References of "Klein, Jacques 50002098"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailPolymer: A Model-Driven Approach for Simpler, Safer, and Evolutive Multi-Objective Optimization Development
Moawad, Assaad UL; Hartmann, Thomas UL; Fouquet, François UL et al

in Hammoudi, Slimane; Pires, Luis Ferreira; Desfray, Philippe (Eds.) et al MODELSWARD 2015 - Proceedings of the 3rd International Conference on Model-Driven Engineering and Software Development (2015, February)

Multi-Objective Evolutionary Algorithms (MOEAs) have been successfully used to optimize various domains such as finance, science, engineering, logistics and software engineering. Nevertheless, MOEAs are ... [more ▼]

Multi-Objective Evolutionary Algorithms (MOEAs) have been successfully used to optimize various domains such as finance, science, engineering, logistics and software engineering. Nevertheless, MOEAs are still very complex to apply and require detailed knowledge about problem encoding and mutation operators to obtain an effective implementation. Software engineering paradigms such as domain-driven design aim to tackle this complexity by allowing domain experts to focus on domain logic over technical details. Similarly, in order to handle MOEA complexity, we propose an approach, using model-driven software engineering (MDE) techniques, to define fitness functions and mutation operators without MOEA encoding knowledge. Integrated into an open source modelling framework, our approach can significantly simplify development and maintenance of multi-objective optimizations. By leveraging modeling methods, our approach allows reusable optimizations and seamlessly connects MOEA and MDE paradigms. We evaluate our approach on a cloud case study and show its suitability in terms of i) complexity to implement an MOO problem, ii) complexity to adapt (maintain) this implementation caused by changes in the domain model and/or optimization goals, and iii) show that the efficiency and effectiveness of our approach remains comparable to ad-hoc implementations. [less ▲]

Detailed reference viewed: 305 (39 UL)
Full Text
Peer Reviewed
See detailBottom-up adoption of software product lines: a generic and extensible approach
Martinez, Jabier UL; Ziadi, Tewfik; Bissyandé, Tegawendé F. et al

in Proceedings of the 19th International Conference on Software Product Line, SPLC 2015, Nashville, TN, USA, July 20-24, 2015 (2015)

Detailed reference viewed: 102 (8 UL)
Full Text
Peer Reviewed
See detailAn Investigation into the Use of Common Libraries in Android Apps
Li, Li UL; Bissyandé, Tegawendé F.; Klein, Jacques UL et al

in arXiv preprint arXiv:1511.06554 (2015)

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not ... [more ▼]

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not part of the functionality delivered by the app. Such code is often contributed by the common libraries which are used pervasively by all apps. Unfortunately, Android analyses, e.g., for piggybacking detection and malware detection, can produce inaccurate results if they do not take into account the case of library code, which constitute noise in app features. Despite some efforts on investigating Android libraries, the momentum of Android research has not yet produced a complete set of common libraries to further support in-depth analysis of Android apps. In this paper, we leverage a dataset of about 1.5 million apps from Google Play to harvest potential common libraries, including advertisement libraries. With several steps of refinements, we finally collect by far the largest set of 1,113 libraries supporting common functionalities and 240 libraries for advertisement. We use the dataset to investigates several aspects of Android libraries, including their popularity and their proportion in Android app code. Based on these datasets, we have further performed several empirical investigations to confirm the motivations behind our work. [less ▲]

Detailed reference viewed: 177 (27 UL)
Full Text
Peer Reviewed
See detailAutomating the Extraction of Model-based Software Product Lines from Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Bissyande, Tegawendé François D Assise UL et al

in 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015) (2015)

Detailed reference viewed: 136 (9 UL)
Full Text
Peer Reviewed
See detailEstimating and Predicting Average Likability on Computer-Generated Artwork Variants
Martinez, Jabier UL; Rossi, Gabriele; Ziadi, Tewfik et al

in Genetic and Evolutionary Computation Conference, GECCO 2015, Madrid Spain, July 11-15, 2015, Companion Material Proceedings (2015)

Detailed reference viewed: 163 (2 UL)
Full Text
Peer Reviewed
See detailAre Your Training Datasets Yet Relevant? - An Investigation into the Importance of Timeline in Machine Learning-Based Malware Detection
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

in Engineering Secure Software and Systems - 7th International Symposium ESSoS 2015, Milan, Italy, March 4-6, 2015. Proceedings (2015)

