发布求助
文献互助 智能选刊 最新文献

2012 IEEE 23rd International Symposium on Software Reliability Engineering最新文献

筛选
英文 中文
Compositional Verification of Sensor Software Using Uppall 基于upall的传感器软件组成验证
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.5
M. Hammad, J. Cook
{"title":"Compositional Verification of Sensor Software Using Uppall","authors":"M. Hammad, J. Cook","doi":"10.1109/ISSRE.2012.5","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.5","url":null,"abstract":"Verification of wireless sensor networks has long been performed for communication protocols and for network-level behavior over multiple nodes, but not for the basic properties that should hold at a single node. Testing sensor networks, however, is extremely hard due to the lack of controllability, and complex simulation setups are often too expensive to undertake. Thus, verification of properties for a sensor node is desirable. We created a verification methodology that extracts timed models of the high-level behavior of a wireless sensor and then uses UPPAAL to verify both functional and non-functional (timed) properties for the sensor. This verification capability will enhance the trustworthiness of deployed sensor networks.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"133 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116127953","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Dynamic Analysis of Upgrades in C/C++ Software C/ c++软件升级的动态分析
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1007/978-3-319-10623-6_8
F. Pastore, L. Mariani, A. Goffi, M. Oriol, M. Wahler
{"title":"Dynamic Analysis of Upgrades in C/C++ Software","authors":"F. Pastore, L. Mariani, A. Goffi, M. Oriol, M. Wahler","doi":"10.1007/978-3-319-10623-6_8","DOIUrl":"https://doi.org/10.1007/978-3-319-10623-6_8","url":null,"abstract":"","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126291892","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
An Assertions-Based Approach to Verifying the Absence Property Pattern 基于断言的缺席属性模式验证方法
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.11
M. Frappier, A. Mammar
{"title":"An Assertions-Based Approach to Verifying the Absence Property Pattern","authors":"M. Frappier, A. Mammar","doi":"10.1109/ISSRE.2012.11","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.11","url":null,"abstract":"Temporal properties are very common in various classes of systems, including information systems and security policies. This paper investigates two verification methods, proof and model checking, for one of the most frequent patterns of temporal property, the absence pattern. We explore two model-based specification techniques, B and Alloy, because of their adequacy for easily specifying systems with complex data structures, like information systems. We propose a first-order, assertion-based, sound and complete strategy to verify the absence pattern. This enables the proof of the absence pattern using conventional first-order provers. We show that the use of assertions significantly increases the size of the models that can be checked, when compared to traditional LTL model checking techniques. The approach is illustrated throughout a case study.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"7 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124532594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
On the Verification and Validation of Signature-Based, Network Intrusion Detection Systems 基于签名的网络入侵检测系统的验证与验证
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.16
Frédéric Massicotte, Y. Labiche
{"title":"On the Verification and Validation of Signature-Based, Network Intrusion Detection Systems","authors":"Frédéric Massicotte, Y. Labiche","doi":"10.1109/ISSRE.2012.16","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.16","url":null,"abstract":"An Intrusion Detection System (IDS) protects computer networks against attacks and intrusions in combination with firewalls and anti-virus systems. One class of IDS is called signature-based network IDSs as they monitor network traffic, looking for evidence of malicious behaviour as specified in attack descriptions (referred to as signatures). It is common knowledge in the research community that IDSs have problems accurately identifying attacks. In this paper we discuss this accuracy problem and decompose it into a detection problem and a confirmation problem. We then map the evaluation of this accuracy problem to the traditional software verification and validation problem, which allows us to analyze the techniques academics have been using to evaluate their IDS technologies. As a result, we are able to identify areas where research is needed to improve the assessment of the IDS accuracy problem through verification and validation techniques.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131017281","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Recycling Test Cases to Detect Security Vulnerabilities 回收测试用例以检测安全漏洞
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.3
João Antunes, N. Neves
