References of "Le Traon, Yves 50002182"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailMetallaxis-FL: mutation-based fault localization
Papadakis, Mike UL; Le Traon, Yves UL

in Software Testing : Verification & Reliability (2015), 25

Detailed reference viewed: 259 (18 UL)
Full Text
Peer Reviewed
See detailRoundtable: Research Opportunities and Challenges for Emerging Software Systems
Zhang, X.; Zhang, D.; Le Traon, Yves UL et al

in Journal of Computer Science and Technology (2015), 30(5), 935-941

For this special section on software systems, several research leaders in software systems, as guest editors for this special section, discuss important issues that will shape this field’s future ... [more ▼]

For this special section on software systems, several research leaders in software systems, as guest editors for this special section, discuss important issues that will shape this field’s future directions. The essays included in this roundtable article cover research opportunities and challenges for emerging software systems such as data processing programs (Xiangyu Zhang) and online services (Dongmei Zhang), with new directions of technologies such as unifications in software testing (Yves Le Traon), data-driven and evidence-based software engineering (Qing Wang), and dynamic analysis of multiple traces (Lu Zhang). — Tao Xie, Leading Editor of Special Section on Software System. © 2015, Springer Science+Business Media New York. [less ▲]

Detailed reference viewed: 124 (4 UL)
Full Text
Peer Reviewed
See detailAutomated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets
Xu, Dianxiang; Kent, Michael; Thomas, Lijo et al

in IEEE TRANSACTIONS ON COMPUTERS (2015), 64(9), 2490-2505

Role-based access control is an important access control method for securing computer systems. A role-based access control policy can be implemented incorrectly due to various reasons, such as programming ... [more ▼]

Role-based access control is an important access control method for securing computer systems. A role-based access control policy can be implemented incorrectly due to various reasons, such as programming errors. Defects in the implementation may lead to unauthorized access and security breaches. To reveal access control defects, this paper presents a model-based approach to automated generation of executable access control tests using predicate/transition nets. Role-permission test models are built by integrating declarative access control rules with functional test models or contracts (preconditions and postconditions) of the associated activities (the system functions). The access control tests are generated automatically from the test models to exercise the interactions of access control activities. They are transformed into executable code through a model-implementation mapping that maps the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages. The full model-based testing process has been applied to three systems implemented in Java. The effectiveness is evaluated through mutation analysis of role-based access control rules. The experiments show that the model-based approach is highly effective in detecting the seeded access control defects. [less ▲]

Detailed reference viewed: 93 (16 UL)
Full Text
Peer Reviewed
See detailAn Investigation into the Use of Common Libraries in Android Apps
Li, Li UL; Bissyandé, Tegawendé F.; Klein, Jacques UL et al

in arXiv preprint arXiv:1511.06554 (2015)

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not ... [more ▼]

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not part of the functionality delivered by the app. Such code is often contributed by the common libraries which are used pervasively by all apps. Unfortunately, Android analyses, e.g., for piggybacking detection and malware detection, can produce inaccurate results if they do not take into account the case of library code, which constitute noise in app features. Despite some efforts on investigating Android libraries, the momentum of Android research has not yet produced a complete set of common libraries to further support in-depth analysis of Android apps. In this paper, we leverage a dataset of about 1.5 million apps from Google Play to harvest potential common libraries, including advertisement libraries. With several steps of refinements, we finally collect by far the largest set of 1,113 libraries supporting common functionalities and 240 libraries for advertisement. We use the dataset to investigates several aspects of Android libraries, including their popularity and their proportion in Android app code. Based on these datasets, we have further performed several empirical investigations to confirm the motivations behind our work. [less ▲]

Detailed reference viewed: 166 (27 UL)
Full Text
Peer Reviewed
See detailSimilarity testing for access control
Bertolino, A.; Daoudagh, S.; El Kateb, Donia UL et al

in Information and Software Technology (2015), 58

Context: Access control is among the most important security mechanisms, and XACML is the de facto standard for specifying, storing and deploying access control policies. Since it is critical that ... [more ▼]

Context: Access control is among the most important security mechanisms, and XACML is the de facto standard for specifying, storing and deploying access control policies. Since it is critical that enforced policies are correct, policy testing must be performed in an effective way to identify potential security flaws and bugs. In practice, exhaustive testing is impossible due to budget constraints. Therefore the tests need to be prioritized so that resources are focused on their most relevant subset. Objective: This paper tackles the issue of access control test prioritization. It proposes a new approach for access control test prioritization that relies on similarity. Method: The approach has been applied to several policies and the results have been compared to random prioritization (as a baseline). To assess the different prioritization criteria, we use mutation analysis and compute the mutation scores reached by each criterion. This helps assessing the rate of fault detection. Results: The empirical results indicate that our proposed approach is effective and its rate of fault detection is higher than that of random prioritization. Conclusion: We conclude that prioritization of access control test cases can be usefully based on similarity criteria. © 2014 Elsevier B.V. All rights reserved. [less ▲]

