Binary code similarity detection for cross-platform is widely used in plagiarism detection, malware detection and vulnerability search, aiming to detect whether two binary functions over different platforms are similar. Existing cross-architecture approaches mainly rely on the approximate matching calculation of complex high-dimensional features, such as graph, which are inevitably slow and unsuitable for large-scale applications. To solve this problem, we propose a novel approach based on index table called CBSDI, improving efficiency by screening a batch of mismatched functions before similarity detection. We select three features and compare them across architectures to select the most appropriate one to construct the index table, and this table can be embedded in other tools. The evaluation shows that the index table can roughly cut the computational costs in half when there are few errors. Moreover, compared with the related works in the literature, our proposed approach can improve not only the efficiency but also the accuracy.
{"title":"CBSDI: Cross-Architecture Binary Code Similarity Detection based on Index Table","authors":"Longmin Deng, Dongdong Zhao, Junwei Zhou, Zhe Xia, Jianwen Xiang","doi":"10.1109/QRS57517.2022.00060","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00060","url":null,"abstract":"Binary code similarity detection for cross-platform is widely used in plagiarism detection, malware detection and vulnerability search, aiming to detect whether two binary functions over different platforms are similar. Existing cross-architecture approaches mainly rely on the approximate matching calculation of complex high-dimensional features, such as graph, which are inevitably slow and unsuitable for large-scale applications. To solve this problem, we propose a novel approach based on index table called CBSDI, improving efficiency by screening a batch of mismatched functions before similarity detection. We select three features and compare them across architectures to select the most appropriate one to construct the index table, and this table can be embedded in other tools. The evaluation shows that the index table can roughly cut the computational costs in half when there are few errors. Moreover, compared with the related works in the literature, our proposed approach can improve not only the efficiency but also the accuracy.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123490993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00092
António Morais, R. Barbosa, Nuno Lourenço, F. Cerveira, M. Lombardi, H. Madeira
The error robustness of Convolutional Neural Networks (CNNs) is an important attribute requiring attention due to their growing application in safety-critical domains such as autonomous driving and medical devices. Hardware errors affecting the execution of such models may lead to system failures and, therefore, fault tolerance techniques are necessary to improve dependability. This paper proposes an approach to improve the robustness of CNNs and experimentally compares it with three other existing techniques. Fault injection is used to emulate hardware faults affecting CNNs targeting four distinct datasets. Results indicate that the ranger technique globally provides the best robustness closely followed by the stimulated training technique, although the former provides much lower temporal overhead than the latter. Architectural redundancy and dropout provide varying results. In all cases, caution through final evaluation of any CNN is required, because there are corner cases in which the robustness decreases, contrary to the intended outcome.
{"title":"Strategies for Improving the Error Robustness of Convolutional Neural Networks","authors":"António Morais, R. Barbosa, Nuno Lourenço, F. Cerveira, M. Lombardi, H. Madeira","doi":"10.1109/QRS57517.2022.00092","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00092","url":null,"abstract":"The error robustness of Convolutional Neural Networks (CNNs) is an important attribute requiring attention due to their growing application in safety-critical domains such as autonomous driving and medical devices. Hardware errors affecting the execution of such models may lead to system failures and, therefore, fault tolerance techniques are necessary to improve dependability. This paper proposes an approach to improve the robustness of CNNs and experimentally compares it with three other existing techniques. Fault injection is used to emulate hardware faults affecting CNNs targeting four distinct datasets. Results indicate that the ranger technique globally provides the best robustness closely followed by the stimulated training technique, although the former provides much lower temporal overhead than the latter. Architectural redundancy and dropout provide varying results. In all cases, caution through final evaluation of any CNN is required, because there are corner cases in which the robustness decreases, contrary to the intended outcome.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128000454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00089
Yuechen Li, Hanyu Pei, Linzhi Huang, Beibei Yin
Deep neural networks (DNNs) have achieved tremendous development while they may encounter with incorrect behaviors and result in economic losses. Identifying the most represented data become critical for revealing incorrect behaviours and improving the quality DNN-driven systems. Various testing strategies for DNNs have been proposed. However, DNN testing is still at early stage and existing strategies might not sufficiently effective. Dynamic random testing (DRT) strategy uses the feedback mechanism to guide the test case selection, which has been proved to be effective in fault detection. However, its efficacy for Natural Language Processing (NLP) DNN models has not been thoroughly studied. In this paper, a Distance-based DRT with prioritization (D-DRT-P) is proposed, which combines the priority information and distance information into DRT to guide the selection of test cases and testing profile adjustment. Empirical studies demonstrate that D-DRT-P can improve the fault detecting effectiveness than other test prioritization strategies in most cases.
