发布求助
文献互助 智能选刊 最新文献

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement最新文献

筛选
英文 中文
Towards a Reliable Spam-Proof Tagging System 迈向可靠的防垃圾邮件标签系统
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.30
Ennan Zhai, Liping Ding, S. Qing
{"title":"Towards a Reliable Spam-Proof Tagging System","authors":"Ennan Zhai, Liping Ding, S. Qing","doi":"10.1109/SSIRI.2011.30","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.30","url":null,"abstract":"Tagging systems are particularly vulnerable to tag spam. Although some previous efforts aim to address this problem with detection-based or demotion-based approaches, tricky attacks launched by attackers who can exploit vulnerabilities of spam-resistant mechanisms are still able to invalidate those efforts. Therefore, it is challenging to resist tricky spam attacks in tagging systems. This paper proposes a novel spam-proof tagging system, which can provide high-quality tag search results even under tricky attacks, based on four key insights: demotion-based strategy, reputation, altruistic users and social networking. Specifically, our system upgrades/degrades the ranks of correct/incorrect content items in search results through introducing personalized users' reliability degrees and responsible users, thus avoiding clients pick unwanted content. Experimental results illustrated our system could effectively defend against tricky tag spam attacks and work better than current prevalent tag search models.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131774667","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Evaluation of Experiences from Applying the PREDIQT Method in an Industrial Case Study 在工业案例研究中应用PREDIQT方法的经验评价
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.20
Aida Omerovic, Bjørnar Solhaug, K. Stølen
{"title":"Evaluation of Experiences from Applying the PREDIQT Method in an Industrial Case Study","authors":"Aida Omerovic, Bjørnar Solhaug, K. Stølen","doi":"10.1109/SSIRI.2011.20","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.20","url":null,"abstract":"We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life industrial system. This paper reports on the experiences from applying the PREDIQT method in a second and more recent case study -- on an industrial ICT system from another domain and with a number of different system characteristics, compared with the previous case study. The analysis is performed in a fully realistic setting. The system analyzed is a critical and complex expert system used for management and support of numerous working processes. The system is subject to frequent changes of varying type and extent. The objective of the case study has been to perform an additional and more structured evaluation of the PREDIQT method and assess its performance with respect to a set of success criteria. The evaluation argues for feasibility and usefulness of the PREDIQT-based analysis. Moreover, the study has provided useful insights into the weaknesses of the method and suggested directions for future research and improvements.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115362676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Trust Observations in Validation Exercises 验证练习中的信任观察
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.26
F. Amato, M. Felici, Paola Lanzi, Giulia Lotti, L. Save, A. Tedeschi
{"title":"Trust Observations in Validation Exercises","authors":"F. Amato, M. Felici, Paola Lanzi, Giulia Lotti, L. Save, A. Tedeschi","doi":"10.1109/SSIRI.2011.26","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.26","url":null,"abstract":"This paper is concerned with an operational account of trust. It reports our experience in observing different trust aspects during a validation session for the assessment of a new tool and relevant operational concepts in the Air Traffic Management (ATM) domain. Despite the fact that trust is yet an elusive concept, our results show how monitoring trust can support the validation of alternative system settings and their operational aspects. This paper reports our experimental work on observing trust during validations exercises. Moreover, it provides new insights about the nature and the investigation of trust.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126480686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Component-Based Malicious Software Engineer Intrusion Detection 基于组件的恶意软件工程入侵检测
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.33
M. Shin, Snehadeep Sethia, N. Patel
{"title":"Component-Based Malicious Software Engineer Intrusion Detection","authors":"M. Shin, Snehadeep Sethia, N. Patel","doi":"10.1109/SSIRI.2011.33","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.33","url":null,"abstract":"These days, security-sensitive business application systems are developed and maintained by more than one software engineer, some of which may be unethical or malicious. Unethical software engineers can insert malicious code to the systems or maliciously change the existing code in the systems to gain personal benefits. As the result, security of the business application systems can be compromised. This paper describes an approach to detecting malicious code created by malicious software engineers in components. This paper is an extension to our previous work detecting malicious code attacking security-sensitive information within a component. In particular, this paper focuses on detecting malicious code in a component that intrudes security-sensitive information in different components in an application. For this, an application system monitor(s) is designed to detect intrusion between components using the business process encapsulated in the monitor(s). The proposed approach is applied to the ATM system and B2B electronic commerce system to evaluate the performance.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121214927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
On Testing Effectiveness of Metamorphic Relations: A Case Study 关于变质关系检验有效性的实例研究
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.21
M. Asrafi, Huai Liu, Fei-Ching Kuo
{"title":"On Testing Effectiveness of Metamorphic Relations: A Case Study","authors":"M. Asrafi, Huai Liu, Fei-Ching Kuo","doi":"10.1109/SSIRI.2011.21","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.21","url":null,"abstract":"One fundamental challenge for software testing is the oracle problem, which means that either there does not exist a mechanism (called oracle) to verify the test output given any possible program input, or it is very expensive, if not impossible, to apply the oracle. Metamorphic testing is an innovative approach to oracle problem. In metamorphic testing, metamorphic relations are derived from the innate characteristics of the software under test. These relations can help to generate test data and verify the correctness of the test result without the need of oracle. The effectiveness of metamorphic relations can play a significant role in the testing process. It has been argued that the metamorphic relations that cause different software execution behaviors should have high fault detection ability. In this paper, we conduct a case study to analyze the relationship between the execution behavior and the fault-detection effectiveness of metamorphic relations. Some code coverage criteria are used to reflect the execution behavior. It is shown that there is a certain degree of correlation between the code coverage achieved by a metamorphic relation and its fault-detection effectiveness.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131556670","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
