References of "Klein, Jacques 50002098"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailA Systematic Review of Model-Driven Security
Nguyen, Phu Hong UL; Klein, Jacques UL; Kramer, Max et al

in The 20th Asia-Pacific Software Engineering Conference Proceedings (2013, December)

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a ... [more ▼]

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a decade ago as a specialized Model-Driven Engineering approach for supporting the development of secure systems. MDS aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. This paper presents how we systematically examined existing published work in MDS and its results. The systematic review process, which is based on a formally designed review protocol, allowed us to identify, classify, and evaluate different MDS approaches. To be more specific, from thousands of relevant papers found, a final set of the most relevant MDS publications has been identified, strictly selected, and reviewed. We present a taxonomy for MDS, which is used to synthesize data in order to classify and evaluate the selected MDS approaches. The results draw a wide picture of existing MDS research showing the current status of the key aspects in MDS as well as the identified most relevant MDS approaches.We discuss the main limitations of the existing MDS approaches and suggest some potential research directions based on these insights. [less ▲]

Detailed reference viewed: 284 (13 UL)
Full Text
Peer Reviewed
See detailGot Issues? Who Cares About It? A Large Scale Investigation of Issue Trackers from GitHub
Bissyande, Tegawendé François D Assise UL; Lo, David; Jiang, Lingxiao et al

in Proceedings of the 24th International Symposium on Software Reliability Engineering (ISSRE 2013) (2013, November)

Detailed reference viewed: 179 (7 UL)
Full Text
Peer Reviewed
See detailAchieving Practical Genericity in Model Weaving through Extensibility
Kramer, Max E.; Klein, Jacques UL; Steel, Jim R. H. et al

in Duddy, Keith; Kappel, Gerti (Eds.) Theory and Practice of Model Transformations (2013)

Detailed reference viewed: 198 (1 UL)
Full Text
See detailHighly precise taint analysis for Android applications
Fritz, Christian; Arzt, Steven; Rasthofer, Siegfried et al

Report (2013)

Today’s smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive ... [more ▼]

Today’s smart phones are a ubiquitous source of private and confidential data. At the same time, smartphone users are plagued by malicious apps that exploit their given privileges to steal such sensitive data, or to track users without their consent or even the users noticing. Dynamic program analyses fail to discover such malicious activity because apps have learned to recognize the analyses as they execute. In this work we present FlowDroid, a novel and highly precise taint analysis for Android applications. A precise model of Android’s lifecycle allows the analysis to properly handle callbacks, while context, flow, field and objectsensitivity allows the analysis to track taints with a degree of precision unheard of from previous Android analyses. We also propose DroidBench, an open test suite for evaluating the e↵ectiveness and accuracy of taint-analysis tools specifically for Android apps. As we show through a set of experiments using SecuriBench Micro, DroidBench and a set of well-known Android test applications, our approach finds a very high fraction of data leaks while keeping the rate of false positives low. On DroidBench, our approach achieves 93% recall and 86% precision, greatly outperforming the commercial tools AppScan Source and Fortify SCA. [less ▲]

Detailed reference viewed: 109 (1 UL)
Full Text
Peer Reviewed
See detailModel-Driven Adaptive Delegation
Nguyen, Phu Hong UL; Nain, Grégory UL; Klein, Jacques UL et al

in Masuhara, Hidehiko; Chiba, Sigeru; Ubayashi, Naoyasu (Eds.) Proceedings of the 12th annual international conference companion on Aspect-oriented software development (2013, March)

Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that ... [more ▼]

Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that have been studied in a MDE perspective, one can mention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. User delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper analyses the main hard-points for introducing various delegation semantics in model-driven security and proposes a model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy. We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different systems. [less ▲]

Detailed reference viewed: 196 (15 UL)
Full Text
Peer Reviewed
See detailSustainable ICT4D in Africa: Where Do We Go From Here?
Bissyande, Tegawendé François D Assise UL; Ahmat, Daouda; Ouoba, Jonathan et al

in EAI International Conference on e-Infrastructure and e-Services for Developing Countries (2013)

In recent years many researchers in Africa and beyond have devoted considerable resources investigating ways to harness the potential of ICT for improving users’ livelihood in developing areas. Topics and ... [more ▼]

