Showing posts with label Computer. Show all posts
Showing posts with label Computer. Show all posts

Wednesday, May 23, 2018

The Basics of Prolog Programming Language

Prolog is a logic programming language that is based on facts and rules. The idea is to create a set of facts related to specific domain. After that, we create rules that can be used to answer questions (or queries). For example, we may create a facts that can be used to identify a human if he is a man or a woman. In top of that, we can add more facts to state that this human is a father or a mother of another human. Once we have the given facts, we can create rules. For example, we can define a rule that can be used to find  the father of another human.


In this post, we will learn the basics of Prolog language in the simplest way. For this purpose, we will be using an online editor that can be used to write Prolog code and test it. The tool is called SWISH and can be fount at http://swish.swi-prolog.org/.

When we open the link, we will see that the page has 3 parts, one for creating new file, one for the output and one for asking questions.

The Layout of The Tool
To start writing Prolog code, simply click 'Program' and the code editor will appear.


Prolog Facts

In order to create Prolog rules, first we have to provide some facts. Suppose that we have 5 humans, one has the name 'john', another one has the name 'sara', another one has the name 'ali' and one has the name 'paul' and the last one with the name 'hannah'. The first facts that we are going to write is to state that a human can be a man or a woman. We can till from the names that 'john' is a man and 'sara' is a woman. Writing such facts in Prolog can be done as follows:

man(john).
man(ali).
man(paul).
woman(sara).
woman(hannah).


In Prolog, a fact is written as follows

fact_name(fact_attrs...).

Every fact we write in Prolog must end with a 'dot', and each fact can have one or more parameters (or attributes). Now that we know how to write facts, let's add more facts to our program. Let's say that 'john' is a father of 'ali', 'paul' and 'hannah'. Also let's say that 'sara' is the mother of 'ali', 'paul' and 'hannah'.

man(john).
man(ali).
man(paul).
woman(sara).
woman(hannah).
father(john,ali).
father(john,paul).
father(john,hannah).
mother(sara,ali).
mother(sara,paul).
mother(sara,hannah).


Once we have the given facts, we can ask questions about them and get answers. For example, we can ask the question 'Is john a man?'. Another question we could ask is 'Who is the mother of ali?'. A question in Prolog is called "query". In the next section, we will learn how to ask questions in Prolog.

Prolog Queries

One of the simplest queries in Prolog are the queries that are applied to the facts. The result of such queries will be either "true" or "false" if all the attributes of the query are known. For example, the result of running a query in one of the first 5 facts with one of the 5 names will be either "true" or "false".

In the example that we will see, we want to know if a person is a man or not. Prolog query has the following basic form: "?- rule_or_fact(vars...)". It is possible to construct more complex queries but we will do it later. For now, let's focus at the basics. The "?-" part is provided by the editor by default. All what we have to do is to write the other part.

In SWISH, we write the query in the place where it says " Your query goes here ...". After writing the query, All what we have to do is to click "run" and the result will appear. Let's give it a try.



As we can see, "ali" is a man since we got "true". Now we want to try something else. Suppose that we would like to get All women. To do that, we have to learn about new concept in Prolog which is variables.

Prolog Variables

A variable in Prolog can be used to answer queries. Variables are passed as an arguments to rules and facts to get specific values. Any parameter that starts with a capital letter is considered as a variable. For example, if we say 'woman(Sara)', 'Sara' is now a variable not an attribute. The  final value of the variable is based on the provided facts and rules. Now, to get all women, we pass a variable to the fact 'woman()'. Prolog will set the value of that variable to the name of the woman.

 As we can see, we have got our first woman. To get the rest, all what we have to do is to click "Next" till the execution is finished.

Now let's try something new. Suppose that we would like to know who is the father of 'ali'. To ask such as query, we write it as 'father(X, ali)'. In this case, 'X' will be equal to the father of 'ali'.


Suppose that we have a person that has unknown father. What will be the value of 'X' in this case? Let's try it. To do that, we will add new man called 'ibrahim' and try to find his father.

