发布求助
文献互助 智能选刊 最新文献

2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)最新文献

筛选
英文 中文
On the Use of API Calls for Detecting Repackaged Malware Apps: Challenges and Ideas 关于使用API调用检测重新包装的恶意软件应用程序:挑战和想法
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/ISSREW.2019.00057
Kobra Khanmohammadi, R. Khoury, A. Hamou-Lhadj
{"title":"On the Use of API Calls for Detecting Repackaged Malware Apps: Challenges and Ideas","authors":"Kobra Khanmohammadi, R. Khoury, A. Hamou-Lhadj","doi":"10.1109/ISSREW.2019.00057","DOIUrl":"https://doi.org/10.1109/ISSREW.2019.00057","url":null,"abstract":"Traces of API calls from mobile applications are a very valuable source of information for multiples security analyses including the detection of malware and repackaged apps. Although API call traces are widely, extracting and using API call traces for the detection of repackaged apps remains a challenging task. In this paper, we briefly review (a) the challenges associated with using API calls and (b) the limitations of malware detection approaches that rely on API calls.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125152905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Safe Compilation for Hidden Deterministic Hardware Aliasing 隐藏确定性硬件混叠的安全编译
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/ISSREW.2019.00105
Peter T. Breuer, Jonathan P. Bowen
{"title":"Safe Compilation for Hidden Deterministic Hardware Aliasing","authors":"Peter T. Breuer, Jonathan P. Bowen","doi":"10.1109/ISSREW.2019.00105","DOIUrl":"https://doi.org/10.1109/ISSREW.2019.00105","url":null,"abstract":"Hardware aliasing occurs when the same logical address can access different physical memory locations. This is a problem for software on some embedded systems and more generally when hardware becomes faulty in irretrievable locations, such as on a Mars Lander. We show how to work around the hardware problem with software logic, compiling code so it works on any platform with hardware aliasing with hidden determinism. That means: (i) a copy of an address accesses the same location, and (ii) repeating an address calculation exactly will repeat the same access again. Stuck bits can mean that even adding zero to an address can make a difference in that environment so nothing but a systematic approach could work.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116018150","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Configurable Software Aging Detection and Rejuvenation Agent for Android 一个可配置的Android软件老化检测和返老还老代理
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/ISSREW.2019.00078
Domenico Cotroneo, L. Simone, R. Natella, R. Pietrantuono, S. Russo
{"title":"A Configurable Software Aging Detection and Rejuvenation Agent for Android","authors":"Domenico Cotroneo, L. Simone, R. Natella, R. Pietrantuono, S. Russo","doi":"10.1109/ISSREW.2019.00078","DOIUrl":"https://doi.org/10.1109/ISSREW.2019.00078","url":null,"abstract":"This paper presents the design of ADaRTA, an aging detection and rejuvenation tool for Android. The tool is a software agent which i) performs selective monitoring of system processes and of trends in system performance indicators; ii) detects the aging state and estimates the time-to-aging-failure, through heuristic rules; iii) schedules and applies rejuvenation, based on the estimated time-to-aging-failure. The agent rules and parameters have been defined for ease of configuration and tuning by device designers. A stress testing experiment is discussed, showing ADaRTA's configurability for the device under test, and the ability of detecting the aging state to prevent device enter a failure state.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115707458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Go-Sanitizer: Bug-Oriented Assertion Generation for Golang Go-Sanitizer:面向bug的Golang断言生成
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/ISSREW.2019.00039
Cong Wang, Hao Sun, Yiwen Xu, Yu Jiang, Huafeng Zhang, M. Gu
{"title":"Go-Sanitizer: Bug-Oriented Assertion Generation for Golang","authors":"Cong Wang, Hao Sun, Yiwen Xu, Yu Jiang, Huafeng Zhang, M. Gu","doi":"10.1109/ISSREW.2019.00039","DOIUrl":"https://doi.org/10.1109/ISSREW.2019.00039","url":null,"abstract":"Go programming language (Golang) is widely used, and the security issue becomes increasingly important because of its extensive applications. Most existing validation techniques, such as fuzz testing and unit testing, mainly focus on crashes detection and coverage improvements. However, it is challenging for test engines to perceive common program bugs such as loss of precision and integer overflow. In this paper, we propose Go-Sanitizer, an effective bug-oriented assertion generator for