发布求助
文献互助 智能选刊 最新文献

2013 IEEE Seventh International Conference on Software Security and Reliability Companion最新文献

筛选
英文 中文
Multiple-Bug Oriented Fault Localization: A Parameter-Based Combination Approach 面向多bug的故障定位:一种基于参数的组合方法
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.18
Zheng Wei, Bai Han
{"title":"Multiple-Bug Oriented Fault Localization: A Parameter-Based Combination Approach","authors":"Zheng Wei, Bai Han","doi":"10.1109/SERE-C.2013.18","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.18","url":null,"abstract":"To improve the efficiency of localization technique, a parameter combination approach to direct multiple faults localization is proposed in this paper. We consider bisection methods as clustering rules to partition failed test cases into smaller fault-focused clusters with different kinds of combinations. Correlation coefficient can be a tolerance to accept or reject that one cluster aims at specific faults. A statistical approach, a cross tab-based technique will be adopted to help find each bug in a code block soon after. An efficiency comparison between parameter-based technique and Tarantula (using one-bug-at-a-time strategy) on the Siemens Suite will be carried out. The result in this paper implies that more bugs a program contains, more efficient Parameter-Based Combination technique (hereafter referred to as PBC) is. That means PBC has a better performance in multiple faults localization field.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134038557","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Data Race Detection for Interrupt-Driven Programs via Bounded Model Checking 基于有界模型检查的中断驱动程序的数据竞争检测
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.33
Xueguang Wu, Yanjun Wen, Liqian Chen, Wei Dong, Ji Wang
{"title":"Data Race Detection for Interrupt-Driven Programs via Bounded Model Checking","authors":"Xueguang Wu, Yanjun Wen, Liqian Chen, Wei Dong, Ji Wang","doi":"10.1109/SERE-C.2013.33","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.33","url":null,"abstract":"In Cyber-Physical Systems with interrupt mechanism, interrupts may cause unexpected interleaving executions and even wrong execution results. A kind of frequently occurred errors are caused by data race. We present an approach under the framework of bounded model checking (BMC) to detect data race for interrupt driven programs. The key idea is to automatically serialize a concurrent interrupt driven program as a non-deterministic sequential program, whose possible execution set includes all the possible executions of the interrupt driven program. Moreover, our approach checks data race in the sequential program and collects all the path condition of the data race location. On this basis, we leverage bounded model checking to convert all the path conditions into SMT formulae. Furthermore, our analysis uses a decision procedure to determine whether the formula is satisfiable, from which the analysis eliminates false alarms which can't occur in real concurrent executions. A prototype based on CBMC is implemented and preliminary experimental results are encouraging.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"103 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124860599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 23
A Practical Model for Rating Software Security 一个实用的软件安全评价模型
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.11
Haiyun Xu, Jeroen Heijmans, Joost Visser
{"title":"A Practical Model for Rating Software Security","authors":"Haiyun Xu, Jeroen Heijmans, Joost Visser","doi":"10.1109/SERE-C.2013.11","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.11","url":null,"abstract":"This paper introduces a model for rating software security based on the ISO 25010 standard for software product quality. To rate software security, the authors define eleven system properties, which reflect how a typical software product addresses the confidentiality, integrity, non-repudiation, accountability and authenticity. The paper presents these properties, how to rate them, and how to aggregate the ratings.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126634377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Hierarchal Identity Based Socket for Datacenters 数据中心基于层次标识的套接字
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.26
Tarun Sen, S. K. Peddoju
{"title":"Hierarchal Identity Based Socket for Datacenters","authors":"Tarun Sen, S. K. Peddoju","doi":"10.1109/SERE-C.2013.26","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.26","url":null,"abstract":"Now a days more and more companies are moving towards cloud computing, there are several services provided by them. But at the same time there are several security issues. Secure Socket Layer (SSL) key generation and distribution can not cope with the scale of the cloud data center also the authentication is slow. The other security solution is Kerberos which is not scalable. Identity based cryptography has several features which make it useful in cloud computing data center. In this paper a prototype framework for Hierarchal Identity Based Socket has been developed. It provides all cryptographic capabilities from key generation, key distribution, encryption, signature and authentication. For providing a certificate free mutual authentication and data confidentiality an Identity Based Cryptography (IBC) based secure socket has been developed. These sockets can be used in place of traditional SSL based sockets. This project is developed and tested with Java. Since pairing based cryptography is faster than asymmetric cryptography and there is no need of certificates in Hierarchal Identity Based Cryptography (HIBC) authentication, encryption and verification time are linear and decryption and signature time is nearly constant, we can say that our system will well fit for cloud computing Datacenter.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122242681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Categorical Approach for Modeling and Verifying Dynamic Software Architecture 动态软件体系结构建模与验证的分类方法
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.38
Xiang Ling
{"title":"A Categorical Approach for Modeling and Verifying Dynamic Software Architecture","authors":"Xiang Ling","doi":"10.1109/SERE-C.2013.38","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.38","url":null,"abstract":"The dynamism in Software Architecture, also known as dynamic software architecture, is defined as the description of a system's structural evolution as execution progresses. It brings the challenge to the system's specification to incorporate the dynamic evolution patterns, as well as the verification of the system's properties. Community is an Architecture Description Language built on coordination principles and a categorical framework to support the composition of specifications of components to form the system's specification. However, an important problem of Community is the lack of support for specifying the system's architectural changes in both the set of components and the connections between them. This paper presents an extension of Community to support the specification of the dynamism in component-based systems. The categorical approach and architectural design principles supported by the language are illustrated through the design of a fault-tolerant, dynamic client-server system, from which some of the system's properties can be verified.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"13 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133170569","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing Vulcloud:云计算中的可扩展和混合漏洞检测
