Results 121-140 of 247.
Bookmark and Share    
Full Text
Peer Reviewed
See detailCombining Static Analysis with Probabilistic Models to Enable Market-Scale Android Inter-component Analysis
Octeau, Damien; Jha, Somesh; Dering, Matthew et al

in The 43rd Symposium on Principles of Programming Languages (POPL 2016) (2016, January)

Static analysis has been successfully used in many areas, from verifying mission-critical software to malware detection. Unfortunately, static analysis often produces false positives, which require ... [more ▼]

Static analysis has been successfully used in many areas, from verifying mission-critical software to malware detection. Unfortunately, static analysis often produces false positives, which require significant manual effort to resolve. In this paper, we show how to overlay a probabilistic model, trained using domain knowledge, on top of static analysis results, in order to triage static analysis results. We apply this idea to analyzing mobile applications. Android application components can communicate with each other, both within single applications and between different applications. Unfortunately, techniques to statically infer Inter-Component Communication (ICC) yield many potential inter-component and inter-application links, most of which are false positives. At large scales, scrutinizing all potential links is simply not feasible. We therefore overlay a probabilistic model of ICC on top of static analysis results. Since computing the inter-component links is a prerequisite to inter-component analysis, we introduce a formalism for inferring ICC links based on set constraints. We design an efficient algorithm for performing link resolution. We compute all potential links in a corpus of 11,267 applications in 30 minutes and triage them using our probabilistic approach. We find that over 95.1% of all 636 million potential links are associated with probability values below 0.01 and are thus likely unfeasible links. Thus, it is possible to consider only a small subset of all links without significant loss of information. This work is the first significant step in making static inter-application analysis more tractable, even at large scales. [less ▲]

Detailed reference viewed: 186 (1 UL)
Full Text
Peer Reviewed
See detailMicro-billing framework for IoT: Research & Technological foundations
Robert, Jérémy UL; Kubler, Sylvain UL; Le Traon, Yves UL

in International Conference on Future Internet of Things and Cloud, 22-24 August 2016, Vienna, Austria (2016)

In traditional product companies, creating value meant identifying enduring customer needs and manufacturing well-engineered solutions. Two hundred and fifty years after the start of the Industrial ... [more ▼]

In traditional product companies, creating value meant identifying enduring customer needs and manufacturing well-engineered solutions. Two hundred and fifty years after the start of the Industrial Revolution, this pattern of activity plays out every day in a connected world where products are no longer one-and-done. Making money is not anymore limited to physical product sales; other downstream revenue streams become possible (e.g., service-based information, Apps). Nonetheless, it is still challenging to stimulate the IoT market by enabling IoT stakeholders (from organizations to an individual persons) to make money out of the information that surrounds them. Generally speaking, there is a lack of micro-billing frameworks and platforms that enable IoT stakeholders to publish/discover, and potentially sell/buy relevant and useful IoT information items. This paper discusses important aspects that need to be considered when investigating and developing such a framework/platform. A high-level requirement analysis is then carried out to identify key technological and scientific building blocks for laying the foundation of an innovative micro-billing framework named IoTBnB (IoT puBlication aNd Billing). [less ▲]

Detailed reference viewed: 176 (8 UL)
Full Text
Peer Reviewed
See detailO-MI/O-DF Standards as Interoperability Enablers for Industrial Internet: a Performance Analysis
Robert, Jérémy UL; Kubler, Sylvain UL; Le Traon, Yves UL et al

in O-MI/O-DF Standards as Interoperability Enablers for Industrial Internet: a Performance Analysis (2016)

The Industrial Internet should provide means to create ad hoc and loosely coupled information flows between objects, users, services, and business domain systems. However, today’s technologies and ... [more ▼]

The Industrial Internet should provide means to create ad hoc and loosely coupled information flows between objects, users, services, and business domain systems. However, today’s technologies and products often feed ‘vertical silos’ (e.g., vertical/siloed apps), which inevitably result in multiple and non-interoperable systems. Standardization will play an ever-increasing part in enabling information to flow between such vertically-oriented closed systems. This paper presents recent IoT messaging standards, notably O-MI (Open Messaging Interface) and O-DF (Open Data Format), whose initial requirements were defined for enhanced collaboration and interoperability in product lifecycle management. A first analytical model of the minimal traffic load (in bytes) to fulfil the required/basic standard specifications is then proposed. A smart maintenance use case relying on the first version of the standard reference implementation is developed, based on which our analytical model is applied to evaluate the degree of deviation (w.r.t. the standard specifications) of this reference implementation. [less ▲]