Golang, which is able to achieve a better performance in finding program bugs. Firstly, we manually analyze the Common Weakness Enumeration (CWE) and summarize the applicabilities on Golang. Secondly, we design a generator to automatically insert several bug-oriented assertions to the proper locations of the target program. Finally, we can utilize the traditional validation techniques such as fuzz and unit testing to test the programs with inserted assertions, and Go-Sanitizer reports bugs via the failures of assertions. For evaluation, we apply Go-Sanitizer to Badger, a widely-used database software, and successfully discovers 12 previously unreported program bugs, which can not be detected by pure fuzzer such as Go-Fuzz or unit testing methods.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128384110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
WoSAR 2019 Workshop Committees WoSAR 2019研讨会委员会
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/issrew.2019.00017
{"title":"WoSAR 2019 Workshop Committees","authors":"","doi":"10.1109/issrew.2019.00017","DOIUrl":"https://doi.org/10.1109/issrew.2019.00017","url":null,"abstract":"","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"316 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125935752","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
SHCoT: Secure (and Verified) Hybrid Chain of Trust to Protect from Malicious Software in LightWeight Devices SHCoT:安全(和验证)混合信任链,以防止轻量级设备中的恶意软件
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/ISSREW.2019.00107
Abderrahmane Sensaoui, O. Aktouf, D. Hély
{"title":"SHCoT: Secure (and Verified) Hybrid Chain of Trust to Protect from Malicious Software in LightWeight Devices","authors":"Abderrahmane Sensaoui, O. Aktouf, D. Hély","doi":"10.1109/ISSREW.2019.00107","DOIUrl":"https://doi.org/10.1109/ISSREW.2019.00107","url":null,"abstract":"Looking at the speed by which the software and the hardware evolve separately, there is no surprise that the interactions of the two may result in issues and appearance of back-doors to bypass the existing security. Lately, the hardware/software co-design gained lots of interest in both academia and industry, and proposed multiple hybrid solutions to enhance software/hardware interactions, security, and safety while guaranteeing good performance. In this paper, we focus on isolation and attestation to enforce the chain of trust in lightweight devices and detect malicious data and software locally and remotely. We present SHCoT, a hardware/software co-design to renew trust in devices. SHCoT is our first attempt to develop a formally verified hybrid solution to enhance existing solutions in the literature. While the work is still in progress, the first results show a partial verification of the security properties of SHCoT and small hardware/software cost.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"211 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124746937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
GAUSS 2019 Workshop Committees GAUSS 2019研讨会委员会
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/issrew.2019.00014
{"title":"GAUSS 2019 Workshop Committees","authors":"","doi":"10.1109/issrew.2019.00014","DOIUrl":"https://doi.org/10.1109/issrew.2019.00014","url":null,"abstract":"","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134326433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Resilient Reactive Systems Based on Runtime Semantic Models 基于运行时语义模型的弹性反应系统
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/ISSREW.2019.00069
Ester Giallonardo, Francesco Poggi, D. Rossi, E. Zimeo
{"title":"Resilient Reactive Systems Based on Runtime Semantic Models","authors":"Ester Giallonardo, Francesco Poggi, D. Rossi, E. Zimeo","doi":"10.1109/ISSREW.2019.00069","DOIUrl":"https://doi.org/10.1109/ISSREW.2019.00069","url":null,"abstract":"IoT, smart cities, cyber-physical systems and sensor networks represent new classes of highly dynamic, complex systems. The behavior of these systems should be designed in order to react to external changes, i.e. they are reactive and context-aware, and also to internal ones to be able to reconfigure themselves for handling possible anomalies. These requirements ask for a runtime representation of application logic and its context, enriched with variation points that associate different behaviors to possible changes. In this paper, we extend our previous work on the design of reactive, context-aware systems with the support for resilience. According to our model, sensors and actuators can be physical, virtual or logical ones; the last two can be semantically described and dynamically configured to react with a proper behavior to context changes (e.g. faults). The proposal is validated with a use case aimed at designing an edge node for smart buildings dedicated to cultural heritage preservation.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"20 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133848969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Automatic Performance Monitoring and Regression Testing During the Transition from Monolith to Microservices 从单体到微服务的自动性能监控和回归测试
