发布求助
文献互助 智能选刊 最新文献

2015 IEEE International Conference on Software Quality, Reliability and Security最新文献

筛选
英文 中文
ASR: Abstraction Subspace Reduction for Exposing Atomicity Violation Bugs in Multithreaded Programs 多线程程序中原子性冲突错误的抽象子空间缩减
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.46
Shangru Wu, Chunbai Yang, W. Chan
{"title":"ASR: Abstraction Subspace Reduction for Exposing Atomicity Violation Bugs in Multithreaded Programs","authors":"Shangru Wu, Chunbai Yang, W. Chan","doi":"10.1109/QRS.2015.46","DOIUrl":"https://doi.org/10.1109/QRS.2015.46","url":null,"abstract":"Many two-phase based dynamic concurrency bug detectors predict suspicious instances of atomicity violation from one execution trace, and examine each such instance by scheduling a confirmation run. If the amount of suspicious instances predicted is large, confirming all these instances becomes a burden. In this paper, we present the first controlled experiment that evaluates the efficiency, effectiveness, and cost-effectiveness of reduction on suspicious instances in the detection of atomicity violations. A novel form of reduction technique named ASR is proposed. Our empirical analysis reveals many interesting findings: First, the reduced sets of instances produced by ASR significantly improve the efficiency of atomicity violation detection without significantly compromising the effectiveness. Second, ASR is significantly more cost-effective than random reduction and untreated reduction by 8.5 folds and 60.7 folds, respectively, in terms of mean normalized bug detection ratio. Third, six ASR techniques can be significantly more cost-effective than the technique modeled after a state-of-the-art detector.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115689833","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Combinatorial Testing for Tree-Structured Test Models with Constraints 具有约束的树结构测试模型的组合测试
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.29
Takashi Kitamura, A. Yamada, G. Hatayama, Cyrille Artho, Eun-Hye Choi, Thi Bich Ngoc Do, Y. Oiwa, Shin Sakuragi
{"title":"Combinatorial Testing for Tree-Structured Test Models with Constraints","authors":"Takashi Kitamura, A. Yamada, G. Hatayama, Cyrille Artho, Eun-Hye Choi, Thi Bich Ngoc Do, Y. Oiwa, Shin Sakuragi","doi":"10.1109/QRS.2015.29","DOIUrl":"https://doi.org/10.1109/QRS.2015.29","url":null,"abstract":"In this paper, we develop a combinatorial testing technique for tree-structured test models. First, we generalize our previous test models for combinatorial testing based on AND-XOR trees with constraints limited to a syntactic subset of propositional logic, to allow for constraints in full propositional logic. We prove that the generalized test models are strictly more expressive than the limited ones. Then we develop an algorithm for combinatorial testing for the generalized models, and show its correctness and computational complexity. We apply a tool based on our algorithm to an actual ticket gate system that is used by several large transportation companies in Japan. Experimental results show that our technique outperforms existing techniques.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130406257","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection Android应用程序中潜在的组件泄漏:对恶意软件检测新功能集的调查
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.36
Li Li, Kevin Allix, Daoyuan Li, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein
{"title":"Potential Component Leaks in Android Apps: An Investigation into a New Feature Set for Malware Detection","authors":"Li Li, Kevin Allix, Daoyuan Li, Alexandre Bartel, Tegawendé F. Bissyandé, Jacques Klein","doi":"10.1109/QRS.2015.36","DOIUrl":"https://doi.org/10.1109/QRS.2015.36","url":null,"abstract":"We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. We show that PCLs are common in Android apps and that malicious applications indeed manipulate significantly more PCLs than benign apps. Then, we evaluate a machine learning-based approach relying on PCLs. Experimental validations show high performance for identifying malware, demonstrating that PCLs can be used for discriminating malicious apps from benign apps.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131580025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
LLFI: An Intermediate Code-Level Fault Injection Tool for Hardware Faults 硬件故障的中间代码级故障注入工具
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.13
Qining Lu, Mostafa Farahani, Jiesheng Wei, Anna Thomas, K. Pattabiraman
{"title":"LLFI: An Intermediate Code-Level Fault Injection Tool for Hardware Faults","authors":"Qining Lu, Mostafa Farahani, Jiesheng Wei, Anna Thomas, K. Pattabiraman","doi":"10.1109/QRS.2015.13","DOIUrl":"https://doi.org/10.1109/QRS.2015.13","url":null,"abstract":"Hardware errors are becoming more prominent with reducing feature sizes, however tolerating them exclusively in hardware is expensive. Researchers have explored software-based techniques for building error resilient applications for hardware faults. However, software based error resilience techniques need configurable and accurate fault injection techniques to evaluate their effectiveness. In this paper, we present LLFI, a fault injector that works at the LLVM compiler's intermediate representation (IR) level of the application. LLFI is highly configurable, and can be used to inject faults into selected targets in the program in a fine-grained manner. We demonstrate the utility of LLFI by using it to perform fault injection experiments into nine programs, and study the effect of different injection choices on their resilience, namely instruction type, register target and number of bits flipped. We find that these parameters have a marked effect on the evaluation of overall resilience.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114269046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 73
