发布求助
文献互助 智能选刊 最新文献

2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement最新文献

筛选
英文 中文
A DSL Framework for Policy-Based Security of Distributed Systems 分布式系统基于策略安全的DSL框架
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.43
Hédi Hamdi, M. Mosbah
{"title":"A DSL Framework for Policy-Based Security of Distributed Systems","authors":"Hédi Hamdi, M. Mosbah","doi":"10.1109/SSIRI.2009.43","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.43","url":null,"abstract":"Securing distributed systems remains a significant challenge for several reasons. First, the security features required in an application may depend on the environment in which the application is operating, the type of data exchanged, and the capability of the end-points of communication. Second, the security mechanisms deployed could apply to both communication and application layers in the system, making it difficult to understand and manage overall system security. This paper presents a policy-based approach to meeting these needs. We propose a framework based on a Domain-Specific Language for the specification, verification and implementation of security policies for distributed systems. Based on a set of abstractions, this framework allows to develop modular security policies and independent of the underlying system. Thus, security policies can be developed by a developer who is not necessarily computer security expert.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134090826","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Checking Service Instance Protection for AMF Configurations 检查AMF配置的服务实例保护
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.25
Pejman Salehi, F. Khendek, M. Toeroe, A. Hamou-Lhadj, Abdelouahed Gherbi
{"title":"Checking Service Instance Protection for AMF Configurations","authors":"Pejman Salehi, F. Khendek, M. Toeroe, A. Hamou-Lhadj, Abdelouahed Gherbi","doi":"10.1109/SSIRI.2009.25","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.25","url":null,"abstract":"An AMF configuration is a logical organization of resources, components and Service Units (SUs) grouped into Service Groups (SGs), for providing and protecting services defined as Service Instances (SIs). The assignment of SIs to SUs is a runtime operation performed by the Availability Management Framework (AMF) implementation. However, ensuring the capability of the provisioning and the protection of the SIs by the configured resources is a configuration issue. In other words, a configuration is valid if and only if it is capable of providing and protecting the services as required and according to the specified redundancy model. Ensuring this may require the exploration of all possible SI-SU assignments and in some cases different combinations of SIs, a complex procedure in most redundancy models defined in the AMF standard specification. In this paper, we explore the problem of SI protection at configuration time; we investigate and discuss its complexity and identify some special and more tractable cases.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131364447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Systematic Cooperation between Industry and Universities –The Experience from Siemens IT Solutions and Services 产学研系统合作——西门子IT解决方案与服务的经验
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.64
{"title":"Systematic Cooperation between Industry and Universities –The Experience from Siemens IT Solutions and Services","authors":"","doi":"10.1109/SSIRI.2009.64","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.64","url":null,"abstract":"These years the cooperation between industrial companies and universities are under significant changes. The dialogues have been held regularly to increase understanding and discuss the cooperation framework. The large number of students from software institutes in China has done 10 month - 1 year internship programs in companies. These programs intensify the cooperation. It is a trend to deepen the cooperation between industrial companies and universities in different directions, such as setup curriculum. Although companies and universities have different targets, both parties share the same interests to train highly qualified students to meet the market demands. Siemens IT Solutions and Services, China, has started the contacts with universities since July 2004. In general we have a 5-step systematic approach to identify partners, implement internship program, support university curriculum, design dedicated class for company, and fund research projects. In this talk, we will give overview of our cooperation and examples. And we will focus on our vision for the future directions to support curriculum and research projects.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"74 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131402779","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Generating Test Cases for Timed Systems from Controlled Natural Language Specifications 从受控的自然语言规范生成定时系统的测试用例
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.58
Matthias Schnelte
{"title":"Generating Test Cases for Timed Systems from Controlled Natural Language Specifications","authors":"Matthias Schnelte","doi":"10.1109/SSIRI.2009.58","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.58","url":null,"abstract":"Dynamic testing is still the most used quality assurance technique in the automotive industry. There is a need to automate the testing process as much as possible. In this work we focus on the automatic generation of test cases from requirement specifications. To embed the approach as close as possible into existing workflows we start with natural language like specifications, as requirements are still mostly written in natural language. To support this, we specify a controlled natural language for the automotive domain. After acquiring the requirements they are translated into a formal model. The model enables an efficient reachability analysis and allows to describe rich temporal behavior. We then use partial order planning to create positive and negative tests. The resulting test cases are able to handle non-deterministic timing behavior. Furthermore the test cases can be presented in a comprehensible way, so that the reader can validate them.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125314683","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A Comparative Study of Access Control Languages 访问控制语言的比较研究
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.18
Sathish Pinagapani, Dianxiang Xu, Jun Kong
{"title":"A Comparative Study of Access Control Languages","authors":"Sathish Pinagapani, Dianxiang Xu, Jun Kong","doi":"10.1109/SSIRI.2009.18","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.18","url":null,"abstract":"In this paper, we compare three open source access control languages, XACML, JAAS and Java ACL. In addition to a conceptual analysis, we use a web-based health care system as a common application, in which controlled access is implemented through each of the languages. We compare the languages using standard software metrics, such as reusability, policy expressiveness, extensibility, error handling, and programmatic control. The results of the comparative study indicate a high degree of variance in the three languages. They can serve as a useful guide for software developers to select an access control language that best meets their requirements.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117209665","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Automatic Test Data Generation for C Programs C程序自动测试数据生成
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.53