Detailed reference viewed: 258 (16 UL)
Full Text
Peer Reviewed
See detailOn the Lack of Consensus in Anti-Virus Decisions: Metrics and Insights on Building Ground Truths of Android Malware
Hurier, Médéric UL; Allix, Kevin UL; Bissyande, Tegawendé François D Assise UL et al

in Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference (2016)

There is generally a lack of consensus in Antivirus (AV) engines' decisions on a given sample. This challenges the building of authoritative ground-truth datasets. Instead, researchers and practitioners ... [more ▼]

There is generally a lack of consensus in Antivirus (AV) engines' decisions on a given sample. This challenges the building of authoritative ground-truth datasets. Instead, researchers and practitioners may rely on unvalidated approaches to build their ground truth, e.g., by considering decisions from a selected set of Antivirus vendors or by setting up a threshold number of positive detections before classifying a sample. Both approaches are biased as they implicitly either decide on ranking AV products, or they consider that all AV decisions have equal weights. In this paper, we extensively investigate the lack of agreement among AV engines. To that end, we propose a set of metrics that quantitatively describe the different dimensions of this lack of consensus. We show how our metrics can bring important insights by using the detection results of 66 AV products on 2 million Android apps as a case study. Our analysis focuses not only on AV binary decision but also on the notoriously hard problem of labels that AVs associate with suspicious files, and allows to highlight biases hidden in the collection of a malware ground truth---a foundation stone of any machine learning-based malware detection approach. [less ▲]

Detailed reference viewed: 457 (32 UL)
Full Text
Peer Reviewed
See detailPrivacy Challenges in Ambient Intelligence Systems
Caire, Patrice UL; Moawad, Assaad UL; Efthymiou, Vasileios UL et al

in Journal of Ambient Intelligence and Smart Environments (2016)

Today, privacy is a key concept. It is also one which is rapidly evolving with technological advances, and there is no consensus on a single definition for it. In fact, the concept of privacy has been ... [more ▼]

Today, privacy is a key concept. It is also one which is rapidly evolving with technological advances, and there is no consensus on a single definition for it. In fact, the concept of privacy has been defined in many different ways, ranging from the “right to be left alone” to being a “commodity” that can be bought and sold. In the same time, powerful Ambient Intelligence (AmI) systems are being developed, that deploy context-aware, personalised, adaptive and anticipatory services. In such systems personal data is vastly collected, stored, and distributed, making privacy preservation a critical issue. The human- centred focus of AmI systems has prompted the introduction of new kinds of technologies, e.g. Privacy Enhancing Technologies (PET), and methodologies, e.g. Privacy by Design (PbD), whereby privacy concerns are included in the design of the system. One particular application field, where privacy preservation is of critical importance is Ambient Assisted Living (AAL). Emerging from the continuous increase of the ageing population, AAL focuses on intelligent systems of assistance for a better, healthier and safer life in their living environment. In this paper, we first build on our previous work, in which we introduced a new tripartite categorisation of privacy as a right, an enabler, and a commodity. Second, we highlight the specific privacy issues raised in AAL. Third, we review and discuss current approaches for privacy preservation. Finally, drawing on lessons learned from AAL, we provide insights on the challenges and opportunities that lie ahead. Part of our methodology is a statistical analysis performed on the IEEE publications database. We illustrate our work with AAL scenarios elaborated in cooperation with the city of Luxembourg. [less ▲]

Detailed reference viewed: 297 (6 UL)
Full Text
Peer Reviewed
See detailName Suggestions during Feature Identification: The VariClouds Approach
Martinez, Jabier UL; Ziadi, Tewfik; Bissyande, Tegawendé François D Assise UL et al

in 20th International Systems and Software Product Line Conference (SPLC 2016) proceedings (2016)