{"title":"A Distance-Based Dynamic Random Testing Strategy for Natural Language Processing DNN Models","authors":"Yuechen Li, Hanyu Pei, Linzhi Huang, Beibei Yin","doi":"10.1109/QRS57517.2022.00089","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00089","url":null,"abstract":"Deep neural networks (DNNs) have achieved tremendous development while they may encounter with incorrect behaviors and result in economic losses. Identifying the most represented data become critical for revealing incorrect behaviours and improving the quality DNN-driven systems. Various testing strategies for DNNs have been proposed. However, DNN testing is still at early stage and existing strategies might not sufficiently effective. Dynamic random testing (DRT) strategy uses the feedback mechanism to guide the test case selection, which has been proved to be effective in fault detection. However, its efficacy for Natural Language Processing (NLP) DNN models has not been thoroughly studied. In this paper, a Distance-based DRT with prioritization (D-DRT-P) is proposed, which combines the priority information and distance information into DRT to guide the selection of test cases and testing profile adjustment. Empirical studies demonstrate that D-DRT-P can improve the fault detecting effectiveness than other test prioritization strategies in most cases.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117281924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00066
P. Almeida, J. Faria, B. Lima
One of the most critical ICT application domains is healthcare, where a single failure can lead a patient into a hazardous situation. Due to this, there’s a great necessity to ensure that the developed solutions are safe and secure and perform as expected. Smart-Health-4-All (SH4ALL) is a project aiming at accelerating the research, development, commercialization, and dissemination of trustworthy smart health solutions in Portugal. One of the key components of the project is a web platform that supports the generation of integration and system tests for smart health solutions (comprising medical devices, applications, etc.), following a software product line approach. At the domain engineering level, the platform supports the creation of feature models and related test patterns for families of smart health products. At the product engineering level, the platform supports the instantiation of test patterns and the generation of corresponding test scripts ready for execution on specific products under test. This paper presents the aforementioned test platform and test process, and the discovery of test patterns.
最关键的ICT应用领域之一是医疗保健,在该领域,一次故障就可能导致患者陷入危险境地。因此,非常有必要确保开发的解决方案安全可靠,并按预期执行。smart - health -4- all (SH4ALL)是一个旨在加速研究、开发、商业化和传播可信赖的智能健康解决方案的项目。该项目的关键组件之一是一个web平台,该平台支持智能健康解决方案(包括医疗设备、应用程序等)的集成和系统测试的生成,遵循软件产品线方法。在领域工程层面,平台支持智能健康产品家族的特征模型和相关测试模式的创建。在产品工程级别上,平台支持测试模式的实例化,并生成相应的测试脚本,以便在被测试的特定产品上执行。本文介绍了上述测试平台和测试过程,以及测试模式的发现。
{"title":"A Pattern-Based Test Platform for Families of Smart Health Products","authors":"P. Almeida, J. Faria, B. Lima","doi":"10.1109/QRS57517.2022.00066","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00066","url":null,"abstract":"One of the most critical ICT application domains is healthcare, where a single failure can lead a patient into a hazardous situation. Due to this, there’s a great necessity to ensure that the developed solutions are safe and secure and perform as expected. Smart-Health-4-All (SH4ALL) is a project aiming at accelerating the research, development, commercialization, and dissemination of trustworthy smart health solutions in Portugal. One of the key components of the project is a web platform that supports the generation of integration and system tests for smart health solutions (comprising medical devices, applications, etc.), following a software product line approach. At the domain engineering level, the platform supports the creation of feature models and related test patterns for families of smart health products. At the product engineering level, the platform supports the instantiation of test patterns and the generation of corresponding test scripts ready for execution on specific products under test. This paper presents the aforementioned test platform and test process, and the discovery of test patterns.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122974924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00068
Shuai Zhang, Meng Wang, Yi Liu, Yuhan Zhang, Bin Yu
Smart contracts are commonly used to build finance-related decentralized applications. If a smart contract vulnerability is exploited by an attacker, the contract owner may suffer financial losses. We focus on a particular class of smart contract vulnerabilities that require a specific sequence of multiple transactions to trigger, which we call multi-transaction sequence vulnerabilities. Due to the combinatorial explosion problem caused by the huge number of possible transaction sequences, the efficiency and scalability for existing security analyzers to detect multi-transaction sequence vulnerabilities are limited. To alleviate the problem, we propose a vulnerability detection approach based on symbolic execution and inter-path data dependency. In the approach, we first traverse paths in a contract, and record read and write operations of each path. Then, we selectively execute paths which are conducive to discovering vulnerabilities during the subsequent detection process according to inter-path data dependencies. By pruning out most paths that are not relevant to vulnerabilities, we improve the efficiency and scalability of detecting multi-transaction sequence vulnerabilities. We evaluate our approach on 442 contracts collected from CVE reports and 104 contracts with Ether leakage and suicide defects. The experimental results show that our approach reaches an average 2x speedup comparing to Mythril.
