发布求助
文献互助 智能选刊 最新文献

2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)最新文献

筛选
英文 中文
Securing Smart Contracts in Blockchain 保护区块链中的智能合约
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00032
Jaturong Kongmanee, Phongphun Kijsanayothin, R. Hewett
{"title":"Securing Smart Contracts in Blockchain","authors":"Jaturong Kongmanee, Phongphun Kijsanayothin, R. Hewett","doi":"10.1109/ASEW.2019.00032","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00032","url":null,"abstract":"Blockchain is an emerging technology that underlies creation and exchange of the digital assets, including cryptocurrency such as Bitcoin and Ether, without the need for a central authority. It provides a public ledger for recording sequence of transactions in blocks that are linked as a chain. Smart contracts are computer programs governing participant agreements that are automatically enforced by consensus protocols in the blockchain. Together, blockchain and smart contracts revolutionize efficient transaction stores, services and workflows that work even among distrusting participants and without a trusted authority. Unfortunately, like most software, smart contracts are vulnerable as evidenced by a recent Decentralized Autonomous Organization (DAO) attack that lost cryptocurrency then-valued about $60 million. Correctness of executions alone is not sufficient to guarantee security of smart contracts. This paper addresses how we can apply model checking, a well-established formal verification technique, to help alleviate security issues in smart contract development. Most existing studies have focused on verification of smart contracts on a specific language and specific platform. Smart contracts may have hidden operational side effects that impact software behaviors. Thus, applying model checking to smart contracts is not necessarily straightforward. This paper presents a general technique for building the core functional models applicable for model checking to identify all possible executions that lead to security breaches. It also shows how resulting executions can be systematically analyzed to help identify security issues. The models are language and system independent in that they can represent any smart contract in any language or any platform. We illustrate and evaluate the technique with a widely used example of a smart contract in a financial system along with experimental results using a well-known model checker, NuSMV in various scenarios.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116752800","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Predicting Defects with Latent and Semantic Features from Commit Logs in an Industrial Setting 利用工业环境中提交日志的潜在特征和语义特征预测缺陷
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00038
Beyza Eken, RiFat Atar, Sahra Sertalp, Ayse Tosun Misirli
{"title":"Predicting Defects with Latent and Semantic Features from Commit Logs in an Industrial Setting","authors":"Beyza Eken, RiFat Atar, Sahra Sertalp, Ayse Tosun Misirli","doi":"10.1109/ASEW.2019.00038","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00038","url":null,"abstract":"Software defect prediction is still a challenging task in industrial settings. Noisy data and/or lack of data make it hard to build successful prediction models. In this study, we aim to build a change-level defect prediction model for a software project in an industrial setting. We combine various probabilistic models, namely matrix factorization and topic modeling, with the expectation of overcoming the noisy and limited nature of industrial settings by extracting hidden features from multiple resources. Commit level process metrics, latent features from commits, and semantic features from commit messages are combined to build the defect predictors with the use of Log Filtering and feature selection techniques, and two machine learning algorithms Naive Bayes and Extreme Gradient Boosting (XGBoost). Collecting data from various sources and applying data pre-processing techniques show a statistically significant improvement in terms of probability of detection by up to 24% when compared to a base model with process metrics only.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130274385","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
The Effect of Weighted Moving Windows on Security Vulnerability Prediction 加权移动窗口对安全漏洞预测的影响
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00031
P. Kudjo, Jinfu Chen, Selasie Brown Aformaley, Solomon Mensah
{"title":"The Effect of Weighted Moving Windows on Security Vulnerability Prediction","authors":"P. Kudjo, Jinfu Chen, Selasie Brown Aformaley, Solomon Mensah","doi":"10.1109/ASEW.2019.00031","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00031","url":null,"abstract":"Vulnerability prediction models strive to identify vulnerable modules in large software systems. Consequently, several vulnerability prediction approaches have been proposed to identify such susceptible units by using software metrics, historical data, and machine learning techniques. However, in spite of the key role seasonal trends of vulnerabilities play in estimating the resources needed for developing corrective measures, most of the proffered models fail to examine the trend, level, and seasonality of security vulnerability. To address this lacuna, this paper examines the