2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)最新文献

筛选
英文 中文
Security Countermeasure Selection for Component-Based Software-Intensive Systems 基于组件的软件密集型系统安全对策选择
Charilaos Skandylas, Narges Khakpour, Javier Cámara
{"title":"Security Countermeasure Selection for Component-Based Software-Intensive Systems","authors":"Charilaos Skandylas, Narges Khakpour, Javier Cámara","doi":"10.1109/QRS57517.2022.00017","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00017","url":null,"abstract":"Given the increasing complexity of softwareintensive systems as well as the sophistication and high frequency of cyber-attacks, automated and sound approaches to select countermeasures are required to effectively protect software systems. In this paper, we propose a formal architecturecentered approach to analyze the security of a software-intensive component-based system to find cost-efficient countermeasures that consider both the system architecture and its behavior. We evaluate our approach by applying it on a case study.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115407825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Proposing a Quality Model for Evaluating and Identifying Opportunities in Clinical Practice Guideline Engines 提出一个质量模型,用于评估和识别临床实践指南引擎中的机会
M. Carrero, Elena Enamorado-Díaz, J. A. García-García, María José Escalona Cuaresma
{"title":"Proposing a Quality Model for Evaluating and Identifying Opportunities in Clinical Practice Guideline Engines","authors":"M. Carrero, Elena Enamorado-Díaz, J. A. García-García, María José Escalona Cuaresma","doi":"10.1109/QRS57517.2022.00044","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00044","url":null,"abstract":"Over the last decade, clinical practice guidelines (CPGs) have become an important asset for daily life in healthcare organizations. Efficient CPG management and digitization can improve the quality of patient care and healthcare by reducing variability. CPG digitization, however, is a difficult, complex task because such guidelines are usually expressed as text, and this often results in the development of partial software solutions. There are currently many CPG suites (CPGS) for managing the CPG lifecycle, but they do not all provide full support for this lifecycle, making it more difficult to choose the one which will best meet the specific needs and requirements of a healthcare organization. This paper proposes a quality model which makes it possible to compare CPGs by highlighting each phase of the lifecycle. The research was conducted using a methodology that combined a systematic literature review with quality models. The paper also discusses how the proposed model was instantiated to evaluate and compare several current CPG-based execution systems.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124855693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Mutation Testing based Safety Testing and Improving on DNNs 基于突变检测的dnn安全性检测及改进
Yuhao Wei, Song Huang, Yu Wang, Ruilin Liu, Chunyan Xia
{"title":"Mutation Testing based Safety Testing and Improving on DNNs","authors":"Yuhao Wei, Song Huang, Yu Wang, Ruilin Liu, Chunyan Xia","doi":"10.1109/QRS57517.2022.00087","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00087","url":null,"abstract":"In recent years, deep neural networks (DNNs) have made great progress in people’s daily life since it becomes easier for data accessing and labeling. However, DNN has been proven to behave uncertainly, especially when facing small perturbations in their input data, which becomes a limitation for its application in self-driving and other safety-critical fields. Those human-made attacks like adversarial attacks would cause extremely serious consequences. In this work, we design and evaluate a safety testing method for DNNs based on mutation testing, and propose an adversarial training method based on testing results and joint optimization. First, we conduct an adversarial mutation on the test datasets and measure the performance of models in response to the adversarial samples by mutation scores. Next, we evaluate the validity of mutation scores as a quantitative indicator of safety by comparing DNN models and their updated versions. Finally, we construct a joint optimization problem with safety scores for adversarial training, thus improving the safety of the model as well as the generalizability of the defense capability.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123951791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards Improving Multiple Authorship Attribution of Source Code 改进源代码的多重作者归属
Pengnan Hao, Zhuguo Li, Cui Liu, Yu Wen, Fanming Liu
