首页 > 最新文献

2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)最新文献

英文 中文
Security Countermeasure Selection for Component-Based Software-Intensive Systems 基于组件的软件密集型系统安全对策选择
Charilaos Skandylas, Narges Khakpour, Javier Cámara
Given the increasing complexity of softwareintensive systems as well as the sophistication and high frequency of cyber-attacks, automated and sound approaches to select countermeasures are required to effectively protect software systems. In this paper, we propose a formal architecturecentered approach to analyze the security of a software-intensive component-based system to find cost-efficient countermeasures that consider both the system architecture and its behavior. We evaluate our approach by applying it on a case study.
鉴于软件密集型系统的复杂性日益增加,以及网络攻击的复杂性和高频率,需要自动化和健全的方法来选择对策,以有效地保护软件系统。在本文中,我们提出了一种正式的以体系结构为中心的方法来分析软件密集型基于组件的系统的安全性,以找到考虑系统体系结构及其行为的经济有效的对策。我们通过将其应用于案例研究来评估我们的方法。
{"title":"Security Countermeasure Selection for Component-Based Software-Intensive Systems","authors":"Charilaos Skandylas, Narges Khakpour, Javier Cámara","doi":"10.1109/QRS57517.2022.00017","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00017","url":null,"abstract":"Given the increasing complexity of softwareintensive systems as well as the sophistication and high frequency of cyber-attacks, automated and sound approaches to select countermeasures are required to effectively protect software systems. In this paper, we propose a formal architecturecentered approach to analyze the security of a software-intensive component-based system to find cost-efficient countermeasures that consider both the system architecture and its behavior. We evaluate our approach by applying it on a case study.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115407825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Proposing a Quality Model for Evaluating and Identifying Opportunities in Clinical Practice Guideline Engines 提出一个质量模型,用于评估和识别临床实践指南引擎中的机会
M. Carrero, Elena Enamorado-Díaz, J. A. García-García, María José Escalona Cuaresma
Over the last decade, clinical practice guidelines (CPGs) have become an important asset for daily life in healthcare organizations. Efficient CPG management and digitization can improve the quality of patient care and healthcare by reducing variability. CPG digitization, however, is a difficult, complex task because such guidelines are usually expressed as text, and this often results in the development of partial software solutions. There are currently many CPG suites (CPGS) for managing the CPG lifecycle, but they do not all provide full support for this lifecycle, making it more difficult to choose the one which will best meet the specific needs and requirements of a healthcare organization. This paper proposes a quality model which makes it possible to compare CPGs by highlighting each phase of the lifecycle. The research was conducted using a methodology that combined a systematic literature review with quality models. The paper also discusses how the proposed model was instantiated to evaluate and compare several current CPG-based execution systems.
在过去十年中,临床实践指南(cpg)已成为医疗保健组织日常生活的重要资产。有效的CPG管理和数字化可以通过减少可变性来提高患者护理和医疗保健的质量。然而,CPG数字化是一项困难而复杂的任务,因为这些指导方针通常以文本形式表示,这通常导致部分软件解决方案的开发。目前有许多用于管理CPG生命周期的CPG套件(CPGS),但它们并非都提供对该生命周期的全面支持,这使得选择最能满足医疗保健组织的特定需求和要求的CPG套件变得更加困难。本文提出了一个质量模型,通过突出生命周期的每个阶段来比较cpg。本研究采用系统文献综述与质量模型相结合的方法进行。本文还讨论了如何实例化所提出的模型来评估和比较几种当前基于cpg的执行系统。
{"title":"Proposing a Quality Model for Evaluating and Identifying Opportunities in Clinical Practice Guideline Engines","authors":"M. Carrero, Elena Enamorado-Díaz, J. A. García-García, María José Escalona Cuaresma","doi":"10.1109/QRS57517.2022.00044","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00044","url":null,"abstract":"Over the last decade, clinical practice guidelines (CPGs) have become an important asset for daily life in healthcare organizations. Efficient CPG management and digitization can improve the quality of patient care and healthcare by reducing variability. CPG digitization, however, is a difficult, complex task because such guidelines are usually expressed as text, and this often results in the development of partial software solutions. There are currently many CPG suites (CPGS) for managing the CPG lifecycle, but they do not all provide full support for this lifecycle, making it more difficult to choose the one which will best meet the specific needs and requirements of a healthcare organization. This paper proposes a quality model which makes it possible to compare CPGs by highlighting each phase of the lifecycle. The research was conducted using a methodology that combined a systematic literature review with quality models. The paper also discusses how the proposed model was instantiated to evaluate and compare several current CPG-based execution systems.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124855693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Mutation Testing based Safety Testing and Improving on DNNs 基于突变检测的dnn安全性检测及改进
Yuhao Wei, Song Huang, Yu Wang, Ruilin Liu, Chunyan Xia
In recent years, deep neural networks (DNNs) have made great progress in people’s daily life since it becomes easier for data accessing and labeling. However, DNN has been proven to behave uncertainly, especially when facing small perturbations in their input data, which becomes a limitation for its application in self-driving and other safety-critical fields. Those human-made attacks like adversarial attacks would cause extremely serious consequences. In this work, we design and evaluate a safety testing method for DNNs based on mutation testing, and propose an adversarial training method based on testing results and joint optimization. First, we conduct an adversarial mutation on the test datasets and measure the performance of models in response to the adversarial samples by mutation scores. Next, we evaluate the validity of mutation scores as a quantitative indicator of safety by comparing DNN models and their updated versions. Finally, we construct a joint optimization problem with safety scores for adversarial training, thus improving the safety of the model as well as the generalizability of the defense capability.