statistical significance of the annual seasonal patterns and trends in vulnerability discovery using the weighted moving window. Our approach takes into account the chronological order within vulnerability data and assigns different weights of importance to projects in a window to effectively portray current security practices. Specifically, we used three regression-based models as vulnerability predictors for historical vulnerability data mined from five open-source applications offered by the Common Vulnerability Exposures and the National Vulnerability Database (CVE-NVD). In addition, we evaluate the performance and reliability of the models with symmetric mean absolute percent error (SMAPE). The preliminary results suggest that weighting the moving window based on Gaussian function yields improved accuracy and the recommended forecasting model is the robust regression.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133211260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Synthesizing Mutable Configurations: Setting up Systems for Success 综合可变配置:为成功建立系统
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00034
Tim Nelson, Natasha Danas, Theophilos Giannakopoulos, S. Krishnamurthi
{"title":"Synthesizing Mutable Configurations: Setting up Systems for Success","authors":"Tim Nelson, Natasha Danas, Theophilos Giannakopoulos, S. Krishnamurthi","doi":"10.1109/ASEW.2019.00034","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00034","url":null,"abstract":"Numerous devices, from network switches and servers to industrial control systems, can be unreliable if they are not configured properly. Even if a device's implementation has been proven correct, it must still be configured to meet the specific functional and security requirements of its stakeholders. However, manual configuration remains labor intensive and error-prone even for experts. Automated configuration synthesis presents a promising way forward. Unfortunately, as we show, existing counterexample-guided algorithms can perform poorly if the system model allows configuration changes during execution. Yet disallowing such changes can hide significant problems, such as privilege escalation. We present a new synthesis algorithm that exploits structure inherent in state-machine models where the system configuration changes. We implement it using the Kodkod relational model finder, and show that it favorably solves a number of configuration-synthesis tasks.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126412433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
On the Engineering of AI-Powered Systems 关于人工智能驱动系统的工程
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00042
Evgeny Kusmenko, Svetlana Pavlitskaya, Bernhard Rumpe, Sebastian Stüber
{"title":"On the Engineering of AI-Powered Systems","authors":"Evgeny Kusmenko, Svetlana Pavlitskaya, Bernhard Rumpe, Sebastian Stüber","doi":"10.1109/ASEW.2019.00042","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00042","url":null,"abstract":"More and more tasks become solvable using deep learning technology nowadays. Consequently, the amount of neural network code in software rises continuously. To make the new paradigm more accessible, frameworks, languages, and tools keep emerging. Although, the maturity of these tools is steadily increasing, we still lack appropriate domain specific languages and a high degree of automation when it comes to deep learning for productive systems. In this paper we present a multi-paradigm language family allowing the AI engineer to model and train deep neural networks as well as to integrate them into software architectures containing classical code. Using input and output layers as strictly typed interfaces enables a seamless embedding of neural networks into component-based models. The lifecycle of deep learning components can then be governed by a compiler accordingly, e.g. detecting when (re-)training is necessary or when network weights can be shared between different network instances. We provide a compelling case study, where we train an autonomous vehicle for the TORCS simulator. Furthermore, we discuss how the methodology automates the AI development process if neural networks are changed or added to the system.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116179647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
On Secret Management and Handling in Mobile Application Development Life Cycle: A Position Paper 移动应用开发生命周期中的秘密管理与处理:立场文件
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00033
P. Bunyakiati, Usa Sammapun
{"title":"On Secret Management and Handling in Mobile Application Development Life Cycle: A Position Paper","authors":"P. Bunyakiati, Usa Sammapun","doi":"10.1109/ASEW.2019.00033","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00033","url":null,"abstract":"The security of software systems relies so heavily on the use of secrets, ranging from credentials, API keys, and tokens to secret keys for cryptographic security. This paper examines approaches for managing and handling secrets in software development life cycle, focusing on mobile applications where software must be distributed to devices and operate in an untrusted environment. This paper points out the shortcomings in activities related to secrets management and handling in mobile application development life cycle and outlines future directions in this area of research.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115825349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Service Application Knowledge Graph and Dependency System 服务应用知识图谱与依赖系统
