References of "Klein, Jacques 50002098"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAutomatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

in IEEE/ACM International Conference on Automated Software Engineering (2012)

In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage ... [more ▼]

In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare. [less ▲]

Detailed reference viewed: 161 (5 UL)
Full Text
Peer Reviewed
See detailBuilding specifications as a domain-specific aspect language
Kramer, Max E.; Klein, Jacques UL; Steel, Jim R. H.

in DSAL'12 - Proceedings of the 7th Workshop on Domain-Specific Aspect Languages (2012)

In the construction industry an increasing number of buildings are designed using semantically rich three-dimensional models. In parallel, additional information is specified in a natural-language ... [more ▼]

In the construction industry an increasing number of buildings are designed using semantically rich three-dimensional models. In parallel, additional information is specified in a natural-language document called a building specification. 1 As not all details are present in the model these specifications have to be interpreted whenever costs are estimated or other analyses are performed. In this paper, we argue that building specifications contain cross-cutting concerns. We also argue that domain experts should be given the ability to formulate building specifications using a domain-specific aspect language so that the corresponding details can automatically be integrated into the model. The language needs to support a multitude of domain-specific abstractions that are absent in the building meta-model. Therefore we propose to allow the domain experts to extend the language iteratively by defining interpretation patterns [1]. Such a model enriching specification will improve tasks requiring detailed information and will allow for earlier or even concurrent development of the building specification along with the model. © 2012 ACM. [less ▲]

Detailed reference viewed: 131 (0 UL)
Full Text
See detailImproving Privacy on Android Smartphones Through In-Vivo Bytecode Instrumentation
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

Report (2012)

In this paper we claim that a widely applicable and efficient means to fight against malicious mobile Android applications is: 1) to perform runtime monitoring 2) by instrumenting the application bytecode ... [more ▼]

In this paper we claim that a widely applicable and efficient means to fight against malicious mobile Android applications is: 1) to perform runtime monitoring 2) by instrumenting the application bytecode and 3) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: FineGPolicy, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. [less ▲]

Detailed reference viewed: 256 (26 UL)
Full Text
Peer Reviewed
See detailDexpler: Converting Android Dalvik Bytecode to Jimple for Static Analysis with Soot
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

in ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012) (2012)

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple is Soot’s main internal rep- resentation of code, the ... [more ▼]

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple is Soot’s main internal rep- resentation of code, the Dalvik bytecode can be manipu- lated with any Jimple based tool, for instance for performing point-to or flow analysis. [less ▲]

Detailed reference viewed: 185 (11 UL)
Full Text
See detailOn the Formalisation of GeKo: a Generic Aspect Models Weaver
Klein, Jacques UL; Kramer, Max E.; Steel, Jim R. H. et al

in On the Formalisation of GeKo: a Generic Aspect Models Weaver (Tech Report) (2012)

This technical report presents the formalisation of the composition operator of GeKo, a Generic Aspect Models Weaver

Detailed reference viewed: 76 (1 UL)
Full Text
Peer Reviewed
See detailPairwise testing for software product lines: Comparison of two approaches
Perrouin, Gilles UL; Oster, Sebastian; Sen, Sagar et al

in Software Quality Journal (2012), 20(3), 605-643

Software Product Lines (SPL) are difficult to validate due to combinatorics induced by variability, which in turn leads to combinatorial explosion of the number of derivable products. Exhaustive testing in ... [more ▼]

Software Product Lines (SPL) are difficult to validate due to combinatorics induced by variability, which in turn leads to combinatorial explosion of the number of derivable products. Exhaustive testing in such a large products space is hardly feasible. Hence, one possible option is to test SPLs by generating test configurations that cover all possible t feature interactions (t-wise). It dramatically reduces the number of test products while ensuring reasonable SPL coverage. In this paper, we report our experience on applying t-wise techniques for SPL with two independent toolsets developed by the authors. One focuses on generality and splits the generation problem according to strategies. The other emphasizes providing efficient generation. To evaluate the respective merits of the approaches, measures such as the number of generated test configurations and the similarity between them are provided. By applying these measures, we were able to derive useful insights for pairwise and t-wise testing of product lines. [less ▲]