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.17
Jingzheng Wu, Y. Wu, Zhifei Wu, Mutian Yang, Yongji Wang
{"title":"Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing","authors":"Jingzheng Wu, Y. Wu, Zhifei Wu, Mutian Yang, Yongji Wang","doi":"10.1109/SERE-C.2013.17","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.17","url":null,"abstract":"Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125000933","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Evaluation of Random Projection for Malware Classification 随机投影对恶意软件分类的评价
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.29
S. Ponomarev, Jan Durand, Nathan Wallace, T. Atkison
{"title":"Evaluation of Random Projection for Malware Classification","authors":"S. Ponomarev, Jan Durand, Nathan Wallace, T. Atkison","doi":"10.1109/SERE-C.2013.29","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.29","url":null,"abstract":"Research efforts to develop malicious application detection algorithms have been a priority ever since the discovery of the first \"viruses\". Various methods are used to search and identify these malicious applications. One such method, n-gram analysis, can be implemented to extract features from binary files. These features are then be used by machine learning algorithms to classify them as malicious or benign. However, the resulting high dimensionality of the features makes accurate detection in some cases impossible. This is known as \"the curse of dimensionality\". To counteract this effect, a feature reduction technique known as randomized projection was implemented. Through this reduction, not only are classification times decreased but also an increase in true positive and decreases false positive rates are observed. By varying the n-gram size and target feature size it is possible to fine-tune the accuracy of machine learning algorithms to reach an average accuracy of 99%.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114523989","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
PHP+MySQL Based Online Examination System with Power Failure Handling and Dropbox Capability 基于PHP+MySQL的在线考试系统,具有停电处理和Dropbox功能
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.27
Afzaal Ahmad, Noor Ullah Khan, A. Abbas
{"title":"PHP+MySQL Based Online Examination System with Power Failure Handling and Dropbox Capability","authors":"Afzaal Ahmad, Noor Ullah Khan, A. Abbas","doi":"10.1109/SERE-C.2013.27","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.27","url":null,"abstract":"This paper presents the development of PHP and MySQL based online examination system with power failure handling and drop box capability. To the best of author's knowledge these shortcomings were not properly addressed in the previous systems developed in PHP and MySQL. Power failure is an important factor that directly affects the efficiency of the online examination system in most of the developing countries of the world and made the systems unreliable. Therefore, the proposed system resumed from same status where it was stopped due to power failure. The second shortcoming that is addressed in this system is of rigidness of online examination system for students, by introducing drop box capability, to put ambiguous questions to the drop box and attempt these whenever student wants from drop box. These capabilities make the proposed online examination system user-friendly, reliable and natural.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129979103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data HyperVerify:虚拟机辅助架构,用于监控虚拟机非控制数据
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.20
Baozeng Ding, Yeping He, Y. Wu, Yuqi Lin
{"title":"HyperVerify: A VM-assisted Architecture for Monitoring Hypervisor Non-control Data","authors":"Baozeng Ding, Yeping He, Y. Wu, Yuqi Lin","doi":"10.1109/SERE-C.2013.20","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.20","url":null,"abstract":"Continuing bug reports and exploits in hyper visors indicate that hyper visors face similar integrity threats as tradition software. Previous approaches to protect a hyper visor that utilize hardware features are not easy to be extended. Besides, they mainly focus on code or control data integrity, without pay much attention to protecting non-control data. In this paper, we present Hyper Verify, a novel architecture to monitor hyper visor non-control data using a trusted VM. Since a VM cannot directly access a hyper visor's memory, Hyper Verify programs a popular device driver to read the hyper visor's hardware state in the trusted VM. Then a memory analysis library is used to translate the low-level hardware state into the high level hyper visor context. Several monitoring processes use such context to monitor hyper visor non-control data integrity. Each of the processes is responsible for monitoring one kind of non-control data. It is flexible for Hyper Verify to support monitoring new kinds of data structure. The experimental evaluation of our prototype shows that Hyper Verify incurs at most 4% performance overhead to end users.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"6 11","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121001300","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Forced-Path Execution for Android Applications on x86 Platforms x86平台上Android应用程序的强制路径执行
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.36
Ryan V. Johnson, A. Stavrou
{"title":"Forced-Path Execution for Android Applications on x86 Platforms","authors":"Ryan V. Johnson, A. Stavrou","doi":"10.1109/SERE-C.2013.36","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.36","url":null,"abstract":"We present a code analysis framework that performs scalable forced-path execution of Android applications in commodity hardware. Our goal is to reveal the full application functional behavior for large commercial applications without access to source code. We do so by identifying code blocks and API calls that are deemed sensitive and provide a security report to an analyst regarding the functionality of the Android application that is under inspection. We show that our approach is scalable by allowing for the execution of each software component by numerous instances of execution modules. Each execution instance exercises a different code path through the application call-graph leading to full code and state space coverage and exposing any hidden or unwanted functionality. The output is a list of API calls, parameter values, component call graphs, and control flow graphs. We show how this can be leveraged for automated policy enforcement of runtime functionality.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"178 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121277564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信