发布求助
文献互助 智能选刊 最新文献

2012 IEEE Sixth International Conference on Software Security and Reliability最新文献

筛选
英文 中文
A Control Flow Representation for Component-Based Software Reliability Analysis 一种基于组件的软件可靠性分析控制流表示方法
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.33
Atef Mohamed, Mohammad Zulkernine
{"title":"A Control Flow Representation for Component-Based Software Reliability Analysis","authors":"Atef Mohamed, Mohammad Zulkernine","doi":"10.1109/SERE.2012.33","DOIUrl":"https://doi.org/10.1109/SERE.2012.33","url":null,"abstract":"Current reliability analysis techniques encounter a prohibitive challenge with respect to the control flow representation of large software systems with intricate control flow structures. Some techniques use a component-based Control Flow Graph (CFG) structure which represents only inter-component control flow transitions. This CFG structure disregards the dependencies among multiple outward control flow transitions of a system component and does not provide any details about a component internal control flow structure. To overcome these problems, some techniques use statement-based or block-based CFGs. However, these CFG structures are remarkably complex and difficult to use for large software systems. In this paper, we propose a simple CFG structure called Connection Dependency Graph (CDG) that represents inter-component and intra-component control flow transitions and preserves the dependencies among them. We describe the CDG structure and explain how to derive it from a program source code. Our derivation exploits a number of architectural patterns to capture the control flow transitions and identify the execution paths among connections. We provide a case study to examine the effect of program size on the CDG, the statement-based, and the block-based CFGs by comparing them with respect to complexity using the PostgreSQL open source database system.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115257959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Toward Systematic Construction of Timing Diagrams from UML/MARTE Behavioral Models for Time-Triggered Embedded Software 基于时间触发嵌入式软件UML/MARTE行为模型的时间图系统构建
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.24
Jinho Choi, Eunkyoung Jee, Doo-Hwan Bae
{"title":"Toward Systematic Construction of Timing Diagrams from UML/MARTE Behavioral Models for Time-Triggered Embedded Software","authors":"Jinho Choi, Eunkyoung Jee, Doo-Hwan Bae","doi":"10.1109/SERE.2012.24","DOIUrl":"https://doi.org/10.1109/SERE.2012.24","url":null,"abstract":"The UML has been used to describe structures and behaviors of time-triggered embedded software. Analysis of timing constraints is an important issue in developing time-triggered embedded software. Among multiple types of UML diagrams, timing diagrams are appropriate to show state changes and their relevant events of objects over time with timing constraints. However, there has been little study on how to specify and utilize timing diagrams in practice. Given sequence diagrams and state machine diagrams with MARTE annotations, we propose a systematic way to construct timing diagrams with MARTE annotations. To get well-formed models, we check timing constraints and consistency of the input UML/MARTE models. We present checking criteria for well-formed UML/MARTE models and systematic transformation rules. To show effectiveness of our approach, we demonstrate an illustrative example of GCU (Guidance and Control Unit) software used in avionics systems.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115590794","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Countering Network-Centric Insider Threats through Self-Protective Autonomic Rule Generation 通过自我保护自治规则生成对抗以网络为中心的内部威胁
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.40
Faisal M. Sibai, D. Menascé
{"title":"Countering Network-Centric Insider Threats through Self-Protective Autonomic Rule Generation","authors":"Faisal M. Sibai, D. Menascé","doi":"10.1109/SERE.2012.40","DOIUrl":"https://doi.org/10.1109/SERE.2012.40","url":null,"abstract":"Insider threats are a growing problem in today's organizations. Detecting such attacks is especially challenging because most system owners and system administrators use networks to remotely manage the systems they are responsible for. In previous work, we introduced the Autonomic Violation Prevention System (AVPS) that has a scalable architecture to deal with such threats. This system uses low level human-specified and manually-entered rules to protect networked applications from disgruntled privileged users. However, rule-based systems are generally difficult to maintain when the number of rules is too large. This paper addresses this problem by allowing human beings to enter a smaller number of high-level rules that are automatically translated into one or more low-level rules based on an analysis of the incoming network traffic. The paper discusses how various high level rules (HLR) can detect new unwanted behaviors without any user intervention. Experiments conducted on three types of applications -- FTP, database, and Web -- show that the enhanced AVPS can detect known and unknown insider attacks through high level rules and process automation.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128401406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Mining Executable Specifications of Web Applications from Selenium IDE Tests 从Selenium IDE测试中挖掘Web应用程序的可执行规范
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.39
Dianxiang Xu, Weifeng Xu, Bharath K. Bavikati, W. E. Wong
