发布求助
文献互助 智能选刊 最新文献

2013 IEEE Seventh International Conference on Software Security and Reliability Companion最新文献

筛选
英文 中文
Supporting Automatic Code Review via Design 通过设计支持自动代码审查
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.37
Jiantao He, Linzhang Wang, Jianhua Zhao
{"title":"Supporting Automatic Code Review via Design","authors":"Jiantao He, Linzhang Wang, Jianhua Zhao","doi":"10.1109/SERE-C.2013.37","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.37","url":null,"abstract":"Code review is a very important means to ensure the quality of code in practice. It has been widely used in industry since it was proposed. Nowadays code review is still mainly done by manual work in industry. However, increasing scale of the software challenges manual reviewing. So automating the code review process is highly desired. Design patterns are a set of summaries of code design experiences that are widely used repeatedly, and well classified. Programmers need to correctly implement code based on design patterns. To ensure that the code is implemented as expected, this paper proposes an approach to automatically review code in the view of specified design patterns. Firstly, we identify the design patterns that are specified in the design models. Second, we construct a set of review rules by extracting design constraints from identified design patterns. Last, the code is checked against the generated review rules, and inconsistencies are reported as result. A supporting tool was developed, and two experiments were conducted to demonstrate the applicability of our approach.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114954046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Behavioral Analysis of Android Applications Using Automated Instrumentation 使用自动化仪器的Android应用程序行为分析
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.35
Mohammad Karami, Mohamed Elsabagh, Parnian Najafiborazjani, A. Stavrou
{"title":"Behavioral Analysis of Android Applications Using Automated Instrumentation","authors":"Mohammad Karami, Mohamed Elsabagh, Parnian Najafiborazjani, A. Stavrou","doi":"10.1109/SERE-C.2013.35","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.35","url":null,"abstract":"Google's Android operating system has become one the most popular operating system for hand-held devices. Dueto its ubiquitous use, open source nature and wide-spread popularity, it has become the target of recent mobile malware. In this paper, we present our efforts on effective security inspection mechanisms for identification of malicious applications for Android mobile applications. To achieve that, we developed a comprehensive software inspection framework. Moreover, to identify potential software reliability flaws and to triggermalware, we develop a transparent instrumentation system for automating user interactions with an Android application that does not require source code. Additionally, for run-time behavior analysis of an application, we monitor the I/O system calls generated the by application under monitoring to the underlying Linux kernel. As a case study, we present two Android malware samples found in the wild to experimentally evaluate the applicability of our proposed system for uncovering potential malicious activities.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126296179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
Reliability Models Applied to Mobile Applications 应用于移动应用的可靠性模型
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.30
Sonia Meskini, A. B. Nassif, Luiz Fernando Capretz
{"title":"Reliability Models Applied to Mobile Applications","authors":"Sonia Meskini, A. B. Nassif, Luiz Fernando Capretz","doi":"10.1109/SERE-C.2013.30","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.30","url":null,"abstract":"Smart phones have become the most used electronic devices. They carried out most of the functionalities of desktops, allowing various useful applications that suit the users' needs. Therefore, instead of the operator, the user has become the number one controller of the device and its applications and thus its reliability becomes an emergent need. We aim to investigate and evaluate the efficacy of Software Reliability Growth Models (SRGMs) when applied to Smart phone application failure data and check whether they achieve the same success as in the desktop/laptop area. We selected three of the most used SRGMs and applied them to three different Smart phone applications. None of the selected models were able to account for the data satisfactorily. Their failure is traced back to the specific features of mobile applications compared to desktop applications. Thus, a suitable model for Smart phone applications is still needed to improve their reliability.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130888482","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Automating Service Availability Analysis: An Application to a Highly Available Media-Streaming Service 自动化服务可用性分析:一个高可用性流媒体服务的应用
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.28
A. Kanso, M. Toeroe, F. Khendek
