Pattern-based methods for vulnerability discovery

2017 ◽  
Vol 59 (2) ◽  
Author(s):  
Fabian Yamaguchi
Keyword(s):  
Domain Knowledge ◽  
Graph Mining ◽  
Software Systems ◽  
Exact Methods ◽  
Software Projects ◽  
Software Analysis ◽  
Novel Approach ◽  
Vulnerability Discovery ◽  
Automated Software ◽  
Present Pattern

AbstractDiscovering and eliminating critical vulnerabilities in program code is a key requirement for the secure operation of software systems. This task rests primarily on the shoulders of experienced code analysts who inspect programs in-depth to identify weaknesses. As software systems grow in complexity, while the amount of security critical code increases, supplying these analysts with effective methods to assist in their work becomes even more crucial. Unfortunately, exact methods for automated software analysis are rarely of help in practice, as they do not scale to the complexity of contemporary software projects, and are not designed to benefit from the analyst's domain knowledge. To address this problem, we present pattern-based vulnerability discovery, a novel approach of devising assistant methods for vulnerability discovery that are build with a high focus on practical requirements. The approach combines techniques of static analysis, machine learning, and graph mining to lend imprecise but highly effective methods that allow analysts to benefit from the machine's pattern recognition abilities without sacrificing the strengths of manual analysis.

scholarly journals Density Guarantee on Finding Multiple Subgraphs and Subtensors

2021 ◽  
Vol 15 (5) ◽  
pp. 1-32
Author(s):  
Quang-huy Duong ◽  
Heri Ramampiaro ◽  
Kjetil Nørvåg ◽  
Thu-lan Dam
Keyword(s):  
Lower Bound ◽  
State Of The Art ◽  
The State ◽  
The Other ◽  
Exact Methods ◽  
Practical Solution ◽  
Novel Approach ◽  
Wide Range ◽  
Real World Datasets ◽  
Tensor Data

Dense subregion (subgraph & subtensor) detection is a well-studied area, with a wide range of applications, and numerous efficient approaches and algorithms have been proposed. Approximation approaches are commonly used for detecting dense subregions due to the complexity of the exact methods. Existing algorithms are generally efficient for dense subtensor and subgraph detection, and can perform well in many applications. However, most of the existing works utilize the state-or-the-art greedy 2-approximation algorithm to capably provide solutions with a loose theoretical density guarantee. The main drawback of most of these algorithms is that they can estimate only one subtensor, or subgraph, at a time, with a low guarantee on its density. While some methods can, on the other hand, estimate multiple subtensors, they can give a guarantee on the density with respect to the input tensor for the first estimated subsensor only. We address these drawbacks by providing both theoretical and practical solution for estimating multiple dense subtensors in tensor data and giving a higher lower bound of the density. In particular, we guarantee and prove a higher bound of the lower-bound density of the estimated subgraph and subtensors. We also propose a novel approach to show that there are multiple dense subtensors with a guarantee on its density that is greater than the lower bound used in the state-of-the-art algorithms. We evaluate our approach with extensive experiments on several real-world datasets, which demonstrates its efficiency and feasibility.

scholarly journals Standalone Behaviour-Based Attack Detection Techniques for Distributed Software Systems via Blockchain

2021 ◽  
Vol 11 (12) ◽  
pp. 5685
Author(s):  
Hosam Aljihani ◽  
Fathy Eassa ◽  
Khalid Almarhabi ◽  
Abdullah Algarni ◽  
Abdulaziz Attaallah
Keyword(s):  
Attack Detection ◽  
Detection Methods ◽  
Software Systems ◽  
Distributed Software ◽  
Detection Techniques ◽  
Detection Systems ◽  
Novel Approach ◽  
Validation Experiment ◽  
Critical Issues ◽  
Concrete Solution

With the rapid increase of cyberattacks that presently affect distributed software systems, cyberattacks and their consequences have become critical issues and have attracted the interest of research communities and companies to address them. Therefore, developing and improving attack detection techniques are prominent methods to defend against cyberattacks. One of the promising attack detection methods is behaviour-based attack detection methods. Practically, attack detection techniques are widely applied in distributed software systems that utilise network environments. However, there are some other challenges facing attack detection techniques, such as the immutability and reliability of the detection systems. These challenges can be overcome with promising technologies such as blockchain. Blockchain offers a concrete solution for ensuring data integrity against unauthorised modification. Hence, it improves the immutability for detection systems’ data and thus the reliability for the target systems. In this paper, we propose a design for standalone behaviour-based attack detection techniques that utilise blockchain’s functionalities to overcome the above-mentioned challenges. Additionally, we provide a validation experiment to prove our proposal in term of achieving its objectives. We argue that our proposal introduces a novel approach to develop and improve behaviour-based attack detection techniques to become more reliable for distributed software systems.