Assessing Security to Compare Architecture Alternatives of Component-Based Systems 评估安全性以比较基于组件的系统的架构选择
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.24
A. Busch, M. Strittmatter, A. Koziolek
{"title":"Assessing Security to Compare Architecture Alternatives of Component-Based Systems","authors":"A. Busch, M. Strittmatter, A. Koziolek","doi":"10.1109/QRS.2015.24","DOIUrl":"https://doi.org/10.1109/QRS.2015.24","url":null,"abstract":"Modern software development is typically performed by composing a software system from building blocks. The component-based paradigm has many advantages. However, security quality attributes of the overall architecture often remain unspecified and therefore, these cannot be considered when comparing several architecture alternatives. In this paper, we propose an approach for assessing security of component-based software architectures. Our hierarchical model uses stochastic modeling techniques and includes several security related factors, such as attackers, his goals, the security attributes of a component, and the mutual security interferences between them. Applied on a component-based architecture, our approach yields its mean time to security failure, which assesses its degree of security. We extended the Palladio Component Model (PCM) by the necessary information to be able to use it as input for the security assessment. We use the PCM representation to show the applicability of our approach on an industry related example.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125912335","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
An Anomaly Detection System Based on Ensemble of Detectors with Effective Pruning Techniques 基于有效剪枝技术的检测器集成异常检测系统
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.25
Amirreza Soudi, Wael Khreich, A. Hamou-Lhadj
{"title":"An Anomaly Detection System Based on Ensemble of Detectors with Effective Pruning Techniques","authors":"Amirreza Soudi, Wael Khreich, A. Hamou-Lhadj","doi":"10.1109/QRS.2015.25","DOIUrl":"https://doi.org/10.1109/QRS.2015.25","url":null,"abstract":"Anomaly detection systems rely on machine learning techniques to model the normal behavior of the system. This model is used during operation to detect anomalies due to attacks or design faults. Ensemble methods have been used to improve the overall detection accuracy by combining the outputs of several accurate and diverse models. Existing Boolean combination techniques either require an exponential number of combinations or sequential combinations that grow linearly with the number of iterations, which make them difficult to scale up and analyze. In this paper, we propose PBC (Pruning Boolean Combination), an efficient approach for selecting and combining anomaly detectors. PBC relies on two novel pruning techniques that we have developed to aggressively prune redundant and trivial detectors. Compared to existing work, PBC reduces significantly the number of detectors to combine, while keeping similar accuracy. We show the effectiveness of PBC when applying it to a large dataset.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130072546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Fine-Grained Software Reliability Estimation Using Software Testing Inputs 使用软件测试输入的细粒度软件可靠性评估
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.22
H. Okamura, Yuki Takekoshi, T. Dohi
{"title":"Fine-Grained Software Reliability Estimation Using Software Testing Inputs","authors":"H. Okamura, Yuki Takekoshi, T. Dohi","doi":"10.1109/QRS.2015.22","DOIUrl":"https://doi.org/10.1109/QRS.2015.22","url":null,"abstract":"This paper considers the model-based software reliability evaluation using the information on software testing inputs. Concretely, we define the distance between two software test cases by means of their testing inputs, and estimate the probability that the domain for a test input has already been covered by already-executed test cases. Based on the probability, we formulate the fault-detection probability in the software reliability growth model. In numerical experiments, we compare the proposed model with an existing non-homogeneous Poisson process based model with the distance of 5,000 test inputs in a real software application, and discuss the effect of test information on the software reliability evaluation.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133877363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Approach for Authenticating Smartphone Users Based on Histogram Features 一种基于直方图特征的智能手机用户认证方法
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.27
Chien-Cheng Lin, Chin-Chun Chang, Deron Liang
