发布求助
文献互助 智能选刊 最新文献

2015 IEEE 16th International Symposium on High Assurance Systems Engineering最新文献

筛选
英文 中文
Modeling and Verification for Probabilistic Properties in Software Product Lines 软件产品线中概率属性的建模与验证
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.34
G. Rodrigues, Vander Alves, Vinicius Nunes, André Lanna, Maxime Cordy, Pierre-Yves Schobbens, Amir Molzam Sharifloo, Axel Legay
{"title":"Modeling and Verification for Probabilistic Properties in Software Product Lines","authors":"G. Rodrigues, Vander Alves, Vinicius Nunes, André Lanna, Maxime Cordy, Pierre-Yves Schobbens, Amir Molzam Sharifloo, Axel Legay","doi":"10.1109/HASE.2015.34","DOIUrl":"https://doi.org/10.1109/HASE.2015.34","url":null,"abstract":"We propose a model for feature-aware discrete-time Markov chains, called FDTMC, as a basis for verifying probabilistic properties, e.g., Reliability and availability, of product lines. To verify such properties on FDTMC, we compare three techniques. First, we experiment with two different parametric techniques to obtain this formula: the classical one builds it from the model as whole, and a new one that builds it compositionally from a sequence of modules. Finally, we propose a new technique that performs a bounded verification for the whole product line, and thus takes advantage of the high probability of common behaviors of the product line. It computes an approximate formula, represented as an arithmetic decision diagram. Experimental results on a vital signal monitoring system prototype are provided and compared for these techniques aiming at analysing them for scalability issues of size and computational time. They show complementary advantages, and we provide criteria to choose a technique depending on the characteristics of the model.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124286656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
Using Pairwise Testing to Verify Automatically-Generated Formal Specifications 使用成对测试来验证自动生成的形式化规范
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.46
S. Salamah, Omar Ochoa, Yadira Jacquez
{"title":"Using Pairwise Testing to Verify Automatically-Generated Formal Specifications","authors":"S. Salamah, Omar Ochoa, Yadira Jacquez","doi":"10.1109/HASE.2015.46","DOIUrl":"https://doi.org/10.1109/HASE.2015.46","url":null,"abstract":"In this paper, we report on the effectiveness of the testing approach known as pairwise or orthogonal testing in verifying the correctness of the LTL specifications generated by the PROperty SPECification (Prospec) tool. This tool assists the user in generating a large number (over 34,000) of formal specifications in formal languages, including Linear Temporal Logic (LTL). Pairwise testing is a technique that aims at, significantly, reducing the amount of test cases required for testing a particular software system while providing assurance of adequate coverage of the problem space.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116218026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
A Proxy Identifier Based on Patterns in Traffic Flows 基于流量模式的代理标识
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.26
V. A. Foroushani, A. N. Zincir-Heywood
{"title":"A Proxy Identifier Based on Patterns in Traffic Flows","authors":"V. A. Foroushani, A. N. Zincir-Heywood","doi":"10.1109/HASE.2015.26","DOIUrl":"https://doi.org/10.1109/HASE.2015.26","url":null,"abstract":"Proxies are used commonly on today's Internet. On one hand, end users can choose to use proxies for hiding their identities for privacy reasons. On the other hand, ubiquitous systems can use it for intercepting the traffic for purposes such as caching. In addition, attackers can use such technologies to anonymize their malicious behaviours and hide their identities. Identification of such behaviours is important for defense applications since it can facilitate the assessment of security threats. The objective of this paper is to identify proxy traffic as seen in a traffic log file without any access to the proxy server or the clients behind it. To achieve this: (i) we employ a mixture of log files to represent real-life proxy behavior, and (ii) we design and develop a data driven machine learning based approach to provide recommendations for the automatic identification of such behaviours. Our results show that we are able to achieve our objective with a promising performance even though the problem is very challenging.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126624798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
A Diversity-Based Approach for Communication Integrity in Critical Embedded Systems 关键嵌入式系统中基于多样性的通信完整性方法
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.39
Amira Zammali, A. D. Bonneval, Y. Crouzet