{"title":"Towards Improving Multiple Authorship Attribution of Source Code","authors":"Pengnan Hao, Zhuguo Li, Cui Liu, Yu Wen, Fanming Liu","doi":"10.1109/QRS57517.2022.00059","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00059","url":null,"abstract":"Source code authorship attribution addresses the problems of copyright infringement disputes and plagiarism detection. However, most software projects are collaborative development projects. It is necessary to study multiple authorship attribution. Existing methods are not reliable in the domain of multiple authorship attribution. The reasons are as follows: i) It is a challenge to divide the code boundaries of different authors in a sample; ii) code segments belonging to different authors in a sample are usually small or incomplete. This paper proposes a method to address these challenges. We first divide the code sample into multiple lines, then integrate the code lines with similar author styles into code segments using Siamese networks. Finally, we use a path-based code representation and machine learning to identify authors. Experimental results show the method achieves an accuracy of 87.35% on C/C++ dataset and 91.35% on Java dataset, which performs better than existing methods.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124248710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Understanding and Mitigating Label Bias in Malware Classification: An Empirical Study 理解和减轻恶意软件分类中的标签偏差:一项实证研究
Jia Yan, Xiangkun Jia, Lingyun Ying, Purui Su
{"title":"Understanding and Mitigating Label Bias in Malware Classification: An Empirical Study","authors":"Jia Yan, Xiangkun Jia, Lingyun Ying, Purui Su","doi":"10.1109/QRS57517.2022.00057","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00057","url":null,"abstract":"Machine learning techniques are promising for malware classification, but there is a neglected problem of label bias in the annotation process which decreases the performance in practice. To understand the label bias problems and existing solutions, we conduct an empirical study based on two Portable Executable (PE) malware sample datasets (i.e., open-sourced BODMAS with 52,793 samples and a new collected MAIN dataset of 153,811 samples), and 67 anti-virus engines in VirusTotal. We first show the two ways of label bias problems, including chaotic naming rules and annotation inconsistency. Then we present the effects of two solutions (i.e., electing one reputable AV engine and aggregating multiple labels based on majority voting) and find they face the problems of feature preference and engine independence. Finally, we propose some recommendations for improvements and get a 7.79% increase in the F1 score (i.e., from 84.83% to 92.62%). The dataset will be open-source for further study.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121211792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Salus: A Novel Data-Driven Monitor that Enables Real-Time Safety in Autonomous Driving Systems Salus:一种新型数据驱动监视器,可实现自动驾驶系统的实时安全
Bohan Zhang, Yafan Huang, Guanpeng Li
{"title":"Salus: A Novel Data-Driven Monitor that Enables Real-Time Safety in Autonomous Driving Systems","authors":"Bohan Zhang, Yafan Huang, Guanpeng Li","doi":"10.1109/QRS57517.2022.00019","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00019","url":null,"abstract":"This paper proposes Salus, a data-driven real-time safety monitor, that detects and mitigates safety violations of an autonomous vehicle (AV). The key insight is that traffic situations that lead to AV safety violations fall into patterns and can be identified by learning from the safety violations of the AV. Our approach is to use machine learning (ML) techniques to model the traffic behaviors that result in safety violations in the AV, characterize their early symptoms for training a preemptive model, hence deploy and detect real-time safety violations before the actual crashes happen to the AV. In order to train our ML model, we leverage a pipeline of fuzzing techniques to tailor AV-specific safety violation symptoms and generate the training data via data argumentation techniques. Our evaluation demonstrates our proposed technique is effective in reducing over 97.2% of safety violations in industry-level autonomous driving systems, such as Baidu Apollo, with no more than 0.018 false positive values.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132468803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Assessing the Quality of Low-Code and Model-Driven Engineering Platforms for Engineering IoT Systems 评估工程物联网系统的低代码和模型驱动工程平台的质量
Felicien Ihirwe, Davide Di Ruscio, Simone Gianfranceschi, A. Pierantonio
