Programmers Interface (API) documentation. 2. Learn the basics of writing comments in Javadoc style.
More informationCHAPTER 5. Obfuscation is a process of converting original data into unintelligible data. It
CHAPTER 5 5.1. Introduction Obfuscation is a process of converting original data into unintelligible data. It is similar to encryption but it uses mathematical calculations or programming logics. Encryption
More informationSEC External Guide for Using the E-mail Encryption Solution
Securities and Exchange Commission Office of Information Technology SEC External Guide for Using the E-mail Encryption Solution The Securities and Exchange Commission National Exam Program Hotline (202)551-3925
More informationMerchant Returns Service
Merchant Returns Service User s Guide Document Version 2.0 2015 Version History Version Date of Summary of Additions Addition 1.0 08/07/2014 Document created. 2.0 2/21/2015 Updated based on changes from
More informationPREPARED BY Carmen Costea
SFU ONLINE EXPENSE REPORT USER GUIDE PREPARED BY Carmen Costea TABLE OF CONTENTS TABLE OF CONTENTS... 2 1. NAVIGATE... 4 1.1 NAVIGATE TO THE ONLINE TRAVEL AND EXPENSES APPLICATION...4 1.1.1 Direct weblink
More informationMicrosoft Access 2007
How to Use: Microsoft Access 2007 Microsoft Office Access is a powerful tool used to create and format databases. Databases allow information to be organized in rows and tables, where queries can be formed
More informationNumber Representation
Number Representation CS10001: Programming & Data Structures Pallab Dasgupta Professor, Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur Topics to be Discussed How are numeric data
More informationFilter NEW IN FIRSTCLASS CLIENT WHAT S NEW IN FIRSTCLASS 9.0. New Look. Login screen. List View Sort Order. Filtering Containers.
NEW IN FIRSTCLASS CLIENT New Look Login screen The login screen has a new look that flows with our current interface. List View Sort Order The sort order you choose in list view will be used in other views
More informationGuidelines for Establishment of Contract Areas Computer Science Department
Guidelines for Establishment of Contract Areas Computer Science Department Current 07/01/07 Statement: The Contract Area is designed to allow a student, in cooperation with a member of the Computer Science
More informationInternational Securities Identification Number (ISIN)
International Securities Identification Number (ISIN) An International Securities Identification Number (ISIN) uniquely identifies a security. An ISIN consists of three parts: Generally, a two letter country
More informationSymbol Tables. Introduction
Symbol Tables Introduction A compiler needs to collect and use information about the names appearing in the source program. This information is entered into a data structure called a symbol table. The
More informationClient Instructions - ID Tech Configuration Instructions
Client Instructions - ID Tech Configuration Instructions Please follow the steps below to get started with the configuration process for your ID Tech reader. A student ID card will be necessary for the
More informationIntroduction to iprocurement
Introduction to iprocurement TOPICS: PAGE: How Do I Login to iprocurement?... 1 How Do I Set My Preferences?... 2 How Do I Create a Requisition?... 4-7 Creating the Requisition Header Description Rules
More informationClever Devices IVN GPS Broadcast over Ethernet Interface Control Document
Clever Devices IVN GPS Broadcast over Ethernet Interface Control Document Version 1.0 June 15, 2015 Page 1 of 6 Revision History Date Version Description Author 6/15/2015 1.0 Initial Release G. Glogowski
More informationAutomatic transfer of funds
NixMoney Spend API VER 1.3 Automatic transfer of funds All communications within the system are made in UTF-8. Fields be able to contain values in the national alphabet which allows to be closer to the
More informationCPSC 121: Models of Computation Assignment #4, due Wednesday, July 22nd, 2009 at 14:00
CPSC 2: Models of Computation ssignment #4, due Wednesday, July 22nd, 29 at 4: Submission Instructions Type or write your assignment on clean sheets of paper with question numbers prominently labeled.
More informationithenticate User Manual
ithenticate User Manual Updated November 20, 2009 Contents Introduction 4 New Users 4 Logging In 4 Resetting Your Password 5 Changing Your Password or Username 6 The ithenticate Account Homepage 7 Main
More informationHTML Form Widgets. Review: HTML Forms. Review: CGI Programs
HTML Form Widgets Review: HTML Forms HTML forms are used to create web pages that accept user input Forms allow the user to communicate information back to the web server Forms allow web servers to generate
More informationTips on Encoding the Unique Item Identifier (UII) Mark and Building the Concatenated UII
Tips on Encoding the Unique Item Identifier (UII) Mark and Building the Concatenated UII BASIC DEFINITIONS YOU NEED TO KNOW The unique item identifier (UII) is defined in two separate contexts: 1. DoD
More informationAPPOLYCET-2016 ADMISSIONS
APPOLYCET-2016 ADMISSIONS INSTRUCTIONS TO PRINCIPALS OF COLLEGES ON PHASE-I POST ALLOTMENT PROCESS Sir, Allotments of candidates have been released on 02-06-2016. Reporting of candidates will be updated
More informationAccess 2010: The Navigation Pane
Access 2010: The Navigation Pane Table of Contents OVERVIEW... 1 BEFORE YOU BEGIN... 2 ADJUSTING THE NAVIGATION PANE... 3 USING DATABASE OBJECTS... 3 CUSTOMIZE THE NAVIGATION PANE... 3 DISPLAY AND SORT
More information