Detailed reference viewed: 127 (5 UL)
Full Text
Peer Reviewed
See detailFeature Location Benchmark for Software Families using Eclipse Community Releases
Martinez, Jabier UL; Ziadi, Tewfik; Papadakis, Mike UL et al

in Software Reuse: Bridging with Social-Awareness, ICSR 2016 Proceedings (2016)

Detailed reference viewed: 192 (12 UL)
Full Text
Peer Reviewed
See detailMining Families of Android Applications for Extractive SPL Adoption
Li, Li UL; Martinez, Jabier UL; Ziadi, Tewfik et al

in The 20th International Systems and Software Product Line Conference (SPLC 2016) (2016)

The myriads of smart phones around the globe gave rise to a vast proliferation of mobile applications. These applications target an increasing number of user profiles and tasks. In this context, Android ... [more ▼]

The myriads of smart phones around the globe gave rise to a vast proliferation of mobile applications. These applications target an increasing number of user profiles and tasks. In this context, Android is a leading technology for their development and on-line markets are the main means for their distribution. In this paper we motivate, from two perspectives, the mining of these markets with the objective to identify families of apps variants in the wild. The first perspective is related to research activities where building realistic case studies for evaluating extractive SPL adoption techniques are needed. The second is related to a large- scale, world-wide and time-aware study of reuse practice in an industry which is now flourishing among all others within the software engineering community. This study is relevant to assess potential for SPLE practices adoption. We present initial implementations of the mining process and we discuss analyses of variant families. [less ▲]

Detailed reference viewed: 248 (14 UL)
Full Text
Peer Reviewed
See detailThreats to the validity of mutation-based test assessment
Papadakis, Mike UL; Henard, Christopher; Harman, Mark et al

in International Symposium on Software Testing and Analysis, ISSTA 2016 (2016)

Detailed reference viewed: 148 (14 UL)
Full Text
Peer Reviewed
See detailComparing White-box and Black-box Test Prioritization
Henard, Christopher UL; Papadakis, Mike UL; Harman, Mark et al

in 38th International Conference on Software Engineering (ICSE'16) (2016)

Although white-box regression test prioritization has been well-studied, the more recently introduced black-box prioritization approaches have neither been compared against each other nor against more ... [more ▼]

Although white-box regression test prioritization has been well-studied, the more recently introduced black-box prioritization approaches have neither been compared against each other nor against more well-established white-box techniques. We present a comprehensive experimental comparison of several test prioritization techniques, including well-established white-box strategies and more recently introduced black-box approaches. We found that Combinatorial Interaction Testing and diversity-based techniques (Input Model Diversity and Input Test Set Diameter) perform best among the black-box approaches. Perhaps surprisingly, we found little difference between black-box and white-box performance (at most 4% fault detection rate difference). We also found the overlap between black- and white-box faults to be high: the first 10% of the prioritized test suites already agree on at least 60% of the faults found. These are positive findings for practicing regression testers who may not have source code available, thereby making white-box techniques inapplicable. We also found evidence that both black-box and white-box prioritization remain robust over multiple system releases. [less ▲]

Detailed reference viewed: 262 (14 UL)
Full Text
Peer Reviewed
See detail“Overloaded!” — A Model-based Approach to Database Stress Testing
Meira, Jorge Augusto UL; Almeira, Eduardo Cunha de; Kim, Dongsun UL et al

in International Conference on Database and Expert Systems Applications, Porto 5-8 September 2016 (2016)

Detailed reference viewed: 186 (3 UL)
Full Text
Peer Reviewed
See detailDynamic Risk Analyses and Dependency-Aware Root Cause Model for Critical Infrastructures
Muller, Steve UL; Harpes, Carlo; Le Traon, Yves UL et al

in International Conference on Critical Information Infrastructures Security (2016)

Critical Infrastructures are known for their complexity and the strong interdependencies between the various components. As a result, cascading effects can have devastating consequences, while foreseeing ... [more ▼]

Critical Infrastructures are known for their complexity and the strong interdependencies between the various components. As a result, cascading effects can have devastating consequences, while foreseeing the overall impact of a particular incident is not straight-forward at all and goes beyond performing a simple risk analysis. This work presents a graph-based approach for conducting dynamic risk analyses, which are programmatically generated from a threat model and an inventory of assets. In contrast to traditional risk analyses, they can be kept automatically up-to-date and show the risk currently faced by a system in real-time. The concepts are applied to and validated in the context of the smart grid infrastructure currently being deployed in Luxembourg. [less ▲]

