发布求助
文献互助 智能选刊 最新文献

2012 IEEE Sixth International Conference on Software Security and Reliability Companion最新文献

筛选
英文 中文
A Novel Security Scheme for Online Banking Based on Virtual Machine 一种基于虚拟机的网上银行安全方案
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.28
Bei Guan, Y. Wu, Yongji Wang
{"title":"A Novel Security Scheme for Online Banking Based on Virtual Machine","authors":"Bei Guan, Y. Wu, Yongji Wang","doi":"10.1109/SERE-C.2012.28","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.28","url":null,"abstract":"Current online banking scheme built on ordinary software stack, which comprises of the operating system and its applications running on it, is facing attacks including Phishing, Pharming, Malicious Software Attacks (MSW), Man in the Middle Attacks (MITM) and Key logger. Today's countermeasures either prevent only part of these attacks or have high cost on performance and usability. In this paper, we introduce the Domain Online Banking (DOBank), a novel security scheme for online banking that combines the virtual machine (VM) technology with web services. Firstly, DOBank encapsulates the banking service into a lightweight domain and protects it from any attacks caused by virus from the user's host. Secondly, the domain can access certain hardware devices exclusively against Key logger and gains nearly native performance using the pass through technology. Finally, we use the virtual Trusted Platform Module (vTPM) for the online banking domain's integrity verification as well as the SSL/TLS (Security Sockets Layer/Transport Layer Security) protocol for the confidentiality of data transaction over the internet. We show that this scheme is secure enough to prevent typical viruses that threaten the online banking. The experiments on the network throughput and the time consumed of integrity measurement show it adds little overhead to the overall system.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133270431","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Revising a Security Tactics Hierarchy through Decomposition, Reclassification, and Derivation 通过分解、重分类和派生来修正安全策略层次结构
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.18
J. Ryoo, P. Laplante, R. Kazman
{"title":"Revising a Security Tactics Hierarchy through Decomposition, Reclassification, and Derivation","authors":"J. Ryoo, P. Laplante, R. Kazman","doi":"10.1109/SERE-C.2012.18","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.18","url":null,"abstract":"Software architecture is the set of important design decisions that address cross-cutting system quality attributes such as security, reliability, availability, and performance. Practitioners often face difficulty in beginning an architectural design due to the lack of concrete building blocks available to them. Tactics are fundamental design decisions and play the role of these initial design primitives and complement the existing design constructs such as architectural or design patterns. A tactic is a relatively new design concept, and tactics repositories are still being developed. However, the maturity of these repositories is inconsistent, and varies depending on the quality attribute. To address this inconsistency and to promote a more rigorous, repeatable method for creating and revising tactics hierarchies, we propose a novel methodology of extracting tactics. This methodology, we claim, can accelerate the development of tactics repositories that are truly useful to practitioners. We discuss three approaches for extracting these tactics. The first is to derive new tactics from the existing ones. The second is to decompose an existing architectural pattern into its constituent tactics. Finally, we extract tactics that have been misidentified as patterns. Among the many types of tactics available, this paper focuses on security tactics. Using our methodology, we revise a well-known taxonomy of security tactics. We contend that the revised hierarchy is complete enough for use in practical applications.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130550912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Invalid Pointer Dereferences Detection for CPS Software Based on Extended Pointer Structures 基于扩展指针结构的CPS软件无效指针解引用检测
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.30
Longming Dong, Wei Dong, Liqian Chen
{"title":"Invalid Pointer Dereferences Detection for CPS Software Based on Extended Pointer Structures","authors":"Longming Dong, Wei Dong, Liqian Chen","doi":"10.1109/SERE-C.2012.30","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.30","url":null,"abstract":"Invalid pointer dereferences, such as null pointer dereferences, dangling pointer dereferences and double frees, are a prevalent source of software bugs in CPS software, due to flexible dereferencing pointers along various pointer fields. Existing tools have high overhead or are incomplete, thereby limiting their efficiency in checking the kind of CPS software with shared and mutable memory. In this paper, we present a novel extended pointer structure for detecting all invalid pointer dereferences in this kind of CPS software. We propose an invalid pointer dereferences detection algorithm based on the uniform transformation of abstract heap states. Experimental evaluation about a set of large C benchmark programs shows that the proposed approach is sufficiently efficient in detecting invalid pointer dereferences of CPS software with shared and mutable memory.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126342845","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Framework for Automated Security Testing of Android Applications on the Cloud 基于云的Android应用程序自动安全测试框架
