Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings最新文献

筛选
英文 中文
Live path control flow integrity 实时路径控制流完整性
M. Barbar, Yulei Sui, Hongyu Zhang, Shiping Chen, Jingling Xue
{"title":"Live path control flow integrity","authors":"M. Barbar, Yulei Sui, Hongyu Zhang, Shiping Chen, Jingling Xue","doi":"10.1145/3183440.3195093","DOIUrl":"https://doi.org/10.1145/3183440.3195093","url":null,"abstract":"Per-Input Control Flow Integrity (PICFI) represents a recent advance in dynamic CFI techniques. PICFI starts with the empty CFG of a program and lazily adds edges to the CFG during execution according to concrete inputs. However, this CFG grows monotonically, i.e., invalid edges are never removed when corresponding control flow transfers (via indirect calls) become illegal (i.e., will never be executed again). This paper presents LPCFI, Live Path Control Flow Integrity, to more precisely enforce forward edge CFI using a dynamically computed CFG by both adding and removing edges for all indirect control flow transfers from function pointer calls, thereby raising the bar against control flow hijacking attacks.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"385 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122877707","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
On vulnerability evolution in Android apps 关于Android应用的漏洞演变
Jun Gao, Li Li, Pingfan Kong, Tegawendé F. Bissyandé, Jacques Klein
{"title":"On vulnerability evolution in Android apps","authors":"Jun Gao, Li Li, Pingfan Kong, Tegawendé F. Bissyandé, Jacques Klein","doi":"10.1145/3183440.3194968","DOIUrl":"https://doi.org/10.1145/3183440.3194968","url":null,"abstract":"In this work, we reconstruct a set of Android app lineages which each of them represents a sequence of app versions that are historically released for the same app. Then, based on these lineages, we empirically investigate the evolution of app vulnerabilities, which are revealed by well-known vulnerability scanners, and subsequently summarise various interesting findings that constitute a tangible knowledge to the community.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132586250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Towards sustainable Android malware detection 走向可持续的Android恶意软件检测
Haipeng Cai, John Jenkins
{"title":"Towards sustainable Android malware detection","authors":"Haipeng Cai, John Jenkins","doi":"10.1145/3183440.3195004","DOIUrl":"https://doi.org/10.1145/3183440.3195004","url":null,"abstract":"Approaches to Android malware detection built on supervised learning are commonly subject to frequent retraining, or the trained classifier may fail to detect newly emerged or emerging kinds of malware. This work targets a sustainable Android malware detector that, once trained on a dataset, can continue to effectively detect new malware without retraining. To that end, we investigate how the behaviors of benign and malicious apps evolve over time, and identify the most consistently discriminating behavioral traits of benign apps from malware. Our preliminary results reveal a promising prospect of this approach. On a benchmark set across seven years, our approach achieved highly competitive detection accuracy that sustained up to five years, outperforming the state of the art which sustained up to two years.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"214 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116112483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Property specification patterns for robotic missions 机器人任务的属性规范模式
C. Menghi, Christos Tsigkanos, T. Berger, Patrizio Pelliccione, C. Ghezzi
{"title":"Property specification patterns for robotic missions","authors":"C. Menghi, Christos Tsigkanos, T. Berger, Patrizio Pelliccione, C. Ghezzi","doi":"10.1145/3183440.3195044","DOIUrl":"https://doi.org/10.1145/3183440.3195044","url":null,"abstract":"Engineering dependable software for mobile robots is becoming increasingly important. A core asset in engineering mobile robots is the mission specification---a formal description of the goals that mobile robots shall achieve. Such mission specifications are used, among others, to synthesize, verify, simulate, or guide the engineering of robot software. Development of precise mission specifications is challenging. Engineers need to translate the mission requirements into specification structures expressed in a logical language---a laborious and error-prone task. To mitigate this problem, we present a catalog of mission specification patterns for mobile robots. Our focus is on robot movement, one of the most prominent and recurrent specification problems for mobile robots. Our catalog maps common mission specification problems to recurrent solutions, which we provide as templates that can be used by engineers. The patterns are the result of analyzing missions extracted from the literature. For each pattern, we describe usage intent, known uses, relationships to other patterns, and---most importantly---a template representing the solution as a logical formula in temporal logic. Our specification patterns constitute reusable building blocks that can be used by engineers to create complex mission specifications while reducing specification mistakes. We believe that our patterns support researchers working on tool support and techniques to synthesize and verify mission specifications, and language designers creating rich domain-specific languages for mobile robots, incorporating our patterns as language concepts.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132411906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Using consensus to automatically infer post-conditions 使用共识自动推断后置条件
Jingyi Su, Mohd Arafat, Robert Dyer
{"title":"Using consensus to automatically infer post-conditions","authors":"Jingyi Su, Mohd Arafat, Robert Dyer","doi":"10.1145/3183440.3195096","DOIUrl":"https://doi.org/10.1145/3183440.3195096","url":null,"abstract":"Formal behavioral specifications help ensure the correctness of programs. Writing such specifications by hand however is time-consuming and requires substantial expertise. Previous studies have shown how to use a notion of consensus to automatically infer pre-conditions for APIs by using a large set of projects. In this work, we propose a similar idea of consensus to automatically infer post-conditions for popular APIs. We propose two new algorithms for mining potential post-conditions from API client code. The first algorithm looks for guarded post-conditions that test the value returned from the API and throws an exception. The second algorithm looks for values flowing from the API to another API with already known preconditions, which recommends them as post-conditions of the first API.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130758033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