An Organization-Driven Approach for Enterprise Security Development and Management 企业安全开发与管理的组织驱动方法
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.25
Lirong Dai, Yan Bai
{"title":"An Organization-Driven Approach for Enterprise Security Development and Management","authors":"Lirong Dai, Yan Bai","doi":"10.1109/SSIRI.2011.25","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.25","url":null,"abstract":"Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134226044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
RELEASE: Generating Exploits Using Loop-Aware Concolic Execution 释放:使用循环感知的Concolic执行生成漏洞
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.31
Bing-Han Li, S. Shieh
{"title":"RELEASE: Generating Exploits Using Loop-Aware Concolic Execution","authors":"Bing-Han Li, S. Shieh","doi":"10.1109/SSIRI.2011.31","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.31","url":null,"abstract":"Automatically finding vulnerabilities and even generating exploits are desirable for software testing. For the protection of intellectual property and copyright, programs being tested may be lack of source code and symbol table information. Concolic execution is a novel technique, which takes advantage of the rapid executing speed of concrete execution and the wide testing coverage of symbolic execution, to discover and identify software bugs, including vulnerabilities. However, a serious limitation of concolic execution inherited from symbolic execution is its poor analysis result with loops, a common programming construct. For instance, when the number of iterations depends on the inputs, the analysis cannot determine possible execution paths of the program. In this paper, we propose a new concolic execution technique, loop-aware concolic execution, for testing software and analyzing loop-related variables with fewer execution steps. With the novel technique, not only linear relations but also some polynomial recurrence relations in a loop can be handled. To demonstrate effectiveness of the novel technique, we developed a concolic analyzer, called RELEASE, to discover buffer-overflow vulnerabilities in the testing benchmarks.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121211386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Model-Driven Monitoring of Time-Critical Systems Based on Aspect-Oriented Programming 基于面向方面编程的时间关键系统模型驱动监控
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.15
Ki-Seong Lee, Chan-Gun Lee
{"title":"Model-Driven Monitoring of Time-Critical Systems Based on Aspect-Oriented Programming","authors":"Ki-Seong Lee, Chan-Gun Lee","doi":"10.1109/SSIRI.2011.15","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.15","url":null,"abstract":"Temporal correctness is one of the most important requirements for time-critical systems. Although time-critical systems are designed to meet their timing constraints, there can be still errors especially with timing constraints in run-time due to various reasons. Typically, time-critical systems are shipped with run-time monitors to check their temporal requirements. Hence, run-time monitors are essential to time-critical services. In this paper, we propose a model-driven monitor based on AOP for time-critical systems. The monitor is modeled by using xUML in the design time, and its timing constrains are specified by RTL-like expressions. The designed monitor model is transformed into the code automatically by our proposed tool chain. We validate the effectiveness of our approach by presenting a case study and analyzing the implemented system.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132376103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Runtime Verification of Domain-Specific Models of Physical Characteristics in Control Software 控制软件中特定领域物理特性模型的运行时验证
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.14
A. D. Roo, Hasan Sözer, M. Aksit
{"title":"Runtime Verification of Domain-Specific Models of Physical Characteristics in Control Software","authors":"A. D. Roo, Hasan Sözer, M. Aksit","doi":"10.1109/SSIRI.2011.14","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.14","url":null,"abstract":"Control logic of embedded systems is nowadays largely implemented in software. Such control software implements, among others, models of physical characteristics, like heat exchange among system components. Due to evolution of system properties and increasing complexity, faults can be left undetected in these models. Therefore, their accuracy must be verified at runtime. Traditional runtime verification techniques that are based on states and/or events in software execution are inadequate in this case. The behavior suggested by models of physical characteristics cannot be mapped to behavioral properties of software. Moreover, implementation in a general-purpose programming language makes these models hard to locate and verify. This paper presents a novel approach to explicitly specify models of physical characteristics using a domain-specific language, to define monitors for inconsistencies by detecting and exploiting redundancy in these models, and to realize these monitors using an aspect-oriented approach. The approach is applied to two industrial case studies.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121435341","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Using Partial Ordered Numbers to Control Information Flows 使用偏序数控制信息流
2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI: 10.1109/SSIRI.2011.27
S. Chou
{"title":"Using Partial Ordered Numbers to Control Information Flows","authors":"S. Chou","doi":"10.1109/SSIRI.2011.27","DOIUrl":"https://doi.org/10.1109/SSIRI.2011.27","url":null,"abstract":"Information flow control models can be applied widely. This paper discusses only the models preventing information leakage during program execution. In the prevention, an information flow control model dynamically monitors statements that will cause information flows and ban statements that may cause leakage. We involved in the research of information flow control for years and identified that sensitive information may be leaked only when it is output. However, most existing models ignore information flows induced by output statements. We thus designed a new model that especially emphasizes the monitoring of output statements. We also designed the model as a precise and low runtime overhead one. Our experiments show that the model bans every non-secure information flow and substantially reduces runtime overhead when comparing with our previous work.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"411 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116195230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信