References of "Papadakis, Mike 50002811"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailPredicting the Fault Revelation Utility of Mutants
Titcheu Chekam, Thierry UL; Papadakis, Mike UL; Bissyande, Tegawendé François D Assise UL et al

in 40th International Conference on Software Engineering, Gothenburg, Sweden, May 27 - 3 June 2018 (2018)

Detailed reference viewed: 166 (20 UL)
Full Text
Peer Reviewed
See detailAre Mutation Scores Correlated with Real Fault Detection? A Large Scale Empirical study on the Relationship Between Mutants and Real Faults
Papadakis, Mike UL; Shin, Donghwan; Yoo, Shin et al

in 40th International Conference on Software Engineering, May 27 - 3 June 2018, Gothenburg, Sweden (2018)

Detailed reference viewed: 170 (5 UL)
Full Text
Peer Reviewed
See detailAn Empirical Study on Mutation, Statement and Branch Coverage Fault Revelation that Avoids the Unreliable Clean Program Assumption
Titcheu Chekam, Thierry UL; Papadakis, Mike UL; Le Traon, Yves UL et al

in International Conference on Software Engineering (ICSE 2017) (2017, May 28)

Many studies suggest using coverage concepts, such as branch coverage, as the starting point of testing, while others as the most prominent test quality indicator. Yet the relationship between coverage ... [more ▼]

Many studies suggest using coverage concepts, such as branch coverage, as the starting point of testing, while others as the most prominent test quality indicator. Yet the relationship between coverage and fault-revelation remains unknown, yielding uncertainty and controversy. Most previous studies rely on the Clean Program Assumption, that a test suite will obtain similar coverage for both faulty and fixed (‘clean’) program versions. This assumption may appear intuitive, especially for bugs that denote small semantic deviations. However, we present evidence that the Clean Program Assumption does not always hold, thereby raising a critical threat to the validity of previous results. We then conducted a study using a robust experimental methodology that avoids this threat to validity, from which our primary finding is that strong mutation testing has the highest fault revelation of four widely-used criteria. Our findings also revealed that fault revelation starts to increase significantly only once relatively high levels of coverage are attained. [less ▲]

Detailed reference viewed: 326 (37 UL)
Full Text
Peer Reviewed
See detailDetecting Trivial Mutant Equivalences via Compiler Optimisations
Kintis, Marinos UL; Papadakis, Mike UL; Jia, Yue et al

in IEEE Transactions on Software Engineering (2017)

Detailed reference viewed: 114 (6 UL)
Full Text
Peer Reviewed
See detailTowards Security-aware Mutation Testing
Loise, Thomas; Devroey, Xavier; Perrouin, Gilles et al

in The 12th International Workshop on Mutation Analysis (Mutation 2017) (2017)

Detailed reference viewed: 94 (2 UL)
Full Text
See detailOn the Naturalness of Mutants
Jimenez, Matthieu UL; Cordy, Maxime UL; Kintis, Marinos UL et al

E-print/Working paper (2017)

Detailed reference viewed: 94 (11 UL)
Full Text
Peer Reviewed
See detailStatic Analysis of Android Apps: A Systematic Literature Review
Li, Li UL; Bissyande, Tegawendé François D Assise UL; Papadakis, Mike UL et al

in Information and Software Technology (2017)

Context: Static analysis exploits techniques that parse program source code or bytecode, often traversing program paths to check some program properties. Static analysis approaches have been proposed for ... [more ▼]

Context: Static analysis exploits techniques that parse program source code or bytecode, often traversing program paths to check some program properties. Static analysis approaches have been proposed for different tasks, including for assessing the security of Android apps, detecting app clones, automating test cases generation, or for uncovering non-functional issues related to performance or energy. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analysers face when dealing with Android apps. Objective: We aim to provide a clear view of the state-of-the-art works that statically analyse Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put, and enumerate the key aspects where future researches are still needed. Method: We have performed a systematic literature review (SLR) which involves studying 124 research papers published in software engineering, programming languages and security venues in the last 5 years (January 2011 - December 2015). This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed. Results: Our in-depth examination has led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artefacts publicly available. Conclusion: The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers. [less ▲]

Detailed reference viewed: 215 (12 UL)
Full Text
Peer Reviewed
See detailAssessing and Improving the Mutation Testing Practice of PIT
Laurent, Thomas; Papadakis, Mike UL; Kintis, Marinos UL et al

in 10th IEEE International Conference on Software Testing, Verification and Validation (2017)

