发布求助
文献互助 智能选刊 最新文献

2012 IEEE Sixth International Conference on Software Security and Reliability Companion最新文献

筛选
英文 中文
A Proposal to Prevent Click-Fraud Using Clickable CAPTCHAs 使用可点击验证码防止点击欺诈的建议
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.13
Rodrigo Alves Costa, R. D. Queiroz, Elmano Ramalho Cavalcanti
{"title":"A Proposal to Prevent Click-Fraud Using Clickable CAPTCHAs","authors":"Rodrigo Alves Costa, R. D. Queiroz, Elmano Ramalho Cavalcanti","doi":"10.1109/SERE-C.2012.13","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.13","url":null,"abstract":"Advertising on the Internet is a key factor for the success of several businesses nowadays. The Internet has evolved to a point where it has become possible to develop a business model completely based on Web advertising, which is important for the consolidation of such a model and the continuity of the Internet itself. However, it is often observed that some content publishers are dishonest and employ automated tools to generate traffic and profit by defrauding advertisers. Similarly, some advertisers use automated tools to click on the ads of their competitors, aiming to exhaust the budget of the competitor's marketing departments. In this paper, differently of recent click fraud detection mechanisms, that take place after the fraud has already occurred, we propose an approach for preventing automated click-fraud, based on the use of click able CAPTCHAs.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125477510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Cost Reduction through Combining Test Sequences with Input Data 通过将测试序列与输入数据相结合降低成本
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.25
B. Kruger, Michael Linschulte
{"title":"Cost Reduction through Combining Test Sequences with Input Data","authors":"B. Kruger, Michael Linschulte","doi":"10.1109/SERE-C.2012.25","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.25","url":null,"abstract":"Nowadays computer applications mainly depend on input data that bear additional constraints to be considered and evaluated carefully. Very often, this invokes test sequences that describe the path to the place where input data is to be entered, e.g., while testing graphical user interactions. Model based testing allows deriving those test sequences from a model, for example, based on event sequence graphs (ESGs) where the nodes represent events. Unfortunately, combining ESG with the great variety of input data considerably inflates them with respect to the number of their nodes. To avoid this event inflation, previous work extended ESGs by decision tables to take this variety and constraints on input data into account. This paper extends the previous work and shows how to derive input data-supplemented test sequences and, at the same time, to considerably reduce effort for test generation and test execution. A case study drawn from a large commercial web portal evaluates the approach and analyzes its characteristics.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122719944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Attestation & Authentication for USB Communications 认证,USB通信认证
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.43
Zhaohui Wang, A. Stavrou
{"title":"Attestation & Authentication for USB Communications","authors":"Zhaohui Wang, A. Stavrou","doi":"10.1109/SERE-C.2012.43","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.43","url":null,"abstract":"In this paper, we present the design, implementation, and software testing of USBSec, a secure extension of the vanilla USB protocol that incorporates host authentication to defend against software threats. Specifically, we force the USB host to supply authentication information to the peripheral device before enumerating the device. The peripheral validates the authentication information against its own list of authorized host keys. If both sides can validate each other, standard USB enumeration continues otherwise the connection is terminated. We have implemented a fully working prototype of USBSec based on USB implementation in Linux kernel and our experimental results demonstrate its practicality and effectiveness.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134310119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Path-oriented Test Data Generation Driven by Component Linear Fitting Functions 基于分量线性拟合函数的面向路径的测试数据生成
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.40
Wenxu Ding, Xin Chen, P. Jiang, Nan Ye, Lei Bu, Xuandong Li
{"title":"Path-oriented Test Data Generation Driven by Component Linear Fitting Functions","authors":"Wenxu Ding, Xin Chen, P. Jiang, Nan Ye, Lei Bu, Xuandong Li","doi":"10.1109/SERE-C.2012.40","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.40","url":null,"abstract":"Automatically generating test data to cover a given path is a challenging problem. This paper present a program execution based approach driven by component linear fitting functions. Here, component linear fitting functions built on inputs and values at decision points, are used to approximate constraints. They drive the search to reach constraints' solutions by calculating feasible intervals. Experiments show that the approach is effective and has good potentiality in treating nonlinear constraints and constraints with many local optimal points.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131641375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A New Approach of Partial Order Reduction Technique for Parallel Timed Automata Model Checking 并行时间自动机模型检验的偏阶约简方法
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.45
Xiaoyu Zhou, Qian Li, Jianhua Zhao
{"title":"A New Approach of Partial Order Reduction Technique for Parallel Timed Automata Model Checking","authors":"Xiaoyu Zhou, Qian Li, Jianhua Zhao","doi":"10.1109/SERE-C.2012.45","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.45","url":null,"abstract":"A new partial order reduction method for timed automaton model checking is presented in this paper. This method avoids exhaustive state-space exploration by enumerating only part of enabled transitions at some symbolic states. This paper gives some sufficient conditions on which partial enumeration does not change the reach ability analysis result. Efficient algorithms are presented to check these conditions. The optimized reach ability analysis algorithm only computes successors w.r.t. part of enabled transitions when it visits a symbolic state the first time. Later, the algorithm revisits generated states to check whether it is necessary to enumerate all transitions. Some experiments shows that the method significantly reduce the number of symbolic states generated during state space exploration.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121354739","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Study of Safety Analysis and Assessment Methodology for AADL Model AADL模型安全性分析与评价方法研究
