发布求助
文献互助 智能选刊 最新文献

2012 IEEE Sixth International Conference on Software Security and Reliability Companion最新文献

筛选
英文 中文
Integrating Network Cryptography into the Operating System 将网络加密技术集成到操作系统中
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.27
Anthony Gabrielson, H. Levkowitz
{"title":"Integrating Network Cryptography into the Operating System","authors":"Anthony Gabrielson, H. Levkowitz","doi":"10.1109/SERE-C.2012.27","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.27","url":null,"abstract":"Cryptography libraries are inflexible and difficult for developers to integrate with their applications. These difficulties may be contributing to applications, like PGP, that are non-intuitive for end-users and are often used improperly or not at all. In this paper we argue that the best place for cryptography to be implemented is at the Operating System level rather than the current application-layer approach. We introduce and define a new general-purpose network cryptography library that integrates directly with the Operating System. This capability is flexible and easy to adopt because it can be used with the sockets interface, which developers are already familiar with, in addition to creating a general cryptography library that can be used in non-network situations. This technology will allow developers to focus on application usability rather than struggle with the learning curve required to properly use a specific cryptography library as required by current practices.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114469480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Analysis of Android Applications' Permissions Android应用程序权限分析
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.44
Ryan V. Johnson, Zhaohui Wang, Corey Gagnon, A. Stavrou
{"title":"Analysis of Android Applications' Permissions","authors":"Ryan V. Johnson, Zhaohui Wang, Corey Gagnon, A. Stavrou","doi":"10.1109/SERE-C.2012.44","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.44","url":null,"abstract":"We developed an architecture that automatically searches for and downloads Android applications from the Android Market. Furthermore, we created a detailed mapping of Android application programming interface (API) calls to the required permission(s), if any, for each call. We then performed an analysis of 141,372 Android applications to determine if they have the appropriate set of permissions based on the static analysis of the APK bytecode of each application. Our findings indicate that the majority of mobile software developers are not using the correct permission set and that they either over-specify or under-specify their security requirements.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128320419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 63
Paradigm in Verification of Access Control 访问控制验证范式
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.14
JeeHyun Hwang, Vincent C. Hu, Tao Xie
{"title":"Paradigm in Verification of Access Control","authors":"JeeHyun Hwang, Vincent C. Hu, Tao Xie","doi":"10.1109/SERE-C.2012.14","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.14","url":null,"abstract":"Access control (AC) is one of the most fundamental and widely used requirements for privacy and security. Given a subject's access request on a resource in a system, AC determines whether this request is permitted or denied based on AC policies (ACPs). This position paper introduces our approach to ensure the correctness of AC using verification. More specifically, given a model of an ACP, our approach detects inconsistencies between models, specifications, and expected behaviors of AC. Such inconsistencies represent faults (in the ACP), which we target at detecting before ACP deployment.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"214 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124215805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Undesirable Aspect Interactions: A Prevention Policy for Three Aspect Fault Types 不希望的方面交互:三种方面故障类型的预防策略
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.17
Arsène Sabas, S. Shankar, V. Wiels, Michel Boyer
{"title":"Undesirable Aspect Interactions: A Prevention Policy for Three Aspect Fault Types","authors":"Arsène Sabas, S. Shankar, V. Wiels, Michel Boyer","doi":"10.1109/SERE-C.2012.17","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.17","url":null,"abstract":"Aspect-oriented software development (AOSD) has emerged in recent years as a new paradigm for software development, providing mechanisms to localize cross-cutting concerns (i.e. scattered in many locations) during the software development process. Aspect interaction problems (due to their integration into the base components) are an important issue in AOSD, verification is most often based on a detection and correction strategy. This paper presents a prevention policy at the specification phase for some kinds of undesirable aspect interactions, which are caused by the following three aspect fault types: \"Incorrect strength in point cut patterns\", \"Failure to establish expected post-conditions\" and \"Failure to preserve state invariants\". By acting at the specification phase, we believe that formal verification will be made greatly faster and cheaper.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114740951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Investigation of Classification-Based Algorithms for Modified Condition/Decision Coverage Criteria 基于分类的改进条件/决策覆盖准则算法研究
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.23
Jun-Ru Chang, Chin-Yu Huang, Po-Hsi Li
{"title":"An Investigation of Classification-Based Algorithms for Modified Condition/Decision Coverage Criteria","authors":"Jun-Ru Chang, Chin-Yu Huang, Po-Hsi Li","doi":"10.1109/SERE-C.2012.23","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.23","url":null,"abstract":"During software development, white-box testing is used to examine the internal design of the program. One of the most important aspects of white-box testing is the code coverage. Among various test coverage measurements, the Modified Condition/Decision Coverage (MC/DC) is a structural coverage measure and can be used to assess the adequacy and quality of the requirements-based testing (RBT) process. NASA has proposed a method to select the needed test cases for satisfying this criterion. However, there may have some flaws in NASA's method. That is, the selected test cases may not satisfy the original definition of the MC/DC criterion in some particular situations and perhaps can not detect errors completely. On the other hand, NASA's method may be hard to detect some operator errors. For example, we may not be able to detect the incorrectly coding or for xor in some cases. Additionally, this method is too complex and could take a lot of time to obtain the needed test cases. In this paper, we will propose a classification-based algorithm to select the needed test cases. First, test cases will be classified based on the outcome value of expression and the target condition. After classifying all test cases, MC/DC pairs can be found quickly, conveniently and effectively. Also, if there are some missing (unfound) test cases, our proposed classification-based method can also suggest to developers what kinds of test cases have to be generated. Finally, some experiments are performed based upon real programs to evaluate the performance and effectiveness of our proposed classification-based algorithm.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130355245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Enforcement of Role Based Access Control in Social Network Environments 社会网络环境中基于角色的访问控制的实施