近年来,深度神经网络(deep neural networks, dnn)在人们的日常生活中取得了很大的进展,因为它变得更容易对数据进行访问和标记。然而,深度神经网络已被证明具有不确定性,特别是当其输入数据面临小扰动时,这成为其在自动驾驶和其他安全关键领域应用的限制。那些人为的攻击,比如对抗性攻击,会造成极其严重的后果。在这项工作中,我们设计并评估了一种基于突变测试的dnn安全性测试方法,并提出了一种基于测试结果和联合优化的对抗性训练方法。首先,我们对测试数据集进行对抗性突变,并通过突变分数衡量模型响应对抗性样本的性能。接下来,我们通过比较DNN模型及其更新版本来评估突变评分作为安全性定量指标的有效性。最后,我们构建了一个带有安全分数的联合优化问题用于对抗训练,从而提高了模型的安全性和防御能力的泛化性。
{"title":"Mutation Testing based Safety Testing and Improving on DNNs","authors":"Yuhao Wei, Song Huang, Yu Wang, Ruilin Liu, Chunyan Xia","doi":"10.1109/QRS57517.2022.00087","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00087","url":null,"abstract":"In recent years, deep neural networks (DNNs) have made great progress in people’s daily life since it becomes easier for data accessing and labeling. However, DNN has been proven to behave uncertainly, especially when facing small perturbations in their input data, which becomes a limitation for its application in self-driving and other safety-critical fields. Those human-made attacks like adversarial attacks would cause extremely serious consequences. In this work, we design and evaluate a safety testing method for DNNs based on mutation testing, and propose an adversarial training method based on testing results and joint optimization. First, we conduct an adversarial mutation on the test datasets and measure the performance of models in response to the adversarial samples by mutation scores. Next, we evaluate the validity of mutation scores as a quantitative indicator of safety by comparing DNN models and their updated versions. Finally, we construct a joint optimization problem with safety scores for adversarial training, thus improving the safety of the model as well as the generalizability of the defense capability.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123951791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Towards Improving Multiple Authorship Attribution of Source Code 改进源代码的多重作者归属
Pengnan Hao, Zhuguo Li, Cui Liu, Yu Wen, Fanming Liu
Source code authorship attribution addresses the problems of copyright infringement disputes and plagiarism detection. However, most software projects are collaborative development projects. It is necessary to study multiple authorship attribution. Existing methods are not reliable in the domain of multiple authorship attribution. The reasons are as follows: i) It is a challenge to divide the code boundaries of different authors in a sample; ii) code segments belonging to different authors in a sample are usually small or incomplete. This paper proposes a method to address these challenges. We first divide the code sample into multiple lines, then integrate the code lines with similar author styles into code segments using Siamese networks. Finally, we use a path-based code representation and machine learning to identify authors. Experimental results show the method achieves an accuracy of 87.35% on C/C++ dataset and 91.35% on Java dataset, which performs better than existing methods.