A NOVEL APPROACH TO VERIFY GRAPH SCHEMA-BASED SOFTWARE SYSTEMS

2009 ◽  
Vol 19 (06) ◽  
pp. 857-870 ◽  
Author(s):  
VAHID RAFE ◽  
ADEL T. RAHMANI
Keyword(s):  
Graph Transformation ◽  
Behavioral Modeling ◽  
Model Transformations ◽  
Software Systems ◽  
Hierarchical Systems ◽  
Input Language ◽  
Novel Approach ◽  
Graph Schema ◽  
Transformation Systems ◽  
Graph Transformation Systems

Graph Grammars have recently become more and more popular as a general formal modeling language. Behavioral modeling of dynamic systems and model to model transformations are a few well-known examples in which graphs have proven their usefulness in software engineering. A special type of graph transformation systems is layered graphs. Layered graphs are a suitable formalism for modeling hierarchical systems. However, most of the research so far concentrated on graph transformation systems as a modeling means, without considering the need for suitable analysis tools. In this paper we concentrate on how to analyze these models. We will describe our approach to show how one can verify the designed graph transformation systems. To verify graph transformation systems we use a novel approach: using Bogor model checker to verify graph transformation systems. The AGG-like graph transformation systems are translated to BIR — the input language of Bogor — and Bogor verifies that model against some properties defined by combining LTL and special purpose graph rules. Supporting schema-based and layered graphs characterize our approach among existing solutions for verification of graph transformation systems.

scholarly journals Synthesis of Code Anomalies: Revealing Design Problems in the Source Code

2020 ◽  
Author(s):  
Willian N. Oizumi ◽  
Alessandro F. Garcia
Keyword(s):  
Software Engineering ◽  
Source Code ◽  
New Technique ◽  
Software Systems ◽  
Identification Task ◽  
Software Projects ◽  
Design Problems ◽  
Engineering Community ◽  
Synthesis Technique ◽  
A New Technique

Design problems affect most software projects and make their maintenance expensive and impeditive. Thus, the identification of potential design problems in the source code – which is very often the only available and upto-date artifact in a project – becomes essential in long-living software systems. This identification task is challenging as the reification of design problems in the source code tend to be scattered through several code elements. However, stateof-the-art techniques do not provide enough information to effectively help developers in this task. In this work, we address this challenge by proposing a new technique to support developers in revealing design problems. This technique synthesizes information about potential design problems, which are materialized in the implementation under the form of syntactic and semantic anomaly agglomerations. Our evaluation shows that the proposed synthesis technique helps to reveal more than 1200 design problems across 7 industry-strength systems, with a median precision of 71% and a median recall of 78%. The relevance of our work has been widely recognized by the software engineering community through 2 awards and 7 publications in international and national venues.

scholarly journals EP-1398: Automated software analysis of multileaf collimator performance in dynamic mode

2015 ◽  
Vol 115 ◽  
pp. S755
Author(s):  
C. Legrand ◽  
B. Ben Hénia ◽  
T. Bély ◽  
C. Di Bartolo ◽  
M. Edouard ◽  
...  
Keyword(s):  
Dynamic Mode ◽  
Multileaf Collimator ◽  
Software Analysis ◽  
Automated Software

Influential Agile Software Parameters

2011 ◽  
pp. 1938-1943
Author(s):  
Subhas C. Misra ◽  
Vinod Kumar ◽  
Uma Kumar
Keyword(s):  
Project Management ◽  
Software Process ◽  
Systems Development ◽  
The Other ◽  
Software Systems ◽  
Software Projects ◽  
Optimal Cost ◽  
Management Processes ◽  
Agile Software ◽  
Refining Processes

Successful software systems development is a delicate balance among several distinct factors (Jalote, 2002) such as enabling people to grow professionally; documenting processes representing the gained experiences and knowledge of the organization members; using know how to apply the suitable processes to similar circumstances; and refining processes based on achieved experience. Software projects have two main dimensions: engineering and project management. The engineering dimension concerns the construction of a system, and focuses mainly on issues such as how to build a system. The project management dimension is in charge with properly planning and controlling the engineering activities to meet project goals for optimal cost, schedule, and quality. For a project, the engineering processes specify how to perform activities such as requirement specification, design, testing, and so on. The project management processes, on the other hand, specify how to set milestones, organize personnel, manage risks, monitor progress, and so on (Jalote, 2002). A software process may be defined as “a set of activities, methods, practices, and transformations that people use to develop and maintain software, and the associated products and artifacts.”1 This is pictorially depicted in Figure 1 (Donaldson & Siegel, 2000).

Lack of Skill Risks to Organizational Technology Learning and Software Project Performance

2009 ◽  
pp. 2247-2261
Author(s):  
James Jiang ◽  
Gary Klein ◽  
Phil Beck ◽  
Eric T.G. Wang
Keyword(s):  
Domain Knowledge ◽  
Development Process ◽  
System Development ◽  
Project Performance ◽  
Technology Skills ◽  
Software Project ◽  
Software Projects ◽  
Technology Learning ◽  
Software Project Performance ◽  
The Relationship

To improve the performance of software projects, a number of practices are encouraged that serve to control certain risks in the development process, including a lack of essential skills and knowledge related to the application domain and system development process. A potential mediating variable between the lack of skill risk and project performance is the ability of an organization to acquire the essential domain knowledge and technology skills through learning, specifically organizational technology learning. However, the same lack of knowledge that hinders good project performance may also inhibit learning. This study examines the relationship between information system personnel skills and domain knowledge, organizational technology learning, and software project performance with a sample of professional software developers. Indications are that the relationship between information systems (IS) personnel skills and project performance is partially mediated by organizational technology learning.