Simply we got 'false'. Whenever we try to apply a rule that does not exist, we will get 'false'. Also if we try the rule with a name that does not exist, we will get false. For example, if we try 'father(X, dania)', this will also give false.
Posted by No comments:
Labels: , , ,

Monday, May 22, 2017

Report: Cryptography

Introduction

Many people these days are using computers. Some use computers for personal use like browsing the web or saving their pictures on the hard drive, and some others for educational purposes or for business. In each case, people mostly care about one thing: keeping their data protected and one technique to do that is cryptography. In this report I will firstly define cryptography and provide a brief history. Next I will talk about the importance of cryptography in the modern world with some technologies that are currently used to crypt data. Finally, I will talk about future of cryptography.

Encryption
Encryption is an essential part of web security (Picture taken by Ibrahim)

Background


What is Encryption?

Encryption is a technique that is used to transform data to a form in which an unauthorized person cannot understand (Bright). More generally, it is about protecting sensitive data such as passwords and account numbers. It enables secure communication, online business and the protection of secret data.

History of Cryptography

The word “cryptography” is actually two Greek words that are merged together: “kryptos” which means “covered” and “grapheni” which means “handwriting” (Damico). In the early days of cryptography, it was only about hiding information that was written on a message while it was carried from one place to another. Cryptography was initially founded by some of the great civilizations that are comprised of Egypt, Greece and Rome. Egyptian writers used hieroglyphs in a non-standard way, apparently to protect the contents of the message. Greeks used then a different way, a stick that was wrapped by a tap. When the tap was removed the words would become meaningless. The one who received the letter would have a stick that had the same diameter as the one that’s used to hide the letter to decrypt the message. Romans used Caesar Cipher. The idea of Caesar Cipher is to shift the letters of the message by a specific number. By using the same number, the receiver of the message has to shift the letters back in order to decrypt it.

Importance of Cryptography

By storing personal data on a computer, web or sending it by email it becomes risky to lose it, and if it falls in the wrong hands it might be used to harm the one who owns that data. According to Rice, people have to provide such data to specific organizations in order to provide appropriate service. These organizations must keep data secure. 

In order to do so, organizations must take some actions to lower the risk of improper disclosure. By using a suitable encryption technique, personal data can be kept secure and thus, no one can access it without permission.

Techniques of Encryption

There are many ways to encrypt data. Usually the use of any technique depends on what type of data will be encrypted, sensitivity of data and where data will be stored (Rice). Here are the three common used techniques to encrypt data.

Full data Encryption

This process is mostly used when encrypting desktop computers, laptops and mobile devices. This technique encrypts the whole data on the hard drive from normal information to personal data. After encryption, a key is generated. This key is the only way that can be used to decrypt data and read it.

BitLocker is commonly used tool on windows to encrypt flash drivers and hard-disks

File Encryption

This technique involves encrypting standalone file or creating encrypted container that files can be added to. When the container is locked, content inside it cannot be reached. When the container is moved from one device to another, contents inside the container will stay safe. But when files are moved from the container, they will no longer be protected.

Transportable Data Encryption

Usually people share sensitive data between each other by using email. Data is encrypted before it can be transferred. The process of encrypting data is done by using an encrypted data transfer protocol. There are two types of protocols that are used to encrypt data in transit: Secure Socked Layer (SSL) and Transport Layer Security (TLS). When a web site uses encrypted data transfer protocol, the web browser displays a small lock on the adders bar. The lock indicates that it is safe to transfer sensitive data to the web site.

When the connection to a website is secure (Encrypted), a small lock will appear on the browser's address bar

Current Algorithms on Encrypting and Decrypting Data

Encrypting and decrypting data can be done in many different ways. Each way depends on the sender and receiver of data.

Symmetric key Algorithms

The algorithms that are using this approach mainly depend on mixing the plain text in complicated ways and repeating the same process more than one time (Bright). The key that is used to mix the plaintext is the thing that will specify the mixing pattern.

Asymmetric Key Algorithms

Also known as public key encryption, RSA algorithm was the first algorithm to use asymmetric keys. It was developed in secret by two British agencies: SIGINT and GCHQ in 1973 (Bright). Public-key encryption mainly depends on the existence of mathematical problems. The solution to theses mathematical problems is the key that is used to encrypt data. There are two keys to decrypt data in this approach, the public key and the private key. Public key is used to encrypt data, while the other one is used to decrypt data.