源代码作者归属解决了版权侵权纠纷和剽窃检测的问题。然而,大多数软件项目都是协作开发项目。研究多重作者归属是必要的。现有方法在多作者归属领域不可靠。原因如下:i)在一个样本中划分不同作者的代码边界是一个挑战;Ii)样本中属于不同作者的代码段通常很小或不完整。本文提出了一种解决这些挑战的方法。我们首先将代码样本分成多行,然后使用Siamese网络将具有相似作者风格的代码行集成到代码段中。最后,我们使用基于路径的代码表示和机器学习来识别作者。实验结果表明,该方法在C/ c++数据集上的准确率为87.35%,在Java数据集上的准确率为91.35%,优于现有方法。
{"title":"Towards Improving Multiple Authorship Attribution of Source Code","authors":"Pengnan Hao, Zhuguo Li, Cui Liu, Yu Wen, Fanming Liu","doi":"10.1109/QRS57517.2022.00059","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00059","url":null,"abstract":"Source code authorship attribution addresses the problems of copyright infringement disputes and plagiarism detection. However, most software projects are collaborative development projects. It is necessary to study multiple authorship attribution. Existing methods are not reliable in the domain of multiple authorship attribution. The reasons are as follows: i) It is a challenge to divide the code boundaries of different authors in a sample; ii) code segments belonging to different authors in a sample are usually small or incomplete. This paper proposes a method to address these challenges. We first divide the code sample into multiple lines, then integrate the code lines with similar author styles into code segments using Siamese networks. Finally, we use a path-based code representation and machine learning to identify authors. Experimental results show the method achieves an accuracy of 87.35% on C/C++ dataset and 91.35% on Java dataset, which performs better than existing methods.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124248710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Understanding and Mitigating Label Bias in Malware Classification: An Empirical Study 理解和减轻恶意软件分类中的标签偏差:一项实证研究
Jia Yan, Xiangkun Jia, Lingyun Ying, Purui Su
Machine learning techniques are promising for malware classification, but there is a neglected problem of label bias in the annotation process which decreases the performance in practice. To understand the label bias problems and existing solutions, we conduct an empirical study based on two Portable Executable (PE) malware sample datasets (i.e., open-sourced BODMAS with 52,793 samples and a new collected MAIN dataset of 153,811 samples), and 67 anti-virus engines in VirusTotal. We first show the two ways of label bias problems, including chaotic naming rules and annotation inconsistency. Then we present the effects of two solutions (i.e., electing one reputable AV engine and aggregating multiple labels based on majority voting) and find they face the problems of feature preference and engine independence. Finally, we propose some recommendations for improvements and get a 7.79% increase in the F1 score (i.e., from 84.83% to 92.62%). The dataset will be open-source for further study.
机器学习技术在恶意软件分类中有很好的应用前景,但在标注过程中存在被忽视的标签偏差问题,从而降低了实际应用中的性能。为了了解标签偏差问题和现有解决方案,我们基于VirusTotal中的两个便携式可执行(PE)恶意软件样本数据集(即开放源代码的BODMAS样本52,793个,新收集的MAIN数据集样本153,811个)和67个反病毒引擎进行了实证研究。我们首先展示了标签偏差问题的两种方式,包括混沌命名规则和标注不一致。然后我们给出了两种解决方案(即选择一个信誉良好的AV引擎和基于多数投票的聚合多个标签)的效果,发现它们面临着特征偏好和引擎独立性的问题。最后,我们提出了一些改进建议,使F1分数提高了7.79%(即从84.83%提高到92.62%)。数据集将是开源的,以供进一步研究。
{"title":"Understanding and Mitigating Label Bias in Malware Classification: An Empirical Study","authors":"Jia Yan, Xiangkun Jia, Lingyun Ying, Purui Su","doi":"10.1109/QRS57517.2022.00057","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00057","url":null,"abstract":"Machine learning techniques are promising for malware classification, but there is a neglected problem of label bias in the annotation process which decreases the performance in practice. To understand the label bias problems and existing solutions, we conduct an empirical study based on two Portable Executable (PE) malware sample datasets (i.e., open-sourced BODMAS with 52,793 samples and a new collected MAIN dataset of 153,811 samples), and 67 anti-virus engines in VirusTotal. We first show the two ways of label bias problems, including chaotic naming rules and annotation inconsistency. Then we present the effects of two solutions (i.e., electing one reputable AV engine and aggregating multiple labels based on majority voting) and find they face the problems of feature preference and engine independence. Finally, we propose some recommendations for improvements and get a 7.79% increase in the F1 score (i.e., from 84.83% to 92.62%). The dataset will be open-source for further study.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121211792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Salus: A Novel Data-Driven Monitor that Enables Real-Time Safety in Autonomous Driving Systems Salus:一种新型数据驱动监视器,可实现自动驾驶系统的实时安全
Bohan Zhang, Yafan Huang, Guanpeng Li
This paper proposes Salus, a data-driven real-time safety monitor, that detects and mitigates safety violations of an autonomous vehicle (AV). The key insight is that traffic situations that lead to AV safety violations fall into patterns and can be identified by learning from the safety violations of the AV. Our approach is to use machine learning (ML) techniques to model the traffic behaviors that result in safety violations in the AV, characterize their early symptoms for training a preemptive model, hence deploy and detect real-time safety violations before the actual crashes happen to the AV. In order to train our ML model, we leverage a pipeline of fuzzing techniques to tailor AV-specific safety violation symptoms and generate the training data via data argumentation techniques. Our evaluation demonstrates our proposed technique is effective in reducing over 97.2% of safety violations in industry-level autonomous driving systems, such as Baidu Apollo, with no more than 0.018 false positive values.
