References of "Le Traon, Yves 50002182"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailStream my Models: Reactive Peer-to-Peer Distributed Models@run.time
Hartmann, Thomas UL; Moawad, Assaad UL; Fouquet, François UL et al

in Lethbridge, Timothy; Cabot, Jordi; Egyed, Alexander (Eds.) 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS) (2015, September)

The models@run.time paradigm promotes the use of models during the execution of cyber-physical systems to represent their context and to reason about their runtime behaviour. However, current modeling ... [more ▼]

The models@run.time paradigm promotes the use of models during the execution of cyber-physical systems to represent their context and to reason about their runtime behaviour. However, current modeling techniques do not allow to cope at the same time with the large-scale, distributed, and constantly changing nature of these systems. In this paper, we introduce a distributed models@run.time approach, combining ideas from reactive programming, peer-to-peer distribution, and large-scale models@run.time. We define distributed models as observable streams of chunks that are exchanged between nodes in a peer-to-peer manner. lazy loading strategy allows to transparently access the complete virtual model from every node, although chunks are actually distributed across nodes. Observers and automatic reloading of chunks enable a reactive programming style. We integrated our approach into the Kevoree Modeling Framework and demonstrate that it enables frequently changing, reactive distributed models that can scale to millions of elements and several thousand nodes. [less ▲]

Detailed reference viewed: 306 (23 UL)
Peer Reviewed
See detailInroads in Testing Access Control
Mouelhi, Tejeddine UL; El Kateb, Donia UL; Le Traon, Yves UL

in Advances in Computers (2015)

Detailed reference viewed: 192 (20 UL)
Full Text
Peer Reviewed
See detailApkCombiner: Combining Multiple Android Apps to Support Inter-App Analysis
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in International Conference on ICT Systems Security and Privacy Protection (SEC 2015) (2015, May)

Detailed reference viewed: 246 (10 UL)
Full Text
Peer Reviewed
See detailFlattening or not of the combinatorial interaction testing models
Henard, Christopher UL; Papadakis, Mike UL; Le Traon, Yves UL

in Eighth IEEE International Conference on Software Testing, Verification and Validation, ICST 2015 Workshops (2015, April)

Detailed reference viewed: 129 (2 UL)
Full Text
Peer Reviewed
See detailAdaptive Blurring of Sensor Data to balance Privacy and Utility for Ubiquitous Services
Moawad, Assaad UL; Hartmann, Thomas UL; Fouquet, François UL et al

in The 30th Annual ACM Symposium on Applied Computing (2015, April)

Given the trend towards mobile computing, the next generation of ubiquitous “smart” services will have to continuously analyze surrounding sensor data. More than ever, such services will rely on data ... [more ▼]

Given the trend towards mobile computing, the next generation of ubiquitous “smart” services will have to continuously analyze surrounding sensor data. More than ever, such services will rely on data potentially related to personal activities to perform their tasks, e.g. to predict urban traffic or local weather conditions. However, revealing personal data inevitably entails privacy risks, especially when data is shared with high precision and frequency. For example, by analyzing the precise electric consumption data, it can be inferred if a person is currently at home, however this can empower new services such as a smart heating system. Access control (forbid or grant access) or anonymization techniques are not able to deal with such trade-off because whether they completely prohibit access to data or lose source traceability. Blurring techniques, by tuning data quality, offer a wide range of trade-offs between privacy and utility for services. However, the amount of ubiquitous services and their data quality requirements lead to an explosion of possible configurations of blurring algorithms. To manage this complexity, in this paper we propose a platform that automatically adapts (at runtime) blurring components between data owners and data consumers (services). The platform searches the optimal trade-off between service utility and privacy risks using multi-objective evolutionary algorithms to adapt the underlying communication platform. We evaluate our approach on a sensor network gateway and show its suitability in terms of i) effectiveness to find an appropriate solution, ii) efficiency and scalability. [less ▲]