Future of Cryptography

As time goes on, new algorithms for encryption are developed to satisfy the rise of security and performance needs (McGrew). The next generation of algorithms to replace algorithms such as RSA is called Elliptic Curve Cryptography (ECC).One use of Next Generation Encryption (NGE) technologies will be used to protect IPsec Private Virtual Networks. It can provide 128 bits of security level or more. The use of NGE lets to achieve the requirements of security of the next decade. 

The algorithm that is used in NEG is a new, one suite of algorithms called Suite B. This suite provides algorithms that are designed to meet the needs of future security. For network security, Suite B sets a good direction and thus, the algorithms have been incorporated into many standards.

Conclusion

In conclusion, cryptography is an essential thing to consider in this developing world since almost everything must be done using computers. Many companies try to get the latest technologies on encryption to protect their customers’ personal data. The most important thing to be careful about is keeping the key secure, and therefore the data (Rice). The new technologies on cryptography aim to make all data secure in the most efficient way.

List of References








Posted by No comments:
Labels: , ,

Saturday, May 6, 2017

Building a Website from Scratch: What to Consider

In 2015, I had an idea to lunch my own personal website. The aim of the web site is to provide programming lessons for Arabic and English speakers. After 2 years from then, the website is launched and the name of the website is Programming Academia.

Programming Academia logo. One of my big projects that I'm Still working on.


During the year after the idea, I did not do that much work since I was kinda busy with my studies. After finishing term 152 (Around the end of May, 2016) , I started getting my hands dirty with web development. From then till now, I did many things. Some of them were wrong and some of them were correct. In this post, I will briefly till you what are the steps that I did from then till the website has become online.

Since I did not have any experience in web development, many of the steps were overlapping. But now that I have some experience, I will order them according to the correct order that I think is the best. The things that you must consider are:
  • Website Idea
  • Choosing the Name + Domain Name
  • Programming Language Selection
  • Setup Local Environment for Development and Testing
  • Start Developing your Site
  • Buying Domain Name + Hosting Service
  • Publish Your Website
  • Maintaining The Website.

If you plan to create your website from scratch without using any frameworks, you must have enough knowledge about the following:
  • HTML.
  • CSS.
  • JavaScript.
  • One server side scripting language (PHP, ASP.NET, JSP, ... ).
  • Responsive web design (Creating a grid system).

The Idea

The first and most important thing is the website idea. As for me, the initial idea was to create a website for programming lessons in Arabic. But at later stage, I changed the idea from Arabic lessons to English and Arabic lessons.after I started adding content, I have noticed that the quality of the website content was poor. What I did to fix that is to provide content in English and then translate it to Arabic since my English writing skills are better than Arabic writing skills. 

Choosing The Name and Domain

Once I have selected the idea, I started thinking about a name and a domain for the website. Usually the name of the website should be associated with the domain name but it is not necessary. Also the name should reflect the main idea of your website. Personally, I selected 4 different names for my website, Unidemics, Programming Cities, Programming Academics, and Programming Academia. At this stage, I did not think about domain name which was my first mistake. At this stage, you should select all possible domain names that reflects the type of service your website will provide. It is good idea to go to any domain registration service provider and check domain names and prices. As for me, I did not know about the existence of such services till I started thinking about buying a domain. I have used two to search for available domain names, the first one is register.com and the second one was register.hostgator.com. You should not buy a domain, only check available names and prices. Usually the prices are between 10$ to 15$ for one year. If it include other services (Such as domain protection) the price will go up.

Programming Language Selection

When I say programming language selection, I don't mean HTML or JavaScript. What I mean is the server side programming language. As for me, I did not have any knowledge in any server side scripting when I started working on the website. The first server side scripting language I have dealt with was ASP.NET. It was very hard language for me to learn. After few months, I have decided to learn PHP for my senior project at university. It took me around 2 weeks to digest the basics of PHP which is good.  For that reason, I selected PHP. Note that the selection of server side language will affect the selection of hosting provider and the plan you select at later stage.


Setup Local Environment for Development and Testing

This step was very hard for me as there was not that much information about it. The first thing to do is to select an IDE and after that install a local server for testing the website locally before publishing.

