Prior study shows that comprehending parameters can help developers understand the code’s critical information (e.g., the argument) and enhance the comprehension of the functionality. However, commenting parameter is often ignored in practice. For example, a statistic of 18 popular open-source projects shows the ratio of methods with one or more parameters but lacking "@param" comment ranges from 31% to 97%, indicating the necessity of parameter comments.To fill this gap, we propose ParamDesGen to generate a descriptive code comment (description) for each parameter given a method with one or more formal parameters. ParamDesGen consists of (1) a code analysis component to identify the Parameter Flow and extract "parameter-related code parts" and (2) a machine-learning component to generate parameter comments. We build a large-scale dataset for the task and perform experiments on it to evaluate ParamDesGen. The evaluation results show that the proposed approach substantially outperforms the baselines in terms of BLEU-4 scores (22.54 absolute improvement and 138.79% relative improvement) and ROUGE-L scores (3.12 absolute improvement and 5.90% relative improvement). We further perform ablation experiments to prove the effectiveness of the Parameter Flow.
{"title":"Parameter Description Generation with the Code Parameter Flow","authors":"Qiuyuan Chen, Zezhou Yang, Zhongxin Liu, Shanping Li, Cuiyun Gao","doi":"10.1109/QRS57517.2022.00093","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00093","url":null,"abstract":"Prior study shows that comprehending parameters can help developers understand the code’s critical information (e.g., the argument) and enhance the comprehension of the functionality. However, commenting parameter is often ignored in practice. For example, a statistic of 18 popular open-source projects shows the ratio of methods with one or more parameters but lacking \"@param\" comment ranges from 31% to 97%, indicating the necessity of parameter comments.To fill this gap, we propose ParamDesGen to generate a descriptive code comment (description) for each parameter given a method with one or more formal parameters. ParamDesGen consists of (1) a code analysis component to identify the Parameter Flow and extract \"parameter-related code parts\" and (2) a machine-learning component to generate parameter comments. We build a large-scale dataset for the task and perform experiments on it to evaluate ParamDesGen. The evaluation results show that the proposed approach substantially outperforms the baselines in terms of BLEU-4 scores (22.54 absolute improvement and 138.79% relative improvement) and ROUGE-L scores (3.12 absolute improvement and 5.90% relative improvement). We further perform ablation experiments to prove the effectiveness of the Parameter Flow.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"1639 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115836376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00106
Cong Li, Qiang Han, T. Zhang, Bingbing Lei, Yu He
There are limitations in storage and computational capacity on the single-chip microcomputer platform under the secure edge computing paradigm. A higher success rate is possible via collecting sensitive information on the time side channel by multivariate statistical analysis to crack the RSA private key when attackers decrypt ciphertexts. We proposed a quantity-simulation-analysis (QSA) method to construct Markov model for RSA timing attack tasks, which firstly quantizes the decrypt process to obtain the time-consuming characteristics, then simulates the machine instruction cycles through parallel computing to analyze Markov model with more precise state transition matrix. On this basis, a novel timing attack algorithm with fuzzy clustering state transition probability matrix of the higher order Markov model on different step sizes is proposed, compared with some algorithms from other literatures taking an exhaustive search attack algorithm as a benchmark. Experimental results show that the algorithm achieves better results in terms of success rate.
{"title":"Quantity-Simulation-Analysis Method based Novel RSA Timing Attack Algorithm for Single-Chip Microcomputer Platform","authors":"Cong Li, Qiang Han, T. Zhang, Bingbing Lei, Yu He","doi":"10.1109/QRS57517.2022.00106","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00106","url":null,"abstract":"There are limitations in storage and computational capacity on the single-chip microcomputer platform under the secure edge computing paradigm. A higher success rate is possible via collecting sensitive information on the time side channel by multivariate statistical analysis to crack the RSA private key when attackers decrypt ciphertexts. We proposed a quantity-simulation-analysis (QSA) method to construct Markov model for RSA timing attack tasks, which firstly quantizes the decrypt process to obtain the time-consuming characteristics, then simulates the machine instruction cycles through parallel computing to analyze Markov model with more precise state transition matrix. On this basis, a novel timing attack algorithm with fuzzy clustering state transition probability matrix of the higher order Markov model on different step sizes is proposed, compared with some algorithms from other literatures taking an exhaustive search attack algorithm as a benchmark. Experimental results show that the algorithm achieves better results in terms of success rate.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129380604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00018
Jin-lei Sun, Song Huang, Xingya Wang, Meijuan Wang, Jinhu Du
Blockchain Digital Assets (BDAs) are intangible assets issued based on blockchain, providing a new paradigm for managing digital assets. Smart contracts are programs running on the blockchain and enhance the flexibility of BDA in a programmable way. However, scarcity defects in smart contracts can lead to abnormal changes in the number of BDA and affect their worth. Software invariants are logical assertions that a program fragment needs to remain faithful during execution and work well in defect detection. This paper studies the scarcity defect detection method of smart contract digital assets based on invariant analysis for the first time. First, we point out eight scarcity defects in three categories and describe their examples. Next, we propose two invariants—transfer invariant and swap invariant—that should be maintained in digital assets’ management and transaction process. Then, we use the two invariants as test oracles and propose an oracle-based method to detect scarcity defects in smart contract. Finally, we evaluate the proposed method on a real-world smart contract dataset. The experimental results show that our method can effectively detect scarcity defects in smart contracts and improve the scarcity defect detection capability of existing smart contract testing tools.