Detailed reference viewed: 127 (6 UL)
Full Text
Peer Reviewed
See detailSuspicious Electric Consumption Detection Based on Multi-Profiling Using Live Machine Learning
Hartmann, Thomas UL; Moawad, Assaad UL; Fouquet, François UL et al

in 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm) (2015, November)

The transition from today’s electricity grid to the so-called smart grid relies heavily on the usage of modern information and communication technology to enable advanced features like two-way ... [more ▼]

The transition from today’s electricity grid to the so-called smart grid relies heavily on the usage of modern information and communication technology to enable advanced features like two-way communication, an automated control of devices, and automated meter reading. The digital backbone of the smart grid opens the door for advanced collecting, monitoring, and processing of customers’ energy consumption data. One promising approach is the automatic detection of suspicious consumption values, e.g., due to physically or digitally manipulated data or damaged devices. However, detecting suspicious values in the amount of meter data is challenging, especially because electric consumption heavily depends on the context. For instance, a customers energy consumption profile may change during vacation or weekends compared to normal working days. In this paper we present an advanced software monitoring and alerting system for suspicious consumption value detection based on live machine learning techniques. Our proposed system continuously learns context-dependent consumption profiles of customers, e.g., daily, weekly, and monthly profiles, classifies them and selects the most appropriate one according to the context, like date and weather. By learning not just one but several profiles per customer and in addition taking context parameters into account, our approach can minimize false alerts (low false positive rate). We evaluate our approach in terms of performance (live detection) and accuracy based on a data set from our partner, Creos Luxembourg S.A., the electricity grid operator in Luxembourg. [less ▲]

Detailed reference viewed: 311 (26 UL)
Full Text
See detailAssessing and Improving the Mutation Testing Practice of PIT
Laurent, Thomas; Ventresque, Anthony; Papadakis, Mike UL et al

E-print/Working paper (2015)

Detailed reference viewed: 159 (3 UL)
Full Text
Peer Reviewed
See detailSoSPa: A System of Security Design Patterns for Systematically Engineering Secure Systems
Nguyen, Phu Hong UL; Yskout, Koen; Heyman, Thomas et al

in Proceedings ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (2015, October)

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with ... [more ▼]

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with multiple security concerns systematically. Besides, catalogs of security patterns which can address multiple security concerns have not been applied efficiently. This paper presents an MDS approach based on a unified System of Security design Patterns (SoSPa). In SoSPa, security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically addressing multiple security concerns. SoSPa consists of not only interrelated security design patterns but also a refinement process towards their application. We applied SoSPa to design the security of crisis management systems. The result shows that multiple security concerns in the case study have been addressed by systematically integrating different security solutions. [less ▲]

Detailed reference viewed: 172 (5 UL)
Full Text
Peer Reviewed
See detailCloud Providers Viability: How to Address it from an IT and Legal Perspective?
Bartolini, Cesare UL; El Kateb, Donia UL; Le Traon, Yves UL et al

in Economics of Grids, Clouds, Systems, and Services (2015, September 16)

A major part of the commercial Internet is moving towards a cloud paradigm. This phenomenon has a drastic impact on the organizational structures of enterprises and introduces new challenges that must be ... [more ▼]

A major part of the commercial Internet is moving towards a cloud paradigm. This phenomenon has a drastic impact on the organizational structures of enterprises and introduces new challenges that must be properly addressed to avoid major setbacks. One such challenge is that of cloud provider viability, that is, the reasonable certainty that the Cloud Service Provider (CSP) will not go out of business, either by filing for bankruptcy or by simply shutting down operations, thus leaving its customers stranded without an infrastructure and, depending on the type of cloud service used, even without their applications or data. This article attempts to address the issue of cloud provider viability, proposing some ways of mitigating the problem both from a technical and from a legal perspective. [less ▲]

Detailed reference viewed: 240 (15 UL)
Full Text
Peer Reviewed
See detailAn Extensive Systematic Review on the Model-Driven Development of Secure Systems
Nguyen, Phu Hong UL; Kramer, Max; Klein, Jacques UL et al

in Information and Software Technology (2015), 68(December 2015), 62-81

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large ... [more ▼]