本文提出了Salus,一种数据驱动的实时安全监视器,可以检测和减轻自动驾驶汽车(AV)的安全违规行为。主要是交通情况导致AV安全违规行为分为可以识别模式和学习安全违规的AV。我们的方法是使用机器学习(ML)技术模型的交通行为,导致安全违规AV,描述他们的早期症状对于训练一个先发制人的模型,因此部署和实时检测在实际事故发生之前安全违规AV。为了训练我们毫升模型,我们利用一系列模糊测试技术来定制特定于自动驾驶汽车的安全违规症状,并通过数据论证技术生成训练数据。我们的评估表明,我们提出的技术有效地减少了97.2%以上的工业级自动驾驶系统的安全违规,如百度阿波罗,假阳性率不超过0.018。
{"title":"Salus: A Novel Data-Driven Monitor that Enables Real-Time Safety in Autonomous Driving Systems","authors":"Bohan Zhang, Yafan Huang, Guanpeng Li","doi":"10.1109/QRS57517.2022.00019","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00019","url":null,"abstract":"This paper proposes Salus, a data-driven real-time safety monitor, that detects and mitigates safety violations of an autonomous vehicle (AV). The key insight is that traffic situations that lead to AV safety violations fall into patterns and can be identified by learning from the safety violations of the AV. Our approach is to use machine learning (ML) techniques to model the traffic behaviors that result in safety violations in the AV, characterize their early symptoms for training a preemptive model, hence deploy and detect real-time safety violations before the actual crashes happen to the AV. In order to train our ML model, we leverage a pipeline of fuzzing techniques to tailor AV-specific safety violation symptoms and generate the training data via data argumentation techniques. Our evaluation demonstrates our proposed technique is effective in reducing over 97.2% of safety violations in industry-level autonomous driving systems, such as Baidu Apollo, with no more than 0.018 false positive values.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132468803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Assessing the Quality of Low-Code and Model-Driven Engineering Platforms for Engineering IoT Systems 评估工程物联网系统的低代码和模型驱动工程平台的质量
Felicien Ihirwe, Davide Di Ruscio, Simone Gianfranceschi, A. Pierantonio
Over the last few years, industry and academia have proposed several Low-Code and Model-driven Engineering (MDE) platforms to ease the engineering process of the Internet of things (IoT) systems. However, deciding whether such engineering platforms meet the minimum required software quality standards is not straightforward. Software quality can be defined as the degree to which a software system achieves its intended goal. Various software quality standards have been established to aid in the software quality assessment process; however, due to the nature of engineering IoT platforms, such models may not entirely suit the IoT domain. This paper presents a model for assessing the software quality of Low-Code and MDE platforms for engineering IoT platforms. The proposed software quality model is based on and extends the ISO/IEC 25010:2011 software product quality model standard. It is intended to assist IoT practitioners in assessing and establishing quality requirements for engineering IoT platforms. To determine the effectiveness of the proposed model, we used it to evaluate the quality of 17 IoT engineering platforms, and the results obtained are promising.
