Zhitao Wu, Xiaoming Yang, Ping Chen, Zongshun Qu, Jun Lin
{"title":"Multi-Scale Software Network Model for Software Safety of the Intended Functionality","authors":"Zhitao Wu, Xiaoming Yang, Ping Chen, Zongshun Qu, Jun Lin","doi":"10.1109/ISSREW53611.2021.00071","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00071","url":null,"abstract":"Software systems intensively interact with other software systems and hardware systems, and the potential hazards caused by the interaction with inadequate consideration becomes uncertain, especially the wide application of machine learning technology. Once the functions of software systems cannot meet the requirements of the interactions among software and hardware entities, safety problems caused by non-software system failures as software Safety of the intended functionality (SOTIF) arrise. The uncertainties of interation bring great challenges to SOTIF. In this paper, a multi-scale software network model is proposed based on complex network theory, and with the constructed network, test cases for software SOTIF can be efficiently generated. The key contribution is the uncertainties of interation among the software and hardware entities is digitally modeled, and can play a constructive role for guaranteeing SOTIF of software systems.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126024902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Multi-Feature Fusion based Image Steganography using GAN","authors":"Zhen Wang, Zhen Zhang, Jianhui Jiang","doi":"10.1109/ISSREW53611.2021.00079","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00079","url":null,"abstract":"In order to solve the problem of information loss, some image steganography methods utilize generative adversarial networks (GANs), while the existing methods can not capture both texture information and semantic features. In this paper, a more accurate image steganography method is proposed, where a multi-level feature fusion procedure based on GAN is designed. Firstly, convolution and pooling operations are added to the network for feature extraction. Then, short links are used to fuse multi-level feature information. Finally, the stego image is generated by confrontation learning between discriminator and generator. Experimental results show that the proposed method has higher steganalysis security under the detection of high-dimensional feature steganalysis and neural network steganalysis. Comprehensive experiments show that the performance of the proposed method is better than ASDL-GAN and UT-GAN.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123118155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Genetic Algorithm-based Testing of Industrial Elevators under Passenger Uncertainty","authors":"Joritz Galarraga, A. Marcos, Sajid Ali, Goiuria Sagardui Mendieta, Maite Arratibel","doi":"10.1109/ISSREW53611.2021.00101","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00101","url":null,"abstract":"Elevators, as other cyber-physical systems, need to deal with uncertainty during their operation due to several factors such as passengers and hardware. Such uncertainties could affect the quality of service promised by elevators and in the worst case lead to safety hazards. Thus, it is important that elevators are extensively tested by considering uncertainty during their development to ensure their safety in operation. To this end, we present an uncertainty testing methodology supported with a tool to test industrial dispatching systems at the Software-in-the-Loop (SiL) test level. In particular, we focus on uncertainties in passenger data and employ a Genetic Algorithm (GA) with specifically designed genetic operators to significantly reduce the quality of service of elevators, thus aiming to find uncertain situations that are difficult to extract by users. An initial experiment with an industrial dispatcher revealed that the GA significantly decreased the quality of service as compared to not considering uncertainties. The results can be used to further improve the implementation of dispatching algorithms to handle various uncertainties.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114113646","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Kubernetes for Cloud Container Orchestration Versus Containers as a Service (CaaS): Practical Insights","authors":"Senecca Miller, Travis Siems, V. Debroy","doi":"10.1109/ISSREW53611.2021.00110","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00110","url":null,"abstract":"Containers have become the de facto standard for packaging software today, especially in the cloud. However, manually managing the runtime of containers (i.e., container orchestration) can be very complicated, which is why tooling such as Kubernetes, which allows for managed or semi-managed orchestration, has grown in popularity. It is possible to delegate container management altogether, by opting for Container as a Service (CaaS) offerings. There are important tradeoffs involved in these choices, and while much has been said about how to containerize and adopt a particular container orchestration approach, relatively less has been said about how to decide on which approach might work best. This article outlines why we chose the CaaS approach over Kubernetes at Dottid, and transparently discusses the factors we took into consideration. In doing so, we contribute to the technical corpus, and aim to stimulate further industrial-academic research and collaboration, in this emergent area of study.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129336422","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"RusBox: Towards Efficient and Adaptive Sandboxing for Rust","authors":"Wanrong Ouyang, Baojian Hua","doi":"10.1109/ISSREW53611.2021.00090","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00090","url":null,"abstract":"Rust is a new language for safe system programming, and its strong type system and dynamic bound checking guarantee memory safety. Surprisingly, Rust is still vulnerable to buffer overflows, due to its unsafe feature. Recently, there have been a significant amount of studies to protect Rust programs against overflows, however, existing studies have severe limitations: they are either too coarse-grain or of considerable runtime overhead. This paper proposes RUSBOX, a novel sand-boxing software prototype to protect Rust programs against buffer overflow vulnerabilities. The key technical contribution of RUSBOX is its adaptive combination of static program analysis with sandboxing, to make the protection both effective and efficient. To testify the effectiveness of RUSBOX, we apply it to three publicly reported CVEs from real-world Rust projects; to evaluate the cost of RusBox, we plan to apply it to 36 widely used open source Rust projects.