发布求助
文献互助 智能选刊 最新文献

2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)最新文献

筛选
英文 中文
Parameter Description Generation with the Code Parameter Flow 参数说明使用代码参数流生成
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00093
Qiuyuan Chen, Zezhou Yang, Zhongxin Liu, Shanping Li, Cuiyun Gao
{"title":"Parameter Description Generation with the Code Parameter Flow","authors":"Qiuyuan Chen, Zezhou Yang, Zhongxin Liu, Shanping Li, Cuiyun Gao","doi":"10.1109/QRS57517.2022.00093","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00093","url":null,"abstract":"Prior study shows that comprehending parameters can help developers understand the code’s critical information (e.g., the argument) and enhance the comprehension of the functionality. However, commenting parameter is often ignored in practice. For example, a statistic of 18 popular open-source projects shows the ratio of methods with one or more parameters but lacking \"@param\" comment ranges from 31% to 97%, indicating the necessity of parameter comments.To fill this gap, we propose ParamDesGen to generate a descriptive code comment (description) for each parameter given a method with one or more formal parameters. ParamDesGen consists of (1) a code analysis component to identify the Parameter Flow and extract \"parameter-related code parts\" and (2) a machine-learning component to generate parameter comments. We build a large-scale dataset for the task and perform experiments on it to evaluate ParamDesGen. The evaluation results show that the proposed approach substantially outperforms the baselines in terms of BLEU-4 scores (22.54 absolute improvement and 138.79% relative improvement) and ROUGE-L scores (3.12 absolute improvement and 5.90% relative improvement). We further perform ablation experiments to prove the effectiveness of the Parameter Flow.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115836376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Quantity-Simulation-Analysis Method based Novel RSA Timing Attack Algorithm for Single-Chip Microcomputer Platform 基于数量仿真分析方法的新型单片机平台RSA定时攻击算法
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00106
Cong Li, Qiang Han, T. Zhang, Bingbing Lei, Yu He
{"title":"Quantity-Simulation-Analysis Method based Novel RSA Timing Attack Algorithm for Single-Chip Microcomputer Platform","authors":"Cong Li, Qiang Han, T. Zhang, Bingbing Lei, Yu He","doi":"10.1109/QRS57517.2022.00106","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00106","url":null,"abstract":"There are limitations in storage and computational capacity on the single-chip microcomputer platform under the secure edge computing paradigm. A higher success rate is possible via collecting sensitive information on the time side channel by multivariate statistical analysis to crack the RSA private key when attackers decrypt ciphertexts. We proposed a quantity-simulation-analysis (QSA) method to construct Markov model for RSA timing attack tasks, which firstly quantizes the decrypt process to obtain the time-consuming characteristics, then simulates the machine instruction cycles through parallel computing to analyze Markov model with more precise state transition matrix. On this basis, a novel timing attack algorithm with fuzzy clustering state transition probability matrix of the higher order Markov model on different step sizes is proposed, compared with some algorithms from other literatures taking an exhaustive search attack algorithm as a benchmark. Experimental results show that the algorithm achieves better results in terms of success rate.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129380604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Detection Method for Scarcity Defect of Blockchain Digital Asset based on Invariant Analysis 基于不变量分析的区块链数字资产稀缺性缺陷检测方法
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00018
Jin-lei Sun, Song Huang, Xingya Wang, Meijuan Wang, Jinhu Du
{"title":"A Detection Method for Scarcity Defect of Blockchain Digital Asset based on Invariant Analysis","authors":"Jin-lei Sun, Song Huang, Xingya Wang, Meijuan Wang, Jinhu Du","doi":"10.1109/QRS57517.2022.00018","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00018","url":null,"abstract":"Blockchain Digital Assets (BDAs) are intangible assets issued based on blockchain, providing a new paradigm for managing digital assets. Smart contracts are programs running on the blockchain and enhance the flexibility of BDA in a programmable way. However, scarcity defects in smart contracts can lead to abnormal changes in the number of BDA and affect their worth. Software invariants are logical assertions that a program fragment needs to remain faithful during execution and work well in defect detection. This paper studies the scarcity defect detection method of smart contract digital assets based on invariant analysis for the first time. First, we point out eight scarcity defects in three categories and describe their examples. Next, we propose two invariants—transfer invariant and swap invariant—that should be maintained in digital assets’ management and transaction process. Then, we use the two invariants as test oracles and propose an oracle-based method to detect scarcity defects in smart contract. Finally, we evaluate the proposed method on a real-world smart contract dataset. The experimental results show that our method can effectively detect scarcity defects in smart contracts and improve the scarcity defect detection capability of existing smart contract testing tools.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129544395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Building Safe and Stable DNN Controllers using Deep Reinforcement Learning and Deep Imitation Learning 利用深度强化学习和深度模仿学习构建安全稳定的DNN控制器
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00083
Xudong He