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show ... [more ▼]

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show that simply picking a random set of known malware to train a malware detector, as it is done in many assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to con- firm a number of intuitive assumptions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild. [less ▲]

Detailed reference viewed: 1175 (36 UL)
Full Text
Peer Reviewed
See detailIccTA: Detecting Inter-Component Privacy Leaks in Android Apps
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015) (2015)

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating ... [more ▼]

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components. Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting inter-component detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps. [less ▲]

Detailed reference viewed: 1277 (41 UL)
Full Text
Peer Reviewed
See detailEmpirical assessment of machine learning-based malware detectors for Android: Measuring the Gap between In-the-Lab and In-the-Wild Validation Scenarios
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Empirical Software Engineering (2014)

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective ... [more ▼]

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. So far, several promising results were recorded in the literature, many approaches being assessed with what we call in the lab validation scenarios. This paper revisits the purpose of malware detection to discuss whether such in the lab validation scenarios provide reliable indications on the performance of malware detectors in real-world settings, aka in the wild. To this end, we have devised several Machine Learning classifiers that rely on a set of features built from applications’ CFGs. We use a sizeable dataset of over 50 000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that, in the lab, our approach outperforms existing machine learning-based approaches. However, this high performance does not translate in high performance in the wild. The performance gap we observed—F-measures dropping from over 0.9 in the lab to below 0.1 in the wild —raises one important question: How do state-of-the-art approaches perform in the wild ? [less ▲]

Detailed reference viewed: 535 (56 UL)
Full Text
Peer Reviewed
See detailGenerating Realistic Smart Grid Communication Topologies Based on Real-Data
Hartmann, Thomas UL; Fouquet, François UL; Klein, Jacques UL et al

in 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm) (2014, November)

Today’s electricity grid must undergo substantial changes in order to keep pace with the rising demand for energy. The vision of the smart grid aims to increase the efficiency and reliability of today’s ... [more ▼]

Today’s electricity grid must undergo substantial changes in order to keep pace with the rising demand for energy. The vision of the smart grid aims to increase the efficiency and reliability of today’s electricity grid, e.g. by integrating renewable energies and distributed micro-generations. The backbone of this effort is the facilitation of information and communication technologies to allow two-way communication and an automated control of devices. The underlying communication topology is essential for the smart grid and is what enables the smart grid to be smart. Analyzing, simulating, designing, and comparing smart grid infrastructures but also optimizing routing algorithms, and predicating impacts of failures, all of this relies on deep knowledge of a smart grids communication topology. However, since smart grids are still in a research and test phase, it is very difficult to get access to real-world topology data. In this paper we provide a comprehensive analysis of the power-line communication topology of a real-world smart grid, the one currently deployed and tested in Luxembourg. Building on the results of this analysis we implement a generator to automatically create random but realistic smart grid communication topologies. These can be used by researchers and industrial professionals to analyze, simulate, design, compare, and improve smart grid infrastructures. [less ▲]

Detailed reference viewed: 490 (33 UL)
Full Text
Peer Reviewed
See detailAutomatically Exploiting Potential Component Leaks in Android Applications
Li, Li UL; Bartel, Alexandre; Klein, Jacques UL et al

in The 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-14), IEEE, Sept. 2014, Beijing, China. (2014, September)

We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be ... [more ▼]

We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks. [less ▲]

Detailed reference viewed: 177 (12 UL)
Full Text
Peer Reviewed
See detailModel-Driven Security with A System of Aspect-Oriented Security Design Patterns
Nguyen, Phu Hong UL; Klein, Jacques UL; Le Traon, Yves UL

in 2nd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling (2014, July 22)

Model-Driven Security (MDS) has emerged for more than a decade, as a specialization of Model-Driven Engineering (MDE), to propose sound MD methodologies for supporting secure systems development. Yet ... [more ▼]