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.39
S. Malek, N. Esfahani, Thabet Kacem, Riyadh Mahmood, Nariman Mirzaei, A. Stavrou
{"title":"A Framework for Automated Security Testing of Android Applications on the Cloud","authors":"S. Malek, N. Esfahani, Thabet Kacem, Riyadh Mahmood, Nariman Mirzaei, A. Stavrou","doi":"10.1109/SERE-C.2012.39","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.39","url":null,"abstract":"App markets are stirring a paradigm shift in the way software is provisioned to the end users. The benefits of this model are plenty, including the ability to rapidly and effectively acquire, introduce, maintain, and enhance software used by the consumers. This paradigm shift, however, has given rise to a new set of security challenges. In parallel with the emergence of app markets, we have witnessed increased security threats that are exploiting this model of provisioning software. The key obstacle is the ability to rapidly assess the security and robustness of applications submitted to the market. The problem is that security testing is generally a manual, expensive, and cumbersome process. This is precisely the challenge that we have begun to address in a project targeted at the development of a framework that aids the analysts in testing the security of Android apps. The framework is comprised of a tool-suite that given an application automatically generates and executes numerous test cases, and provides a report of uncovered security vulnerabilities to the human analyst.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123000405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
Bodhi: Detecting Buffer Overflows with a Game 菩提:检测缓冲区溢出的游戏
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.35
Jing Chen, Xiaoguang Mao
{"title":"Bodhi: Detecting Buffer Overflows with a Game","authors":"Jing Chen, Xiaoguang Mao","doi":"10.1109/SERE-C.2012.35","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.35","url":null,"abstract":"Buffer overflow is one of the most dangerous and common vulnerabilities in CPS software. Despite static and dynamic analysis, manual analysis is still heavily used which is useful but costly. Human computation harness humans' time and energy in a way of playing games to solve computational problems. In this paper we propose a human computation method to detect buffer overflows that does not ask a person whether there is a potential vulnerability, but rather a random person's idea. We implement this method as a game called Bodhi in which each player is shown a piece of code snippet and asked to choose whether their partner would think there is a buffer overflow vulnerability at a given position in the code. The purpose of the game is to make use of the rich distributed human resource to increase effectiveness of manual detection for buffer overflows. The game has been proven to be efficient and enjoyable in practice.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133572118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A Survey of Software Testing in the Cloud 云中的软件测试综述
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.32
Koray Inçki, Ismail Ari, Hasan Sözer
{"title":"A Survey of Software Testing in the Cloud","authors":"Koray Inçki, Ismail Ari, Hasan Sözer","doi":"10.1109/SERE-C.2012.32","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.32","url":null,"abstract":"Cloud computing has emerged as a new computing paradigm that impacts several different research fields, including software testing. Testing cloud applications has its own peculiarities that demand for novel testing methods and tools. On the other hand, cloud computing also facilitates and provides opportunities for the development of more effective and scalable software testing techniques. This paper reports on a systematic survey of published results attained by the synergy of these two research fields. We provide an overview regarding main contributions, trends, gaps, opportunities, challenges and possible research directions. We provide a review of software testing over the cloud literature and categorize the body of work in the field.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126296165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 91
Thinking Towards a Pattern Language for Predicate Based Encryption Crypto-Systems 基于谓词的加密系统模式语言的思考
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.34
Jan de Muijnck-Hughes, I. Duncan
{"title":"Thinking Towards a Pattern Language for Predicate Based Encryption Crypto-Systems","authors":"Jan de Muijnck-Hughes, I. Duncan","doi":"10.1109/SERE-C.2012.34","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.34","url":null,"abstract":"Predicate Based Encryption (PBE) is a novel family of public key encryption schemes that allows for expressive, and fine-grained, access control to be integrated within the cryptographic process. Providing an efficient means to realise distributed encrypted access control. Security patterns allow for security problems and their solutions to be described concretely and precisely, and be applied directly within the software development process. Pattern languages provide a means to specify how a set of interconnected patterns can be used together to solve a set of related problems. This paper proposes the construction of a pattern language governing the design and deployment of PBE crypto-systems. An overview for the proposed language is given together with a discussion towards issues affecting its specification.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131184885","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A Privacy Preserving Smart Metering System Supporting Multiple Time Granularities 一种支持多时间粒度的隐私保护智能计量系统
