发布求助
文献互助 智能选刊 最新文献

2013 IEEE Seventh International Conference on Software Security and Reliability Companion最新文献

筛选
英文 中文
Stability of Software Trustworthiness Measurements Models 软件可信度度量模型的稳定性
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.23
Lewen Zhang, Yong Zhou, Yixiang Chen, Min Zhang, Juyang Zhang
{"title":"Stability of Software Trustworthiness Measurements Models","authors":"Lewen Zhang, Yong Zhou, Yixiang Chen, Min Zhang, Juyang Zhang","doi":"10.1109/SERE-C.2013.23","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.23","url":null,"abstract":"The software trustworthiness is an important feature for the safety and security of cyber-physical system. Therefore, how to assess software trustworthiness is the key issue. Tao has recently given five measurement models of software trustworthiness based on the attributes of software in his Doctoral Dissertation and his publications. After simulating these models with the Monte Carlo method, we find out that these models have a common shortcoming that the trustworthy degree would not be within the same range as the range in which all attributes' values are. In order to solve this problem, this paper introduces the stability rule with which measurement model of software trustworthiness is proposed. According to these rules, this paper proposes two models which are originally based on Tao's models. The succeeding mathematical proof and simulation demonstrate that these models meet all the rules. These two models have been applied to compute the degree of software trustworthiness in the software trustworthy measurement and evaluation tool.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127668681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Preserving User Privacy in Pervasive Environments with a Collaborative Model 用协作模型保护普适环境中的用户隐私
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.31
F. Rahman, Md. Endadul Hoque, Sheikh Iqbal Ahamed, M. A. Alam
{"title":"Preserving User Privacy in Pervasive Environments with a Collaborative Model","authors":"F. Rahman, Md. Endadul Hoque, Sheikh Iqbal Ahamed, M. A. Alam","doi":"10.1109/SERE-C.2013.31","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.31","url":null,"abstract":"Privacy is the most often cited criticism of context awareness in pervasive environments. Context aware pervasive applications have the vulnerabilities of capturing extensive portions of users' activities. Whether such data capture is an actual threat or not, users' perceptions of such possibilities may discourage them from using many useful pervasive applications. So far, in context aware pervasive applications, location data has been the main focus to make users anonymous. However in reality, user anonymity depends on all the privacy sensitive data collected by a particular application. Preserving user privacy or in other words, protecting user anonymity with the help of an anonymizer has the susceptibility of a single point of failure. In this paper, we propose a Formal Collaborative Model (FCM) that preserves users' anonymity without an anonymizer. This model can also quantify the amount of privacy at stake at the time of asking for services from untrustworthy service providers. Since our model can quantify service requester's achieved privacy when a request is going to be placed, it allows the users to be aware of their overall privacy preference situation in a pervasive environment.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132880159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Mobile Application Protection Solution Based on 3G Security Architecture and OpenID 基于3G安全架构和OpenID的移动应用保护解决方案
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.24
Xiang Feng, Yonghe Wu, Xueqiang Yan
{"title":"Mobile Application Protection Solution Based on 3G Security Architecture and OpenID","authors":"Xiang Feng, Yonghe Wu, Xueqiang Yan","doi":"10.1109/SERE-C.2013.24","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.24","url":null,"abstract":"Copyright attacks on mobile application is a critical issue for mobile network operators (MNOs) and application and content providers who have deployed AS. This paper proposes a solution for this issue that leverages 3G security architecture. A trusted mobile software runtime is designed to control the execution of the mobile application. A dynamic Software ID and security key are created and deployed on both the application store and mobile device for authorization of software execution requests and to invoke web services. The Software ID will be updated each time the mobile application is executed and will be stored on the server side. The mobile software protection model, which is protected by a universal integrated circuit card will be stored on the client side. The proposed solution enables a trusted computing environment that leverages the existing resources and capability of mobile network operators for developers and stakeholders. Thus it can prevent several types of mobile application crack issues including redistribution of the application to unauthorized devices, modification of the application, copy application to other devices through cracking the UICC and unauthorized action to obtain web service URLs to consume the web service.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129351792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Of Massive Static Analysis Data 海量静态分析数据