{"title":"Building Safe and Stable DNN Controllers using Deep Reinforcement Learning and Deep Imitation Learning","authors":"Xudong He","doi":"10.1109/QRS57517.2022.00083","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00083","url":null,"abstract":"Cyber-physical systems (CPSs) with controllers built using deep neural nets and reinforcement learning (DRL) have become increasingly used in the functioning of our society. How to assure the correctness such as the safety and stability of these DNN controllers is extremely important and remains a major research challenge. This paper presents an approach to build safe and stable DNN controllers using DRL and deep imitation learning (DIL). An initial DNN controller is built using DRL, which is used to bootstrap a behavior preserving target DNN controller with safety and stability guarantees via DIL. We have applied this approach in successfully building safe and stable DNN controllers of a simplified airplane pitch control system.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131338804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Cast Away: On the Security of DLNA Deployments in the SmartTV Ecosystem 抛弃:关于智能电视生态系统中DLNA部署的安全性
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00021
Guangwei Tian, Jiongyi Chen, Kailun Yan, S. Yang, Wenrui Diao
{"title":"Cast Away: On the Security of DLNA Deployments in the SmartTV Ecosystem","authors":"Guangwei Tian, Jiongyi Chen, Kailun Yan, S. Yang, Wenrui Diao","doi":"10.1109/QRS57517.2022.00021","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00021","url":null,"abstract":"The casting service on SmartTV has been increasingly used for home entertainment and business, given the convenience offered in media broadcast and screen sharing. Among the underlying protocols that support TV cast, DLNA (Digital Living Networking Alliance) – established by a group of tech giants – has become a prevailing standard in the consumer market. Although DLNA has launched the market for years, concerns may arise about whether its real-world deployment has been clearly understood.In this work, we systematically evaluate the security of DLNA deployments in the SmartTV ecosystem. Specifically, we identify a series of critical security issues in the interactions between SmartTVs and casting apps on the smartphone, ranging from non-mandatory encryption to unauthorized file access. The identified security risks can be exploited by a malicious app on the victim’s phone, without requesting sensitive permissions, to launch multiple attacks, including arbitrary command execution, data theft, MITM (man-in-the-middle) attack, and DoS (denial-of-service) attack. To measure the impact of the identified security issues, we designed semi-automated analysis solutions to facilitate the measurements and conducted real-world experiments on 10 on-shelf TV boxes. The results show that most DLNA implementations of products and apps in the wild are insecure. In the end, we provide immediate improvement solutions to mitigate the identified security issues.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121995360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Test Reuse based on Adaptive Semantic Matching across Android Mobile Applications 基于Android移动应用自适应语义匹配的测试重用
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00076
Shuqi Liu, Yu Zhou, Tingting Han, Taolue Chen
{"title":"Test Reuse based on Adaptive Semantic Matching across Android Mobile Applications","authors":"Shuqi Liu, Yu Zhou, Tingting Han, Taolue Chen","doi":"10.1109/QRS57517.2022.00076","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00076","url":null,"abstract":"Automatic test generation can help verify and develop the behavior of mobile applications. Test reuse based on semantic similarities between applications of the same category has been utilized to reduce the manual effort of Graphical User Interface (GUI) testing. However, most of the existing studies fail to solve the semantic problem of event matching, which leads to the failure of test reuse. To overcome this challenge, we propose TRASM (Test Reuse based on Adaptive Semantic Matching), a test reuse approach based on adaptive strategies to find a better event matching across android mobile applications. TRASM first performs GUI events deduplication on the initial test set obtained from test generation, and then employs an adaptive strategy to find better event matching, which enables reusing the existing test. Preliminary experiments with comparison to baseline methods on 15 applications demonstrate that TRASM can improve the precision of GUI event matching while reducing the failure of test reuse and the running time required for test reuse.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121260418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
A Novel Approach for Bounded Model Checking Through Full Parallelism 一种基于全并行的有界模型检验新方法
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00046
Debao Sang, Jing Liu, Haiying Sun, Jin Xu, Jiexiang Kang
{"title":"A Novel Approach for Bounded Model Checking Through Full Parallelism","authors":"Debao Sang, Jing Liu, Haiying Sun, Jin Xu, Jiexiang Kang","doi":"10.1109/QRS57517.2022.00046","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00046","url":null,"abstract":"Bounded Model Checking (BMC) has been found promising in finding deep vulnerabilities in industry designs and scaling well with design sizes. However, the parallelisation of BMC is challenging, due to the propositional satisfiability (SAT) problem and satisfiability modulo theories problem solving being hard to parallelise. In this paper, we propose a novel approach to perform BMC based on the mathematical model of probe machine, which is the first approach to employ probe machine to accelerate BMC, particularly it can solve SAT formulas in full parallel. We introduce the workflow of the algorithm and explain in detail the process of mapping BMC to the probe machine. A method is provided to prove the correctness of the algorithm and to analyze its time complexity. We develop a model checker called BMC2PROBE based on our approach and explain the framework and memory management of the tool. The experiment results are discussed, which prove the feasibility and effectiveness of our approach.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129048825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Comprehensiveness, Automation and Lifecycle: A New Perspective for Rust Security 全面、自动化和生命周期:Rust安全的新视角