Detailed reference viewed: 149 (6 UL)
Full Text
Peer Reviewed
See detailAutomating the Extraction of Model-based Software Product Lines from Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Bissyande, Tegawendé François D Assise UL et al

in 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015) (2015)

Detailed reference viewed: 107 (9 UL)
Full Text
Peer Reviewed
See detailCombining Multi-Objective Search and Constraint Solving for Configuring Large Software Product Lines
Henard, Christopher UL; Papadakis, Mike UL; Harman, Mark et al

in 37th International Conference on Software Engineering (ICSE 2015) (2015)

Detailed reference viewed: 228 (11 UL)
Full Text
Peer Reviewed
See detailTowards a full support of obligations in XACML
El Kateb, Donia UL; Elrakaiby, Yehia UL; Mouelhi, T. et al

in Lecture Notes in Computer Science (2015), 8924

Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy. XACML (eXtensible Access Control Markup Language) proposes a ... [more ▼]

Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy. XACML (eXtensible Access Control Markup Language) proposes a conceptual architecture and a policy language to reflect this ideal design of policy-based systems.However, while rights are well-captured by authorizations, duties, also called obligations, are not well managed by XACML architecture. The current version of XACML lacks (1) well-defined syntax to express obligations and (2) an unified model to handle decision making w.r.t. obligation states and the history of obligations fulfillment/ violation. In this work, we propose an extension of XACML reference model that integrates obligation states in the decision making process.We have extended XACML language and architecture for a better obligations support and have shown how obligations are managed in our proposed extended XACML architecture: OB-XACML. © Springer International Publishing Switzerland 2015. [less ▲]

Detailed reference viewed: 137 (4 UL)
Full Text
Peer Reviewed
See detailEmpirical assessment of machine learning-based malware detectors for Android: Measuring the Gap between In-the-Lab and In-the-Wild Validation Scenarios
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Jerome, Quentin UL et al

in Empirical Software Engineering (2014)

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective ... [more ▼]

To address the issue of malware detection through large sets of applications, researchers have recently started to investigate the capabilities of machine-learning techniques for proposing effective approaches. So far, several promising results were recorded in the literature, many approaches being assessed with what we call in the lab validation scenarios. This paper revisits the purpose of malware detection to discuss whether such in the lab validation scenarios provide reliable indications on the performance of malware detectors in real-world settings, aka in the wild. To this end, we have devised several Machine Learning classifiers that rely on a set of features built from applications’ CFGs. We use a sizeable dataset of over 50 000 Android applications collected from sources where state-of-the art approaches have selected their data. We show that, in the lab, our approach outperforms existing machine learning-based approaches. However, this high performance does not translate in high performance in the wild. The performance gap we observed—F-measures dropping from over 0.9 in the lab to below 0.1 in the wild —raises one important question: How do state-of-the-art approaches perform in the wild ? [less ▲]

Detailed reference viewed: 512 (54 UL)
Peer Reviewed
See detailAPI Document Quality for Resolving Deprecated APIs
Ko, Deokyoon; Ma, Kyeongwook; Park, Sooyong et al

Scientific Conference (2014, December 01)

Detailed reference viewed: 220 (11 UL)
Full Text
Peer Reviewed
See detailMitigating the Effects of Equivalent Mutants with Mutant Classification Strategies
Papadakis, Mike UL; Delamaro, Eduardo Márcio; Le Traon, Yves UL

in Science of Computer Programming (2014), 95

Mutation Testing has been shown to be a powerful technique in detecting software faults. Despite this advantage, in practice there is a need to deal with the equivalent mutants’ problem. Automatically ... [more ▼]

Mutation Testing has been shown to be a powerful technique in detecting software faults. Despite this advantage, in practice there is a need to deal with the equivalent mutants’ problem. Automatically detecting equivalent mutants is an undecidable problem. Therefore, identifying equivalent mutants is cumbersome since it requires manual analysis, resulting in unbearable testing cost. To overcome this difficulty, researchers suggested the use of mutant classification, an approach that aims at isolating equivalent mutants automatically. From this perspective, the present paper establishes and empirically assesses possible mutant classification strategies. A conducted study reveals that mutant classification isolates equivalent mutants effectively when low quality test suites are used. However, it turns out that as the test suites evolve, the benefit of this practice is reduced. Thus, mutant classification is only fruitful in improving test suites of low quality and only up to a certain limit. To this end, empirical results show that the proposed strategies provide a cost-effective solution when they consider a small number of live mutants, i.e., 10-12. At this point they kill 92% of all the killable mutants. [less ▲]