{"title":"A Detection Method for Scarcity Defect of Blockchain Digital Asset based on Invariant Analysis","authors":"Jin-lei Sun, Song Huang, Xingya Wang, Meijuan Wang, Jinhu Du","doi":"10.1109/QRS57517.2022.00018","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00018","url":null,"abstract":"Blockchain Digital Assets (BDAs) are intangible assets issued based on blockchain, providing a new paradigm for managing digital assets. Smart contracts are programs running on the blockchain and enhance the flexibility of BDA in a programmable way. However, scarcity defects in smart contracts can lead to abnormal changes in the number of BDA and affect their worth. Software invariants are logical assertions that a program fragment needs to remain faithful during execution and work well in defect detection. This paper studies the scarcity defect detection method of smart contract digital assets based on invariant analysis for the first time. First, we point out eight scarcity defects in three categories and describe their examples. Next, we propose two invariants—transfer invariant and swap invariant—that should be maintained in digital assets’ management and transaction process. Then, we use the two invariants as test oracles and propose an oracle-based method to detect scarcity defects in smart contract. Finally, we evaluate the proposed method on a real-world smart contract dataset. The experimental results show that our method can effectively detect scarcity defects in smart contracts and improve the scarcity defect detection capability of existing smart contract testing tools.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129544395","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00083
Xudong He
Cyber-physical systems (CPSs) with controllers built using deep neural nets and reinforcement learning (DRL) have become increasingly used in the functioning of our society. How to assure the correctness such as the safety and stability of these DNN controllers is extremely important and remains a major research challenge. This paper presents an approach to build safe and stable DNN controllers using DRL and deep imitation learning (DIL). An initial DNN controller is built using DRL, which is used to bootstrap a behavior preserving target DNN controller with safety and stability guarantees via DIL. We have applied this approach in successfully building safe and stable DNN controllers of a simplified airplane pitch control system.
{"title":"Building Safe and Stable DNN Controllers using Deep Reinforcement Learning and Deep Imitation Learning","authors":"Xudong He","doi":"10.1109/QRS57517.2022.00083","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00083","url":null,"abstract":"Cyber-physical systems (CPSs) with controllers built using deep neural nets and reinforcement learning (DRL) have become increasingly used in the functioning of our society. How to assure the correctness such as the safety and stability of these DNN controllers is extremely important and remains a major research challenge. This paper presents an approach to build safe and stable DNN controllers using DRL and deep imitation learning (DIL). An initial DNN controller is built using DRL, which is used to bootstrap a behavior preserving target DNN controller with safety and stability guarantees via DIL. We have applied this approach in successfully building safe and stable DNN controllers of a simplified airplane pitch control system.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131338804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00021
Guangwei Tian, Jiongyi Chen, Kailun Yan, S. Yang, Wenrui Diao
The casting service on SmartTV has been increasingly used for home entertainment and business, given the convenience offered in media broadcast and screen sharing. Among the underlying protocols that support TV cast, DLNA (Digital Living Networking Alliance) – established by a group of tech giants – has become a prevailing standard in the consumer market. Although DLNA has launched the market for years, concerns may arise about whether its real-world deployment has been clearly understood.In this work, we systematically evaluate the security of DLNA deployments in the SmartTV ecosystem. Specifically, we identify a series of critical security issues in the interactions between SmartTVs and casting apps on the smartphone, ranging from non-mandatory encryption to unauthorized file access. The identified security risks can be exploited by a malicious app on the victim’s phone, without requesting sensitive permissions, to launch multiple attacks, including arbitrary command execution, data theft, MITM (man-in-the-middle) attack, and DoS (denial-of-service) attack. To measure the impact of the identified security issues, we designed semi-automated analysis solutions to facilitate the measurements and conducted real-world experiments on 10 on-shelf TV boxes. The results show that most DLNA implementations of products and apps in the wild are insecure. In the end, we provide immediate improvement solutions to mitigate the identified security issues.