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large number of publications. Objective: To provide a detailed analysis of the state of the art in MDS, a systematic literature review (SLR) is essential. Method: We conducted an extensive SLR on MDS. Derived from our research questions, we designed a rigorous, extensive search and selection process to identify a set of primary MDS studies that is as complete as possible. Our three-pronged search process consists of automatic searching, manual searching, and snowballing. After discovering and considering more than thousand relevant papers, we identified, strictly selected, and reviewed 108 MDS publications. Results: The results of our SLR show the overall status of the key artefacts of MDS, and the identified primary MDS studies. E.g. regarding security modelling artefact, we found that developing domain-specific languages plays a key role in many MDS approaches. The current limitations in each MDS artefact are pointed out and corresponding potential research directions are suggested. Moreover, we categorise the identified primary MDS studies into 5 significant MDS studies, and other emerging or less common MDS studies. Finally, some trend analyses of MDS research are given. Conclusion: Our results suggest the need for addressing multiple security concerns more systematically and simultaneously, for tool chains supporting the MDS development cycle, and for more empirical studies on the application of MDS methodologies. To the best of our knowledge, this SLR is the first in the field of Software Engineering that combines a snowballing strategy with database searching. This combination has delivered an extensive literature study on MDS. [less ▲]

Detailed reference viewed: 165 (13 UL)
Full Text
Peer Reviewed
See detailBeyond Discrete Modeling: A Continuous and Efficient Model for IoT
Moawad, Assaad UL; Hartmann, Thomas UL; Fouquet, François UL et al

in Lethbridge, Timothy; Cabot, Jordi; Egyed, Alexander (Eds.) 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS) (2015, September)

Internet of Things applications analyze our past habits through sensor measures to anticipate future trends. To yield accurate predictions, intelligent systems not only rely on single numerical values ... [more ▼]

Internet of Things applications analyze our past habits through sensor measures to anticipate future trends. To yield accurate predictions, intelligent systems not only rely on single numerical values, but also on structured models aggregated from different sensors. Computation theory, based on the discretization of observable data into timed events, can easily lead to millions of values. Time series and similar database structures can efficiently index the mere data, but quickly reach computation and storage limits when it comes to structuring and processing IoT data. We propose a concept of continuous models that can handle high-volatile IoT data by defining a new type of meta attribute, which represents the continuous nature of IoT data. On top of traditional discrete object-oriented modeling APIs, we enable models to represent very large sequences of sensor values by using mathematical polynomials. We show on various IoT datasets that this significantly improves storage and reasoning efficiency. [less ▲]

Detailed reference viewed: 320 (18 UL)
Full Text
Peer Reviewed
See detailStream my Models: Reactive Peer-to-Peer Distributed Models@run.time
Hartmann, Thomas UL; Moawad, Assaad UL; Fouquet, François UL et al

in Lethbridge, Timothy; Cabot, Jordi; Egyed, Alexander (Eds.) 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS) (2015, September)

The models@run.time paradigm promotes the use of models during the execution of cyber-physical systems to represent their context and to reason about their runtime behaviour. However, current modeling ... [more ▼]

The models@run.time paradigm promotes the use of models during the execution of cyber-physical systems to represent their context and to reason about their runtime behaviour. However, current modeling techniques do not allow to cope at the same time with the large-scale, distributed, and constantly changing nature of these systems. In this paper, we introduce a distributed models@run.time approach, combining ideas from reactive programming, peer-to-peer distribution, and large-scale models@run.time. We define distributed models as observable streams of chunks that are exchanged between nodes in a peer-to-peer manner. lazy loading strategy allows to transparently access the complete virtual model from every node, although chunks are actually distributed across nodes. Observers and automatic reloading of chunks enable a reactive programming style. We integrated our approach into the Kevoree Modeling Framework and demonstrate that it enables frequently changing, reactive distributed models that can scale to millions of elements and several thousand nodes. [less ▲]

Detailed reference viewed: 297 (23 UL)
Peer Reviewed
See detailInroads in Testing Access Control
Mouelhi, Tejeddine UL; El Kateb, Donia UL; Le Traon, Yves UL

in Advances in Computers (2015)

Detailed reference viewed: 185 (20 UL)