{"title":"A Diversity-Based Approach for Communication Integrity in Critical Embedded Systems","authors":"Amira Zammali, A. D. Bonneval, Y. Crouzet","doi":"10.1109/HASE.2015.39","DOIUrl":"https://doi.org/10.1109/HASE.2015.39","url":null,"abstract":"We present, in this paper, a fault-tolerant approach to cope with accidental communication data corruption in critical embedded systems. One of the classical integrity approaches is the redundancy-based approach that consists particularly in replicating the message and sending all copies via the same communication channel consecutively or sending them via replicated communication channels. Yet, such approach is vulnerable to some cases of Common-Mode Failure. So, we propose to diversify the copies to be sent via two independent proposals: i) diversifying either the error detection function (which generate the check bits) or ii) the data payload. This paper focus on the first proposal by presenting experiments and results to validate its effectiveness. Besides, it describes basic theoretical concepts of the second proposal. Our case study is the Flight Control System (FCS). Yet, our approach could be deployed in other systems for which we describe the key properties.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115632832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Observation-Level-Driven Formal Modeling 观察级驱动的形式化建模
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.32
A. Mashkoor, J. Jacquot
{"title":"Observation-Level-Driven Formal Modeling","authors":"A. Mashkoor, J. Jacquot","doi":"10.1109/HASE.2015.32","DOIUrl":"https://doi.org/10.1109/HASE.2015.32","url":null,"abstract":"Refinement-based formal methods provide a systematic process to develop software that is correct by construction through a gradual enrichment of models. However, their waterfall-like linear sequence of refinements makes it difficult to express properties at the desired level of abstraction without cluttering the models' specification. Consequently, models become difficult to develop, organize and understand. In this paper, we present an approach based on the notion of \"observation levels\" to organize the model development in such a way that facilitates the inclusion of new properties into the model without compromising its understand ability. The approach is demonstrated by its application on two real-life high-assurance case studies.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122037717","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Applying Safety Case Pattern to Generate Assurance Cases for Safety-Critical Systems 应用安全案例模式生成安全关键系统的保证案例
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.44
Chung-Ling Lin, Wuwei Shen
{"title":"Applying Safety Case Pattern to Generate Assurance Cases for Safety-Critical Systems","authors":"Chung-Ling Lin, Wuwei Shen","doi":"10.1109/HASE.2015.44","DOIUrl":"https://doi.org/10.1109/HASE.2015.44","url":null,"abstract":"In the safety critical industries, the manufacturers should provide a compelling and comprehensible argument to demonstrate that their system is well designed so safety concerns either do not exist or can be negligible. These arguments are usually represented by an assurance case. However, one of challenging issues facing the safety critical industry is how to integrate an assurance case into manufacturers' own development process. In this paper, we present how a safety case pattern which captures common structures of successful arguments can be applied as reusing strategies for building a new safety argument. More importantly, the latest development in Model Driven Engineering (MDE) facilitates the automatic integration of an assurance model into a development process. As a case study, we take the Generic Patient Controlled Analgesic (GPCA) Infusion Pump from the medical device industry into account to demonstrate how an assurance model can be generated in a development process via the safety pattern.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122078295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Strategy-Aware Mitigation Using Markov Games for Dynamic Application-Layer Attacks 基于马尔可夫博弈的动态应用层攻击策略感知缓解
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.28
Mahsa Emami-Taba, M. Amoui, L. Tahvildari
{"title":"Strategy-Aware Mitigation Using Markov Games for Dynamic Application-Layer Attacks","authors":"Mahsa Emami-Taba, M. Amoui, L. Tahvildari","doi":"10.1109/HASE.2015.28","DOIUrl":"https://doi.org/10.1109/HASE.2015.28","url":null,"abstract":"Targeted and destructive nature of strategies used by attackers to break down the system require mitigation approaches with dynamic awareness. In the domain of adaptive software security, the adaptation manager of a self-protecting software is responsible for selecting countermeasures to prevent or mitigate attacks immediately. Making a right decision in each and every situation is one of the most challenging aspects of engineering self-protecting software systems. Inspired by the game theory, in this research work, we model the interactions between the attacker and the adaptation manager as a two-player zero-sum Markov game. Using this game-theoretic approach, the adaptation manager can refine its strategies in dynamic attack scenarios by utilizing what has learned from the system's and adversary's actions. We also present how this approach can be fitted to the well-known MAPE-K architecture model. As a proof of concept, this research conducts a study on a case of dynamic application-layer denial of service attacks. The simulation results demonstrate how our approach performs while encountering different attack strategies.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"263 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132447608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Enabling Decision Support for the Delivery of Real-Time Services 启用实时服务交付的决策支持