In recent years many researchers in Africa and beyond have devoted considerable resources investigating ways to harness the potential of ICT for improving users’ livelihood in developing areas. Topics and domains of interest appear to be broad with recurring themes and solutions. Unfortunately there are no clear research roadmaps on what is urgent and of the state of the art solutions. In this position paper for the AFRICOMM series of conference, we propose to investigate some priorities for ICT4D in Africa. We believe that our work could motivate researchers and create a synergy around a few important challenges of ICT4D in Africa. [less ▲]

Detailed reference viewed: 160 (1 UL)
Full Text
Peer Reviewed
See detailEffective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis
Octeau, Damien; McDaniel, Patrick; Jha, Somesh et al

in Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis (2013)

Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application ... [more ▼]

Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application communication are ad hoc and do not scale to large numbers of ap- plications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Interprocedural Distributive Environment (IDE) problem, and develop a sound static analysis technique targeted to the Android platform. We apply this analysis to 1,200 applications selected from the Play store and characterize the locations and substance of their ICC. Experiments show that full specifications for ICC can be identified for over 93% of ICC locations for the applications studied. Further the analysis scales well; analysis of each application took on average 113 seconds to complete. Epicc, the resulting tool, finds ICC vulnerabilities with far fewer false positives than the next best tool. In this way, we develop a scalable vehicle to extend current security analysis to entire collections of applications as well as the interfaces they export. [less ▲]

Detailed reference viewed: 529 (7 UL)
Full Text
Peer Reviewed
See detailPLEDGE: a product line editor and test generation tool
Henard, Christopher UL; Papadakis, Mike UL; Perrouin, Gilles UL et al

in 17th International Software Product Line Conference co-located workshops, SPLC 2013 workshops, Tokyo, Japan - August 26 (2013)

Detailed reference viewed: 148 (6 UL)
Full Text
Peer Reviewed
See detailMulti-objective test generation for software product lines
Henard, Christopher UL; Papadakis, Mike UL; Perrouin, Gilles UL et al

in 17th International Software Product Line Conference, SPLC 2013, Tokyo, Japan - August 26 - 30, 2013 (2013)

Detailed reference viewed: 155 (13 UL)
Full Text
Peer Reviewed
See detailAssessing Software Product Line Testing Via Model-Based Mutation: An Application to Similarity Testing
Henard, Christopher UL; Papadakis, Mike UL; Perrouin, Gilles UL et al

in 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation, Workshops Proceedings, Luxembourg, Luxembourg, March 18-22, 2013 (2013)

Detailed reference viewed: 190 (13 UL)
Full Text
Peer Reviewed
See detailTowards automated testing and fixing of re-engineered feature models
Henard, Christopher UL; Papadakis, Mike UL; Perrouin, Gilles UL et al

in Proceedings of the 2013 International Conference on Software Engineering (2013)

Detailed reference viewed: 1018 (8 UL)
Full Text
Peer Reviewed
See detailTowards Flexible Evolution of Dynamically Adaptive Systems
Perrouin, Gilles UL; Morin, Brice; Chauvel, Franck et al

in New Ideas & Emerging Results Track of the International Conference of Software Engineering (NIER@ICSE) (2012, June)

Modern software systems need to be continuously available under varying conditions. Their ability adapt to their execution context is thus increasingly seen as a key to their success. Recently, many ... [more ▼]

Modern software systems need to be continuously available under varying conditions. Their ability adapt to their execution context is thus increasingly seen as a key to their success. Recently, many approaches were proposed to design and support the execution of Dynamically Adaptive Systems (DAS). However, the ability of a DAS to evolve is limited to the addition, update or removal of adaptation rules or reconfiguration scripts. These artifacts are very specific to the control loop managing such a DAS and runtime evolution of the DAS requirements may affect other parts of the DAS. In this paper, we argue to evolve all parts of the loop. We suggest leveraging recent advances in model-driven techniques to offer an approach that supports the evolution of both systems and their adaptation capabilities. The basic idea is to consider the control loop itself as an adaptive system. [less ▲]

Detailed reference viewed: 140 (1 UL)
Full Text
See detailIn-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments
Bartel, Alexandre; Klein, Jacques UL; Monperrus, Martin et al

E-print/Working paper (2012)

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in ... [more ▼]

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: BetterPermissions, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. [less ▲]

Detailed reference viewed: 104 (18 UL)
Full Text
See detailImproving Privacy on Android Smartphones Through In-Vivo Bytecode Instrumentation
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