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/ISSREW.2019.00067
Andrea Janes, B. Russo
{"title":"Automatic Performance Monitoring and Regression Testing During the Transition from Monolith to Microservices","authors":"Andrea Janes, B. Russo","doi":"10.1109/ISSREW.2019.00067","DOIUrl":"https://doi.org/10.1109/ISSREW.2019.00067","url":null,"abstract":"The transition from monolith to microservices poses several challenges, like how to redistribute the features of system over different microservices. During the transition, developers may also redesign or rethink system services significantly, which can have a strong impact on various quality aspects of the resulting system. Thus, the new system may be more or less performing depending on the ability of the developers to design microservices and the capability of the microservice architecture to represent the system. Overall, a transition to microservices may or may not end up with the same or a better performing system. One way to control the migration to microservices is to continuously monitor a system by continuously collecting performance data and feeding the resulting data analysis back in the transition process. In DevOps, such continuous feedback can be exploited to re-tune the development and deployment of system's builds. In this paper, we present PPTAM+, a tool to continuously assess the degradation of a system during a transition to microservices. In an in-production system, the tool can continuously monitor each microservice and provide indications of lost performance and overall degradation. The system is designed to be integrated in a DevOps process. The tool automates the whole process from collecting data for building the reference operational profile to streamline performance data and automatically adapt and regress performance tests on each build based the analysis' feedback obtained from tests of the previous build.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134245498","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Analyzing and Improving Customer-Side Cloud Security Certifiability 分析和改进客户端云安全可认证性
2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) Pub Date : 2019-10-01 DOI: 10.1109/ISSREW.2019.00088
Shujie Zhao, Yiqun Chen, Stefan Winter, N. Suri
{"title":"Analyzing and Improving Customer-Side Cloud Security Certifiability","authors":"Shujie Zhao, Yiqun Chen, Stefan Winter, N. Suri","doi":"10.1109/ISSREW.2019.00088","DOIUrl":"https://doi.org/10.1109/ISSREW.2019.00088","url":null,"abstract":"Cloud services have become popular as an effective form to outsource computational resources. While providing cost efficiency on the one side, this outsourcing also causes a certain loss of control over the computational resources, which makes security risks difficult to predict and manage. To address such concerns, security service level agreements (secSLAs) have been proposed as contracts between Cloud service providers (CSPs) and Cloud service customers (CSCs) that cover security properties of Cloud services. SecSLAs cover a variety of different security properties, ranging from the availability of encrypted communication channels for accessing Cloud resources to the timely detection and removal of vulnerabilities in the CSP's infrastructure. As previous work [1] has shown, and as is evident for the example of timely vulnerability removal, not all of these security properties can be assessed by the CSC, which limits their utility as a contract basis. In this paper we propose a new monitoring framework for Cloud services to support the monitoring and validation of security properties on the customer side that require infrastructure-internal knowledge. To obtain the security properties to be monitored by our framework, we have manually investigated 97 different quantifiable properties in 5 standards from both industry and academia. We identified only 21 measurable properties from those standards, out of which we implement measurements for 13 representative ones and evaluated our measurements on the OPENSTACK platform.","PeriodicalId":166239,"journal":{"name":"2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"129 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122978381","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信