{"title":"An Approach for Authenticating Smartphone Users Based on Histogram Features","authors":"Chien-Cheng Lin, Chin-Chun Chang, Deron Liang","doi":"10.1109/QRS.2015.27","DOIUrl":"https://doi.org/10.1109/QRS.2015.27","url":null,"abstract":"In this study, we propose to adopt histogram features obtained from smartphone sensors for building authentication models, which could be used to nonintrusively authenticate smartphone users in varying operating scenarios (e.g. standing and sitting) when engaged in using stationary apps. We adopted two smartphone sensors, namely touchscreen and orientation sensor, to evaluate their feasibility. Consequently, sixteen touch-based features and thirty-three orientation-based features were separately used to construct two authentication models. To evaluate the performance of two constructed models, thirty-five subjects joined for collecting experimental data in two operating scenarios, standing and sitting. The experimental results showed that the equal error rate (EER) of touch-based model was approximately 6.56% with features extracted from ten flick touch gestures and reduced to approximately 3.05% with sixty flick touch gestures. For orientation-based model, the EERs were approximately 10.27% and 7.07%, separately. The results showed that the histogram features of the adopted two sensors are feasible for authentication purpose. Specially, this study further discusses the phenomenon of multiple behavioral pattern over the adopted two sensors caused among different operating scenarios, such as standing and sitting.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115311290","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Predicting Vulnerable Components via Text Mining or Software Metrics? An Effort-Aware Perspective 通过文本挖掘还是软件度量来预测易受攻击的组件?努力意识的视角
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.15
Yaming Tang, Fei Zhao, Yibiao Yang, Hongmin Lu, Yuming Zhou, Baowen Xu
{"title":"Predicting Vulnerable Components via Text Mining or Software Metrics? An Effort-Aware Perspective","authors":"Yaming Tang, Fei Zhao, Yibiao Yang, Hongmin Lu, Yuming Zhou, Baowen Xu","doi":"10.1109/QRS.2015.15","DOIUrl":"https://doi.org/10.1109/QRS.2015.15","url":null,"abstract":"In order to identify vulnerable software components, developers can take software metrics as predictors or use text mining techniques to build vulnerability prediction models. A recent study reported that text mining based models have higher recall than software metrics based models. However, this conclusion was drawn without considering the sizes of individual components which affects the code inspection effort to determine whether a component is vulnerable. In this paper, we investigate the predictive power of these two kinds of prediction models in the context of effort-aware vulnerability prediction. To this end, we use the same data sets, containing 223 vulnerabilities found in three web applications, to build vulnerability prediction models. The experimental results show that: (1) in the context of effort-aware ranking scenario, text mining based models only slightly outperform software metrics based models, (2) in the context of effort-aware classification scenario, text mining based models perform similarly to software metrics based models in most cases, and (3) most of the effect sizes (i.e. the magnitude of the differences) between these two kinds of models are trivial. These results suggest that, from the viewpoint of practical application, software metrics based models are comparable to text mining based models. Therefore, for developers, software metrics based models are practical choices for vulnerability prediction, as the cost to build and apply these models is much lower.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"248 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133800785","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 29
Machine Learning Based Hybrid Behavior Models for Android Malware Analysis 基于机器学习的Android恶意软件混合行为模型分析
2015 IEEE International Conference on Software Quality, Reliability and Security Pub Date : 2015-08-03 DOI: 10.1109/QRS.2015.37
Hsin-Yu Chuang, Sheng-De Wang
{"title":"Machine Learning Based Hybrid Behavior Models for Android Malware Analysis","authors":"Hsin-Yu Chuang, Sheng-De Wang","doi":"10.1109/QRS.2015.37","DOIUrl":"https://doi.org/10.1109/QRS.2015.37","url":null,"abstract":"Malware analysis on the Android platform has been an important issue as the platform became prevalent. The paper proposes a malware detection approach based on static analysis and machine learning techniques. By conducting SVM training on two different feature sets, malicious-preferred features and normal-preferred features, we built a hybrid-model classifier to improve the detection accuracy. With the consideration of normal behavior features, the ability of detecting unknown malwares can be improved. The experiments show that the accuracy is as high as 96.69% in predicting unknown applications. Further, the proposed approach can be applied to make confident decisions on labeling unknown applications. The experiment results show that the proposed hybrid model classifier can label 79.4% applications without false positive and false negative occurred in the labeling process.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132266330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 41
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信