Proceedings of the 29th Annual ACM Symposium on Applied Computing最新文献

筛选
英文 中文
Session details: Volume II: Software development, system software & security: user interface generation track 会议详情:第二卷:软件开发,系统软件和安全:用户界面生成跟踪
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/3255898
R. Popp, David Raneburger, G. Meixner
{"title":"Session details: Volume II: Software development, system software & security: user interface generation track","authors":"R. Popp, David Raneburger, G. Meixner","doi":"10.1145/3255898","DOIUrl":"https://doi.org/10.1145/3255898","url":null,"abstract":"","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134316773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Ianus: secure and holistic coexistence with kernel extensions - a immune system-inspired approach Ianus:与内核扩展安全而全面的共存——一种免疫系统启发的方法
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2554923
Daniela Oliveira, Jesús Navarro, Nicholas Wetzel, M. Bucci
{"title":"Ianus: secure and holistic coexistence with kernel extensions - a immune system-inspired approach","authors":"Daniela Oliveira, Jesús Navarro, Nicholas Wetzel, M. Bucci","doi":"10.1145/2554850.2554923","DOIUrl":"https://doi.org/10.1145/2554850.2554923","url":null,"abstract":"Kernel extensions, especially device drivers, make up a large fraction of modern OS kernels (approximately 70% in Linux). Most extensions are benign and represent a convenient approach for extending the kernel functionality and allowing a system to communicate with an increasing number of I/O devices. A small fraction of them are malicious and, as they run in kernel space, pose a threat to kernel integrity. From a security viewpoint this situation is paradoxical: modern OSes depend and must co-live with untrustworthy but needed extensions. Our immune system faces the same challenge: our body is made of a large number of bacteria, which are mostly benign and also carry out critical functions for our physiology. However, a small fraction of them pose a threat to our body as they can cause pathologies. The immune system maintains an homeostatic relationship with its microbiota by minimizing contact between bacteria and cell surfaces and confining bacteria to certain sites. Challenging the current trend that advocates leveraging only a hypervisor to defend the kernel (for considering it too vulnerable to defend itself), this paper advocates that modern OSes, like our immune system, should play an active role in maintaining healthy and safe interactions with their extensions. This work presents Ianus, a proof-of-concept prototype for this paradigm using Linux and the Bochs x86 emulator, which successfully minimized kernel extensions interactions with original kernel. Its security was evaluated with real rootkits and benign modules. Ianus' performance was analyzed with system and CPU benchmarks and it caused an small overhead to the system (approximately 12%).","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"149 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133389376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Kalimucho: middleware for mobile applications Kalimucho:移动应用的中间件
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2554883
Keling Da, Marc Dalmau, P. Roose
{"title":"Kalimucho: middleware for mobile applications","authors":"Keling Da, Marc Dalmau, P. Roose","doi":"10.1145/2554850.2554883","DOIUrl":"https://doi.org/10.1145/2554850.2554883","url":null,"abstract":"Developing ubiquitous applications is particularly complex. Beyond the dynamic aspect of such applications, the evolution of computing towards the multiplication of mobile access terminals is not making things easier. One solution to simplifying the development and use of such applications is to use software platforms dedicated to deployment and adaptation of applications and handling the heterogeneity of peripherals. They allow designers to focus on business aspects and facilitate reuse. The Kalimucho platform was designed and developed against this background. It executes and supervises applications based on software components.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130316934","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Do you feel lucky?: a large-scale analysis of risk-rewards trade-offs in cyber security 你觉得幸运吗?对网络安全领域风险回报权衡的大规模分析
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2554880
Yan Shoshitaishvili, L. Invernizzi, Adam Doupé, G. Vigna
{"title":"Do you feel lucky?: a large-scale analysis of risk-rewards trade-offs in cyber security","authors":"Yan Shoshitaishvili, L. Invernizzi, Adam Doupé, G. Vigna","doi":"10.1145/2554850.2554880","DOIUrl":"https://doi.org/10.1145/2554850.2554880","url":null,"abstract":"A crucial part of a cyber-criminal's job is to balance the risks and rewards of his every action. For example, an expert spammer will tune a bot's email-sending rate to achieve a good throughput with an acceptable risk of being detected. Then, such a cyber-criminal has to choose how to launder the money he made with spamming, and he will have to consider many options (money mules, Bitcoin, etc.) that will offer different returns and risks. Although understanding these trade-offs and coming as close as possible to their