Detailed reference viewed: 162 (3 UL)
Full Text
See detailIn-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments
Bartel, Alexandre; Klein, Jacques UL; Monperrus, Martin et al

E-print/Working paper (2012)

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in ... [more ▼]

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: BetterPermissions, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. [less ▲]

Detailed reference viewed: 90 (18 UL)
Full Text
Peer Reviewed
See detailModel Driven Mutation Applied to Adaptative Systems Testing
Bartel, Alexandre UL; Baudry, Benoit; Munoz, Freddy et al

in Mutation 2011 (@ICST) (2011)

Dynamically Adaptive Systems modify their behavior and structure in response to changes in their surrounding environment and according to an adaptation logic. Critical systems increasingly incorporate ... [more ▼]

Dynamically Adaptive Systems modify their behavior and structure in response to changes in their surrounding environment and according to an adaptation logic. Critical systems increasingly incorporate dynamic adaptation capabilities, examples include disaster relief and space exploration systems. In this paper, we focus on mutation testing of the adaptation logic. We propose a fault model for adaptation logics that classifies faults into environmental completeness and adaptation correctness. Since there are several adaptation logic languages relying on the same underlying concepts, the fault model is expressed independently from specific adaptation languages. Taking benefit from model-driven engineering technology, we express these common concepts in a metamodel and define the operational semantics of mutation operators at this level. Mutation is applied on model elements and model transformations are used to propagate these changes to a given adaptation policy in the chosen formalism. Preliminary results on an adaptive web server highlight the difficulty of killing mutants for adaptive systems, and thus the difficulty of generating efficient tests. [less ▲]

Detailed reference viewed: 166 (5 UL)
Full Text
Peer Reviewed
See detailIssues in model-driven behavioural product derivation
Istoan, Paul; Biri, Nicolas; Klein, Jacques UL

in Fifth International Workshop on Variability Modelling of Software-intensive Systems (Vamos 2011) (2011)

Model Driven Engineering (MDE) was identified as a viable software development paradigm to help improve the product derivation phase of the Software Product Line (SPL) engineering process. Existing model ... [more ▼]

Model Driven Engineering (MDE) was identified as a viable software development paradigm to help improve the product derivation phase of the Software Product Line (SPL) engineering process. Existing model-driven derivation approaches fail to properly address the behavioural derivation part, yielding a frustrating situation. In this paper we first introduce a modeldriven derivation approach that combines Feature Diagrams (FD) and model fragments. We then identify and analyse several issues that emerge during the derivation process. We show that the order in which models associated to selected features are composed has a great impact on the end result of the derivation. We also present a particular class of features called disjoint and prove that current composition operators do not offer any viable solution to compose them. Finally, we argue that insufficient information available to composition operators leads to derivation results that do not satisfy user requirements. [less ▲]

Detailed reference viewed: 101 (0 UL)
Full Text
See detailAutomatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

in Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android (Tech Report) (2011)

Android based devices are becoming widespread. As a result and since those devices contain personal and confidential data, the security model of the android software stack has been analyzed extensively ... [more ▼]

Android based devices are becoming widespread. As a result and since those devices contain personal and confidential data, the security model of the android software stack has been analyzed extensively. One key feature of the security model is that applications must declare a list of permissions they are using to access resources. Using static analysis, we first extracted a table from the Android API which maps methods to permissions. Then, we use this mapping within a tool we developed to check that applications effectively need all the permissions they declare. Using our tool on a set of android applications, we found out that a non negligible part of the applications do not use all the permissions they declare. Consequently, the attack surface of such applications can be reduced by removing the non-needed permissions. [less ▲]