{"title":"Mining Executable Specifications of Web Applications from Selenium IDE Tests","authors":"Dianxiang Xu, Weifeng Xu, Bharath K. Bavikati, W. E. Wong","doi":"10.1109/SERE.2012.39","DOIUrl":"https://doi.org/10.1109/SERE.2012.39","url":null,"abstract":"A common practice for system testing of web-based applications is to perform the test cases through a web browser. These tests are often recorded and managed by a record and replay tool, such as Selenium IDE. Mining specifications from such tests can be very useful for understanding, verifying, and debugging the system under test. This paper presents an approach to mining a behavior specification from a Selenium IDE test suite such that (a) it captures the behavior of the tests at a high level of abstraction, (b) the behavior can be simulated, and (c) all the tests are completely reproducible from the specification. We first identify similar test actions through context-sensitive clustering so as to normalize the given Selenium IDE tests. Then, we mine patterns of test actions that represent meaningful functions and transform Selenium IDE tests into abstract tests, which are similar to the tests used in the existing model-mining techniques. From the abstract tests, we synthesize a high-level Petri net that captures both temporal constraints and data values. For evaluation purposes, we applied our approach to eight test suites of two real-world systems, Magento (an online shopping system being used by many live stores) and Amazon. Two of the test suites are for security testing, aiming at SQL injection and XSS vulnerabilities. The result shows that our approach is effective in producing abstract yet executable specifications and reducing the complexity of the models.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128745415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach 自动简化混淆JavaScript代码:基于语义的方法
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.13
Gen Lu, S. Debray
{"title":"Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach","authors":"Gen Lu, S. Debray","doi":"10.1109/SERE.2012.13","DOIUrl":"https://doi.org/10.1109/SERE.2012.13","url":null,"abstract":"JavaScript is a scripting language that is commonly used to create sophisticated interactive client-side web applications. However, JavaScript code can also be used to exploit vulnerabilities in the web browser and its extensions, and in recent years it has become a major mechanism for web-based malware delivery. In order to avoid detection, attackers often take advantage of the dynamic nature of JavaScript to create highly obfuscated code. This paper describes a semantics-based approach for automatic deobfuscation of JavaScript code. Experiments using a prototype implementation indicate that our approach is able to penetrate multiple layers of complex obfuscations and extract the core logic of the computation, which makes it easier to understand the behavior of the code.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"227 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114072369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
A Study of Using Two-Parameter Generalized Pareto Model to Analyze the Fault Distribution of Open Source Software 用双参数广义Pareto模型分析开源软件故障分布的研究
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.21
C. Kuo, Chin-Yu Huang, Shao-Pu Luan
{"title":"A Study of Using Two-Parameter Generalized Pareto Model to Analyze the Fault Distribution of Open Source Software","authors":"C. Kuo, Chin-Yu Huang, Shao-Pu Luan","doi":"10.1109/SERE.2012.21","DOIUrl":"https://doi.org/10.1109/SERE.2012.21","url":null,"abstract":"In the modern society, software plays a very important part in many security-critical or mission-critical systems. Consequently, the main goal of project managers and software engineers is to develop and deliver reliable software within very limited resource, time, and budget. In the past, some research reports showed that the Weibull distribution (WD) and the Pareto distribution (PD) models can be used to describe the distribution of software faults. In this paper, based on our previous study, we further propose and show how the two-parameter generalized Pareto distribution (2-GPD) can be used to model the distribution of software faults. Some mathematical properties of proposed model are analyzed and presented. Experiments based on open source software (OSS) are performed and discussed in detail. Evaluation results show that the proposed 2-GPD model eliminates some issues in modeling that arise in the PD model and has a fairly accurate prediction capability of fault distributions of OSS and depicts the real-life situation more faithfully.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128398698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Accelerating Taint-Based Concolic Testing by Pruning Pointer Overtaint 利用剪枝指针覆盖加速基于污点的圆锥检测
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.31
Yun-Min Cheng, Bing-Han Li, S. Shieh
{"title":"Accelerating Taint-Based Concolic Testing by Pruning Pointer Overtaint","authors":"Yun-Min Cheng, Bing-Han Li, S. Shieh","doi":"10.1109/SERE.2012.31","DOIUrl":"https://doi.org/10.1109/SERE.2012.31","url":null,"abstract":"Taint-based Concolic testing is a software testing technique, which combines dynamic taint analysis, symbolic testing and concrete execution. Concolic testing is faster than symbolic testing while maintaining the same precision. Taint-based concolic testing uses dynamic taint analysis to help identify instructions related to inputs, and at the same time reduce the total number of constraints. Although taint-based concolic testing can be faster than concolic testing, issues regarding the taint propagation of pointers must be addressed. Decision on whether to taint the read-from-memory data referenced by a tainted address may cause either pointer under taint or over taint. The inappropriate taint will cause the result of insufficient or redundant constraints. Consequently, the insufficient constraint will lead to inaccurate test results and make the test target exploitable. On the other hand, the redundant constraint significantly slows down the test due to the fact that the constraint solving time depends on the constraint size. In this paper, we propose a new tainting approach which can prune pointer over taint without causing pointer under taint to depress the size of the path constraints. While exploring the target program exhaustively and detecting potential vulnerabilities, the proposed tainting approach can substantially accelerate taint-based concolic testing.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115360203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Secure Fine-Grained Access Control Mechanism for Networked Storage Systems 面向网络存储系统的安全细粒度访问控制机制