optimum is what discriminates winners and losers in the cyber-crime world, there has been little study on this matter, as setting up a large-scale study to study how cyber-criminals deal with these risk-reward trade-offs is challenging. Computer security competitions provide a great opportunity both to educate students and to study realistic cyber-security scenarios in a controlled environment. Looking to study the risk-reward trade-offs seen in real cyber-security incidents, we designed and hosted a novel format for a Capture the Flag cyber-security contest, involving 89 teams comprising over 1,000 students across the globe. In this paper, we describe the intuition, intent, and design of the contest. Additionally, we present an analysis of the data set collected, evaluate its effectiveness in modeling risk-reward behavior, examine the strategies of the competing teams, and estimate the effectiveness of such strategies.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130379223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
JSFlow: tracking information flow in JavaScript and its APIs JSFlow:跟踪JavaScript及其api中的信息流
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2554909
Daniel Hedin, Arnar Birgisson, Luciano Bello, A. Sabelfeld
{"title":"JSFlow: tracking information flow in JavaScript and its APIs","authors":"Daniel Hedin, Arnar Birgisson, Luciano Bello, A. Sabelfeld","doi":"10.1145/2554850.2554909","DOIUrl":"https://doi.org/10.1145/2554850.2554909","url":null,"abstract":"JavaScript drives the evolution of the web into a powerful application platform. Increasingly, web applications combine services from different providers. The script inclusion mechanism routinely turns barebone web pages into full-fledged services built up from third-party code. Such code provides a range of facilities from helper utilities (such as jQuery) to readily available services (such as Google Analytics and Tynt). Script inclusion poses a challenge of ensuring that the integrated third-party code respects security and privacy. This paper presents JSFlow, a security-enhanced JavaScript interpreter for fine-grained tracking of information flow. We show how to resolve practical challenges for enforcing information-flow policies for the full JavaScript language, as well as tracking information in the presence of libraries, as provided by browser APIs. The interpreter is itself written in JavaScript, which enables deployment as a browser extension. Our experiments with the extension provide in-depth understanding of information manipulation by third-party scripts such as Google Analytics. We find that different sites intended to provide similar services effectuate rather different security policies for the user's sensitive information: some ensure it does not leave the browser, others share it with the originating server, while yet others freely propagate it to third parties.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"18 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114020716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 176
Combining research and education of software testing: a preliminary study 结合软件测试的研究和教育:初步研究
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2555124
Zhenyu Chen, A. Memon, B. Luo
{"title":"Combining research and education of software testing: a preliminary study","authors":"Zhenyu Chen, A. Memon, B. Luo","doi":"10.1145/2554850.2555124","DOIUrl":"https://doi.org/10.1145/2554850.2555124","url":null,"abstract":"This paper reports a preliminary study on combining research and education of software testing. We introduce some industrial-strength programs, from the open-source projects for research, into the assignments of system testing. Research assistants and teaching assistants work together to establish and evaluate the assignments of system testing. Our preliminary results show that research and education of software testing can benefit each other in this way.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"199 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115689398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
A model driven framework for modeling and composing service based Android applications 一个模型驱动的框架,用于建模和组合基于服务的Android应用程序
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2555037
Chung Le
{"title":"A model driven framework for modeling and composing service based Android applications","authors":"Chung Le","doi":"10.1145/2554850.2555037","DOIUrl":"https://doi.org/10.1145/2554850.2555037","url":null,"abstract":"Service based applications, i.e. applications that delegate work to remote web services, have emerged as a key architecture for mobile applications. Such applications can be created by composing access to web services. However, the process is still largely manual in today's practice. This paper presents a new model driven framework called DroidCompo that aims to provide an authoring environment for composing service based applications for the Android platform. DroidCompo provides: a. models that allow users to describe Android applications, web services and web service clients; b. an abstraction called Form Layout which is used to derive a user interface from the result structure of web services; and c. a Composition model that supports integration of both logic and user interface. Defining applications using DroidCompo alleviates the need for manual programming, while the composition approach enables and promotes reuse at the model instance and shared library levels.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117064685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Bespoke video games to provide early response markers to identify the optimal strategies for maximizing rehabilitation 定制的视频游戏提供早期反应标记,以确定最大化康复的最佳策略