在过去的几年里,工业界和学术界提出了几种低代码和模型驱动工程(MDE)平台,以简化物联网(IoT)系统的工程过程。然而,决定这样的工程平台是否满足最低要求的软件质量标准并不是直截了当的。软件质量可以定义为软件系统实现其预期目标的程度。已经建立了各种软件质量标准,以协助软件质量评估过程;然而,由于工程物联网平台的性质,这些模型可能并不完全适合物联网领域。本文提出了一个用于工程物联网平台的低码和MDE平台软件质量评估模型。提出的软件质量模型基于并扩展了ISO/IEC 25010:2011软件产品质量模型标准。它旨在帮助物联网从业者评估和建立工程物联网平台的质量要求。为了确定所提出的模型的有效性,我们使用它来评估17个物联网工程平台的质量,得到的结果是有希望的。
{"title":"Assessing the Quality of Low-Code and Model-Driven Engineering Platforms for Engineering IoT Systems","authors":"Felicien Ihirwe, Davide Di Ruscio, Simone Gianfranceschi, A. Pierantonio","doi":"10.1109/QRS57517.2022.00065","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00065","url":null,"abstract":"Over the last few years, industry and academia have proposed several Low-Code and Model-driven Engineering (MDE) platforms to ease the engineering process of the Internet of things (IoT) systems. However, deciding whether such engineering platforms meet the minimum required software quality standards is not straightforward. Software quality can be defined as the degree to which a software system achieves its intended goal. Various software quality standards have been established to aid in the software quality assessment process; however, due to the nature of engineering IoT platforms, such models may not entirely suit the IoT domain. This paper presents a model for assessing the software quality of Low-Code and MDE platforms for engineering IoT platforms. The proposed software quality model is based on and extends the ISO/IEC 25010:2011 software product quality model standard. It is intended to assist IoT practitioners in assessing and establishing quality requirements for engineering IoT platforms. To determine the effectiveness of the proposed model, we used it to evaluate the quality of 17 IoT engineering platforms, and the results obtained are promising.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130177314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Identity Authentication Strategy of Mobile Crowd Sensing based on CFL 基于CFL的移动人群感知身份认证策略
Lin Wang, F. Li, Yunfei Xie, Leyi Shi
In order to protect information privacy and ensure user information security, in view of the obvious centralization of the existing identity authentication technologies such as Public Key Infrastructure(PKI) and Identity-Based Encrypted(IBE), this paper proposes an efficient authentication strategy that applies Cryptography Fundamental Logics(CFL) identity authentication technology to Mobile Crowd Sensing(MCS) system, which can complete the authentication between Task Publisher, Cluster Head and Task Participant without the participation of a third-party center. Firstly, this paper introduces to use CFL technology to solve the problem of identity authentication relying on the central server; Secondly, an algorithm combined with MCS system is proposed to solve the decentralization of authentication process; Finally, the Average System Response Time and System Throughput of the three technologies are obtained through simulation experiments, analyzed and compared. The result shows that: this strategy has obvious advantages, it can faster and more secure the identity authentication.
为了保护信息隐私,保障用户信息安全,针对现有的公钥基础设施(PKI)、基于身份的加密(IBE)等身份认证技术集中化明显的问题,本文提出了一种高效的身份认证策略,将加密基础逻辑(CFL)身份认证技术应用于移动人群感知(MCS)系统,可以完成任务发布者、集群头和任务参与者,无需第三方中心的参与。本文首先介绍了利用CFL技术解决依赖中央服务器的身份认证问题;其次,提出了一种与MCS系统相结合的算法来解决认证过程的去中心化问题;最后,通过仿真实验得到了三种技术的平均系统响应时间和系统吞吐量,并进行了分析和比较。结果表明:该策略具有明显的优势,可以实现更快、更安全的身份认证。
{"title":"Identity Authentication Strategy of Mobile Crowd Sensing based on CFL","authors":"Lin Wang, F. Li, Yunfei Xie, Leyi Shi","doi":"10.1109/QRS57517.2022.00024","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00024","url":null,"abstract":"In order to protect information privacy and ensure user information security, in view of the obvious centralization of the existing identity authentication technologies such as Public Key Infrastructure(PKI) and Identity-Based Encrypted(IBE), this paper proposes an efficient authentication strategy that applies Cryptography Fundamental Logics(CFL) identity authentication technology to Mobile Crowd Sensing(MCS) system, which can complete the authentication between Task Publisher, Cluster Head and Task Participant without the participation of a third-party center. Firstly, this paper introduces to use CFL technology to solve the problem of identity authentication relying on the central server; Secondly, an algorithm combined with MCS system is proposed to solve the decentralization of authentication process; Finally, the Average System Response Time and System Throughput of the three technologies are obtained through simulation experiments, analyzed and compared. The result shows that: this strategy has obvious advantages, it can faster and more secure the identity authentication.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"603 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134327702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Comprehensive Analysis of NVD Concurrency Vulnerabilities NVD并发性漏洞综合分析
