发布求助
文献互助 智能选刊 最新文献

2008 19th International Symposium on Software Reliability Engineering (ISSRE)最新文献

筛选
英文 中文
Vulnerability Discovery Modeling Using Weibull Distribution 基于威布尔分布的漏洞发现建模
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.32
Hyunchul Joh, Jinyoo Kim, Y. Malaiya
{"title":"Vulnerability Discovery Modeling Using Weibull Distribution","authors":"Hyunchul Joh, Jinyoo Kim, Y. Malaiya","doi":"10.1109/ISSRE.2008.32","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.32","url":null,"abstract":"A vulnerability discovery model describes the variation in the vulnerability discovery rate during the lifetime of a software system and can be used to assess risk and to evaluate possible mitigation approaches. A few vulnerability discovery models have recently been proposed. The AML Logistic model has been found to provide the best fit in several cases. Weibull distribution, which can model an asymmetric pdf, is often used for reliability evaluation in some fields but has not been used for modeling vulnerability discovery. Here we propose a new Weibull distribution based on vulnerability discovery model and compare it with the existing AML Model. The results show that the new model performs well in many cases, and may be considered as an alternative to the AML model.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123090807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 43
An Analysis Framework for Inter-system Interaction Behavior 系统间交互行为的分析框架
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.26
C. Ackermann, D. Sibol, W. Stratton, M. Lindvall, S. Godfrey
{"title":"An Analysis Framework for Inter-system Interaction Behavior","authors":"C. Ackermann, D. Sibol, W. Stratton, M. Lindvall, S. Godfrey","doi":"10.1109/ISSRE.2008.26","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.26","url":null,"abstract":"Systems often collaborate to form a system-of-systems (SoS) and together fulfill some larger task. Correctness and performance issues in the interaction between participating systems are frequent occurrences and decrease the reliability of the entire SoS. We are currently developing an analysis framework to automatically compare a model of the desired interaction behavior (specification) to a model that is retrieved from the system execution and detect deviations between the two. The specification, the observed interaction behavior, and the evaluation result are presented in behavioral diagrams to be analyzed by the user.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126092316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Resolving JavaScript Vulnerabilities in the Browser Runtime 解决浏览器运行时中的JavaScript漏洞
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.11
Ejike Ofuonye, James Miller
{"title":"Resolving JavaScript Vulnerabilities in the Browser Runtime","authors":"Ejike Ofuonye, James Miller","doi":"10.1109/ISSRE.2008.11","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.11","url":null,"abstract":"The volume of Web based malware on the Internet keeps rising despite huge investments on Web security. JavaScript, the dominant scripting language for Web applications, is the primary channel for most of these attacks. In this paper, we describe research into the design and implementation of new Web client protection system based on code instrumentation techniques. This system combines traditional static analysis techniques with a dynamic HTML, CSS and JavaScript code runtime monitoring agent to offer an efficient, easily deployable, policy driven framework for improved user protection. Rewriting and runtime monitoring are based on providing safe equivalents of JavaScript code constructs known to contain in securities and hence exploitable by malicious Web applications. As a demonstration of the practical capabilities of our framework, we also include a case study attack and empirical analysis of some of its various aspects across 1000 home pages belonging to the most popular web sites on the Internet.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115786054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Changing Java's Semantics for Handling Null Pointer Exceptions 改变Java处理空指针异常的语义
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.59
K. Dobolyi, Westley Weimer
{"title":"Changing Java's Semantics for Handling Null Pointer Exceptions","authors":"K. Dobolyi, Westley Weimer","doi":"10.1109/ISSRE.2008.59","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.59","url":null,"abstract":"We envision a world where no exceptions are raised; instead, language semantics are changed so that operations are total functions. Either an operation executes normally or tailored recovery code is applied where exceptions would have been raised. As an initial step and evaluation of this idea, we propose to transform programs so that null pointer dereferences are handled automatically without a large runtime overhead. We increase robustness by replacing code that raises null pointer exceptions with error-handling code, allowing the program to continue execution. Our technique first finds potential null pointer dereferences and then automatically transforms programs to insert null checks and error-handling code. These transformations are guided by composable, context-sensitive recovery policies. Error-handling code may, for example, create default objects of the appropriate types, or restore data structure invariants. If no null pointers would be dereferenced, the transformed program behaves just as the original.We applied our transformation in experiments involving multiple benchmarks, the Java Standard Library, and externally reported null pointer exceptions. Our technique was able to handle the reported exceptions and allow the programs to continue to do useful work, with an average execution time overhead of less than 1% and an average bytecode space overhead of 22%.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123705523","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
Reusing Existing Test Cases for Security Testing 重用现有的测试用例进行安全测试
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.55
Dazhi Zhang, Wenhua Wang, Donggang Liu, Yu Lei, D. Kung
{"title":"Reusing Existing Test Cases for Security Testing","authors":"Dazhi Zhang, Wenhua Wang, Donggang Liu, Yu Lei, D. Kung","doi":"10.1109/ISSRE.2008.55","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.55","url":null,"abstract":"Traditional test case generation methods usually consider coverage criteria like statement or path coverage and ignore security characteristics. The result is that a test case may fail to find vulnerabilities even if it covers the vulnerable statements. However, we argue that existing test cases are still of great value because significant human effort and time have been invested to achieve high coverage criteria. A high coverage indicates a high possibility that vulnerable statements occur in the execution traces of these test cases. Thus existing test cases could guide us to those vulnerable statements. Under this intuition, we present a method of security testing by re-examining existing test cases. The basic idea is to discover two types of constraints in a program: program constraints (PC) and security constraints (SC). The former are the constraints imposed by program statements. For example, an assignment statement i=0 constrains the value of i to be 0. The later are the constraints derived from security concerns. For example, a buffer should never be overflowed. Intuitively, a statement is vulnerable if it can make PCrarrSC be false, which means the program constraints are not strict enough to ensure the security constraints. We design and develop a tool named RETAST to demonstrate our idea and the initial result is promising.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114429682","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network 两个蜜罐网络和一个分布式蜜罐网络的经验数据比较