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.18
D. McKee, D. Webster, Jie Xu
{"title":"Enabling Decision Support for the Delivery of Real-Time Services","authors":"D. McKee, D. Webster, Jie Xu","doi":"10.1109/HASE.2015.18","DOIUrl":"https://doi.org/10.1109/HASE.2015.18","url":null,"abstract":"The domain of high assurance distributed systems has focused greatly on the areas of fault tolerance and dependability. As a result the paradigm of service orientated architectures (SOA) has been commonly applied to realize the significant benefits of loose coupling and dynamic binding. However, there has been limited research addressing the issues of managing real-time constraints in SOAs that are by their very nature dynamic. Although the paradigm itself is derived from fundamental principles of dependability, these same principles appear to not be applied when considering the timed dimension of quality of service. As a result the current state-of-the-art in SOA research only addresses soft real-time and does not seek to provide concrete guarantees about a systems performance. When a distributed system is deployed we do not understand enough the emerging behavior that will occur. This paper therefore proposes an approach that probabilistically monitors system state within a given workflow's execution window. Utilizing a real distributed system we experiment with services from the computer vision domain, with clear real-time constraints, evaluating the performance of each system component. Our approach successfully models the likelihood of the service meeting providing various levels of QoS, providing the basis for a more dynamic and intelligent approach to real-time service orientation.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122357412","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Extending Contract theory with Safety Integrity Levels 具有安全完整性等级的扩展契约理论
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.21
Jonas Westman, M. Nyberg
{"title":"Extending Contract theory with Safety Integrity Levels","authors":"Jonas Westman, M. Nyberg","doi":"10.1109/HASE.2015.21","DOIUrl":"https://doi.org/10.1109/HASE.2015.21","url":null,"abstract":"In functional safety standards such as ISO 26262 and IEC 61508, Safety Integrity Levels (SILs) are assigned to top-level safety requirements on a system. The SILs are then either inherited or decomposed down to safety requirements on sub-systems, such that if the sub-systems are sufficiently reliable in fulfilling their respective safety requirements, as specified by the SILs, then it follows that the system is sufficiently reliable in fulfilling the top-level safety requirement. Present contract theory has previously been shown to provide a suitable foundation to structure safety requirements, but does not include support for the use of SILs. An extension of contract theory with the notion of SILs is therefore presented. As a basis for structuring the breakdown of safety requirements, a graph, called a contract structure, is introduced that provides a necessary foundation to capture the notions of SIL inheritance and decomposition in the context of contract theory.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134279129","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
CamAuth: Securing Web Authentication with Camera CamAuth:使用摄像头保护Web身份验证
2015 IEEE 16th International Symposium on High Assurance Systems Engineering Pub Date : 2015-01-08 DOI: 10.1109/HASE.2015.41
Mengjun Xie, Yanyan Li, K. Yoshigoe, R. Seker, J. Bian
{"title":"CamAuth: Securing Web Authentication with Camera","authors":"Mengjun Xie, Yanyan Li, K. Yoshigoe, R. Seker, J. Bian","doi":"10.1109/HASE.2015.41","DOIUrl":"https://doi.org/10.1109/HASE.2015.41","url":null,"abstract":"Frequent outbreak of password database leaks and server breaches in recent years manifests the aggravated security problems of web authentication using only password. Two-factor authentication, despite being more secure and strongly promoted, has not been widely applied to web authentication. Leveraging the unprecedented popularity of both personal mobile devices (e.g., Smartphones) and barcode scans through camera, we explore a new horizon in the design space of two-factor authentication. In this paper, we present CamAuth, a web authentication scheme that exploits pervasive mobile devices and digital cameras to counter various password attacks including man-in-the-middle and phishing attacks. In CamAuth, a mobile device is used as the second authentication factor to vouch for the identity of a use who is performing a web login from a PC. The device communicates directly with the PC through the secure visible light communication channels, which incurs no cellular cost and is immune to radio frequency attacks. CamAuth employs public-key cryptography to ensure the security of authentication process. We implemented a prototype system of CamAuth that consists of an Android application, a Chrome browser extension, and a Java-based web server. Our evaluation results indicate that CamAuth is a viable scheme for enhancing the security of web authentication.","PeriodicalId":248645,"journal":{"name":"2015 IEEE 16th International Symposium on High Assurance Systems Engineering","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124929802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信