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.35
Hsiao-Ying Lin, J. Kubiatowicz, Wen-Guey Tzeng
{"title":"A Secure Fine-Grained Access Control Mechanism for Networked Storage Systems","authors":"Hsiao-Ying Lin, J. Kubiatowicz, Wen-Guey Tzeng","doi":"10.1109/SERE.2012.35","DOIUrl":"https://doi.org/10.1109/SERE.2012.35","url":null,"abstract":"Networked storage systems provide storage services for users over networks. Secure networked storage systems store encrypted data to guarantee data confidentiality. However, using encryption schemes somehow restricts the access control function over stored data. We address the access control function for a secure networked storage system by proposing a fine-grained access control mechanism. In our mechanism, a user cannot only read or write data but also grant the reading permissions of a single file or a whole directory of files to others with low cost. Moreover, these functions are supported in a confidential way against honest-but-curious storage servers. Our technical contribution is to propose a hybrid encryption scheme for a typical structure of a file system by integrating a hierarchical proxy re-encryption scheme and a hierarchical key assignment scheme. We measure the computation overhead for reading, writing, and granting operations by experiments. Our experimental results show that getting a finer access control mechanism does not cost much.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122106503","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Using Weighted Attributes to Improve Cluster Test Selection 利用加权属性改进聚类测试选择
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.18
Yabin Wang, Zhenyu Chen, Yang Feng, B. Luo, Yijie Yang
{"title":"Using Weighted Attributes to Improve Cluster Test Selection","authors":"Yabin Wang, Zhenyu Chen, Yang Feng, B. Luo, Yijie Yang","doi":"10.1109/SERE.2012.18","DOIUrl":"https://doi.org/10.1109/SERE.2012.18","url":null,"abstract":"Cluster Test Selection (CTS) is widely-used in observation-based testing and regression testing. CTS selects a small subset of tests to fulfill the original testing task by clustering execution profiles. In observation-based testing, CTS saves human efforts for result inspection by reducing the number of tests and finding failures as many as possible. This paper proposes a novel strategy, namely WAS (Weighted Attribute based Strategy), to improve CTS. WAS is inspired by the idea of fault localization, which ranks the program entities to find possible faulty entities. The ranking of entity is considered as a weight of attribute in WAS. And then it helps build up a more suitable distance space for CTS. As a result, a more accurate clustering is obtained to improve CTS. We conducted an experiment on three open-source programs: flex, grep and gzip. The experimental results show that WAS can outperform all existing CTS techniques in observation-based testing.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"64 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129629563","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Extending the Reliability of Wireless Sensor Networks through Informed Periodic Redeployment 通过知情周期性重新部署扩展无线传感器网络的可靠性
2012 IEEE Sixth International Conference on Software Security and Reliability Pub Date : 2012-06-20 DOI: 10.1109/SERE.2012.29
Luiz A. F. Laranjeira, G. Rodrigues
{"title":"Extending the Reliability of Wireless Sensor Networks through Informed Periodic Redeployment","authors":"Luiz A. F. Laranjeira, G. Rodrigues","doi":"10.1109/SERE.2012.29","DOIUrl":"https://doi.org/10.1109/SERE.2012.29","url":null,"abstract":"This paper investigates the reliability of wireless sensor networks, deployed over a square area, in regards to two aspects: network connectivity and node failures. Analyzing the phenomenon known as the border effects on the connectivity of such networks, we derive exact expressions for the expected effective connectivity degree of border nodes. We show that the relative average number of neighbors for nodes in the borders is independent of the node transmission range and of the overall network node density. Assuming a network composed of N uniformly distributed nodes over a square area of side L, our simulation experiments demonstrate that the connectivity of the overall network is dominated by the average node degree in the corner borders of the square network area. Using this result, and considering sensor node failure rates, we derive analytical expressions for the mean time to disconnect (MTTD) and the mean number of sensors remaining (MNSR) upon disconnection for a given network. For precise reliability estimates we also calculate the sensor redeployment period ΔT and the number of sensors per redeployment ΔN, that should be effected in order to keep the network continuously connected with probability higher than 99%. We then run additional simulations for a network subject to sensors failures to obtain experimental MTTD and MNSR values which we found to be very close to the analytically derived ones. These experiments also ratified that periodic sensor redeployments characterized by the pair (ΔN, ΔT), resulting from our analysis, can continuously extend the reliability of wireless sensor networks.","PeriodicalId":191716,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129204201","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信