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00102
Shuang Hu, Baojian Hua, Yang Wang
{"title":"Comprehensiveness, Automation and Lifecycle: A New Perspective for Rust Security","authors":"Shuang Hu, Baojian Hua, Yang Wang","doi":"10.1109/QRS57517.2022.00102","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00102","url":null,"abstract":"Rust is an emerging programming language designed for secure system programming that provides both security guarantees and runtime efficiency and has been increasingly used to build software infrastructures such as OS kernels, web browsers, databases, and blockchains. To support arbitrary low-level programming and to provide more flexibility, Rust introduced the unsafe feature, which may lead to security issues such as memory or concurrency vulnerabilities. Although there have been a significant number of studies on Rust security utilizing diverse techniques such as program analysis, fuzzing, privilege separation, and formal verification, existing studies suffer from three problems: 1) they only partially solve specific security issues but lack comprehensiveness; 2) most of them require manual interventions or annotations thus are not automated; and 3) they only cover a specific phase instead of the full lifecycle.In this perspective paper, we first survey current research progress on Rust security from 5 aspects, namely, empirical studies, vulnerability prevention, vulnerability detection, vulnerability rectification, and formal verification, and note the limitations of current studies. Then, we point out key challenges for Rust security. Finally, we offer our vision of a Rust security infrastructure guided by three principles: Comprehensiveness, Automation, and Lifecycle (CAL). Our work intends to promote the Rust security studies by proposing new research challenges and future research directions.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131031294","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Generating Abstract Test Cases from User Requirements using MDSE and NLP 使用MDSE和NLP从用户需求生成抽象测试用例
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00080
Sai Chaithra Allala, Juan P. Sotomayor, D. Santiago, Tariq M. King, Peter J. Clarke
{"title":"Generating Abstract Test Cases from User Requirements using MDSE and NLP","authors":"Sai Chaithra Allala, Juan P. Sotomayor, D. Santiago, Tariq M. King, Peter J. Clarke","doi":"10.1109/QRS57517.2022.00080","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00080","url":null,"abstract":"Model-driven software engineering (MDSE) has emerged as a popular and commonly used method for designing software systems in which models are the primary development artifact over the last decade. MDSE has resulted in the trend toward further automating the software process. However, the generation of test cases from user requirements still lags in reaching the required level of automation. Given that most user requirements are written in natural language, the recent advances in natural language processing (NLP) provide an opportunity to further automate the test generation process.In this paper, we exploit the advances in MDSE and NLP to generate abstract test cases from user requirements written in structured natural language and the respective data model. We accomplish this by creating meta-models for user requirements and abstract test cases and defining the appropriate transformation rules. To support this transformation, helper methods are defined to extract the relevant information from user requirements related to testing. To show the feasibility of the approach, we developed a prototype and conducted a case study with use cases and test cases from a Payroll Management System.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131871328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DeepRTest: A Vulnerability-Guided Robustness Testing and Enhancement Framework for Deep Neural Networks Deep - test:一个基于漏洞的深度神经网络鲁棒性测试和增强框架
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2022-12-01 DOI: 10.1109/QRS57517.2022.00081
Minghao Yang, Shunkun Yang, Wenda Wu
{"title":"DeepRTest: A Vulnerability-Guided Robustness Testing and Enhancement Framework for Deep Neural Networks","authors":"Minghao Yang, Shunkun Yang, Wenda Wu","doi":"10.1109/QRS57517.2022.00081","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00081","url":null,"abstract":"Effective testing methods have been proposed to verify the reliability and robustness of Deep Neural Networks (DNNs). However, enhancing their adversarial robustness against various attacks and perturbations through testing remains a key issue for their further applications. Therefore, we propose DeepRTest, a white-box testing framework for DNNs guided by vulnerability to effectively test and improve the adversarial robustness of DNNs. Specifically, the test input generation algorithm based on joint optimization fully induces the misclassification of DNNs. The generated high neuron coverage inputs near classification boundaries expose vulnerabilities to test adversarial robustness comprehensively. Then, retraining based on the generated inputs effectively optimize the classification boundaries and fix the vulnerabilities to improve the adversarial robustness against perturbations. The experimental results indicate that DeepRTest achieved higher neuron coverage and classification accuracy than baseline methods. Moreover, DeepRTest could improve the adversarial robustness by 39% on average, which was 12.56% higher than other methods.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133478925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信