Detailed reference viewed: 198 (5 UL)
Full Text
Peer Reviewed
See detailA Metamodel-based Classification of Variability Modeling Approaches
Istoan, Paul; Klein, Jacques UL; Perrouin, Gilles UL et al

in VARY, International Workshop affiliated with ACM/IEEE 14th International Conference on Driven Engineering Languages and Systems (2011)

Software Product Line Engineering (SPLE) is an emerging paradigm taking momentum that proposes to address flexibility and shorter time-to-market by maximizing software reuse. The key characteristic of ... [more ▼]

Software Product Line Engineering (SPLE) is an emerging paradigm taking momentum that proposes to address flexibility and shorter time-to-market by maximizing software reuse. The key characteristic of SPLE is the effective modelling and management of variability, for which a number of Variability Modeling (VM) techniques have been developed during the last two decades. Therefore, understanding their commonalities and differences is important for selecting the most suitable technique. In this paper, we propose a metamodel-based classification of VM techniques gathered through a survey of relevant literature. [less ▲]

Detailed reference viewed: 189 (1 UL)
Full Text
Peer Reviewed
See detailAspect-Oriented Model Development at Different Levels of Abstraction
Alferez, Mauricio; Amalio, Nuno UL; Ciraci, Selim et al

in Modelling Foundations and Applications - 7th European Conference, ECMFA 2011 (2011)

The last decade has seen the development of diverse aspect-oriented modeling (AOM) approaches. This paper presents eight different AOM approaches that produce models at different level of abstraction. The ... [more ▼]

The last decade has seen the development of diverse aspect-oriented modeling (AOM) approaches. This paper presents eight different AOM approaches that produce models at different level of abstraction. The approaches are different with respect to the phases of the development lifecycle they target, and the support they provide for model composition and verification. The approaches are illustrated by models of the same concern from a case study to enable comparing of their expressive means. Understanding common elements and differences of approaches clarifies the role of aspect-orientation in the software development process. [less ▲]

Detailed reference viewed: 106 (1 UL)
Full Text
Peer Reviewed
See detailAspect-Oriented Design with Reusable Aspect Models
Joerg, Kienzle; Wisam, Al Abedl; Fleurey, Franck et al

in Transactions on Aspect-Oriented Software Development (2010)

Detailed reference viewed: 154 (6 UL)
Full Text
Peer Reviewed
See detailFlexible model element introduction policies for aspect-oriented modeling
Morin, Brice; Klein, Jacques UL; Kienzle, Jörg et al

in Abstract book of 13th IEEE/ACM International Conference on Model Driven Engineering Languages and Systems, MODELS 2010, LNCS (2010), 6395 LNCS(PART 2), 63-77

Aspect-Oriented Modeling techniques make it possible to use model transformation to achieve advanced separation of concerns within models. Applying aspects that introduce model elements into a base model ... [more ▼]

Aspect-Oriented Modeling techniques make it possible to use model transformation to achieve advanced separation of concerns within models. Applying aspects that introduce model elements into a base model in the context of large, potentially composite models is nevertheless tricky: when a pointcut model matches several join points within the base model, it is not clear whether the introduced element should be instantiated once for each match, once within each composite, once for the whole model, or based on a more elaborate criteria. This paper argues that in order to enable a modeler to write semantically correct aspects for large, composite models, an aspect weaver must support a flexible instantiation policy for model element introduction. Example models highlighting the need for such a mechanism are shown, and details of how such policies can be implemented are presented. © 2010 Springer-Verlag. [less ▲]

Detailed reference viewed: 109 (2 UL)
Full Text
Peer Reviewed
See detailAutomated and Scalable T-wise Test Case Generation Strategies for Software Product Lines
Perrouin, Gilles UL; Sen, Sagar; Klein, Jacques UL et al

in International Conference on Software Test and Validation (2010)

Detailed reference viewed: 292 (1 UL)
Full Text
Peer Reviewed
See detailAspect model unweaving
Klein, Jacques UL; Kienzle, J.; Morin, B. et al

in Abstract book of 12th IEEE/ACM International Conference on Model Driven Engineering Languages and Systems, MODELS 2009, (2009), 5795 LNCS