Lili Bo, Xing Meng, Xiaobing Sun, Jingli Xia, Xiaoxue Wu
Concurrency vulnerabilities caused by synchronization problems will occur in the execution of multi-threaded programs, and the emergence of concurrency vulnerabilities often cause great threats to the system. Once the concurrency vulnerabilities are exploited, the system will suffer various attacks, seriously affecting its availability, confidentiality and security. In this paper, we extract 839 concurrency vulnerabilities from Common Vulnerabilities and Exposures (CVE), and conduct a comprehensive analysis of the trend, classifications, causes, severity, and impact. Finally, we obtained some findings: 1) From 1999 to 2021, the number of concurrency vulnerabilities disclosures show an overall upward trend. 2) In the distribution of concurrency vulnerability, race condition accounts for the largest proportion. 3) The overall severity of concurrency vulnerabilities is medium risk. 4) The number of concurrency vulnerabilities that can be exploited for local access and network access is almost equal, and nearly half of the concurrency vulnerabilities (377/839) can be accessed remotely. 5) The access complexity of 571 concurrency vulnerabilities is medium, and the number of concurrency vulnerabilities with high or low access complexity is almost equal. The results obtained through the empirical study can provide more support and guidance for research in the field of concurrency vulnerabilities.
在多线程程序的执行过程中会出现由同步问题引起的并发漏洞,并发漏洞的出现往往会对系统造成很大的威胁。一旦并发漏洞被利用,系统将遭受各种攻击,严重影响系统的可用性、保密性和安全性。本文从CVE (Common vulnerabilities and Exposures)中抽取了839个并发漏洞,对并发漏洞的趋势、分类、原因、严重性和影响进行了综合分析。结果表明:1)1999 - 2021年,并发漏洞披露数量总体呈上升趋势。2)并发漏洞分布中,竞态条件所占比例最大。3)并发漏洞的整体严重程度为中等风险。4)可用于本地访问和网络访问的并发漏洞数量几乎相等,近一半的并发漏洞(377/839)可用于远程访问。5) 571个并发漏洞的访问复杂度中等,高、低访问复杂度并发漏洞数量基本相等。通过实证研究得到的结果可以为并发漏洞领域的研究提供更多的支持和指导。
{"title":"A Comprehensive Analysis of NVD Concurrency Vulnerabilities","authors":"Lili Bo, Xing Meng, Xiaobing Sun, Jingli Xia, Xiaoxue Wu","doi":"10.1109/QRS57517.2022.00012","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00012","url":null,"abstract":"Concurrency vulnerabilities caused by synchronization problems will occur in the execution of multi-threaded programs, and the emergence of concurrency vulnerabilities often cause great threats to the system. Once the concurrency vulnerabilities are exploited, the system will suffer various attacks, seriously affecting its availability, confidentiality and security. In this paper, we extract 839 concurrency vulnerabilities from Common Vulnerabilities and Exposures (CVE), and conduct a comprehensive analysis of the trend, classifications, causes, severity, and impact. Finally, we obtained some findings: 1) From 1999 to 2021, the number of concurrency vulnerabilities disclosures show an overall upward trend. 2) In the distribution of concurrency vulnerability, race condition accounts for the largest proportion. 3) The overall severity of concurrency vulnerabilities is medium risk. 4) The number of concurrency vulnerabilities that can be exploited for local access and network access is almost equal, and nearly half of the concurrency vulnerabilities (377/839) can be accessed remotely. 5) The access complexity of 571 concurrency vulnerabilities is medium, and the number of concurrency vulnerabilities with high or low access complexity is almost equal. The results obtained through the empirical study can provide more support and guidance for research in the field of concurrency vulnerabilities.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131295179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
QRS 2022 Keynote Speech qrs2022主题演讲
{"title":"QRS 2022 Keynote Speech","authors":"","doi":"10.1109/qrs57517.2022.00010","DOIUrl":"https://doi.org/10.1109/qrs57517.2022.00010","url":null,"abstract":"","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124339741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1