{"title":"Cast Away: On the Security of DLNA Deployments in the SmartTV Ecosystem","authors":"Guangwei Tian, Jiongyi Chen, Kailun Yan, S. Yang, Wenrui Diao","doi":"10.1109/QRS57517.2022.00021","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00021","url":null,"abstract":"The casting service on SmartTV has been increasingly used for home entertainment and business, given the convenience offered in media broadcast and screen sharing. Among the underlying protocols that support TV cast, DLNA (Digital Living Networking Alliance) – established by a group of tech giants – has become a prevailing standard in the consumer market. Although DLNA has launched the market for years, concerns may arise about whether its real-world deployment has been clearly understood.In this work, we systematically evaluate the security of DLNA deployments in the SmartTV ecosystem. Specifically, we identify a series of critical security issues in the interactions between SmartTVs and casting apps on the smartphone, ranging from non-mandatory encryption to unauthorized file access. The identified security risks can be exploited by a malicious app on the victim’s phone, without requesting sensitive permissions, to launch multiple attacks, including arbitrary command execution, data theft, MITM (man-in-the-middle) attack, and DoS (denial-of-service) attack. To measure the impact of the identified security issues, we designed semi-automated analysis solutions to facilitate the measurements and conducted real-world experiments on 10 on-shelf TV boxes. The results show that most DLNA implementations of products and apps in the wild are insecure. In the end, we provide immediate improvement solutions to mitigate the identified security issues.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121995360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00076
Shuqi Liu, Yu Zhou, Tingting Han, Taolue Chen
Automatic test generation can help verify and develop the behavior of mobile applications. Test reuse based on semantic similarities between applications of the same category has been utilized to reduce the manual effort of Graphical User Interface (GUI) testing. However, most of the existing studies fail to solve the semantic problem of event matching, which leads to the failure of test reuse. To overcome this challenge, we propose TRASM (Test Reuse based on Adaptive Semantic Matching), a test reuse approach based on adaptive strategies to find a better event matching across android mobile applications. TRASM first performs GUI events deduplication on the initial test set obtained from test generation, and then employs an adaptive strategy to find better event matching, which enables reusing the existing test. Preliminary experiments with comparison to baseline methods on 15 applications demonstrate that TRASM can improve the precision of GUI event matching while reducing the failure of test reuse and the running time required for test reuse.
自动测试生成可以帮助验证和开发移动应用程序的行为。基于同一类别应用程序之间语义相似性的测试重用已被用于减少图形用户界面(GUI)测试的手工工作。然而,现有的研究大多没有解决事件匹配的语义问题,导致测试重用失败。为了克服这一挑战,我们提出了基于自适应语义匹配的测试重用方法TRASM (Test Reuse based on Adaptive Semantic Matching),这是一种基于自适应策略的测试重用方法,用于在android移动应用程序中寻找更好的事件匹配。TRASM首先对从测试生成中获得的初始测试集执行GUI事件重复删除,然后采用自适应策略寻找更好的事件匹配,从而实现对现有测试的重用。通过与基线方法在15个应用程序上的对比实验表明,TRASM可以提高GUI事件匹配的精度,同时减少测试重用的失败和测试重用所需的运行时间。
{"title":"Test Reuse based on Adaptive Semantic Matching across Android Mobile Applications","authors":"Shuqi Liu, Yu Zhou, Tingting Han, Taolue Chen","doi":"10.1109/QRS57517.2022.00076","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00076","url":null,"abstract":"Automatic test generation can help verify and develop the behavior of mobile applications. Test reuse based on semantic similarities between applications of the same category has been utilized to reduce the manual effort of Graphical User Interface (GUI) testing. However, most of the existing studies fail to solve the semantic problem of event matching, which leads to the failure of test reuse. To overcome this challenge, we propose TRASM (Test Reuse based on Adaptive Semantic Matching), a test reuse approach based on adaptive strategies to find a better event matching across android mobile applications. TRASM first performs GUI events deduplication on the initial test set obtained from test generation, and then employs an adaptive strategy to find better event matching, which enables reusing the existing test. Preliminary experiments with comparison to baseline methods on 15 applications demonstrate that TRASM can improve the precision of GUI event matching while reducing the failure of test reuse and the running time required for test reuse.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121260418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00046
Debao Sang, Jing Liu, Haiying Sun, Jin Xu, Jiexiang Kang
Bounded Model Checking (BMC) has been found promising in finding deep vulnerabilities in industry designs and scaling well with design sizes. However, the parallelisation of BMC is challenging, due to the propositional satisfiability (SAT) problem and satisfiability modulo theories problem solving being hard to parallelise. In this paper, we propose a novel approach to perform BMC based on the mathematical model of probe machine, which is the first approach to employ probe machine to accelerate BMC, particularly it can solve SAT formulas in full parallel. We introduce the workflow of the algorithm and explain in detail the process of mapping BMC to the probe machine. A method is provided to prove the correctness of the algorithm and to analyze its time complexity. We develop a model checker called BMC2PROBE based on our approach and explain the framework and memory management of the tool. The experiment results are discussed, which prove the feasibility and effectiveness of our approach.