Detailed reference viewed: 180 (12 UL)
Full Text
Peer Reviewed
See detailGenerating Realistic Smart Grid Communication Topologies Based on Real-Data
Hartmann, Thomas UL; Fouquet, François UL; Klein, Jacques UL et al

in 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm) (2014, November)

Today’s electricity grid must undergo substantial changes in order to keep pace with the rising demand for energy. The vision of the smart grid aims to increase the efficiency and reliability of today’s ... [more ▼]

Today’s electricity grid must undergo substantial changes in order to keep pace with the rising demand for energy. The vision of the smart grid aims to increase the efficiency and reliability of today’s electricity grid, e.g. by integrating renewable energies and distributed micro-generations. The backbone of this effort is the facilitation of information and communication technologies to allow two-way communication and an automated control of devices. The underlying communication topology is essential for the smart grid and is what enables the smart grid to be smart. Analyzing, simulating, designing, and comparing smart grid infrastructures but also optimizing routing algorithms, and predicating impacts of failures, all of this relies on deep knowledge of a smart grids communication topology. However, since smart grids are still in a research and test phase, it is very difficult to get access to real-world topology data. In this paper we provide a comprehensive analysis of the power-line communication topology of a real-world smart grid, the one currently deployed and tested in Luxembourg. Building on the results of this analysis we implement a generator to automatically create random but realistic smart grid communication topologies. These can be used by researchers and industrial professionals to analyze, simulate, design, compare, and improve smart grid infrastructures. [less ▲]

Detailed reference viewed: 477 (33 UL)
Full Text
See detailOptimizing Multi-Objective Evolutionary Algorithms to Enable Quality-Aware Software Provisioning
El Kateb, Donia UL; Fouquet, François UL; bourcier, Johann et al

Scientific Conference (2014, October)

Detailed reference viewed: 161 (5 UL)
Full Text
Peer Reviewed
See detailAutomatically Exploiting Potential Component Leaks in Android Applications
Li, Li UL; Bartel, Alexandre; Klein, Jacques UL et al

in The 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-14), IEEE, Sept. 2014, Beijing, China. (2014, September)

We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be ... [more ▼]

We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks on 2000 apps randomly selected from the Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks. [less ▲]

Detailed reference viewed: 164 (11 UL)
Full Text
Peer Reviewed
See detailModel-Driven Security with A System of Aspect-Oriented Security Design Patterns
Nguyen, Phu Hong UL; Klein, Jacques UL; Le Traon, Yves UL

in 2nd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling (2014, July 22)

Model-Driven Security (MDS) has emerged for more than a decade, as a specialization of Model-Driven Engineering (MDE), to propose sound MD methodologies for supporting secure systems development. Yet ... [more ▼]

Model-Driven Security (MDS) has emerged for more than a decade, as a specialization of Model-Driven Engineering (MDE), to propose sound MD methodologies for supporting secure systems development. Yet, there is still a big gap before making MDS approaches more easily applicable and adoptable by industry. Most current MDS approaches only deal with a specific security concern, e.g. Authorization, and have not taken into account multiple security concerns. Besides, security patterns which are based on domain-independent, time-proven security knowledge and expertise, can be considered as reusable security bricks upon which sound and secure systems can be built. But they are not applied as much as they could be, because developers have problems in selecting them and applying them in the right places, especially at the design phase. In this position paper, we propose an exploratory MDS approach based on a System of aspect-oriented Security design Patterns (SoSPa) in which security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically selecting the right security design patterns for the job. Our MDS approach allows the selected security design patterns to be automatically composed with the target system model. The woven secure system model can then be used for code generation, including configured security infrastructures. [less ▲]

Detailed reference viewed: 133 (2 UL)
Full Text
See detailSimilarity testing for access control
Bertolino, Antonia; daoudagh, said; El Kateb, Donia UL et al

in Information and Software Technology (2014)

Detailed reference viewed: 179 (19 UL)
Full Text
Peer Reviewed
See detailModel-based time-distorted Contexts for efficient temporal Reasoning
Hartmann, Thomas UL; Fouquet, François UL; Nain, Grégory UL et al