Model-Driven Security (MDS) has emerged for more than a decade, as a specialization of Model-Driven Engineering (MDE), to propose sound MD methodologies for supporting secure systems development. Yet, there is still a big gap before making MDS approaches more easily applicable and adoptable by industry. Most current MDS approaches only deal with a specific security concern, e.g. Authorization, and have not taken into account multiple security concerns. Besides, security patterns which are based on domain-independent, time-proven security knowledge and expertise, can be considered as reusable security bricks upon which sound and secure systems can be built. But they are not applied as much as they could be, because developers have problems in selecting them and applying them in the right places, especially at the design phase. In this position paper, we propose an exploratory MDS approach based on a System of aspect-oriented Security design Patterns (SoSPa) in which security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically selecting the right security design patterns for the job. Our MDS approach allows the selected security design patterns to be automatically composed with the target system model. The woven secure system model can then be used for code generation, including configured security infrastructures. [less ▲]

Detailed reference viewed: 147 (2 UL)
Full Text
Peer Reviewed
See detailModel-based time-distorted Contexts for efficient temporal Reasoning
Hartmann, Thomas UL; Fouquet, François UL; Nain, Grégory UL et al

Poster (2014, July 02)

Intelligent systems continuously analyze their context to autonomously take corrective actions. Building a proper knowledge representation of the context is the key to take adequate actions. This requires ... [more ▼]

Intelligent systems continuously analyze their context to autonomously take corrective actions. Building a proper knowledge representation of the context is the key to take adequate actions. This requires numerous and complex data models, for example formalized as ontologies or meta-models. As these systems evolve in a dynamic context, reasoning processes typically need to analyze and compare the current context with its history. A common approach consists in a temporal discretization, which regularly samples the context (snapshots) at specific timestamps to keep track of the history. Reasoning processes would then need to mine a huge amount of data, extract a relevant view, and finally analyze it. This would require lots of computational power and be time-consuming, conflicting with the near real-time response time requirements of intelligent systems. This paper introduces a novel temporal modeling approach together with a time-relative navigation between context concepts to overcome this limitation. Similarly to time distortion theory, our approach enables building time-distorted views of a context, composed by elements coming from different times, which speeds up the reasoning. We demonstrate the efficiency of our approach with a smart grid load prediction reasoning engine. [less ▲]

Detailed reference viewed: 165 (21 UL)
Full Text
Peer Reviewed
See detailA Forensic Analysis of Android Malware -- How is Malware Written and How It Could Be Detected?
Allix, Kevin UL; Jerome, Quentin UL; Bissyande, Tegawendé François D Assise UL et al

in Proceedings of the 2014 IEEE 38th Annual Computer Software and Applications Conference (2014, July)

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last ... [more ▼]

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last years, none has addressed it from a forensic point of view. After collecting over 500,000 applications from user markets and research repositories, we perform an analysis that yields precious insights on the writing process of Android malware. This study also explores some strange artifacts in the datasets, and the divergent capabilities of state-of-the-art antivirus to recognize/define malware. We further highlight some major weak usage and misunderstanding of Android security by the criminal community and show some patterns in their operational flow. Finally, using insights from this analysis, we build a naive malware detection scheme that could complement existing anti virus software. [less ▲]

Detailed reference viewed: 432 (24 UL)
Full Text
Peer Reviewed
See detailReasoning at Runtime using time-distorted Contexts: A Models@run.time based Approach
Hartmann, Thomas UL; Fouquet, François UL; Nain, Grégory UL et al

in Proceedings of the 26th International Conference on Software Engineering and Knowledge Engineering (2014, July)

Intelligent systems continuously analyze their context to autonomously take corrective actions. Building a proper knowledge representation of the context is the key to take adequate actions. This requires ... [more ▼]

Intelligent systems continuously analyze their context to autonomously take corrective actions. Building a proper knowledge representation of the context is the key to take adequate actions. This requires numerous and complex data models, for example formalized as ontologies or meta-models. As these systems evolve in a dynamic context, reasoning processes typically need to analyze and compare the current context with its history. A common approach consists in a temporal discretization, which regularly samples the context (snapshots) at specific timestamps to keep track of the history. Reasoning processes would then need to mine a huge amount of data, extract a relevant view, and finally analyze it. This would require lots of computational power and be time-consuming, conflicting with the near real-time response time requirements of intelligent systems. This paper introduces a novel temporal modeling approach together with a time-relative navigation between context concepts to overcome this limitation. Similarly to time distortion theory, our approach enables building time-distorted views of a context, composed by elements coming from different times, which speeds up the reasoning. We demonstrate the efficiency of our approach with a smart grid load prediction reasoning engine. [less ▲]