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2554953
S. Graziadio, Richard Davison, K. Shalabi, K. Sahota, G. Ushaw, G. Morgan, J. Eyre
{"title":"Bespoke video games to provide early response markers to identify the optimal strategies for maximizing rehabilitation","authors":"S. Graziadio, Richard Davison, K. Shalabi, K. Sahota, G. Ushaw, G. Morgan, J. Eyre","doi":"10.1145/2554850.2554953","DOIUrl":"https://doi.org/10.1145/2554850.2554953","url":null,"abstract":"Stroke commonly leads to partial or complete paralysis of one side of the body and there is limited availability of therapists to provide rehabilitation. It is a priority therefore to identify the most effective rehabilitation strategies and/or pharmacotherapies. Motor learning, the essential process underpinning rehabilitation, can be assessed more quickly and robustly than outcomes from rehabilitation. In this paper we describe a proof of concept system that utilises a bespoke video game to measure the critical components of motor learning. We demonstrate that it is sensitive enough to detect how simple changes in therapist instruction significantly change motor performance and learning. Although video games have been shown to aid in rehabilitation, this is the first time video games have been used to derive early response markers, based on the measurement of performance and motor learning, for use in the evaluation of the efficacy of a rehabilitation strategy.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117160467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Conformance checking for BPMN-based process models 基于bpmn的流程模型的一致性检查
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2555061
T. Molka, D. Redlich, Marc Drobek, A. Caetano, Xiao-Jun Zeng, Wasif Gilani
{"title":"Conformance checking for BPMN-based process models","authors":"T. Molka, D. Redlich, Marc Drobek, A. Caetano, Xiao-Jun Zeng, Wasif Gilani","doi":"10.1145/2554850.2555061","DOIUrl":"https://doi.org/10.1145/2554850.2555061","url":null,"abstract":"Measuring how well business process models conform to the execution of the process in reality is an important topic with many applications. While current conformance checking approaches are tailored to formal models such as Petri nets they lack support for domain-specific standards such as BPMN. In this paper we present two approaches for directly measuring the conformance of business process models based on BPMN elements and event logs. We define methods for extracting properties from such models that enable an easy comparison to event logs on a local level (i.e. for individual parts of the process and individual events). Furthermore, we present a method for replaying whole event logs on such models, allowing for a global conformance measure (i.e. on trace level). By utilising the previously extracted properties, we eliminate the need for expensive state-space exploration.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114986885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Effective fault localization via mutation analysis: a selective mutation approach 基于突变分析的有效故障定位:一种选择性突变方法
Proceedings of the 29th Annual ACM Symposium on Applied Computing Pub Date : 2014-03-24 DOI: 10.1145/2554850.2554978
Mike Papadakis, Yves Le Traon
{"title":"Effective fault localization via mutation analysis: a selective mutation approach","authors":"Mike Papadakis, Yves Le Traon","doi":"10.1145/2554850.2554978","DOIUrl":"https://doi.org/10.1145/2554850.2554978","url":null,"abstract":"When programs fail, developers face the problem of identifying the code fragments responsible for this failure. To this end, fault localization techniques try to identify suspicious program places (program statements) by observing the spectrum of the failing and passing test executions. These statements are then pointed out to assist the debugging activity. This paper considers mutation-based fault localization and suggests the use of a sufficient mutant set to locate effectively the faulty statements. Experimentation reveals that mutation-based fault localization is significantly more effective than current state-of-the-art fault localization techniques. Additionally, the results show that the proposed approach is capable of reducing the overheads of mutation analysis. In particular the number of mutants to be considered is reduced to 20% with only a limited loss on the method's effectiveness.","PeriodicalId":285655,"journal":{"name":"Proceedings of the 29th Annual ACM Symposium on Applied Computing","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115265164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 51
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信