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00043
Hanzhang Wang, C. Shah, Praseeda Sathaye, Amit Nahata, Sanjeev Katariya
{"title":"Service Application Knowledge Graph and Dependency System","authors":"Hanzhang Wang, C. Shah, Praseeda Sathaye, Amit Nahata, Sanjeev Katariya","doi":"10.1109/ASEW.2019.00043","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00043","url":null,"abstract":"Service architecture adoption is widespread and brings many benefits, such as agile development and immutable infrastructure. However, it's hard to govern and understand the vast service ecosystem as each application evolved independently and differently (e.g., features and development methods) from each team. In this paper, we present an approach to model and process application ecosystem as a knowledge graph. The application knowledge graph can help with architectural visibility, operational efficiency, and developer productivity.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127827850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Challenges in Secure Engineering of Critical Infrastructure Systems 关键基础设施系统安全工程的挑战
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00030
Sridhar Adepu, Eunsuk Kang, A. Mathur
{"title":"Challenges in Secure Engineering of Critical Infrastructure Systems","authors":"Sridhar Adepu, Eunsuk Kang, A. Mathur","doi":"10.1109/ASEW.2019.00030","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00030","url":null,"abstract":"Modern critical infrastructure (CI), such as water supply, smart power grids, and transportation networks, face major security challenges that arise due to complex interactions between software and physical components as well as human operators. Such systems are an attractive target for attackers who intend to disrupt the safe, normal operation of CI by exploiting vulnerabilities in software components such as the supervisory control and data acquisition (SCADA) workstations and programmable logic controllers (PLCs). In this reference paper, we elaborate on problems and challenges learned from our own experience in automating security analysis, assessment, and defense mechanisms for CI. These challenges are presented in the context of two real-world CI systems-namely, a water treatment plant and a water distribution system.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123660165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Explaining Business Process Software with Fulib-Scenarios 用全场景解释业务流程软件
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00024
Albert Zündorf, Sebastian Copei, I. Diethelm, Claude Draude, A. Kunz, U. Norbisrath
{"title":"Explaining Business Process Software with Fulib-Scenarios","authors":"Albert Zündorf, Sebastian Copei, I. Diethelm, Claude Draude, A. Kunz, U. Norbisrath","doi":"10.1109/ASEW.2019.00024","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00024","url":null,"abstract":"This paper proposes Fulib-Scenarios as means to explain data modelling, GUI Mockups, and simple algorithms to non-IT people.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129479187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Android App Merging for Benchmark Speed-Up and Analysis Lift-Up Android应用合并的基准加速和分析提升
2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW) Pub Date : 2019-11-01 DOI: 10.1109/ASEW.2019.00019
Felix Pauck, Shikun Zhang
{"title":"Android App Merging for Benchmark Speed-Up and Analysis Lift-Up","authors":"Felix Pauck, Shikun Zhang","doi":"10.1109/ASEW.2019.00019","DOIUrl":"https://doi.org/10.1109/ASEW.2019.00019","url":null,"abstract":"In the field of software analysis a trade-off between scalability and accuracy always exists. In this respect, Android app analysis is no exception, in particular, analyzing large or many apps can be challenging. Dealing with many small apps is a typical challenge when facing micro-benchmarks such as DROIDBENCH or ICC-BENCH. These particular benchmarks are not only used for the evaluation of novel tools but also in continuous integration pipelines of existing mature tools to maintain and guarantee a certain quality-level. Considering this latter usage it becomes very important to be able to achieve benchmark results as fast as possible. Hence, benchmarks have to be optimized for this purpose. One approach to do so is app merging. We implemented the Android Merge Tool (AMT) following this approach and show that its novel aspects can be used to produce scaled up and accurate benchmarks. For such benchmarks Android app analysis tools do not suffer from the scalability-accuracy trade-off anymore. We show this throughout detailed experiments on DROIDBENCH employing three different analysis tools (AMANDROID, ICCTA, FLOWDROID). Benchmark execution times are largely reduced without losing benchmark accuracy. Moreover, we argue why AMT is an advantageous successor of the state-of-the-art app merging tool (APKCOMBINER) in analysis lift-up scenarios.","PeriodicalId":277020,"journal":{"name":"2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127830753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信