Detailed reference viewed: 192 (14 UL)
Full Text
Peer Reviewed
See detailMetallaxis-FL: mutation-based fault localization
Papadakis, Mike UL; Le Traon, Yves UL

in Software Testing : Verification & Reliability (2015), 25

Detailed reference viewed: 281 (18 UL)
Full Text
Peer Reviewed
See detailAutomating the Extraction of Model-based Software Product Lines from Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Bissyande, Tegawendé François D Assise UL et al

in 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015) (2015)

Detailed reference viewed: 138 (9 UL)
Full Text
Peer Reviewed
See detailSimilarity testing for access control
Bertolino, A.; Daoudagh, S.; El Kateb, Donia UL et al

in Information and Software Technology (2015), 58

Context: Access control is among the most important security mechanisms, and XACML is the de facto standard for specifying, storing and deploying access control policies. Since it is critical that ... [more ▼]

Context: Access control is among the most important security mechanisms, and XACML is the de facto standard for specifying, storing and deploying access control policies. Since it is critical that enforced policies are correct, policy testing must be performed in an effective way to identify potential security flaws and bugs. In practice, exhaustive testing is impossible due to budget constraints. Therefore the tests need to be prioritized so that resources are focused on their most relevant subset. Objective: This paper tackles the issue of access control test prioritization. It proposes a new approach for access control test prioritization that relies on similarity. Method: The approach has been applied to several policies and the results have been compared to random prioritization (as a baseline). To assess the different prioritization criteria, we use mutation analysis and compute the mutation scores reached by each criterion. This helps assessing the rate of fault detection. Results: The empirical results indicate that our proposed approach is effective and its rate of fault detection is higher than that of random prioritization. Conclusion: We conclude that prioritization of access control test cases can be usefully based on similarity criteria. © 2014 Elsevier B.V. All rights reserved. [less ▲]

Detailed reference viewed: 170 (6 UL)
Full Text
Peer Reviewed
See detailTowards a full support of obligations in XACML
El Kateb, Donia UL; Elrakaiby, Yehia UL; Mouelhi, T. et al

in Lecture Notes in Computer Science (2015), 8924

Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy. XACML (eXtensible Access Control Markup Language) proposes a ... [more ▼]

Policy-based systems rely on the separation of concerns, by implementing independently a software system and its associated security policy. XACML (eXtensible Access Control Markup Language) proposes a conceptual architecture and a policy language to reflect this ideal design of policy-based systems.However, while rights are well-captured by authorizations, duties, also called obligations, are not well managed by XACML architecture. The current version of XACML lacks (1) well-defined syntax to express obligations and (2) an unified model to handle decision making w.r.t. obligation states and the history of obligations fulfillment/ violation. In this work, we propose an extension of XACML reference model that integrates obligation states in the decision making process.We have extended XACML language and architecture for a better obligations support and have shown how obligations are managed in our proposed extended XACML architecture: OB-XACML. © Springer International Publishing Switzerland 2015. [less ▲]

Detailed reference viewed: 155 (4 UL)
Full Text
Peer Reviewed
See detailConviviality-driven access control policy
El Kateb, Donia UL; Zannone, N.; Moawad, Assaad UL et al

in Requirements Engineering (2015), 20(4), 363-382

Nowadays many organizations experience security incidents due to unauthorized access to information. To reduce the risk of such incidents, security policies are often employed to regulate access to ... [more ▼]

Nowadays many organizations experience security incidents due to unauthorized access to information. To reduce the risk of such incidents, security policies are often employed to regulate access to information. Such policies, however, are often too restrictive, and users do not have the rights necessary to perform assigned duties. As a consequence, access control mechanisms are perceived by users as a barrier and thus bypassed, making the system insecure. In this paper, we draw a bridge between the social concept of conviviality and access control. Conviviality has been introduced as a social science concept for ambient intelligence and multi-agent systems to highlight soft qualitative requirements like user-friendliness of systems. To bridge the gap between conviviality and security, we propose a methodological framework for updating and adapting access control policies based on conviviality recommendations. Our methodology integrates and extends existing techniques to assist system designers in the derivation of access control policies from socio-technical requirements of the system, while taking into account the conviviality of the system. We illustrate our framework using the Ambient Assisted Living use case from the HotCity of Luxembourg. © 2014, Springer-Verlag London. [less ▲]