{"title":"A Novel Approach for Bounded Model Checking Through Full Parallelism","authors":"Debao Sang, Jing Liu, Haiying Sun, Jin Xu, Jiexiang Kang","doi":"10.1109/QRS57517.2022.00046","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00046","url":null,"abstract":"Bounded Model Checking (BMC) has been found promising in finding deep vulnerabilities in industry designs and scaling well with design sizes. However, the parallelisation of BMC is challenging, due to the propositional satisfiability (SAT) problem and satisfiability modulo theories problem solving being hard to parallelise. In this paper, we propose a novel approach to perform BMC based on the mathematical model of probe machine, which is the first approach to employ probe machine to accelerate BMC, particularly it can solve SAT formulas in full parallel. We introduce the workflow of the algorithm and explain in detail the process of mapping BMC to the probe machine. A method is provided to prove the correctness of the algorithm and to analyze its time complexity. We develop a model checker called BMC2PROBE based on our approach and explain the framework and memory management of the tool. The experiment results are discussed, which prove the feasibility and effectiveness of our approach.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129048825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00102
Shuang Hu, Baojian Hua, Yang Wang
Rust is an emerging programming language designed for secure system programming that provides both security guarantees and runtime efficiency and has been increasingly used to build software infrastructures such as OS kernels, web browsers, databases, and blockchains. To support arbitrary low-level programming and to provide more flexibility, Rust introduced the unsafe feature, which may lead to security issues such as memory or concurrency vulnerabilities. Although there have been a significant number of studies on Rust security utilizing diverse techniques such as program analysis, fuzzing, privilege separation, and formal verification, existing studies suffer from three problems: 1) they only partially solve specific security issues but lack comprehensiveness; 2) most of them require manual interventions or annotations thus are not automated; and 3) they only cover a specific phase instead of the full lifecycle.In this perspective paper, we first survey current research progress on Rust security from 5 aspects, namely, empirical studies, vulnerability prevention, vulnerability detection, vulnerability rectification, and formal verification, and note the limitations of current studies. Then, we point out key challenges for Rust security. Finally, we offer our vision of a Rust security infrastructure guided by three principles: Comprehensiveness, Automation, and Lifecycle (CAL). Our work intends to promote the Rust security studies by proposing new research challenges and future research directions.