The effect of noise on requirements comprehension 噪声对需求理解的影响
Simone Romano, G. Scanniello, D. Fucci, Natalia Juristo Juzgado, Burak Turhan
{"title":"The effect of noise on requirements comprehension","authors":"Simone Romano, G. Scanniello, D. Fucci, Natalia Juristo Juzgado, Burak Turhan","doi":"10.1145/3183440.3194984","DOIUrl":"https://doi.org/10.1145/3183440.3194984","url":null,"abstract":"We conducted a controlled experiment with 55 final-year undergraduate students in Computer Science. We asked them to comprehend functional requirements exposing them or not to noise. We did not observe any effect of noise on requirements comprehension.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"301 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128623688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Synthesizing relation-aware entity transformation by examples 通过实例综合了关系感知实体转换
Jiarong Wu, Yanyan Jiang, Chang Xu, S. Cheung, Xiaoxing Ma, Jian Lu
{"title":"Synthesizing relation-aware entity transformation by examples","authors":"Jiarong Wu, Yanyan Jiang, Chang Xu, S. Cheung, Xiaoxing Ma, Jian Lu","doi":"10.1145/3183440.3194963","DOIUrl":"https://doi.org/10.1145/3183440.3194963","url":null,"abstract":"Recently, programming by examples (PBE) technique achieves a great success in processing and transforming data entities, yet existing approaches generally fall short on the tasks concerning entity relations. This paper presents ENTER, a domain-agnostic language for relation-aware entity transformation synthesis. It leverages the combination of two basic relations, the equivalence relation and the total order relation, to succinctly express complex entity relations. ENTER can be instantiated with domain-specific elements to solve a wide range of entity transformation tasks.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"135 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122889043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Understanding newcomers success in open source community 理解新来者在开源社区的成功
Shahab Bayati
{"title":"Understanding newcomers success in open source community","authors":"Shahab Bayati","doi":"10.1145/3183440.3195073","DOIUrl":"https://doi.org/10.1145/3183440.3195073","url":null,"abstract":"Newcomers and volunteers contributions play an effective role the open source software (OSS) success. This role is confirmed through a rigor set of studies in software engineering discipline. As Open source projects are developed based on social and technical efforts, then it is very important for newcomers to empower their socio-technical skills. This paper focuses on newcomers' success in open source community by analyzing newcomers' reputation on their initial activities in a social coding environment such as GitHub. By applying mining software repositories (MSR) techniques on GitHub data we found the main projects' attributes where successful newcomers contributed to them. These attributes can help other newcomers to select the right project for their initial activities.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"75 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128061145","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Towards a formal API assessment 走向正式的API评估
Amir Zghidi, I. Hammouda, Brahim Hnich
{"title":"Towards a formal API assessment","authors":"Amir Zghidi, I. Hammouda, Brahim Hnich","doi":"10.1145/3183440.3195026","DOIUrl":"https://doi.org/10.1145/3183440.3195026","url":null,"abstract":"Assessing the quality of an API is important in many different aspects: First, it can assist developers in deciding which API to use when they are faced with a list of potential APIs to choose from, by comparing the benefits and drawbacks of each option [1]; we refer to this as the API selection problem. Second, it can help guide the design process and expose problem areas in early stages of API design, even before implementing the actual API [2]; we refer to this as the API design problem. In order to assess the quality of an API, various evaluation methods have been used: some are based on empirical laboratory studies, gathering feedback from API users; others are based on inspection methods where experts evaluate the quality of an API based on a list of design guidelines [3] [4] such as Nielsen's heuristics and the cognitive dimensions framework [2] [5]. In this paper, we are particularly interested in extending Steven Clarke's approach of measuring API usability based on the cognitive dimensions framework [5]. The usability of an API is assessed by comparing the API (what it actually offers) with the profiles of its potential users (what they expect out of it).","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121813834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Fast, scalable and user-guided clone detection 快速,可扩展和用户引导克隆检测
Jeffrey Svajlenko, C. Roy
{"title":"Fast, scalable and user-guided clone detection","authors":"Jeffrey Svajlenko, C. Roy","doi":"10.1145/3183440.3195005","DOIUrl":"https://doi.org/10.1145/3183440.3195005","url":null,"abstract":"Despite the great number of clone detection approaches proposed in the literature, few have the scalability and speed to analyze large inter-project source datasets, where clone detection has many potential applications. Furthermore, because of the many uses of clone detection, an approach is needed that can adapt to the needs of the user to detect any kind of clone. We propose a clone detection approach designed for user-guided clone detection by exploiting the power of source transformation in a plugin based source processing pipeline. Clones are detected using a simple Jaccard-based clone similarity metric, and users customize the representation of their source code as sets of terms to target particular types or kinds of clones. Fast and scalable clone detection is achieved with indexing, sub-block filtering and input partitioning.","PeriodicalId":121436,"journal":{"name":"Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128363716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信