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128545059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Sensitivity Analysis of Software Rejuvenation Model with Markov Regenerative Process","authors":"Junjun Zheng, H. Okamura, T. Dohi","doi":"10.1109/ISSREW53611.2021.00038","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00038","url":null,"abstract":"This paper considers the parametric sensitivity of a software rejuvenation model for transaction systems whose system behavior is described by a quasi birth-and-death (QBD) process with Markovian arrivals, and the software rejuvenation model is represented by a Markov regenerative process (MRGP). The stationary analysis of the MRGP model is based on the embedding Markov chain (EMC) approach. Then the sensitivities of the stationary solution and the performance criteria of interest, i.e., the loss probability of transactions, with respect to all model parameters, are formulated. Finally, a numerical experiment was conducted to illustrate the critical parameters for a transaction system with software rejuvenation. The numerical results showed that the proposed approach effectively revealed critical model parameters and provided significant insights into performance optimization and parameter estimation.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"208 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114409158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Message from the GAUSS 2021 Workshop Chairs","authors":"","doi":"10.1109/issrew53611.2021.00023","DOIUrl":"https://doi.org/10.1109/issrew53611.2021.00023","url":null,"abstract":"","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115029395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yuming Wu, N. Mohanasamy, L. Jagadeesan, M. Rahman
{"title":"Changes in Intent: Behavioral Predictions of Distributed SDN Controller Reconfiguration","authors":"Yuming Wu, N. Mohanasamy, L. Jagadeesan, M. Rahman","doi":"10.1109/ISSREW53611.2021.00115","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00115","url":null,"abstract":"Intent-based programming enables software-defined networks (SDN) to be able to dynamically reconfigure themselves through automatic intent recomputation in response to network events, such as host mobility. This allows SDN to be used as a platform for new technologies such as swarms of drones in data-driven agriculture. At the same time, this dynamicity results in SDN networks having a very large state space - whose size is further exacerbated when SDN controllers are distributed for reliability and scalability. This renders infeasible comprehensive testing or verification of network performance prior to deployment, necessitating the use of monitoring at run-time, together with associated abortive or healing actions to ensure reliability. However, as intent recomputation time can vary significantly based on the underlying network topologies, it is very difficult to experimentally determine the boundary between normal expected performance and anomalous performance at scale, and hence to specify when these actions should take place. In this paper, we demonstrate the use of machine learning to automatically learn intent recomputation performance; the resulting predictions can be used as input into the specification of run-time monitors and the determination of associated reliability mitigations. More specifically, we describe our proof-of-concept case study on using linear regression to predict the expected time for intent recomputation due to host mobility on the distributed ONOS open-source SDN controller.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130848477","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Y. Matsuno, Yoriyuki Yamagata, Hideaki Nishihara, Yuichiro Hosokawa
{"title":"Assurance Carrying Code for Software Supply Chain","authors":"Y. Matsuno, Yoriyuki Yamagata, Hideaki Nishihara, Yuichiro Hosokawa","doi":"10.1109/ISSREW53611.2021.00077","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00077","url":null,"abstract":"Modern software systems are composed of software components supplied by a software supply chain, and it has become difficult to maintain the dependability of the software supply chain. To address this problem, we introduce assurance carrying code, a framework in which every software component in a software supply chain has its own assurance case. When integrating a software component into a supply chain, the stakeholders check (manually or automatically) the assurance case to determine whether or not the software component is dependable for the supply chain. We introduce a pattern language for Goal Structuring Notation (GSN) formalized by $lambda$ -calculus, which is used in a theory of functional programming languages theory.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122460873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A next-generation platform for Cyber Range-as-a-Service","authors":"Vittorio Orbinato","doi":"10.1109/ISSREW53611.2021.00094","DOIUrl":"https://doi.org/10.1109/ISSREW53611.2021.00094","url":null,"abstract":"In the last years, Cyber Ranges have become a widespread solution to train professionals for responding to cyber-threats and attacks. Cloud computing plays a key role in this context since it enables the creation of virtual infrastructures on which Cyber Ranges are based. However, the setup and management of Cyber Ranges are expensive and time-consuming activities. In this paper, we highlight the novel features for the next-generation Cyber Range platforms. In particular, these features include the creation of a virtual clone for an actual corporate infrastructure, relieving the security managers from the setup of the training scenarios and sessions, the automatic monitoring of the activities of the participants, and the emulation of their behavior.","PeriodicalId":385392,"journal":{"name":"2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126470711","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}