{"title":"Recycling Test Cases to Detect Security Vulnerabilities","authors":"João Antunes, N. Neves","doi":"10.1109/ISSRE.2012.3","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.3","url":null,"abstract":"The design of new protocols and features, e.g., in the context of organizations such as the IETF, produces a flow of novel standards and amendments that lead to ever changing implementations. These implementations can be difficult to test for security vulnerabilities because existing tools often lag behind. In the paper, we propose a new methodology that addresses this issue by recycling test cases from several sources, even if aimed at distinct protocols. It resorts to protocol reverse engineering techniques to build parsers that are capable of extracting the relevant payloads from the test cases, and then applies them to new test cases tailored to the particular features that need to be checked. An evaluation with 10 commercial and open-source testing tools and a large set of FTP vulnerabilities shows that our approach is able to get better or equal vulnerability coverage than the original tools. In a more detailed experiment with two fuzzers, our solution showed an improvement of 19% on vulnerability coverage when compared with the two combined fuzzers, being capable of finding 25 additional vulnerabilities.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127849872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Static Analysis of Model Transformations for Effective Test Generation 有效测试生成模型转换的静态分析
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.7
Jean-Marie Mottu, S. Sen, M. Tisi, Jordi Cabot
{"title":"Static Analysis of Model Transformations for Effective Test Generation","authors":"Jean-Marie Mottu, S. Sen, M. Tisi, Jordi Cabot","doi":"10.1109/ISSRE.2012.7","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.7","url":null,"abstract":"Model transformations are an integral part of several computing systems that manipulate interconnected graphs of objects called models in an input domain specified by a metamodel and a set of invariants. Test models are used to look for faults in a transformation. A test model contains a specific set of objects, their interconnections and values for their attributes. Can we automatically generate an effective set of test models using knowledge from the transformation? We present a white-box testing approach that uses static analysis to guide the automatic generation of test inputs for transformations. Our static analysis uncovers knowledge about how the input model elements are accessed by transformation operations. This information is called the input metamodel footprint due to the transformation. We transform footprint, input metamodel, its invariants, and transformation pre-conditions to a constraint satisfaction problem in Alloy. We solve the problem to generate sets of test models containing traces of the footprint. Are these test models effective? With the help of a case study transformation we evaluate the effectiveness of these test inputs. We use mutation analysis to show that the test models generated from footprints are more effective (97.62% avg. mutation score) in detecting faults than previously developed approaches based on input domain coverage criteria (89.9% avg.) and unguided generation (70.1% avg.).","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114883081","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
Oracle-Centric Test Case Prioritization 以oracle为中心的测试用例优先级
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.13
Matthew Staats, Pablo Loyola, G. Rothermel
{"title":"Oracle-Centric Test Case Prioritization","authors":"Matthew Staats, Pablo Loyola, G. Rothermel","doi":"10.1109/ISSRE.2012.13","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.13","url":null,"abstract":"Recent work in testing has demonstrated the benefits of considering test oracles in the testing process. Unfortunately, this work has focused primarily on developing techniques for generating test oracles, in particular techniques based on mutation testing. While effective for test case generation, existing research has not considered the impact of test oracles in the context of regression testing tasks. Of interest here is the problem of test case prioritization, in which a set of test cases are ordered to attempt to detect faults earlier and to improve the effectiveness of testing when the entire set cannot be executed. In this work, we propose a technique for prioritizing test cases that explicitly takes into account the impact of test oracles on the effectiveness of testing. Our technique operates by first capturing the flow of information from variable assignments to test oracles for each test case, and then prioritizing to ``cover'' variables using the shortest paths possible to a test oracle. As a result, we favor test orderings in which many variables impact the test oracle's result early in test execution. Our results demonstrate improvements in rate of fault detection relative to both random and structural coverage based prioritization techniques when applied to faulty versions of three synchronous reactive systems.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129741867","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Using Multiclass Machine Learning Methods to Classify Malicious Behaviors Aimed at Web Systems 使用多类机器学习方法对针对Web系统的恶意行为进行分类