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.10
A. Delaitre, Vadim Okun, E. Fong
{"title":"Of Massive Static Analysis Data","authors":"A. Delaitre, Vadim Okun, E. Fong","doi":"10.1109/SERE-C.2013.10","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.10","url":null,"abstract":"The Software Assurance Metrics and Tool Evaluation (SAMATE) project at the National Institute of Standards and Technology (NIST) has organized four Static Analysis Tool Expositions (SATE). SATE is designed to advance research in static analysis tools that find security-relevant defects in source code. Briefly, participating tool makers run their tools on a set of programs. Researchers led by NIST analyze the tool outputs. The results and experiences are reported at a workshop. These expositions have accumulated large amounts of data. This collection allowed for the development and validation of practical metrics in regard to static analysis tool effectiveness and independence. In this paper, we discuss the role of the data in determining which metrics can be derived. Specifically, we detail the three characteristics test data should exhibit and explain why the data we use express each combination of two out of these three properties.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125590268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A New Security Metric for SOA Implementations SOA实现的新安全度量
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.34
Dave Larson, Jigang Liu
{"title":"A New Security Metric for SOA Implementations","authors":"Dave Larson, Jigang Liu","doi":"10.1109/SERE-C.2013.34","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.34","url":null,"abstract":"Service Oriented Architecture (SOA) is an architectural style used to handle transactions involving money, identity, and other sensitive and valuable information. Web Services that implement an SOA must be secure. This paper will describe the common vulnerabilities of Web Services and SOA and the best practices that should be followed in securing the software behind them, and then a new security metric, XPath Exposure Ratio, for Web Services and SOA implementations is proposed. In addition to the discussion on how to apply the new metric, the advantages of the new security metric are also illustrated.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132602974","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A High Reliable Communication Technology in Electric Vehicle Charging Station 一种高可靠的电动汽车充电站通信技术
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.9
Xiaona Wu, Yunwei Dong, Yongqi Ge, Hong-bing Zhao
{"title":"A High Reliable Communication Technology in Electric Vehicle Charging Station","authors":"Xiaona Wu, Yunwei Dong, Yongqi Ge, Hong-bing Zhao","doi":"10.1109/SERE-C.2013.9","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.9","url":null,"abstract":"Cyber-Physic System (CPS) is a new complex system that is integrations of computation and physical process with many networks and technologies. The communication system in electric vehicle (EV) charging station introduced in this paper consist of data collect terminals, data transmission networks and data processing gateway, so it is a typical application of CPS. Because the reliability of communication is one of the most important factors that will affect reliable execution of the electric vehicle (EV) charging station, we propose a redundant communication mechanism combining the Power Line Carrier (PLC) communication technology and ZIGBEE wireless communication technology to transmit information and analyze the main factors that may affect the reliability of data communication during EV charging process and design different methods in data collection, data transmission and data convergence phase. A reliable mechanism which contains redundant sending, local cache and dynamic network organizing technologies have been implemented to guarantee the reliability of the communication in EV charging system. Furthermore, the technology introduced in this paper also can be implemented in other Cyber-Physic systems to improve communication reliability.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130342575","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Dependability and Software Reuse -- Coupling Them by an Industrial Standard 可靠性和软件重用——用工业标准把它们耦合起来
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.39
F. Belli