{"title":"Automating Service Availability Analysis: An Application to a Highly Available Media-Streaming Service","authors":"A. Kanso, M. Toeroe, F. Khendek","doi":"10.1109/SERE-C.2013.28","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.28","url":null,"abstract":"Service availability is an important aspect of service provisioning. To ensure end-to-end quality, system integrators need to build systems that satisfy quality of service requirements including high-availability. By using specialized middleware, system integrators can incorporate high availability features into their applications, thus rendering the service provisioning fault tolerant. Quantifying service availability at the system design/integration time is a challenging task considering the complexity of the availability management. In this paper we discuss a method that automates the availability analysis of middleware managed services based on the standard behavior of the middleware, while taking into consideration the various system dependencies. We illustrate our approach on a media streaming application.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126077325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Designing an Enterprise Security Strategy for Mobile Intranet Access 企业移动内网接入安全策略设计
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.14
Matthias Trojahn, F. Ortmeier
{"title":"Designing an Enterprise Security Strategy for Mobile Intranet Access","authors":"Matthias Trojahn, F. Ortmeier","doi":"10.1109/SERE-C.2013.14","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.14","url":null,"abstract":"Modern IT allows new markets and business process for many enterprises. One aspect is that new networks tolerate intranet access from almost any location. Some examples include completing health insurance contracts online at the customer or supporting a maintenance team with company expertise while working at customers. However, the increasing mobility of employees brings also high risk from a security point of view. This paper presents a decision support strategy for enterprises to decide on their security strategy for dealing with mobile intranet access. The paper only focuses on user authentication methods. Security protocols and encryption are - of course - needed but not in scope of this paper. The core idea is to derive generic scenarios and requirements for mobile intranet access which can be weighted to represent the needs of a specific company. Optimal solutions can be found by analyzing the model. The output is a rated ranking of different authentication techniques for the company.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134067038","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Robust and Efficient Covert Channel Communications in Operating Systems: Design, Implementation and Evaluation 操作系统中稳健和高效的隐蔽信道通信:设计、实现和评估
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.12
Yuqi Lin, Liping Ding, Jingzheng Wu, Yalong Xie, Yongji Wang
{"title":"Robust and Efficient Covert Channel Communications in Operating Systems: Design, Implementation and Evaluation","authors":"Yuqi Lin, Liping Ding, Jingzheng Wu, Yalong Xie, Yongji Wang","doi":"10.1109/SERE-C.2013.12","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.12","url":null,"abstract":"Covert channel has been studied for years due to its ability to divulge sensitive information in computer systems. Constructing covert communication scenarios is the first step to learn the threat of a channel. There are several challenges in the existing design of covert channel communications: lacking general communicating model description, low transmission accuracy and weak anti-interference ability. In this paper, we explore how to construct robust and efficient covert channel communications in operating systems. Firstly, we design three general covert communicating protocol models: the Basic Protocol (BP), the Two-Channel Transmission Protocol (TCTP) and the Self-Adaptive Protocol (SAP). Then we implement them in Linux operating systems. To simulate real attack scenarios, a toy Trojan program extracting passwords to cooperate with the covert protocols is presented. To identify potential covert channels in Linux kernel, we use Directed Information Flow Graph (DIFG) to analyze the source code and choose last_pid and temporary files channels in our implementation. Finally we evaluate the transmitting rate and accuracy of the three protocols. The results demonstrate that without special protective measures, the TCTP can achieve rather high accuracy and rate (100% and 31bps in our lab). When equipped with some restricting or interfering mechanisms, the SAP can achieve 97% accuracy and 18bps rate. This result reveals that attackers can bypass countermeasures to steal sensitive data from victims by well-designed covert protocols.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114742791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
hGuard: A Framework to Measure Hypervisor Critical Files hGuard:一个衡量Hypervisor关键文件的框架
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.21
Baozeng Ding, Yeping He, Qiming Zhou, Y. Wu, Jingzheng Wu
{"title":"hGuard: A Framework to Measure Hypervisor Critical Files","authors":"Baozeng Ding, Yeping He, Qiming Zhou, Y. Wu, Jingzheng Wu","doi":"10.1109/SERE-C.2013.21","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.21","url":null,"abstract":"Virtualization has been widely adopted in current computer systems. A key part of virtualization is a hyper visor, which virtualizes physical resources to be shared among multiple guest virtual machines (VMs). Configuration files and security policy files used by the hyper visor control VMs' behavior. If these critical files are tampered with, all the VMs that run on the same hyper visor will be affected. This paper presents hGuard, a framework to measure hyper visor critical files. Each time a critical file is updated, its hash is stored into a non-volatile storage of the trusted chip. When a critical file is loaded into memory, a measurement module computes its hash and a validation module checks its integrity by comparing this hash with that stored in the non-volatile storage. Only if they are the same could the files be used and continuous operation will be allowed. The experiment shows that hGuard can detect illegal modification of hyper visor critical files.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"338 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122035191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