IDE Selection

The first thing I did is to search the web for good IDE that can be used for web development. The problem is that I did not find any specific answer. For that reason, I was jumping from one IDE to another. This is the second mistake that I did which costed me a lot of time. Don,t change IDE very frequent. The first one was Microsoft Expression Web. After developing a small skeleton for my website (HTML + CSS only), I switched to  Microsoft WebMatrix. When I started using WebMatrix, I started learning about server side scripting and ASP.Net + Some PHP. After that, I switched to my favorite IDE of all time,  NetBeans IDE. After selecting NetBeans IDE, I did not change it till now.

Installing Local Web Server for Testing

One thing that I did is testing my website locally. The idea is to install a local server that can run your server-side code. If you select PHP as I did, then you will need to install Apache Server. After installing the server, you need to install PHP it self. Finally, One additional thing you might need is database. Every website will need a database at some point.

Installing the 3 alone is kinda difficult. For that reason, there are Software Stacks that contain the 3 and can install them at once. The stacks called 'AMP' and stands for 'Apache, MySQL and PHP. The first stack that I have used is called WampServer. After having hard time with it, I switched to new stack called Bitnami WAMP Stack. It include a lot of features which I don't use but it is the best stack for me so far.

Starting The Real Development

The next step of website development is to start writing website code. One of the good practices in my opinion is to create a templates that you should use for each different part of your website. For example, If your website is a news website, create a template for displaying news in a neat way.

Writing CSS + HTML

The first thing in building a website is to create the user interface. One possible way is to build HTML and CSS at the same time (As I did). By using this way, you will create the CSS code that you need for the current part of your page. The other thing is that make sure your design is modular and responsive. This means that the same web page should look good in small screens and big screens. One way to achieve this is to create your own grid system using CSS.

Also there are other things to consider while structuring your HTML page. The correct use of HTML tags will have an effect in how your website will rank in search engines. Also the use of schema.org vocabulary in your HTML will help web crawlers understand your content easily.

Creating Content

Once you have created your templates, it is time to create content for your website. One important factor to attract visitors to your website is to create a unique content that your visitors find very useful. Also the other thing is to make sure that your contents are up to date.


Buying The Domain Name + Hosting Provider

Once you have created sufficient content for your website, it is time to think about publishing your work and share it with the people you love. The first step in doing that is to buy a domain name. Buying a domain name is a simple task. As for me, I bought programmingacademia.com from register.hostgator.com for around 74$ for 3 years with a service called domain protection. This service hides domain owner information from being visible to public.

After buying the domain, it is time to select hosting plan. Usually when you go to any hosting provider, It will ask you what type of server you need for your website. The selection of server type will  Depend on the selected server-side scripting language. For example, If you selected PHP, then you will need Apache Server With PHP installed on it. If you have selected Node.JS, you will need a server with Node.JS support. As for me, PHP was the selected option. For that reason, I have selected Apache Server With PHP as my server.

For the hosting provider, I have decided to go with hostgator.com since I bought my domain name from them. The type of hosting is shared and the package is called 'baby' according to hostgator. It costed me around 130$ for 3 years. I also included SSL for one year with additional cost. The total cost was around 150$.

Publishing Your Website 

Usually, after buying the hosting plan, it takes around 1 day for your server to run 100% perfectly. Uploading website content to your server is simple. There are two ways to do this task, Either you do it manually by going to your cPanel and then upload files or use FTP Client to upload content. The best option is to setup an FTP account and use FTP client. As for me, I use FileZilla to manage my website content. It is very easy to use.

Maintaining Website After Publishing

Now that you have something that you can share with people,  you need to maintain it and add more content to it. In my opinion, this is the most difficult stage in the process of building a website. At this stage, you need to collect feedback from your website users, respond to them and allow them to talk with you.

Final Words

Now a days, it is possible to build a website in a matter of hours by using one of many automation tools available. But if you would like to learn every thing, building the website from scratch by your self would be your option. For sure it will take time to build it but you will enjoy the whole thing and you will be happy by the result of your work at the end.