{"title":"Dependability and Software Reuse -- Coupling Them by an Industrial Standard","authors":"F. Belli","doi":"10.1109/SERE-C.2013.39","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.39","url":null,"abstract":"Whereas a software component may be perfectly suited to one application, it may prove to cause severe faults in other applications. The pre-standard IEC/PAS 62814 (Dependability of Software Products Containing Reusable Components - Guidance for Functionality and Tests), which has recently been released, addresses the functionality, testing, and dependability of software components to be reused and products that contain software to be used in more than one application. The present paper introduces into this prestandard and give hints how to use it. The author, who chaired its realization that started in 2006, briefly summarizes the difficult process to bring the industrial partners with controversial interests to a consensus.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"73 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127375493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation 防止安全漏洞的对等代码审查:经验评估
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI: 10.1109/SERE-C.2013.22
Amiangshu Bosu, Jeffrey C. Carver
{"title":"Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation","authors":"Amiangshu Bosu, Jeffrey C. Carver","doi":"10.1109/SERE-C.2013.22","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.22","url":null,"abstract":"Peer code review, as an effective quality improvement practice, has also been considered important for reducing security vulnerabilities. There is a lack of empirical evidence to quantify and support this claim. Therefore, we propose a research plan to analyze mature open source projects to gather empirical evidence regarding the relationship between peer code review and security vulnerabilities. As a proof-of-concept, we analyzed the Chromium OS project and found that reviewers identified potential vulnerabilities in 32 review requests.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132843066","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
On a High-Performance and Balanced Method of Hardware Implementation for AES 一种高性能均衡的AES硬件实现方法
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-01 DOI: 10.1109/SERE-C.2013.13
Xiaotao Zhang, Hui Li, Shouwen Yang, Shuangshuang Han
{"title":"On a High-Performance and Balanced Method of Hardware Implementation for AES","authors":"Xiaotao Zhang, Hui Li, Shouwen Yang, Shuangshuang Han","doi":"10.1109/SERE-C.2013.13","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.13","url":null,"abstract":"Hardware implementation provides a higher level of security and cryptography speed at some lower resource cost, compared to software implementation of AES. In this paper, we present a balanced hardware design and implementation for AES, considering several existing implementations. FPGA implementation offers higher speed solution and can be easily adapted to protocol changes, although the AES can be implemented with software or pure hardware. So, this implementation is equipped with regard to FPGA. Optimized and Synthesizable Verilog HDL is developed as the design entry to Quartus II 10.0 software. After obtaining gate-level netlists, timing simulations are performed using ModelSim SE 6.1f. Both 128 bits data block encryption and decryption processes are tested. The major part of an AES design is the realization of substitute boxes (S-boxes). S-boxes in our design are compared between two main existing implementations. With Quartus II device family of Stratix, throughput of up to 2.33 Gb/s is received.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114788960","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Policykeeper: Recommending Proper Security Mechanisms Based on the Severity of Vulnerability Considering User Experience Policykeeper:基于用户体验,根据漏洞的严重程度推荐合适的安全机制
2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-01 DOI: 10.1109/SERE-C.2013.19
Mutian Yang, Jingzheng Wu, Y. Wu, Zhifei Wu
{"title":"Policykeeper: Recommending Proper Security Mechanisms Based on the Severity of Vulnerability Considering User Experience","authors":"Mutian Yang, Jingzheng Wu, Y. Wu, Zhifei Wu","doi":"10.1109/SERE-C.2013.19","DOIUrl":"https://doi.org/10.1109/SERE-C.2013.19","url":null,"abstract":"The current statistics of vulnerability indicates that the security mechanisms become more important to protect the security of operating system than before. The security mechanism is regarded as an effective method of defence. However it is a great challenge to balance the security assurance and the user experience. In this paper, we propose the Policy keeper, which is a method of recommending the security mechanisms based on the severity of vulnerability, referencing the Common Vulnerability Scoring System (CVSS), considering the user experience. An algorithm is designed to transform the adaptability of a security mechanism into the numeric values which are easy to calculate and mine. The prototype is implemented. The experiment results show that Policy keeper can effectively balance the strength of security mechanisms and the user experience, recommend the appropriate security mechanisms to the operating systems.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123946243","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信