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.36
Deming Song, Yunwei Dong, Fan Zhang, Hong Huo, Bin Gu
{"title":"Study of Safety Analysis and Assessment Methodology for AADL Model","authors":"Deming Song, Yunwei Dong, Fan Zhang, Hong Huo, Bin Gu","doi":"10.1109/SERE-C.2012.36","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.36","url":null,"abstract":"This paper focuses on safety model of embedded system architecture using AADL (Architecture Analysis and Design Language). For further integration of safety analysis and system modeling, we propose a new approach to evaluate and assess the safety property of embedded systems quantitatively. We establish the safety model of embedded systems by extending AADL with fault model, identify causal relationships between elementary failure modes, put forward the formal method to transform this safety model to DSPN (Deterministic Stochastic Petri Net) model for quantitative analysis and made transforming rules to support safety assessment automatically. A fire alarm system is discussed for further explanation.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115165730","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Hazardous Chemicals Vehicles Rollover Pre-warning System Based on CPS 基于CPS的危险化学品车辆侧翻预警系统
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.37
X. Cai, Junwei Wu
{"title":"Hazardous Chemicals Vehicles Rollover Pre-warning System Based on CPS","authors":"X. Cai, Junwei Wu","doi":"10.1109/SERE-C.2012.37","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.37","url":null,"abstract":"With the growing of hazardous chemicals transportation, supervision system for hazardous chemicals transportation is getting more and more attention. In China, supervisory system for hazardous chemicals is limited to tracking by Global Positioning System (GPS), positioning and simple data collection and judgments which cannot achieve a real sense of risk pre-warning. The paper develops a system architecture based on cyber-physical systems (CPS) for specific application requirements of vehicle rollover warning, and proposes a collaborative model for rollover pre-warning which considering both the conventional and the external environmental factors. The feasibility of the proposed CPS system architecture and collaborative model is then proved by designing and implementing a monitoring system for rollover warning of hazardous chemicals vehicle.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"327 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122738840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Towards a Model Based Security Testing Approach of Cloud Computing Environments 基于模型的云计算环境安全测试方法研究
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.11
Philipp Zech, M. Felderer, R. Breu
{"title":"Towards a Model Based Security Testing Approach of Cloud Computing Environments","authors":"Philipp Zech, M. Felderer, R. Breu","doi":"10.1109/SERE-C.2012.11","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.11","url":null,"abstract":"In recent years Cloud computing became one of the most aggressively emerging computer paradigms resulting in a growing rate of application in the area of IT outsourcing. However, as recent studies have shown, security most of the time is the one requirement, neglected at all. Yet, especially because of the nature of usage of Cloud computing, security is inevitable. Unfortunately, assuring the security of a Cloud computing environment is not a one time task, it is a task to be performed during the complete lifespan of the Cloud. This is motivated by the fact that Clouds undergo daily changes in terms of newly deployed applications and offered services. Based on this assumption, in this paper, we propose a novel model -- based, change -- driven approach, employing risk analysis, to test the security of a Cloud computing environment among all layers. As a main intrusion point, our approach exploits the public service interfaces, as they are a major source of newly introduced vulnerabilities, possibly leading to severe security incidents.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126365992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Designing System Security with UML Misuse Deployment Diagrams 用UML误用部署图设计系统安全性
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.12
S. Lincke, Timothy H. Knautz, Misty D. Lowery
{"title":"Designing System Security with UML Misuse Deployment Diagrams","authors":"S. Lincke, Timothy H. Knautz, Misty D. Lowery","doi":"10.1109/SERE-C.2012.12","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.12","url":null,"abstract":"Useful enhancements to UML for security exist, including for the requirements and analysis/design stages: notably misuse case diagrams/descriptions, mis-sequence diagrams, UMLpac, and security patterns. These all consider security attacks on software functionality. This paper considers the system architecture when analyzing security. The advantage of the proposed misuse deployment diagram is that in distributed processing (e.g., client/server) where you put your defense software is as important as having it. This new diagram gives a bird's eye view of possible security attacks, and the security defenses or layers to mitigate them. This technique can be used in more than software development, since it may be used in audit, testing, security planning, and security education.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133741691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Comparing Static Security Analysis Tools Using Open Source Software 使用开源软件比较静态安全分析工具
2012 IEEE Sixth International Conference on Software Security and Reliability Companion Pub Date : 2012-06-20 DOI: 10.1109/SERE-C.2012.16
R. K. McLean
{"title":"Comparing Static Security Analysis Tools Using Open Source Software","authors":"R. K. McLean","doi":"10.1109/SERE-C.2012.16","DOIUrl":"https://doi.org/10.1109/SERE-C.2012.16","url":null,"abstract":"Software vulnerabilities present a significant impediment to the safe operation of many computer applications, both proprietary and open source. Fortunately, many static analysis tools exist to identify potential security issues. We present the results of evaluating multiple subsets of open source code for common software vulnerabilities using several such static security analysis tools. These results aid other developers in better discerning which tools to use in evaluating their own programs for security vulnerabilities.","PeriodicalId":403736,"journal":{"name":"2012 IEEE Sixth International Conference on Software Security and Reliability Companion","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133842856","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信