References of "Klein, Jacques 50002098"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailReactive Security for Smart Grids Using Models@run.time-Based Simulation and Reasoning
Hartmann, Thomas UL; Fouquet, François UL; Klein, Jacques UL et al

in Proceedings of the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14) (2014, April)

Smart grids leverage modern information and communication technology to offer new perspectives to electricity consumers, producers, and distributors. However, these new possibilities also increase the ... [more ▼]

Smart grids leverage modern information and communication technology to offer new perspectives to electricity consumers, producers, and distributors. However, these new possibilities also increase the complexity of the grid and make it more prone to failures. Moreover, new advanced features like remotely disconnecting meters create new vulnerabilities and make smart grids an attractive target for cyber attackers. We claim that, due to the nature of smart grids, unforeseen attacks and failures cannot be effectively countered relying solely on proactive security techniques. We believe that a reactive and corrective approach can offer a long-term solution and is able to both minimize the impact of attacks and to deal with unforeseen failures. In this paper we present a novel approach combining a Models@run.time-based simulation and reasoning engine with reactive security techniques to intelligently monitor and continuously adapt the smart grid to varying conditions in near real-time. [less ▲]

Detailed reference viewed: 344 (31 UL)
Full Text
Peer Reviewed
See detailUsing A Path Matching Algorithm to Detect Inter-Component Leaks in Android Apps
Li, Li UL; Bartel, Alexandre UL; Klein, Jacques UL et al

Scientific Conference (2014, March 12)

Detailed reference viewed: 303 (22 UL)
Full Text
Peer Reviewed
See detailLarge-scale Machine Learning-based Malware Detection: Confronting the "10-fold Cross Validation" Scheme with Reality
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Proceedings of the 4th ACM Conference on Data and Application Security and Privacy (2014, March)

To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results ... [more ▼]

To address the issue of malware detection, researchers have recently started to investigate the capabilities of machine- learning techniques for proposing effective approaches. Sev- eral promising results were recorded in the literature, many approaches being assessed with the common “10-Fold cross validation” scheme. This paper revisits the purpose of mal- ware detection to discuss the adequacy of the “10-Fold” scheme for validating techniques that may not perform well in real- ity. To this end, we have devised several Machine Learning classifiers that rely on a novel set of features built from ap- plications’ CFGs. We use a sizeable dataset of over 50,000 Android applications collected from sources where state-of- the art approaches have selected their data. We show that our approach outperforms existing machine learning-based approaches. However, this high performance on usual-size datasets does not translate in high performance in the wild. [less ▲]

Detailed reference viewed: 348 (30 UL)
Full Text
Peer Reviewed
See detailModeling, composing, and testing of security concerns in a Model-Driven Security approach
Nguyen, Phu Hong UL; Klein, Jacques UL; Le Traon, Yves UL

in Joosen, Wouter; Martinelli, Fabio; Heyman, Thomas (Eds.) Proceedings of the 2014 ESSoS Doctoral Symposium co-located with the International Symposium on Engineering Secure Software and Systems (ESSoS 2014) (2014, February 26)

Model-Driven Security (MDS) has emerged as a promising sound methodology for supporting the development of secure systems nowadays. Following the advances in MDS, this research work aims at 1) developing ... [more ▼]

Model-Driven Security (MDS) has emerged as a promising sound methodology for supporting the development of secure systems nowadays. Following the advances in MDS, this research work aims at 1) developing new modeling techniques to represent multiple security concerns, 2) (automatically) composing security models with the business logic model (called target model), and 3) testing the security model composition and the resulting secure system against security requirements. These three objectives converge to an integrated MDS framework (and tool chain) which 1) allows a target system model to embed various security concerns, 2) enables the generation of implementation code including configured security infrastructures, and 3) makes these security properties testable by construction. This paper presents the main research modules, the results we have achieved so far, and the main points for future work. [less ▲]

Detailed reference viewed: 181 (13 UL)
Full Text
Peer Reviewed
See detailDetecting privacy leaks in Android Apps
Li, Li UL; Bartel, Alexandre UL; Klein, Jacques UL et al

Scientific Conference (2014, February 26)

The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before ... [more ▼]

The number of Android apps have grown explosively in recent years and the number of apps leaking private data have also grown. It is necessary to make sure all the apps are not leaking private data before putting them to the app markets and thereby a privacy leaks detection tool is needed. We propose a static taint analysis approach which leverages the control-flow graph (CFG) of apps to detect privacy leaks among Android apps. We tackle three problems related to inter- component communication (ICC), lifecycle of components and callback mechanism making the CFG imprecision. To bridge this gap, we ex- plicitly connect the discontinuities of the CFG to provide a precise CFG. Based on the precise CFG, we aim at providing a taint analysis approach to detect intra-component privacy leaks, inter-component privacy leaks and also inter-app privacy leaks. [less ▲]