Mining Software Specifications

2009 ◽  
pp. 495-503
Author(s):  
David Lo ◽  
Siau-Cheng Khoo
Keyword(s):  
Operating Systems ◽  
Program Verification ◽  
Program Comprehension ◽  
Software Systems ◽  
Software Projects ◽  
Software Cost ◽  
Vending Machines ◽  
Software Specifications ◽  
Short Time ◽  
Market Requirement

Software is a ubiquitous component in our daily life. It ranges from large software systems like operating systems to small embedded systems like vending machines, both of which we frequently interact with. Reducing software related costs and ensuring correctness and dependability of software are certainly worthwhile goals to pursue. Due to the short-time-to-market requirement imposed on many software projects, documented software specifications are often lacking, incomplete and outdated (Deelstra, Sinnema & Bosch 2004). Lack of documented software specifications contributes to difficulties in understanding existing systems. The latter is termed program comprehension and is estimated to contribute up to 45% of total software cost which goes to billions of dollars (Erlikh 2000, Standish 1984; Canfora & Cimitile 2002; BEA 2007). Lack of specifications also hampers automated effort of program verification and testing (Ammons, Bodik & Larus 2002).

Automated Tool-Orientation Determinations for 4-Axis Non-Gouge, Non-Interference Milling of Axial-Flow Compressors Airfoils

2007 ◽  
Author(s):  
Zezhong C. Chen ◽  
Gang Liu
Keyword(s):  
Manufacturing Industry ◽  
Axial Flow ◽  
Optimization Method ◽  
Free Form ◽  
Software Systems ◽  
Cnc Milling ◽  
Novel Approach ◽  
Cad Cam ◽  
Free Form Surfaces ◽  
Axial Flow Compressors

As important components of gas turbine engines, axial-flow compressors have been improved with a more complex and accurate airfoil design to meet high aerodynamic requirements; specifically, the pressure and suction surfaces of the airfoils (or blades) are now represented with free-form surfaces in CAD software systems. Since quality of the blades affects efficiency of the engines and safety of the aircrafts, some types of compressors are produced with the blades and the hub as a single piece on 4-axis CNC milling machines. However, it is still quite challenging to automatically determine cutter sizes and orientations without gouging and interference during the 4-axis milling, because the geometric shape of the blades is complex and the blades overlap with each other. As a result, the established method of determining tool size and orientation in industry is by trial and error in a repetitive process of selecting cutters and planning tool-paths with CAM systems. To address this problem, a novel approach is proposed to automatically determine cutter sizes and orientations for 4-axis milling of the axial-flow compressors blades without gouging and interference. The main contribution of this work is that (1) a mathematical model for optimizing cutter sizes in 4-axis milling is established; and (2) by applying a global optimization method — the particle swarm optimization method — to this model, the maximum allowable size of a cutter and its corresponding orientation can be found at each cutter-contact (CC) point on the surface being machined. Therefore, all the maximum allowable sizes of cutters for all the CC points and the corresponding cutter orientations can be computed. A group of standard cutters are then selected; each of which can sweep particular CC points without damaging the compressor. Since it is efficient and reliable, this newly proposed approach can be directly implemented in commercial CAD/CAM software systems to benefit the manufacturing industry.

An Empirical Study on the Architecture Instability of Software Projects

2019 ◽  
Vol 29 (04) ◽  
pp. 515-545 ◽  
Author(s):  
Lerina Aversano ◽  
Daniela Guardabascio ◽  
Maria Tortorella
Keyword(s):  
Empirical Study ◽  
Programming Languages ◽  
Quantitative Information ◽  
Software Systems ◽  
Software Project ◽  
Software System ◽  
Software Projects ◽  
System Maturity ◽  
Multiple Releases ◽  
Initial Concept

Software architecture is an artifact that expresses how the initial concept of a software system has actually been implemented. However, changes to the requirement imply continuous modification of the software system and may affect its architecture. It is expected that when a software system reaches the mature state, the requirements for evolution decrease and its architecture becomes more stable. The paper analyzes how the architecture of a software system evolves during its life cycle, with the aim of obtaining quantitative information on its possible instability after it has been declared mature. The goal is to verify if the architectural instability decreases with the increase of the software system maturity and to identify the software components that are more unstable among multiple releases. The paper proposes metrics that measure the instability of the architecture of a software system and its components through different releases. Open source software projects classified as mature and active and related historical data are analyzed. The results of the empirical study point out that the instability of software projects continues to evolve even after they are declared mature. The proposed metrics give a useful support for investigating the instability of a software project, even if further factors can be analyzed. Furthermore, the study can be replicated on other software systems belonging to different domains and developed using different programming languages.

Sign in / Sign up

Export Citation Format

Share Document