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.19
Junhua Ding, Lian Mo
{"title":"Enforcement of Role Based Access Control in Social Network Environments","authors":"Junhua Ding, Lian Mo","doi":"10.1109/SERE-C.2012.19","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.19","url":null,"abstract":"Role-based access control (RBAC) policies have been implemented in many social network environments to enforce the security. However, enforcing RBAC policies in a social network environment also brings the design complexity and potential security vulnerabilities which may cause insecure information flows. In this paper, we present a framework for formally modeling and analyzing RBAC policies using high level Petri nets and model checking techniques. The high level Petri nets called PZ nets that have been developed based on Predicate/Transitions nets and Z notation have significant benefits for modeling security models through combining modeling capacities from both formalisms, and the analysis technique based on model checking tool SPIN provides an automatic conformance checking of RBAC policies in applications. A case study of the enforcement of RBAC policies in an online file sharing system is performed to demonstrate the effectiveness of the proposed approach.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123126339","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Hybrid Bayesian Network Models for Predicting Software Reliability 软件可靠性预测的混合贝叶斯网络模型
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.38
M. Blackburn, Benjamin Huddell
{"title":"Hybrid Bayesian Network Models for Predicting Software Reliability","authors":"M. Blackburn, Benjamin Huddell","doi":"10.1109/SERE-C.2012.38","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.38","url":null,"abstract":"This paper discusses the results of applying a hybrid Bayesian Network to predict software reliability measures. The model combined quantitative testing data with subjective expert judgment about program-specific aspects over many releases. Six different programs were analyzed using historical data to validate the model. The model predictions varied from project-to-project suggesting that additional program variables should be included in the model.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127686521","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Viewpoint-based Test Architecture Design 基于视点的测试架构设计
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.15
Y. Nishi
{"title":"Viewpoint-based Test Architecture Design","authors":"Y. Nishi","doi":"10.1109/SERE-C.2012.15","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.15","url":null,"abstract":"Software test recently becomes large-scale and complicated artifact as software itself. Research and practices has to be boosted such as test architecture. In this paper first we mention TDLC: Test Development Life Cycle, which includes test requirement design phase and test architecture design phase instead of test planning from engineering view. Second we discuss concepts of test architecture and propose NGT: Notation for Generic Testing, which is a set of concepts or notation for design of software test architecture. Viewpoint is discussed as a key concept of test architecture representing a group of test cases and test objective. And this paper gives an example of test architecture model. Finally this paper shows possibility that viewpoint diagram will be a platform of test architecture design technology such as test design patterns, test architecture style, variability analysis of product line engineering and so on.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122211182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Intelligent Biological Security Testing Agents 智能生物安全检测试剂
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.42
I. Duncan
{"title":"Intelligent Biological Security Testing Agents","authors":"I. Duncan","doi":"10.1109/SERE-C.2012.42","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.42","url":null,"abstract":"This fast abstract outlines a novel mechanism for monitoring the security state of a system, using intelligent testing agents to instigate and then depress security activities.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"162 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134278491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Secure PC Platform Based on Dual-Bus Architecture 基于双总线架构的安全PC平台
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.21
H. A. E. Zouka
{"title":"Secure PC Platform Based on Dual-Bus Architecture","authors":"H. A. E. Zouka","doi":"10.1109/SERE-C.2012.21","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.21","url":null,"abstract":"The emergence of single CPU dual bus architecture provided a new kind of architecture that aimed at preventing intruders from accessing valuable information stored in the computer system. Security in Von Neumann architecture is currently poorly considered, and it does not reduce significant vulnerabilities. Separating the network communication components from the data processing ones is our concern in this paper. Many proposed schemes were presented recently, but none of which, employing separate system bus, have been proven experimentally as a potentially effective method for protecting the data stored in hard drives and removable disks. In our scheme, the system does not need to maintain any authentication mechanism or data integrity for the packets sent by any node, with a well-received attention towards threatening our valuable stored data. In this paper we implemented a model for a dual bus architecture system based on a bus bridge which controls the data transferred between the two system buses, as well as preventing all spy ware programs. The experiment is done and the result has proven that the dual bus architecture is reasonable and effective. The analysis also showed that the entire computer system, including peripherals is well protected from outside intruders.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123733773","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信