The Time/State-based Software-Intensive Systems Failure Mode Researches 基于时间/状态的软件密集型系统故障模式研究
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.32
Xuan Hu, Chun-Hui Yang, Dong Li, Yi Zhu, Mengyue Liu
{"title":"The Time/State-based Software-Intensive Systems Failure Mode Researches","authors":"Xuan Hu, Chun-Hui Yang, Dong Li, Yi Zhu, Mengyue Liu","doi":"10.1109/SERE-C.2013.32","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.32","url":null,"abstract":"Nowadays the application status of Software-Intensive Systems(SISs) introduces a category of system failure caused by unforeseen operation or environment change. Generally speaking this kind of failure can be observed as system emergent behavior or degraded running. Because it relates to both the running time and state, it is called Time/State(TS)-based SISs failure. Moreover it is one of the significant sources of SISs failure. However the related researches are few. This paper presents the life cycle of software-related failure of SISs firstly. Secondly it analyzes the TS-based SISs failure mechanism and establishes the corresponding model. Moreover it introduces the traditional verification methods of SISs. Furthermore it presents the definition, classification and ontology representation of TS-based SISs failure mode. The instance validation shows the existence of TS-based SISs failure and feasibility of detecting the failure by using combined test method primarily. Finally this paper analyzes the problems and prospects the future researches.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130494789","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Concept for Language-Oriented Security Testing 面向语言的安全测试的概念
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.16
Philipp Zech, M. Felderer, Matthias Farwick, R. Breu
{"title":"A Concept for Language-Oriented Security Testing","authors":"Philipp Zech, M. Felderer, Matthias Farwick, R. Breu","doi":"10.1109/SERE-C.2013.16","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.16","url":null,"abstract":"Today's ongoing trend towards intense usage of web service based applications in daily business and everybody's daily life poses new challenges for security testing. Additionally, such applications mostly not execute in their own runtime environment but instead are deployed in some data center, run alongside multiple other applications, and serve different purposes for sundry user domains with diverging security requirements. As a consequence, security testing also has to adapt to be able to meet the necessary requirements for each application in its domain and its specific security requirements. In addition, security testing needs to be feasible for both service providers and consumers. In our paper we identify drawbacks of existing security testing approaches and provide directions for meeting emerging challenges in future security testing approaches. We also introduce and describe the idea of language-oriented security testing, a novel testing approach building upon domain-specific languages and domain knowledge to meet future requirements in security testing.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133224998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems 多域RBAC系统安全互操作特性验证
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.25
Antonios Gouglidis, I. Mavridis, Vincent C. Hu
{"title":"Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems","authors":"Antonios Gouglidis, I. Mavridis, Vincent C. Hu","doi":"10.1109/SERE-C.2013.25","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.25","url":null,"abstract":"The increased complexity of modern access control (AC) systems stems partly from the need to support diverse and multiple administrative domains. Systems engineering is a key technology to manage this complexity since it is capable of assuring that an operational system will adhere to the initial conceptual design and defined requirements. Specifically, the verification stage of an AC system should be based on techniques that have a sound and mathematical underpinning. Working on this assumption, model checking techniques are applied for the verification of predefined system properties, and thus, conducting a security analysis of a system. In this paper, we propose the utilization of automated and error-free model checking techniques for the verification of security properties in multi-domain AC systems. Therefore, we propose a formal definition in temporal logic of four AC system properties regarding secure inter-operation with Role-Based Access Control (RBAC) policies in order to be verified by using model checking. For this purpose, we demonstrate the implementation of a tool chain for expressing RBAC security policies, reasoning on role hierarchies and properly feeding the model checking process. The proposed approach can be applied in any RBAC model to efficiently detect non-conformance between an AC system and its security specifications. As a proof of concept, we provide examples illustrating the verification of the defined secure inter-operation properties in multi-domain RBAC policies.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"397 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114916262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信