Detailed reference viewed: 319 (52 UL)
Full Text
See detailAutomatically Exploiting Potential Component Leaks in Android Applications
Li, Li UL; Bartel, Alexandre UL; Klein, Jacques UL et al

Report (2014)

We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks (e.g., another component ... [more ▼]

We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks (e.g., another component can potentially exploit the leak). To evaluate our approach, we run PCLeaks on 2000 apps, randomly selected from Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks. [less ▲]

Detailed reference viewed: 417 (31 UL)
Full Text
Peer Reviewed
See detailFlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps
Arzt, S.; Rasthofer, S.; Fritz, C. et al

Scientific Conference (2014, June)

Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by carelessly programmed apps that leak important data by accident, and by ... [more ▼]

Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by carelessly programmed apps that leak important data by accident, and by malicious apps that exploit their given privileges to copy such data intentionally. While existing static taint-analysis approaches have the potential of detecting such data leaks ahead of time, all approaches for Android use a number of coarse-grain approximations that can yield high numbers of missed leaks and false alarms. In this work we thus present FLOWDROID, a novel and highly precise static taint analysis for Android applications. A precise model of Android's lifecycle allows the analysis to properly handle callbacks invoked by the Android framework, while context, flow, field and object-sensitivity allows the analysis to reduce the number of false alarms. Novel on-demand algorithms help FLOWDROID maintain high efficiency and precision at the same time. We also propose DROIDBENCH, an open test suite for evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps. As we show through a set of experiments using SecuriBench Micro, DROIDBENCH, and a set of well-known Android test applications, FLOWDROID finds a very high fraction of data leaks while keeping the rate of false positives low. On DROIDBENCH, FLOWDROID achieves 93% recall and 86% precision, greatly outperforming the commercial tools IBM AppScan Source and Fortify SCA. FLOWDROID successfully finds leaks in a subset of 500 apps from Google Play and about 1,000 malware apps from the VirusShare project. Copyright © 2014 ACM. [less ▲]

Detailed reference viewed: 513 (12 UL)
Full Text
Peer Reviewed
See detailStatic Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android
Bartel, Alexandre; Klein, Jacques UL; Monperrus, Martin et al

in IEEE Transactions on Software Engineering (2014), 40(6), 617-632

A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are ... [more ▼]

A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android. [less ▲]

Detailed reference viewed: 142 (6 UL)
Full Text
See detailMachine Learning-Based Malware Detection for Android Applications: History Matters!
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

Report (2014)

Machine Learning-based malware detection is a promis- ing scalable method for identifying suspicious applica- tions. In particular, in today’s mobile computing realm where thousands of applications are ... [more ▼]

Machine Learning-based malware detection is a promis- ing scalable method for identifying suspicious applica- tions. In particular, in today’s mobile computing realm where thousands of applications are daily poured into markets, such a technique could be valuable to guaran- tee a strong filtering of malicious apps. The success of machine-learning approaches however is highly de- pendent on (1) the quality of the datasets that are used for training and of (2) the appropriateness of the tested datasets with regards to the built classifiers. Unfortu- nately, there is scarce mention of these aspects in the evaluation of existing state-of-the-art approaches in the literature. In this paper, we consider the relevance of history in the construction of datasets, to highlight its impact on the performance of the malware detection scheme. Typ- ically, we show that simply picking a random set of known malware to train a malware detector, as it is done in most assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to confirm a number of intuitive assump- tions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild. [less ▲]

Detailed reference viewed: 657 (38 UL)
Full Text
See detailI know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis
Li, Li UL; Bartel, Alexandre UL; Klein, Jacques UL et al

Report (2014)

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike ... [more ▼]

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect privacy leaks between components of Android applications. Unlike all current approaches, our tool, called IccTA, propagates the context between the components, which improves the precision of the analysis. IccTA outperforms all other available tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our approach detects 147 inter-component based privacy leaks in 14 applications in a set of 3000 real-world applications with a precision of 88.4%. With the help of ApkCombiner, our approach is able to detect inter-app based privacy leaks. [less ▲]

Detailed reference viewed: 225 (21 UL)