Since software systems need to be continuously available, their ability to evolve at runtime is a key issue. The emergence of models@runtime, combined with Aspect-Oriented Modeling techniques, is a ... [more ▼]

Since software systems need to be continuously available, their ability to evolve at runtime is a key issue. The emergence of models@runtime, combined with Aspect-Oriented Modeling techniques, is a promising approach to tame the complexity of adaptive systems. However, with no support for aspect unweaving, these approaches are not agile enough in an adaptive system context. In case of small modifications, the adapted model has to be generated by again weaving all the aspects, even those unchanged. This paper shows how aspects can be unwoven, based on a precise traceability metamodel dedicated to aspect model weaving. We analyze traceability models, which describe how aspects were woven into a base, to determine the extent to which an aspect has affected the woven model in order to determine how it can be unwoven. Aspect unweaving is finally performed by applying inverse operations of a sub-sequence of the weaving operations in opposite order. © 2009 Springer Berlin Heidelberg. [less ▲]

Detailed reference viewed: 69 (4 UL)
Full Text
Peer Reviewed
See detailAspect-Oriented Multi-View Modeling
Kienzle, Joerg; Al Abed, Wisam; Klein, Jacques UL

in Abstract book of 8th International Conference on Aspect Oriented Software Development (AOSD.09) (2009)

Detailed reference viewed: 115 (6 UL)
Full Text
Peer Reviewed
See detailA Generic Weaver for supporting Product Lines
Morin, Brice; Klein, Jacques UL; Barais, Olivier et al

in Early Aspects Workshop at E (2008)

Detailed reference viewed: 89 (1 UL)
Full Text
Peer Reviewed
See detailComposing Multi-View Aspect Models
Barais, Olivier; Klein, Jacques UL; Baudry, Benoit et al

in Abstract book of 7th IEEE International Conference on Composition Based Software Systems (2008)

Large models for complex systems can be decomposed in separate pieces corresponding to different perspectives on the system. This decomposition allows the modeller to check properties locally on some ... [more ▼]

Large models for complex systems can be decomposed in separate pieces corresponding to different perspectives on the system. This decomposition allows the modeller to check properties locally on some aspects of the system before considering the global complexity of the model. In this paper we consider two types of decomposition: according to the concerns identified in the requirements and according to structural and behavioural perspectives. Once the separate models are available and have been checked separately, they have to be composed to check global properties. In this work, we propose automatic composition operators for symmetric and asymmetric concern models, each concern being modelled from a structural and behavioural point of view. [less ▲]

Detailed reference viewed: 101 (1 UL)
Full Text
Peer Reviewed
See detailReconciling Automation and Flexibility in Product Derivation
Perrouin, Gilles UL; Klein, Jacques UL; Guelfi, Nicolas UL et al

in Abstract book of 12th International Software Product Line Conference (SPLC2008) (2008)

Product derivation, i.e. reusing core assets to build products, did not receive sufficient attention from the product-line community, yielding a frustrating situation. On the one hand, automated product ... [more ▼]

Product derivation, i.e. reusing core assets to build products, did not receive sufficient attention from the product-line community, yielding a frustrating situation. On the one hand, automated product derivation approaches are inflexible; they do not allow products meeting unforeseen, customer-specific, requirements. On the other hand, approaches that consider this issue do not provide adequate methodological guidelines nor automated support. This paper proposes an integrated product derivation approach reconciling the two views to offer both flexibility and automation. First, we perform a pre-configuration of the product by selecting desired features in a generic feature model and automatically composing their related product-line core assets. Then, we adapt the pre-configured product to its customer-specific requirements via derivation primitives combined by product engineers and controlled by constraints that flexibly set product line boundaries. Our process is supported by the Kermeta metamodeling environment and illustrated through an example. [less ▲]

Detailed reference viewed: 115 (5 UL)