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.30
K. Goseva-Popstojanova, Goce Anastasovski, Risto Pantev
{"title":"Using Multiclass Machine Learning Methods to Classify Malicious Behaviors Aimed at Web Systems","authors":"K. Goseva-Popstojanova, Goce Anastasovski, Risto Pantev","doi":"10.1109/ISSRE.2012.30","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.30","url":null,"abstract":"The number of vulnerabilities and attacks on Web systems show an increasing trend and tend to dominate on the Internet. Furthermore, due to their popularity and users ability to create content, Web 2.0 applications have become particularly attractive targets. These trends clearly illustrate the need for better understanding of malicious cyber activities based on both qualitative and quantitative analysis. This paper is focused on multiclass classification of malicious Web activities using three supervised machine learning methods: J48, PART, and Support Vector Machines (SVM). The empirical analysis is based on data collected in duration of nine months by a high interaction honey pot consisting of a three-tier Web system, which included Web 2.0 applications (i.e., a blog and wiki). Our results show that supervised learning methods can be used to efficiently distinguish among multiple vulnerability scan and attack classes, with high recall and precision values for all but several very small classes. For our dataset, decision tree based methods J48 and PART perform slightly better than SVM in terms of overall accuracy and weighted recall. Additionally, J48 and PART require less than half of the features (i.e., session attributes) used by SVM, as well as they execute much faster. Therefore, they seem to be clear methods of choice.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"145 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129838550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
On the Use of Boundary Scan for Code Coverage of Critical Embedded Software 边界扫描在关键嵌入式软件代码覆盖中的应用研究
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.29
J. Cunha, R. Barbosa, Gilberto Rodrigues
{"title":"On the Use of Boundary Scan for Code Coverage of Critical Embedded Software","authors":"J. Cunha, R. Barbosa, Gilberto Rodrigues","doi":"10.1109/ISSRE.2012.29","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.29","url":null,"abstract":"Code coverage tools are becoming increasingly popular as valuable aids in assessing and improving the quality of software structural tests. For some industries, such as aeronautics or space, they are mandatory in order to comply with standards and to help reduce the validation time of the applications. These tools usually rely on code instrumentation, thus introducing important time and memory overheads that may jeopardize its applicability to embedded and real-time systems. This paper explores the use of IEEE 1149.1 (boundary scan) infrastructure and on-chip debugging facilities from embedded processors for collecting the program execution trace during tests, without the introduction of any extra code, and then extracting detailed code coverage analysis and profiling information. We are currently developing an extension to the csXception tool to include such capabilities, in order to study the advantages, difficulties and impediments of using boundary scan for code coverage.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125382259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
AutoInSpec: Using Missing Test Coverage to Improve Specifications in GUIs AutoInSpec:使用缺失的测试覆盖来改进gui中的规格说明
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.33
Myra B. Cohen, Si Huang, A. Memon
{"title":"AutoInSpec: Using Missing Test Coverage to Improve Specifications in GUIs","authors":"Myra B. Cohen, Si Huang, A. Memon","doi":"10.1109/ISSRE.2012.33","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.33","url":null,"abstract":"Developers of a software's graphical user interface (GUI) often fail to document the interface specifications. Without these, models used for automated test generation and execution remain imperfect and incomplete. This leads to unexpected behavior that creates unrecoverable situations for test harnesses, and missed coverage. In this paper, we present AutoInSpec, a technique to infer an important class of specifications, temporal and state-based invariants between GUI events that have been incorrectly modeled. Unlike existing specification mining approaches that require full execution traces, or source code, and that mine all invariants, we simplify the problem. We guide AutoInSpec with coverage criteria and use a previously developed repair framework that builds coverage-adequate test suites, removing unexecutable sub-sequences from consideration. These failing sub-sequences are input to a logic-based inference engine, armed with known invariant templates, to obtain the missing specifications. We validate AutoInSpec on a set of well studied GUI applications.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124104556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信