Poster (2014, July 02)

Intelligent systems continuously analyze their context to autonomously take corrective actions. Building a proper knowledge representation of the context is the key to take adequate actions. This requires ... [more ▼]

Intelligent systems continuously analyze their context to autonomously take corrective actions. Building a proper knowledge representation of the context is the key to take adequate actions. This requires numerous and complex data models, for example formalized as ontologies or meta-models. As these systems evolve in a dynamic context, reasoning processes typically need to analyze and compare the current context with its history. A common approach consists in a temporal discretization, which regularly samples the context (snapshots) at specific timestamps to keep track of the history. Reasoning processes would then need to mine a huge amount of data, extract a relevant view, and finally analyze it. This would require lots of computational power and be time-consuming, conflicting with the near real-time response time requirements of intelligent systems. This paper introduces a novel temporal modeling approach together with a time-relative navigation between context concepts to overcome this limitation. Similarly to time distortion theory, our approach enables building time-distorted views of a context, composed by elements coming from different times, which speeds up the reasoning. We demonstrate the efficiency of our approach with a smart grid load prediction reasoning engine. [less ▲]

Detailed reference viewed: 153 (21 UL)
Full Text
Peer Reviewed
See detailReasoning at Runtime using time-distorted Contexts: A Models@run.time based Approach
Hartmann, Thomas UL; Fouquet, François UL; Nain, Grégory UL et al

in Proceedings of the 26th International Conference on Software Engineering and Knowledge Engineering (2014, July)

Intelligent systems continuously analyze their context to autonomously take corrective actions. Building a proper knowledge representation of the context is the key to take adequate actions. This requires ... [more ▼]

Intelligent systems continuously analyze their context to autonomously take corrective actions. Building a proper knowledge representation of the context is the key to take adequate actions. This requires numerous and complex data models, for example formalized as ontologies or meta-models. As these systems evolve in a dynamic context, reasoning processes typically need to analyze and compare the current context with its history. A common approach consists in a temporal discretization, which regularly samples the context (snapshots) at specific timestamps to keep track of the history. Reasoning processes would then need to mine a huge amount of data, extract a relevant view, and finally analyze it. This would require lots of computational power and be time-consuming, conflicting with the near real-time response time requirements of intelligent systems. This paper introduces a novel temporal modeling approach together with a time-relative navigation between context concepts to overcome this limitation. Similarly to time distortion theory, our approach enables building time-distorted views of a context, composed by elements coming from different times, which speeds up the reasoning. We demonstrate the efficiency of our approach with a smart grid load prediction reasoning engine. [less ▲]

Detailed reference viewed: 298 (52 UL)
Full Text
Peer Reviewed
See detailA Forensic Analysis of Android Malware -- How is Malware Written and How It Could Be Detected?
Allix, Kevin UL; Jerome, Quentin UL; Bissyande, Tegawendé François D Assise UL et al

in Proceedings of the 2014 IEEE 38th Annual Computer Software and Applications Conference (2014, July)

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last ... [more ▼]

We consider in this paper the analysis of a large set of malware and benign applications from the Android ecosystem. Although a large body of research work has dealt with Android malware over the last years, none has addressed it from a forensic point of view. After collecting over 500,000 applications from user markets and research repositories, we perform an analysis that yields precious insights on the writing process of Android malware. This study also explores some strange artifacts in the datasets, and the divergent capabilities of state-of-the-art antivirus to recognize/define malware. We further highlight some major weak usage and misunderstanding of Android security by the criminal community and show some patterns in their operational flow. Finally, using insights from this analysis, we build a naive malware detection scheme that could complement existing anti virus software. [less ▲]

Detailed reference viewed: 400 (20 UL)
Full Text
See detailAutomatically Exploiting Potential Component Leaks in Android Applications
Li, Li UL; Bartel, Alexandre UL; Klein, Jacques UL et al

Report (2014)

We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks (e.g., another component ... [more ▼]

We present PCLeaks, a tool based on inter- component communication (ICC) vulnerabilities to perform data-flow analysis on Android applications to find potential component leaks (e.g., another component can potentially exploit the leak). To evaluate our approach, we run PCLeaks on 2000 apps, randomly selected from Google Play store. PCLeaks reports 986 potential component leaks in 185 apps. For each leak reported by PCLeaks, PCLeaksValidator automatically generates an Android app which tries to exploit the leak. By manually running a subset of the generated apps, we find that 75% of the reported leaks are exploitable leaks. [less ▲]

Detailed reference viewed: 402 (30 UL)