{"title":"Assessing the Quality of Low-Code and Model-Driven Engineering Platforms for Engineering IoT Systems","authors":"Felicien Ihirwe, Davide Di Ruscio, Simone Gianfranceschi, A. Pierantonio","doi":"10.1109/QRS57517.2022.00065","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00065","url":null,"abstract":"Over the last few years, industry and academia have proposed several Low-Code and Model-driven Engineering (MDE) platforms to ease the engineering process of the Internet of things (IoT) systems. However, deciding whether such engineering platforms meet the minimum required software quality standards is not straightforward. Software quality can be defined as the degree to which a software system achieves its intended goal. Various software quality standards have been established to aid in the software quality assessment process; however, due to the nature of engineering IoT platforms, such models may not entirely suit the IoT domain. This paper presents a model for assessing the software quality of Low-Code and MDE platforms for engineering IoT platforms. The proposed software quality model is based on and extends the ISO/IEC 25010:2011 software product quality model standard. It is intended to assist IoT practitioners in assessing and establishing quality requirements for engineering IoT platforms. To determine the effectiveness of the proposed model, we used it to evaluate the quality of 17 IoT engineering platforms, and the results obtained are promising.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130177314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Identity Authentication Strategy of Mobile Crowd Sensing based on CFL 基于CFL的移动人群感知身份认证策略
Lin Wang, F. Li, Yunfei Xie, Leyi Shi
{"title":"Identity Authentication Strategy of Mobile Crowd Sensing based on CFL","authors":"Lin Wang, F. Li, Yunfei Xie, Leyi Shi","doi":"10.1109/QRS57517.2022.00024","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00024","url":null,"abstract":"In order to protect information privacy and ensure user information security, in view of the obvious centralization of the existing identity authentication technologies such as Public Key Infrastructure(PKI) and Identity-Based Encrypted(IBE), this paper proposes an efficient authentication strategy that applies Cryptography Fundamental Logics(CFL) identity authentication technology to Mobile Crowd Sensing(MCS) system, which can complete the authentication between Task Publisher, Cluster Head and Task Participant without the participation of a third-party center. Firstly, this paper introduces to use CFL technology to solve the problem of identity authentication relying on the central server; Secondly, an algorithm combined with MCS system is proposed to solve the decentralization of authentication process; Finally, the Average System Response Time and System Throughput of the three technologies are obtained through simulation experiments, analyzed and compared. The result shows that: this strategy has obvious advantages, it can faster and more secure the identity authentication.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134327702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Comprehensive Analysis of NVD Concurrency Vulnerabilities NVD并发性漏洞综合分析
Lili Bo, Xing Meng, Xiaobing Sun, Jingli Xia, Xiaoxue Wu
{"title":"A Comprehensive Analysis of NVD Concurrency Vulnerabilities","authors":"Lili Bo, Xing Meng, Xiaobing Sun, Jingli Xia, Xiaoxue Wu","doi":"10.1109/QRS57517.2022.00012","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00012","url":null,"abstract":"Concurrency vulnerabilities caused by synchronization problems will occur in the execution of multi-threaded programs, and the emergence of concurrency vulnerabilities often cause great threats to the system. Once the concurrency vulnerabilities are exploited, the system will suffer various attacks, seriously affecting its availability, confidentiality and security. In this paper, we extract 839 concurrency vulnerabilities from Common Vulnerabilities and Exposures (CVE), and conduct a comprehensive analysis of the trend, classifications, causes, severity, and impact. Finally, we obtained some findings: 1) From 1999 to 2021, the number of concurrency vulnerabilities disclosures show an overall upward trend. 2) In the distribution of concurrency vulnerability, race condition accounts for the largest proportion. 3) The overall severity of concurrency vulnerabilities is medium risk. 4) The number of concurrency vulnerabilities that can be exploited for local access and network access is almost equal, and nearly half of the concurrency vulnerabilities (377/839) can be accessed remotely. 5) The access complexity of 571 concurrency vulnerabilities is medium, and the number of concurrency vulnerabilities with high or low access complexity is almost equal. The results obtained through the empirical study can provide more support and guidance for research in the field of concurrency vulnerabilities.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131295179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
QRS 2022 Keynote Speech qrs2022主题演讲
{"title":"QRS 2022 Keynote Speech","authors":"","doi":"10.1109/qrs57517.2022.00010","DOIUrl":"https://doi.org/10.1109/qrs57517.2022.00010","url":null,"abstract":"","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124339741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信