Also I would like to mention that there are many other steps that I did in between which I did not include. If you have any question please feel free to ask me in the comment section bellow.
Posted by No comments:
Labels: , ,

Tuesday, May 2, 2017

Software Vulnerabilities and Exploit: Heap Overflow Explained

According to Wikipedia, "A heap overflow is a type of buffer overflow that occurs in the heap data area.". Before we continue with the details of this type of vulnerability, we have to understand how computer memory is structured for any given program. Also we need to keep in mind the following concepts:
  • 1 Byte = 8 Bits.
  • sizeof(char) = 1 byte.
  • sizeof(int) = 4 bytes.
  • If we locate an integer at address 0x00000000, the next integer will be at 0x00000004.
  • If we locate a character at address 0x00000000, the next character will be at 0x00000001.
Also you must have basic knowledge about how the memory of a program looks like.

How to Exploit The Heap?

One possible scenario is as follows, we locate two memory locations to hold two pieces of data. We try to place more data in the first located location to override the data on the second location. This seems simple. Before we try to do it in C Language, we need to look at the structure of the heap in memory.

Heap Memory Structure

The first thing to know is that heap memory is divided into chunks. One chunk can have one of two states:
An allocated chunk contain the following information: Size of previous chunk (if allocated), Size of chunk (in bytes) with some bit flags and  User data. A free chunk contain the following information: Size of previous chunk, Size of chunk (in bytes),  Forward pointer to next chunk (FD), Back pointer to previous chunk (BK) and unused space (it can be 0).

 Exploiting the Heap

 Now let's return to the scenario that we have talked about before and explain it in more details. When we locate memory in the heap, the top chunks will be the last chunks that was located.

 Heap over flow can happen when we try to fit more data in the first chunk than its size. The next code example shows a vulnerable code in C. 
int main(int c, char ** argv) {

//buffer for 2 chars
char *buf = (char *)malloc(sizeof(char)*2);
//the buffer can have only 2 bytes
//argv[0] will be the name of file
//it can be more than 2 characters -> overflow
strcpy(buf, argv[0]);
}

The next picture shows how the heap will look like when buffer overflow happen.



This is the  basics behind buffer heap overflow. 
Posted by No comments:
Labels: , ,

Wednesday, April 19, 2017

Overview of Program Memory Structure

One of the most important concepts that a computer scientist must know about is how the program looks like when its executing. The first thing that happens when we double click a program icon in Windows OS is that it is loaded into memory. The program is not loaded randomly for sure. Each program has a small part of the memory. That small part is partitioned into smaller parts.

The next picture shows a basic overview of how program memory is  divided.

Usual Memory Structure of a Program.


 This structure is used by almost any program that is loaded into memory. Now, let's start by explaining the meaning of each part of the given diagram. In many cases, the higher address are put at the bottom. For instance, the address 0xffffffff will be at the bottom of the diagram (Reverse the diagram).

The Stack

The stack is a place where the program stack is located. From its name, we can infer that it is a "Stack Data structure". A program stack is manly consist of method calls. When a method is called, the return address is "pushed" to the stack. Once the execution of the method is completed, the address is "poped" from the top of the stack. Usually the term "Call Stack" is used to describe this type of stack.

The Heap

For sure you have heard of this term before. The memory heap is something difference from the heap data structure. The memory heap is a place that is used for dynamically located memory. It is used for the data that is given at the run time. For example, the size of input string from the user is unknown. In this case, it will be placed at the heap. The heap will only contain program data. In C programming language, the system call "malloc" is used to locate heap space and the system call "free" is used to free the space. The next code example shows how it is done in C language.


#include <stdio.h>
#include <stdlib.h>

int main() {
    int numOfBytes = 100;
    //a buffer that will contain user input
    char * input;
    //locate space for user input
    input = malloc(numOfBytes);
    //read string from the user
    fgets(input,numOfBytes,stdin);
    printf("You give me '%s'",input);
    //must free memory after use
    free(input);
    return 0;
}

Uninitialized Data

Also known as BSS Segment. This segment of memory contains the global variables and static data that has not been initialized. For example, the variable "static int myInt; " will be located at uninitialized data segment.

Initialized Data 

This part of memory will contain the global and static variables which have been initialized within the code. This means that the variable can be accessed from any where in the program.

Code 

This part of memory contains the actual instructions of the program. Usually, this part of memory is placed in the top of the stack or bellow the heap in order to prevent overflows from override the data inside it.


This is the most basic view of program memory. For sure there are many thins inside each section of the memory but we only want to look at the abstract view.
Posted by No comments:
Labels: , , ,
Subscribe to: Posts (Atom)