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.22
Hsiao-Ying Lin, Shiuan-Tzuo Shen, B. Lin
{"title":"A Privacy Preserving Smart Metering System Supporting Multiple Time Granularities","authors":"Hsiao-Ying Lin, Shiuan-Tzuo Shen, B. Lin","doi":"10.1109/SERE-C.2012.22","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.22","url":null,"abstract":"Advanced smart meters generate meter readings in a time unit less than a second. Fine-grained meter readings enable various smart grid applications, such as load monitoring, automatic billing, and power generation planning. However, those meter readings threaten individuals' privacy by revealing details of one's daily activities. The time granularity of smart meters is often much finer than the one a smart grid application demands. Thus, the storage and access control mechanisms of meter readings are critical to balancing privacy requirements and application functionalities. Previous studies address the issue by considering a locally trusted storage device and using cryptographic primitives. We consider a storage outsourcing scenario, where the external storage environment is semi-trusted. We construct a privacy preserving metering system by using a trusted platform module in a smart meter and pseudorandom number generators inside the module. Our system guarantees the secure storage of meter readings and supports multiple time granularities. In our system, a user grants a service provider an access right over meter readings at a time granularity S. The granted service provider is only allowed to get the power consumption at a time unit of the granted time granularity. Our system provides a simple yet very practical solution to the privacy preserving smart metering system. Moreover, we provide a privacy model to capture the privacy requirement and show that our system is privacy preserving against honest-but-curious service providers.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131298329","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Testing is an Event-Centric Activity 测试是一个以事件为中心的活动
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.24
F. Belli, Mutlu Beyazit, A. Memon
{"title":"Testing is an Event-Centric Activity","authors":"F. Belli, Mutlu Beyazit, A. Memon","doi":"10.1109/SERE-C.2012.24","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.24","url":null,"abstract":"Recent advances in techniques for testing graphical user interfaces (GUIs) enabled to develop workflow models and successfully employ them to generate large numbers of test cases by defining new test adequacy criteria and optimizing test suites for increasing the test efficiency. The key to the success of these event-focused techniques, especially event flow graphs and event sequence graphs, is that they primarily focus on the input space, and model the workflow in simple terms. If necessary, they can also be augmented to model more complex systems and processes to adapt to the needs of test engineers. We now posit that we can extend these techniques to also domains other than GUIs to create a general event-driven paradigm for testing.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116389505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Virtual Machine Replay Update: Improved Implementation for Modern Hardware Architecture 虚拟机重放更新:现代硬件架构的改进实现
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.26
Jiageng Yu, Peng Zhou, Y. Wu, Chen Zhao
{"title":"Virtual Machine Replay Update: Improved Implementation for Modern Hardware Architecture","authors":"Jiageng Yu, Peng Zhou, Y. Wu, Chen Zhao","doi":"10.1109/SERE-C.2012.26","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.26","url":null,"abstract":"This paper describes a successive and updated work of Revirt project which presents a virtual machine replay framework on Xen hyper visor. As both the commodity hardware and Xen hyper visor have been changed significantly since the first publication of Revirt, the initial implementation does not meet the needs of modern architecture any more. This paper presents an improved implementation of virtual machine execution replay system called CAS Motion. CAS Motion has three contributions. First, CAS Motion uses the performance monitor of Intel Core2 processor to construct time point of recorded events, which makes the event record more complete and precise. Second, CAS Motion can fully support multi-core hardware platform which is prevalent today. Third, CAS Motion is developed with more general architecture design, which makes it deployable on upstream Xen hyper visor and Dom0. Our experiments under a varity of workloads shows CAS Motion has low performance impact on monitored DomU. The growth of record log is also in acceptable range.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130364263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信