Detailed reference viewed: 105 (5 UL)
Full Text
Peer Reviewed
See detailAutomata Language Equivalence vs. Simulations for Model-based Mutant Equivalence: An Empirical Evaluation
Devroey, Xavier; Perrouin, Gilles UL; Papadakis, Mike UL et al

in 10th IEEE International Conference on Software Testing, Verification and Validation (ICST 2017) (2017)

Detailed reference viewed: 64 (4 UL)
Full Text
Peer Reviewed
See detailMutation Testing Advances: An Analysis and Survey
Papadakis, Mike UL; Kintis, Marinos UL; Zhang, Jie et al

in Advances in Computers (2017)

Detailed reference viewed: 856 (44 UL)
Full Text
Peer Reviewed
See detailAn Empirical Analysis of Vulnerabilities in OpenSSL and the Linux Kernel
Jimenez, Matthieu UL; Papadakis, Mike UL; Le Traon, Yves UL

in 2016 Asia-Pacific Software Engineering Conference (APSEC) (2016, December)

Vulnerabilities are one of the main concerns faced by practitioners when working with security critical applications. Unfortunately, developers and security teams, even experienced ones, fail to identify ... [more ▼]

Vulnerabilities are one of the main concerns faced by practitioners when working with security critical applications. Unfortunately, developers and security teams, even experienced ones, fail to identify many of them with severe consequences. Vulnerabilities are hard to discover since they appear in various forms, caused by many different issues and their identification requires an attacker’s mindset. In this paper, we aim at increasing the understanding of vulnerabilities by investigating their characteristics on two major open-source software systems, i.e., the Linux kernel and OpenSSL. In particular, we seek to analyse and build a profile for vulnerable code, which can ultimately help researchers in building automated approaches like vulnerability prediction models. Thus, we examine the location, criticality and category of vulnerable code along with its relation with software metrics. To do so, we collect more than 2,200 vulnerable files accounting for 863 vulnerabilities and compute more than 35 software metrics. Our results indicate that while 9 Common Weakness Enumeration (CWE) types of vulnerabilities are prevalent, only 3 of them are critical in OpenSSL and 2 of them in the Linux kernel. They also indicate that different types of vulnerabilities have different characteristics, i.e., metric profiles, and that vulnerabilities of the same type have different profiles in the two projects we examined. We also found that the file structure of the projects can provide useful information related to the vulnerabilities. Overall, our results demonstrate the need for making project specific approaches that focus on specific types of vulnerabilities. [less ▲]

Detailed reference viewed: 218 (15 UL)
Full Text
Peer Reviewed
See detailVulnerability Prediction Models: A case study on the Linux Kernel
Jimenez, Matthieu UL; Papadakis, Mike UL; Le Traon, Yves UL

in 16th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2016, Raleigh, US, October 2-3, 2016 (2016, October)

To assist the vulnerability identification process, researchers proposed prediction models that highlight (for inspection) the most likely to be vulnerable parts of a system. In this paper we aim at ... [more ▼]

To assist the vulnerability identification process, researchers proposed prediction models that highlight (for inspection) the most likely to be vulnerable parts of a system. In this paper we aim at making a reliable replication and comparison of the main vulnerability prediction models. Thus, we seek for determining their effectiveness, i.e., their ability to distinguish between vulnerable and non-vulnerable components, in the context of the Linux Kernel, under different scenarios. To achieve the above-mentioned aims, we mined vulnerabilities reported in the National Vulnerability Database and created a large dataset with all vulnerable components of Linux from 2005 to 2016. Based on this, we then built and evaluated the prediction models. We observe that an approach based on the header files included and on function calls performs best when aiming at future vulnerabilities, while text mining is the best technique when aiming at random instances. We also found that models based on code metrics perform poorly. We show that in the context of the Linux kernel, vulnerability prediction models can be superior to random selection and relatively precise. Thus, we conclude that practitioners have a valuable tool for prioritizing their security inspection efforts. [less ▲]

Detailed reference viewed: 367 (23 UL)
Full Text
Peer Reviewed
See detailProfiling Android Vulnerabilities
Jimenez, Matthieu UL; Papadakis, Mike UL; Bissyande, Tegawendé François D Assise UL et al

in 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS 2016) (2016, August)