Detailed reference viewed: 511 (32 UL)
Full Text
Peer Reviewed
See detailFeature Relations Graphs: A Visualisation Paradigm for Feature Constraints in Software Product Lines
Martinez, Jabier UL; Ziadi, Tewfik; Mazo, Raul et al

in 2nd IEEE Working Conference on Software Visualization (2014)

Detailed reference viewed: 213 (3 UL)
Full Text
Peer Reviewed
See detailA Native Versioning Concept to Support Historized Models at Runtime
Hartmann, Thomas UL; Fouquet, François UL; Nain, Grégory UL et al

in Dingel, Juergen; Schulte, Wolfram; Ramos, Isidro (Eds.) et al Model-Driven Engineering Languages and Systems - 17th International Conference, MODELS 2014, Valencia, Spain, September 28 - October 3, 2014. Proceedings (2014)

Models@run.time provides semantically rich reflection layers enabling intelligent systems to reason about themselves and their surrounding context. Most reasoning processes require not only to explore the ... [more ▼]

Models@run.time provides semantically rich reflection layers enabling intelligent systems to reason about themselves and their surrounding context. Most reasoning processes require not only to explore the current state, but also the past history to take sustainable decisions e.g. to avoid oscillating between states. Models@run.time and model-driven engineering in general lack native mechanisms to efficiently support the notion of history, and current approaches usually generate redundant data when versioning models, which reasoners need to navigate. Because of this limitation, models fail in providing suitable and sustainable abstractions to deal with domains relying on history-aware reasoning. This paper tackles this issue by considering history as a native concept for modeling foundations. Integrated, in conjunction with lazy load/storage techniques, into the Kevoree Modeling Framework, we demonstrate onto a smart grid case study, that this mechanisms enable a sustainable reasoning about massive historized models. [less ▲]

Detailed reference viewed: 263 (28 UL)
Full Text
Peer Reviewed
See detailAdvances in Model-Driven Security
Lucio, Levi; Zhang, Qin UL; Nguyen, Phu Hong UL et al

in Memon, Atif (Ed.) Advances in Computers (2014)

Sound methodologies for constructing security-critical systems are extremely important in order to confront the increasingly varied security threats. As a response to this need, Model-Driven Security has ... [more ▼]

Sound methodologies for constructing security-critical systems are extremely important in order to confront the increasingly varied security threats. As a response to this need, Model-Driven Security has emerged in the early 2000s as a specialized Model-Driven Engineering approach for supporting the development of security-critical systems. In this chapter we summarize the most important developments of Model-Driven Security during the past decade. In order to do so we start by building a taxonomy of the most important concepts of this domain. We then use our taxonomy to describe and evaluate a set of representative and influential Model-Driven Security approaches in the literature. In our development of this topic we concentrate on the concepts shared by Model-Driven Engineering and Model-Driven Security. This allows us to identify and debate the advantages, disadvantages and open issues when applying Model-Driven Engineering to the Information Security domain. This chapter provides a broad view of Model-Driven Security and is intended as an introduction to Model-Driven Security for students, researchers and practitioners. [less ▲]

Detailed reference viewed: 404 (24 UL)
Full Text
Peer Reviewed
See detailModularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management
Nguyen, Phu Hong UL; Nain, Grégory UL; Klein, Jacques UL et al

in Transactions on Aspect-Oriented Software Development (2014), 11

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the ... [more ▼]

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. Among the variety of models that have been studied in a Model-Driven Security perspective, one canmention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. Delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper gives a formalization of access control and delegation mechanisms, and analyses the main hard-points for introducing various advanced delegation semantics in Model-Driven Security. Then, we propose a modular model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy.We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different component-based systems running on different adaptive execution platforms, i.e. OSGi and Kevoree. [less ▲]

Detailed reference viewed: 241 (6 UL)
Full Text
Peer Reviewed
See detailThe NOAH Project: Giving a Chance to Threatened Species in Africa with UAVs
Olivares Mendez, Miguel Angel UL; Bissyandé, Tegawendé; Somasundar, Kannan et al

in Bissyandé, Tegawendé F.; van Stam, Gertjan (Eds.) e-Infrastructure and e-Services for Developing Countries (2014)

Organized crime now targets one of the most precious wealth in Africa, the wild life. The most affected by the poaching are the Big 5, whose survival requires attention and efforts from everyone, in ... [more ▼]

Organized crime now targets one of the most precious wealth in Africa, the wild life. The most affected by the poaching are the Big 5, whose survival requires attention and efforts from everyone, in accordance to his own expertise. Just as Noah (A patriarchal character in Abrahamic religions) was tasked to save every species from the Genesis flood, we envision the NOAH Project to (re)make natural parks as a safe haven. This endeavor requires efficient and effective surveillance which is now facilitated by the use of UAVs. We take this approach further by proposing the use of ICT algorithms to automate surveillance. The proposed intelligent system could inspect a bigger area, recognize potential threats and be manage by non-expert users, reducing the expensive resources that are needed by developing countries to address the problem. [less ▲]