P. Bokil, P. Darke, U. Shrotri, R. Venkatesh
{"title":"Automatic Test Data Generation for C Programs","authors":"P. Bokil, P. Darke, U. Shrotri, R. Venkatesh","doi":"10.1109/SSIRI.2009.53","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.53","url":null,"abstract":"Preparation of test data that adequately tests a given piece of code is very expensive and effort intensive. This paper presents a tool AutoGen that reduces this cost and effort by automatically generating test data for C code. AutoGen takes the C code and a criterion such as statement coverage, decision coverage, or Modified Condition/Decision Coverage (MCDC) and generates non-redundant test data that satisfies the specified criterion. This paper also presents our experience in using this tool to generate MCDC test data for three embedded reactive system applications. The effort required using the tool was one third of the manual effort required. The main contributions of this paper are a tool that can generate data for various kinds of coverage including MCDC and the experience of running this tool on real applications.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122437858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 39
Performance Testing of Mobile Applications at the Unit Test Level 单元测试级别的移动应用程序性能测试
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.28
Heejin Kim, Byoungju Choi, W. Eric Wong
{"title":"Performance Testing of Mobile Applications at the Unit Test Level","authors":"Heejin Kim, Byoungju Choi, W. Eric Wong","doi":"10.1109/SSIRI.2009.28","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.28","url":null,"abstract":"With the rapid growth of the wireless market and the development of various mobile devices, innovative methods and technologies to produce high-quality mobile applications and reduce time to market have been emerging. Mobile applications are often characterized by an array of limitations such as the short development lifecycle to gain a competitive advantage and difficulties to update once released. Hence, rigorous testing on the applications is required before distribution to the market, including structural white-box, functional black-box, integration and system testing. Although recently performance testing at the system test level has become crucial given its direct connection with the product quality improvement, most such tests are confined to the areas of load, usability, and stress testing. Moreover, the implementation itself is insufficient due to the limitations of the development environment. This paper proposes a method to support performance testing utilizing a database established through benchmark testing in emulator-based test environment at the unit test level. It also presents the tool that supports the proposed method of performance testing and verifies the reliability of performance test results through experiments.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124699568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 49
Keynote: Reliability for Software-Based Systems 主题演讲:基于软件系统的可靠性
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.76
Frances Paulisch
{"title":"Keynote: Reliability for Software-Based Systems","authors":"Frances Paulisch","doi":"10.1109/SSIRI.2009.76","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.76","url":null,"abstract":"Reliability has long been a topic of importance, but as systems become increasingly complex, missioncritical, and pervasive, the importance grows even more. Many of today's systems are software-based and it is important that relevant techniques for reliability as well as other \"-ilities\" are also applied to such software-based systems. This presentation will present a selection of such techniques that can be applied at various stages in the development lifecycle to predict and increase the reliability of software-based systems.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132307817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
ReconBin: Reconstructing Binary File from Execution for Software Analysis ReconBin:重建二进制文件从执行软件分析
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.46
Lingyun Ying, Purui Su, D. Feng, Xianggen Wang, Yi Yang, Yu Liu
{"title":"ReconBin: Reconstructing Binary File from Execution for Software Analysis","authors":"Lingyun Ying, Purui Su, D. Feng, Xianggen Wang, Yi Yang, Yu Liu","doi":"10.1109/SSIRI.2009.46","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.46","url":null,"abstract":"Static analysis is one of the most popular approaches of software analysis. As more and more software protects their code by transformation or encryption, then releases them at runtime dynamically, it is hard to statically analyze these protected executables because of the failure of disassembling. In this paper, we propose a novel and general technique to reconstruct binary files for static analysis by monitoring the executions of protected executables. Our approach can identify and extract the dynamically released code at runtime, and at the same time record the control transfers information, and then reconstruct a binary file based on the original executable. The whole process does not depend on any prior knowledge on the protection methods. Experiments on our prototype ReconBin show that our approach can properly reconstruct the executables protected by SMC and packers, and the reconstructed binary files can be successfully analyzed by static analysis tools such as IDA Pro. We show that it also can be used to analyze the code dynamically generated by virtual machines, emulators, and buffer overflow attacks, which also dynamically inject attack code into stack and direct execution flow to it.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130041797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Keynote: Automatic Test Data Generation : Who, When and Where ? 主题演讲:自动测试数据生成:谁、何时、何地?
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2009-07-08 DOI: 10.1109/SSIRI.2009.75
A. Offutt
{"title":"Keynote: Automatic Test Data Generation : Who, When and Where ?","authors":"A. Offutt","doi":"10.1109/SSIRI.2009.75","DOIUrl":"https://doi.org/10.1109/SSIRI.2009.75","url":null,"abstract":"The past decade has seen exciting changes in how we develop and test software. Researchers have invented numerous techniques and criteria that are now mature enough to be ready for industrial use. During this time, the need for reliable software has grown enormously. The user base is expanding, technological advances put software into more mission-critical locations, software continues to grow in complexity, and secure software must be correct software. However, many of the strongest testing ideas invented by researchers have not yet been adopted by industry. In particular, one of the hardest problems in software testing is automatic generation of test inputs; a problem with many sophisticated solutions from the research community but for which industry tools only have primitive solutions. This talk will discuss automatic test data generation in the context of the model-driven test design process, then discuss mismatches between testing in industry and techniques from the research community. The talk will discuss why industry needs to improve testing, explore some of the difficulties in transitioning testing research results to industrial use, and close with a description of practical, usable engineering tools that can incorporate the best automatic test data generation ideas in pragmatic ways.","PeriodicalId":196276,"journal":{"name":"2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134404880","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信