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.62
R. Bloomfield, Ilir Gashi, A. Povyakalo, Vladimir Stankovic
{"title":"Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network","authors":"R. Bloomfield, Ilir Gashi, A. Povyakalo, Vladimir Stankovic","doi":"10.1109/ISSRE.2008.62","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.62","url":null,"abstract":"In this paper we present empirical results and speculative analysis based on observations collected over a two month period from studies with two high interaction honeynets, deployed in a corporate and an SME (small to medium enterprise) environment, and a distributed honeypots deployment. All three networks contain a mixture of Windows and Linux hosts. We detail the architecture of the deployment and results of comparing the observations from the three environments. We analyze in detail the times between attacks on different hosts, operating systems, networks or geographical location. Even though results from honeynet deployments are reported often in the literature, this paper provides novel results analyzing traffic from three different types of networks and some initial exploratory models. This research aims to contribute to endeavours in the wider security research community to build methods, grounded on strong empirical work, for assessment of the robustness of computer-based systems in hostile environments.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128428645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Efficient Operational Profiling of Systems Using Suffix Arrays on Execution Logs 在执行日志中使用后缀数组对系统进行高效的操作分析
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.45
M. Nagappan, M. Vouk, Kesheng Wu, A. Sim, A. Shoshani
{"title":"Efficient Operational Profiling of Systems Using Suffix Arrays on Execution Logs","authors":"M. Nagappan, M. Vouk, Kesheng Wu, A. Sim, A. Shoshani","doi":"10.1109/ISSRE.2008.45","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.45","url":null,"abstract":"Operational profiles are an essential part of software reliability engineering. Typically they are created from the software requirements, and through customer reviews. Creation of operational profiles often is laborious and requires human intervention. Our approach builds an operational profile based on the actual usage from execution logs. The difficulty in using execution logs is that the amount of data to be analyzed is extremely large (more than a million records per day in many applications). Our solution constructs operational profiles by identifying all the possible clustered sequences of events (patterns) that exist in the logs. This is done very efficiently using suffix arrays data structure.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121667781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Using UML Sequence Diagrams and State Machines for Test Input Generation 使用UML序列图和状态机生成测试输入
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.16
A. Bandyopadhyay, Sudipto Ghosh
{"title":"Using UML Sequence Diagrams and State Machines for Test Input Generation","authors":"A. Bandyopadhyay, Sudipto Ghosh","doi":"10.1109/ISSRE.2008.16","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.16","url":null,"abstract":"We present a novel testing approach that combines information from UML sequence models and state machine models. We use sequence models to extract message paths that play a role in critical usage scenarios of a system. We use state machines to generate multiple execution paths from a message path by analyzing the effect of the messages on state transitions of the system. By covering these execution paths, we generate more effective test cases than the approaches that only cover message paths. The approach also reduces the number of state transitions to be tested by selecting only those that are fired in critical scenarios.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131286032","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A Modified Genetic Algorithm for Parameter Estimation of Software Reliability Growth Models 一种用于软件可靠性增长模型参数估计的改进遗传算法
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.35
Chao-Jung Hsu, Chin-Yu Huang, T. Chen
{"title":"A Modified Genetic Algorithm for Parameter Estimation of Software Reliability Growth Models","authors":"Chao-Jung Hsu, Chin-Yu Huang, T. Chen","doi":"10.1109/ISSRE.2008.35","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.35","url":null,"abstract":"In this paper, we propose a modified genetic algorithm (MGA) with calibrating fitness functions, weighted bit mutation, and rebuilding mechanism for the parameter estimation of software reliability growth models (SRGMs). An example using a real failure data is given to demonstrate the performance of proposed method. Experimental result shows that MGA is effective for estimating the parameters of SRGM.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127099644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Architecting for Reliability - Recovery Mechanisms 可靠性架构-恢复机制
2008 19th International Symposium on Software Reliability Engineering (ISSRE) Pub Date : 2008-11-10 DOI: 10.1109/ISSRE.2008.27
R. Hanmer, V. Mendiratta
{"title":"Architecting for Reliability - Recovery Mechanisms","authors":"R. Hanmer, V. Mendiratta","doi":"10.1109/ISSRE.2008.27","DOIUrl":"https://doi.org/10.1109/ISSRE.2008.27","url":null,"abstract":"Telecommunications systems achieve high levels of reliability by implementing detection and recovery mechanisms with high coverage. With the trend towards the use of more COTS components in these systems the choices available for the systems detection and recovery mechanisms are more limited. An escalating recovery model with varying coverage factors and recovery durations is developed to provide insight into high availability design alternatives for commercial products. This work extends our previous examination of escalating detection by considering recovery.","PeriodicalId":448275,"journal":{"name":"2008 19th International Symposium on Software Reliability Engineering (ISSRE)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-11-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123011240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信