Detailed reference viewed: 257 (12 UL)
Full Text
Peer Reviewed
See detailIdentifying and Visualising Commonality and Variability in Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Klein, Jacques UL et al

in ECMFA 2014 European Conference on Modelling Foundations and Applications (2014)

Detailed reference viewed: 270 (10 UL)
Peer Reviewed
See detailBUT4Reuse Feature identifier: Identifying reusable features on software variants
Martinez, Jabier UL; Ziadi, Tewfik; Klein, Jacques UL et al

Poster (2014)

Detailed reference viewed: 183 (27 UL)
Full Text
Peer Reviewed
See detailA Systematic Review of Model-Driven Security
Nguyen, Phu Hong UL; Klein, Jacques UL; Kramer, Max et al

in The 20th Asia-Pacific Software Engineering Conference Proceedings (2013, December)

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a ... [more ▼]

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a decade ago as a specialized Model-Driven Engineering approach for supporting the development of secure systems. MDS aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. This paper presents how we systematically examined existing published work in MDS and its results. The systematic review process, which is based on a formally designed review protocol, allowed us to identify, classify, and evaluate different MDS approaches. To be more specific, from thousands of relevant papers found, a final set of the most relevant MDS publications has been identified, strictly selected, and reviewed. We present a taxonomy for MDS, which is used to synthesize data in order to classify and evaluate the selected MDS approaches. The results draw a wide picture of existing MDS research showing the current status of the key aspects in MDS as well as the identified most relevant MDS approaches.We discuss the main limitations of the existing MDS approaches and suggest some potential research directions based on these insights. [less ▲]

Detailed reference viewed: 302 (13 UL)
Full Text
Peer Reviewed
See detailGot Issues? Who Cares About It? A Large Scale Investigation of Issue Trackers from GitHub
Bissyande, Tegawendé François D Assise UL; Lo, David; Jiang, Lingxiao et al

in Proceedings of the 24th International Symposium on Software Reliability Engineering (ISSRE 2013) (2013, November)

Detailed reference viewed: 194 (9 UL)
Full Text
Peer Reviewed
See detailAchieving Practical Genericity in Model Weaving through Extensibility
Kramer, Max E.; Klein, Jacques UL; Steel, Jim R. H. et al

in Duddy, Keith; Kappel, Gerti (Eds.) Theory and Practice of Model Transformations (2013)

Detailed reference viewed: 211 (1 UL)
Full Text
See detailHighly precise taint analysis for Android applications
Fritz, Christian; Arzt, Steven; Rasthofer, Siegfried et al

Report (2013)

Today’s smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive ... [more ▼]

Today’s smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive data, or to track users without their consent or even the users noticing. Dynamic program analyses fail to discover such malicious activity because apps have learned to recognize the analyses as they execute. In this work we present FlowDroid, a novel and highly precise taint analysis for Android applications. A precise model of Android’s lifecycle allows the analysis to properly handle callbacks, while context, flow, field and objectsensitivity allows the analysis to track taints with a degree of precision unheard of from previous Android analyses. We also propose DroidBench, an open test suite for evaluating the e↵ectiveness and accuracy of taint-analysis tools specifically for Android apps. As we show through a set of experiments using SecuriBench Micro, DroidBench and a set of well-known Android test applications, our approach finds a very high fraction of data leaks while keeping the rate of false positives low. On DroidBench, our approach achieves 93% recall and 86% precision, greatly outperforming the commercial tools AppScan Source and Fortify SCA. [less ▲]

Detailed reference viewed: 116 (1 UL)
Full Text
Peer Reviewed
See detailModel-Driven Adaptive Delegation
Nguyen, Phu Hong UL; Nain, Grégory UL; Klein, Jacques UL et al

in Masuhara, Hidehiko; Chiba, Sigeru; Ubayashi, Naoyasu (Eds.) Proceedings of the 12th annual international conference companion on Aspect-oriented software development (2013, March)

Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that ... [more ▼]

Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that have been studied in a MDE perspective, one can mention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. User delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper analyses the main hard-points for introducing various delegation semantics in model-driven security and proposes a model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy. We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different systems. [less ▲]

Detailed reference viewed: 209 (15 UL)
Full Text
Peer Reviewed
See detailPLEDGE: a product line editor and test generation tool
Henard, Christopher UL; Papadakis, Mike UL; Perrouin, Gilles UL et al

in 17th International Software Product Line Conference co-located workshops, SPLC 2013 workshops, Tokyo, Japan - August 26 (2013)

Detailed reference viewed: 164 (6 UL)
Full Text
Peer Reviewed
See detailMulti-objective test generation for software product lines
Henard, Christopher UL; Papadakis, Mike UL; Perrouin, Gilles UL et al

in 17th International Software Product Line Conference, SPLC 2013, Tokyo, Japan - August 26 - 30, 2013 (2013)

Detailed reference viewed: 166 (13 UL)