Jingyu Qian scite author profile

Jingyu Qian

5Publications

25Citation Statements Received

132Citation Statements Given

How they've been cited

How they cite others

107

132

Affiliations

University of Illinois Urbana-Champaign, Georgetown University

Publications

Order By: Most citations

ACLA: A Framework for Access Control List (ACL) Analysis and Optimization

Qian

2001

View full text Add to dashboard Cite

It is a challenging task for network administrators to correctly implement corporate security policies in a large network environment Much of the security policy enforcement at the network level involves configuring the packet classification strategies using Access Control List (ACL). A gateway device performing traffic filtering can deploy ACLs with thousands of rules. Due to the difficulties of ACL configuration language, large ACLs can easily become redundant, inconsistent, and difficult to optimise or even understand. This problem is augmented by extrinsic factors such as administrator turnovers, unstructured and ill-planned topology changes. With multiple routers in the topology, all of the ACLs need to be configured in a consistent manner to enforce the corporate security policy. In such an environment, manual examination of ACLs to ensure security policy is implemented correctly is a nearly impossible task. In this paper, we propose a novel framework to automate ACL analysis, thus greatly simplifying the network administrator'S task of implementing and verifying corporate security policies. A set of algorithms is introduced to detect and remove redundant rules, discover and repair inconsistent rules, merge overlapping or adjacent rules, map an ACL with complex interleaving permit/deny rules to a more readable form consisting of all permits or denies, and finally compute a meta-ACL profile based on all ACLs along a network path. When applied to traffic filtering ACLs, the meta-profile provides insights to the administrator as to what traffic will flow successfully from source to destination. Based on the ideas presented in this paper, weve developed a generic library called ACLA (ACL Analyser).

show abstract

A Survey on Common Threats in npm and PyPi Registries

Kaplan

Qian

2021

View full text Add to dashboard Cite

Attacks on Visualization-Based Malware Detection: Balancing Effectiveness and Executability

Benkraouda

Qian

Tran

et al. 2021

View full text Add to dashboard Cite

A Demonstration of the DeDoS Platform for Defusing Asymmetric DDoS Attacks in Data Centers

Demoulin

Vaidya

Pedisich

et al. 2017

View full text Add to dashboard Cite

A Survey on Common Threats in npm and PyPi Registries

Kaplan

Qian

2021

Preprint

View full text Add to dashboard Cite

Software engineers regularly use JavaScript and Python for both front-end and back-end automation tasks. On top of JavaScript and Python, there are several frameworks to facilitate automation tasks further. Some of these frameworks are Node Manager Package (npm) and Python Package Index (PyPi), which are open source (OS) package libraries. The public registries npm and PyPi use to host packages allow any user with a verified email to publish code. The lack of a comprehensive scanning tool when publishing to the registry creates security concerns. Users can report malicious code on the registry; however, attackers can still cause damage until they remove their tool from the platform. Furthermore, several packages depend on each other, making them more vulnerable to a bad package in the dependency tree. The heavy code reuse creates security artifacts developers have to consider, such as the package reach. This project will illustrate a high-level overview of common risks associated with OS registries and the package dependency structure. There are several attack types, such as typosquatting and combosquatting, in the OS package registries. Outdated packages pose a security risk, and we will examine the extent of technical lag present in the npm environment. In this paper, our main contribution consists of a survey of common threats in OS registries. Afterward, we will offer countermeasures to mitigate the risks presented. These remedies will heavily focus on the applications of Machine Learning (ML) to detect suspicious activities. To the best of our knowledge, the ML-focused countermeasures are the first proposed possible solutions to the security problems listed. In addition, this project is the first survey of threats in npm and PyPi, although several studies focus on a subset of threats.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jingyu Qian

ACLA: A Framework for Access Control List (ACL) Analysis and Optimization

A Survey on Common Threats in npm and PyPi Registries

Attacks on Visualization-Based Malware Detection: Balancing Effectiveness and Executability

A Demonstration of the DeDoS Platform for Defusing Asymmetric DDoS Attacks in Data Centers

A Survey on Common Threats in npm and PyPi Registries

Contact Info

Product

Resources

About