Detailed reference viewed: 169 (6 UL)
Full Text
Peer Reviewed
See detailAre Your Training Datasets Yet Relevant? - An Investigation into the Importance of Timeline in Machine Learning-Based Malware Detection
Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL; Klein, Jacques UL et al

in Engineering Secure Software and Systems - 7th International Symposium ESSoS 2015, Milan, Italy, March 4-6, 2015. Proceedings (2015)

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show ... [more ▼]

In this paper, we consider the relevance of timeline in the construction of datasets, to highlight its impact on the performance of a machine learning-based malware detection scheme. Typically, we show that simply picking a random set of known malware to train a malware detector, as it is done in many assessment scenarios from the literature, yields significantly biased results. In the process of assessing the extent of this impact through various experiments, we were also able to con- firm a number of intuitive assumptions about Android malware. For instance, we discuss the existence of Android malware lineages and how they could impact the performance of malware detection in the wild. [less ▲]

Detailed reference viewed: 1178 (36 UL)
Full Text
Peer Reviewed
See detailIccTA: Detecting Inter-Component Privacy Leaks in Android Apps
Li, Li UL; Bartel, Alexandre; Bissyande, Tegawendé François D Assise UL et al

in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering (ICSE 2015) (2015)

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating ... [more ▼]

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this application is given permission to (1) access the Internet (for updating wallpapers) and (2) use the device microphone (to change background following noise changes). With these permissions, the application could silently record user conversations and upload them remotely. To give more confidence about how Shake Them All actually processes what it records, it is necessary to build a precise analysis tool that tracks the flow of any sensitive data from its source point to any sink, especially if those are in different components. Since Android applications may leak private data carelessly or maliciously, we propose IccTA, a static taint analyzer to detect privacy leaks among components in Android applications. IccTA goes beyond state-of-the-art approaches by supporting inter-component detection. By propagating context information among components, IccTA improves the precision of the analysis. IccTA outperforms existing tools on two benchmarks for ICC-leak detectors: DroidBench and ICC-Bench. Moreover, our approach detects 534 ICC leaks in 108 apps from MalGenome and 2,395 ICC leaks in 337 apps in a set of 15,000 Google Play apps. [less ▲]

Detailed reference viewed: 1280 (41 UL)
Full Text
Peer Reviewed
See detailFormal verification techniques for model transformations: A tridimensional classification
Amrani, M.; Combemale, B.; Lúcio, L. et al

in Journal of Object Technology (2015), 14(3),

In Model Driven Engineering (Mde), models are first-class citizens, and model transformation is Mde's "heart and soul". Since model transformations are executed for a family of (conforming) models, their ... [more ▼]

In Model Driven Engineering (Mde), models are first-class citizens, and model transformation is Mde's "heart and soul". Since model transformations are executed for a family of (conforming) models, their validity becomes a crucial issue. This paper proposes to explore the question of the formal verification of model transformation properties through a tridimensional approach: the transformation involved, the properties of interest addressed, and the formal verification techniques used to establish the properties. This work is intended for a double audience. For newcomers, it provides a tutorial introduction to the field of formal verification of model transformations. For readers more familiar with formal methods and model transformations, it proposes a literature review (although not systematic) of the contributions of the field. Overall, this work allows to better understand the evolution, trends and current practice in the domain of model transformation verification. This work opens an interesting research line for building an engineering of model transformation verification guided by the notion of model transformation intent. [less ▲]

Detailed reference viewed: 179 (3 UL)
Full Text
Peer Reviewed
See detailCombining Multi-Objective Search and Constraint Solving for Configuring Large Software Product Lines
Henard, Christopher UL; Papadakis, Mike UL; Harman, Mark et al

in 37th International Conference on Software Engineering (ICSE 2015) (2015)

Detailed reference viewed: 240 (11 UL)
Full Text
Peer Reviewed
See detailRoundtable: Research Opportunities and Challenges for Emerging Software Systems
Zhang, X.; Zhang, D.; Le Traon, Yves UL et al

in Journal of Computer Science and Technology (2015), 30(5), 935-941

For this special section on software systems, several research leaders in software systems, as guest editors for this special section, discuss important issues that will shape this field’s future ... [more ▼]