In widely used mobile operating systems a single vulnerability can threaten the security and privacy of billions of users. Therefore, identifying vulnerabilities and fortifying software systems requires ... [more ▼]

In widely used mobile operating systems a single vulnerability can threaten the security and privacy of billions of users. Therefore, identifying vulnerabilities and fortifying software systems requires constant attention and effort. However, this is costly and it is almost impossible to analyse an entire code base. Thus, it is necessary to prioritize efforts towards the most likely vulnerable areas. A first step in identifying these areas is to profile vulnerabilities based on previously reported ones. To investigate this, we performed a manual analysis of Android vulnerabilities, as reported in the National Vulnerability Database for the period 2008 to 2014. In our analysis, we identified a comprehensive list of issues leading to Android vulnerabilities. We also point out characteristics of the locations where vulnerabilities reside, the complexity of these locations and the complexity to fix the vulnerabilities. To enable future research, we make available all of our data. [less ▲]

Detailed reference viewed: 273 (29 UL)
Full Text
See detailStatic Analysis of Android Apps: A Systematic Literature Review
Li, Li UL; Bissyande, Tegawendé François D Assise UL; Papadakis, Mike UL et al

Report (2016)

Context: Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large ... [more ▼]

Context: Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps. Objective: We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put and enumerate the key aspects where future researches are still needed. Method: We have performed a systematic literature review which involves studying around 90 research papers published in software engineering, programming languages and security venues. This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed. Results: Our in-depth examination have led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available. Conclusion: The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers. [less ▲]

Detailed reference viewed: 1015 (28 UL)
Full Text
Peer Reviewed
See detailFeature Location Benchmark for Software Families using Eclipse Community Releases
Martinez, Jabier UL; Ziadi, Tewfik; Papadakis, Mike UL et al

in Software Reuse: Bridging with Social-Awareness, ICSR 2016 Proceedings (2016)

Detailed reference viewed: 112 (11 UL)
Full Text
Peer Reviewed
See detailFeatured model-based mutation analysis
Devroey, Xavier; Perrouin, Gilles; Papadakis, Mike UL et al

in 38th International Conference on Software Engineering (ICSE'16) (2016)

Detailed reference viewed: 49 (0 UL)
Full Text
Peer Reviewed
See detailThreats to the validity of mutation-based test assessment
Papadakis, Mike UL; Henard, Christopher; Harman, Mark et al

in International Symposium on Software Testing and Analysis, ISSTA 2016 (2016)

Detailed reference viewed: 87 (8 UL)
Full Text
Peer Reviewed
See detailComparing White-box and Black-box Test Prioritization
Henard, Christopher UL; Papadakis, Mike UL; Harman, Mark et al

in 38th International Conference on Software Engineering (ICSE'16) (2016)

Although white-box regression test prioritization has been well-studied, the more recently introduced black-box prioritization approaches have neither been compared against each other nor against more ... [more ▼]

Although white-box regression test prioritization has been well-studied, the more recently introduced black-box prioritization approaches have neither been compared against each other nor against more well-established white-box techniques. We present a comprehensive experimental comparison of several test prioritization techniques, including well-established white-box strategies and more recently introduced black-box approaches. We found that Combinatorial Interaction Testing and diversity-based techniques (Input Model Diversity and Input Test Set Diameter) perform best among the black-box approaches. Perhaps surprisingly, we found little difference between black-box and white-box performance (at most 4% fault detection rate difference). We also found the overlap between black- and white-box faults to be high: the first 10% of the prioritized test suites already agree on at least 60% of the faults found. These are positive findings for practicing regression testers who may not have source code available, thereby making white-box techniques inapplicable. We also found evidence that both black-box and white-box prioritization remain robust over multiple system releases. [less ▲]

Detailed reference viewed: 191 (8 UL)
Full Text
Peer Reviewed
See detailPIT a Practical Mutation Testing Tool for Java
Coles, Henry; Laurent, Thomas; Henard, Christopher et al

in International Symposium on Software Testing and Analysis, ISSTA 2016 (2016)

Detailed reference viewed: 35 (1 UL)
Full Text
Peer Reviewed
See detailAnalysing and Comparing the Effectiveness of Mutation Testing Tools: A Manual Study
Kintis, Marinos UL; Papadakis, Mike UL; Papadopoulos, Andreas et al

in International Working Conference on Source Code Analysis and Manipulation (SCAM'16) (2016)

Detailed reference viewed: 108 (9 UL)