{"title":"Comprehensiveness, Automation and Lifecycle: A New Perspective for Rust Security","authors":"Shuang Hu, Baojian Hua, Yang Wang","doi":"10.1109/QRS57517.2022.00102","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00102","url":null,"abstract":"Rust is an emerging programming language designed for secure system programming that provides both security guarantees and runtime efficiency and has been increasingly used to build software infrastructures such as OS kernels, web browsers, databases, and blockchains. To support arbitrary low-level programming and to provide more flexibility, Rust introduced the unsafe feature, which may lead to security issues such as memory or concurrency vulnerabilities. Although there have been a significant number of studies on Rust security utilizing diverse techniques such as program analysis, fuzzing, privilege separation, and formal verification, existing studies suffer from three problems: 1) they only partially solve specific security issues but lack comprehensiveness; 2) most of them require manual interventions or annotations thus are not automated; and 3) they only cover a specific phase instead of the full lifecycle.In this perspective paper, we first survey current research progress on Rust security from 5 aspects, namely, empirical studies, vulnerability prevention, vulnerability detection, vulnerability rectification, and formal verification, and note the limitations of current studies. Then, we point out key challenges for Rust security. Finally, we offer our vision of a Rust security infrastructure guided by three principles: Comprehensiveness, Automation, and Lifecycle (CAL). Our work intends to promote the Rust security studies by proposing new research challenges and future research directions.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131031294","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00080
Sai Chaithra Allala, Juan P. Sotomayor, D. Santiago, Tariq M. King, Peter J. Clarke
Model-driven software engineering (MDSE) has emerged as a popular and commonly used method for designing software systems in which models are the primary development artifact over the last decade. MDSE has resulted in the trend toward further automating the software process. However, the generation of test cases from user requirements still lags in reaching the required level of automation. Given that most user requirements are written in natural language, the recent advances in natural language processing (NLP) provide an opportunity to further automate the test generation process.In this paper, we exploit the advances in MDSE and NLP to generate abstract test cases from user requirements written in structured natural language and the respective data model. We accomplish this by creating meta-models for user requirements and abstract test cases and defining the appropriate transformation rules. To support this transformation, helper methods are defined to extract the relevant information from user requirements related to testing. To show the feasibility of the approach, we developed a prototype and conducted a case study with use cases and test cases from a Payroll Management System.
{"title":"Generating Abstract Test Cases from User Requirements using MDSE and NLP","authors":"Sai Chaithra Allala, Juan P. Sotomayor, D. Santiago, Tariq M. King, Peter J. Clarke","doi":"10.1109/QRS57517.2022.00080","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00080","url":null,"abstract":"Model-driven software engineering (MDSE) has emerged as a popular and commonly used method for designing software systems in which models are the primary development artifact over the last decade. MDSE has resulted in the trend toward further automating the software process. However, the generation of test cases from user requirements still lags in reaching the required level of automation. Given that most user requirements are written in natural language, the recent advances in natural language processing (NLP) provide an opportunity to further automate the test generation process.In this paper, we exploit the advances in MDSE and NLP to generate abstract test cases from user requirements written in structured natural language and the respective data model. We accomplish this by creating meta-models for user requirements and abstract test cases and defining the appropriate transformation rules. To support this transformation, helper methods are defined to extract the relevant information from user requirements related to testing. To show the feasibility of the approach, we developed a prototype and conducted a case study with use cases and test cases from a Payroll Management System.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131871328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00081
Minghao Yang, Shunkun Yang, Wenda Wu
Effective testing methods have been proposed to verify the reliability and robustness of Deep Neural Networks (DNNs). However, enhancing their adversarial robustness against various attacks and perturbations through testing remains a key issue for their further applications. Therefore, we propose DeepRTest, a white-box testing framework for DNNs guided by vulnerability to effectively test and improve the adversarial robustness of DNNs. Specifically, the test input generation algorithm based on joint optimization fully induces the misclassification of DNNs. The generated high neuron coverage inputs near classification boundaries expose vulnerabilities to test adversarial robustness comprehensively. Then, retraining based on the generated inputs effectively optimize the classification boundaries and fix the vulnerabilities to improve the adversarial robustness against perturbations. The experimental results indicate that DeepRTest achieved higher neuron coverage and classification accuracy than baseline methods. Moreover, DeepRTest could improve the adversarial robustness by 39% on average, which was 12.56% higher than other methods.
{"title":"DeepRTest: A Vulnerability-Guided Robustness Testing and Enhancement Framework for Deep Neural Networks","authors":"Minghao Yang, Shunkun Yang, Wenda Wu","doi":"10.1109/QRS57517.2022.00081","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00081","url":null,"abstract":"Effective testing methods have been proposed to verify the reliability and robustness of Deep Neural Networks (DNNs). However, enhancing their adversarial robustness against various attacks and perturbations through testing remains a key issue for their further applications. Therefore, we propose DeepRTest, a white-box testing framework for DNNs guided by vulnerability to effectively test and improve the adversarial robustness of DNNs. Specifically, the test input generation algorithm based on joint optimization fully induces the misclassification of DNNs. The generated high neuron coverage inputs near classification boundaries expose vulnerabilities to test adversarial robustness comprehensively. Then, retraining based on the generated inputs effectively optimize the classification boundaries and fix the vulnerabilities to improve the adversarial robustness against perturbations. The experimental results indicate that DeepRTest achieved higher neuron coverage and classification accuracy than baseline methods. Moreover, DeepRTest could improve the adversarial robustness by 39% on average, which was 12.56% higher than other methods.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133478925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}