Report (2012)

In this paper we claim that a widely applicable and efficient means to fight against malicious mobile Android applications is: 1) to perform runtime monitoring 2) by instrumenting the application bytecode ... [more ▼]

In this paper we claim that a widely applicable and efficient means to fight against malicious mobile Android applications is: 1) to perform runtime monitoring 2) by instrumenting the application bytecode and 3) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: FineGPolicy, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. [less ▲]

Detailed reference viewed: 269 (26 UL)
Peer Reviewed
See detailComparing Six Modeling Approaches
Mussbacher, Gunter; Al Abed, Wisam; Alam, Omar et al

in Kienzle, Joerg (Ed.) Models in Software Engineering (2012)

Detailed reference viewed: 135 (4 UL)
Full Text
Peer Reviewed
See detailBuilding specifications as a domain-specific aspect language
Kramer, Max E.; Klein, Jacques UL; Steel, Jim R. H.

in DSAL'12 - Proceedings of the 7th Workshop on Domain-Specific Aspect Languages (2012)

In the construction industry an increasing number of buildings are designed using semantically rich three-dimensional models. In parallel, additional information is specified in a natural-language ... [more ▼]

In the construction industry an increasing number of buildings are designed using semantically rich three-dimensional models. In parallel, additional information is specified in a natural-language document called a building specification. 1 As not all details are present in the model these specifications have to be interpreted whenever costs are estimated or other analyses are performed. In this paper, we argue that building specifications contain cross-cutting concerns. We also argue that domain experts should be given the ability to formulate building specifications using a domain-specific aspect language so that the corresponding details can automatically be integrated into the model. The language needs to support a multitude of domain-specific abstractions that are absent in the building meta-model. Therefore we propose to allow the domain experts to extend the language iteratively by defining interpretation patterns [1]. Such a model enriching specification will improve tasks requiring detailed information and will allow for earlier or even concurrent development of the building specification along with the model. © 2012 ACM. [less ▲]

Detailed reference viewed: 148 (0 UL)
Full Text
Peer Reviewed
See detailDexpler: Converting Android Dalvik Bytecode to Jimple for Static Analysis with Soot
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

in ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012) (2012)

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple is Soot’s main internal rep- resentation of code, the ... [more ▼]

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple is Soot’s main internal rep- resentation of code, the Dalvik bytecode can be manipu- lated with any Jimple based tool, for instance for performing point-to or flow analysis. [less ▲]

Detailed reference viewed: 205 (11 UL)
Full Text
See detailEvolving Software - Introduction to the Special Theme
Mens, Tom; Klein, Jacques UL

in ERCIM News (2012), 88

Detailed reference viewed: 75 (1 UL)
Full Text
Peer Reviewed
See detailPairwise testing for software product lines: Comparison of two approaches
Perrouin, Gilles UL; Oster, Sebastian; Sen, Sagar et al

in Software Quality Journal (2012), 20(3), 605-643

Software Product Lines (SPL) are difficult to validate due to combinatorics induced by variability, which in turn leads to combinatorial explosion of the number of derivable products. Exhaustive testing in ... [more ▼]

Software Product Lines (SPL) are difficult to validate due to combinatorics induced by variability, which in turn leads to combinatorial explosion of the number of derivable products. Exhaustive testing in such a large products space is hardly feasible. Hence, one possible option is to test SPLs by generating test configurations that cover all possible t feature interactions (t-wise). It dramatically reduces the number of test products while ensuring reasonable SPL coverage. In this paper, we report our experience on applying t-wise techniques for SPL with two independent toolsets developed by the authors. One focuses on generality and splits the generation problem according to strategies. The other emphasizes providing efficient generation. To evaluate the respective merits of the approaches, measures such as the number of generated test configurations and the similarity between them are provided. By applying these measures, we were able to derive useful insights for pairwise and t-wise testing of product lines. [less ▲]

Detailed reference viewed: 180 (3 UL)
Full Text
See detailOn the Formalisation of GeKo: a Generic Aspect Models Weaver
Klein, Jacques UL; Kramer, Max E.; Steel, Jim R. H. et al

in On the Formalisation of GeKo: a Generic Aspect Models Weaver (Tech Report) (2012)

This technical report presents the formalisation of the composition operator of GeKo, a Generic Aspect Models Weaver

Detailed reference viewed: 85 (1 UL)