For this special section on software systems, several research leaders in software systems, as guest editors for this special section, discuss important issues that will shape this field’s future directions. The essays included in this roundtable article cover research opportunities and challenges for emerging software systems such as data processing programs (Xiangyu Zhang) and online services (Dongmei Zhang), with new directions of technologies such as unifications in software testing (Yves Le Traon), data-driven and evidence-based software engineering (Qing Wang), and dynamic analysis of multiple traces (Lu Zhang). — Tao Xie, Leading Editor of Special Section on Software System. © 2015, Springer Science+Business Media New York. [less ▲]

Detailed reference viewed: 136 (4 UL)
Full Text
Peer Reviewed
See detailAutomated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets
Xu, Dianxiang; Kent, Michael; Thomas, Lijo et al

in IEEE Transactions on Computers (2015), 64(9), 2490-2505

Role-based access control is an important access control method for securing computer systems. A role-based access control policy can be implemented incorrectly due to various reasons, such as programming ... [more ▼]

Role-based access control is an important access control method for securing computer systems. A role-based access control policy can be implemented incorrectly due to various reasons, such as programming errors. Defects in the implementation may lead to unauthorized access and security breaches. To reveal access control defects, this paper presents a model-based approach to automated generation of executable access control tests using predicate/transition nets. Role-permission test models are built by integrating declarative access control rules with functional test models or contracts (preconditions and postconditions) of the associated activities (the system functions). The access control tests are generated automatically from the test models to exercise the interactions of access control activities. They are transformed into executable code through a model-implementation mapping that maps the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages. The full model-based testing process has been applied to three systems implemented in Java. The effectiveness is evaluated through mutation analysis of role-based access control rules. The experiments show that the model-based approach is highly effective in detecting the seeded access control defects. [less ▲]

Detailed reference viewed: 116 (17 UL)
Full Text
Peer Reviewed
See detailAn Investigation into the Use of Common Libraries in Android Apps
Li, Li UL; Bissyandé, Tegawendé F.; Klein, Jacques UL et al

in arXiv preprint arXiv:1511.06554 (2015)

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not ... [more ▼]

The packaging model of Android apps requires the entire code necessary for the execution of an app to be shipped into one single apk file. Thus, an analysis of Android apps often visits code which is not part of the functionality delivered by the app. Such code is often contributed by the common libraries which are used pervasively by all apps. Unfortunately, Android analyses, e.g., for piggybacking detection and malware detection, can produce inaccurate results if they do not take into account the case of library code, which constitute noise in app features. Despite some efforts on investigating Android libraries, the momentum of Android research has not yet produced a complete set of common libraries to further support in-depth analysis of Android apps. In this paper, we leverage a dataset of about 1.5 million apps from Google Play to harvest potential common libraries, including advertisement libraries. With several steps of refinements, we finally collect by far the largest set of 1,113 libraries supporting common functionalities and 240 libraries for advertisement. We use the dataset to investigates several aspects of Android libraries, including their popularity and their proportion in Android app code. Based on these datasets, we have further performed several empirical investigations to confirm the motivations behind our work. [less ▲]

Detailed reference viewed: 180 (27 UL)
Full Text
Peer Reviewed
See detailTrivial Compiler Equivalence: A Large Scale Empirical Study of a Simple, Fast and Effective Equivalent Mutant Detection Technique
Papadakis, Mike UL; Yue, Jia; Harman, Mark et al

in 37th International Conference on Software Engineering (ICSE 2015) (2015)

Detailed reference viewed: 200 (6 UL)
Full Text
Peer Reviewed
See detailSound and Quasi-Complete Detection of Infeasible Test Requirements
Bardin, Sebastien; Delahaye, Mickaël; Kosmatov, Nikolai et al

in 8th IEEE International Conference on Software Testing, Verification and Validation (ICST'15) (2015)

Detailed reference viewed: 227 (6 UL)