{"title":"Multi-Transaction Sequence Vulnerability Detection for Smart Contracts based on Inter-Path Data Dependency","authors":"Shuai Zhang, Meng Wang, Yi Liu, Yuhan Zhang, Bin Yu","doi":"10.1109/QRS57517.2022.00068","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00068","url":null,"abstract":"Smart contracts are commonly used to build finance-related decentralized applications. If a smart contract vulnerability is exploited by an attacker, the contract owner may suffer financial losses. We focus on a particular class of smart contract vulnerabilities that require a specific sequence of multiple transactions to trigger, which we call multi-transaction sequence vulnerabilities. Due to the combinatorial explosion problem caused by the huge number of possible transaction sequences, the efficiency and scalability for existing security analyzers to detect multi-transaction sequence vulnerabilities are limited. To alleviate the problem, we propose a vulnerability detection approach based on symbolic execution and inter-path data dependency. In the approach, we first traverse paths in a contract, and record read and write operations of each path. Then, we selectively execute paths which are conducive to discovering vulnerabilities during the subsequent detection process according to inter-path data dependencies. By pruning out most paths that are not relevant to vulnerabilities, we improve the efficiency and scalability of detecting multi-transaction sequence vulnerabilities. We evaluate our approach on 442 contracts collected from CVE reports and 104 contracts with Ether leakage and suicide defects. The experimental results show that our approach reaches an average 2x speedup comparing to Mythril.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124227594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00041
Fuqun Huang, Bo Zhao, H. Madeira
Modern code reviews tend to take a lightweight process, in which the accuracy and efficiency of identifying defects rely heavily on code reviewers’ experience. The human errors of developers, as a significant cause of software defects, is a key to identifying defects. However, there is a lack of understanding of the human error mechanisms underlying defects in code. This paper proposes an innovative code review method for identifying defects by pinpointing the scenarios that developers tend to commit errors. The method was validated by a comprehensive experimental study that involved 49 code reviewers organized in two independent groups, i.e. experimental group vs. controlled group for each other. Forty reviewers have completed the whole experiment and provided the data for statistical analysis on the effects of the approach. The experiment shows that the proposed method has significantly improved True Positives and Sensitivity by about 400%, improved Precision by approximately 200%, and reduced around one-third of False Positives. The effects were consistent across different tasks and different code reviewers.
{"title":"A New Code Review Method based on Human Errors","authors":"Fuqun Huang, Bo Zhao, H. Madeira","doi":"10.1109/QRS57517.2022.00041","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00041","url":null,"abstract":"Modern code reviews tend to take a lightweight process, in which the accuracy and efficiency of identifying defects rely heavily on code reviewers’ experience. The human errors of developers, as a significant cause of software defects, is a key to identifying defects. However, there is a lack of understanding of the human error mechanisms underlying defects in code. This paper proposes an innovative code review method for identifying defects by pinpointing the scenarios that developers tend to commit errors. The method was validated by a comprehensive experimental study that involved 49 code reviewers organized in two independent groups, i.e. experimental group vs. controlled group for each other. Forty reviewers have completed the whole experiment and provided the data for statistical analysis on the effects of the approach. The experiment shows that the proposed method has significantly improved True Positives and Sensitivity by about 400%, improved Precision by approximately 200%, and reduced around one-third of False Positives. The effects were consistent across different tasks and different code reviewers.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132517420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00064
Abu Faisal, Mohammad Zulkernine
Secure group communication is one of the challenging issues of present times. With the advancements of the cloud technologies and the internet services, people are getting more dependent on multi-party services, such as online meetings and classes, video and audio group calling and messaging, online conferences and webinars, and online gaming. To secure these multi-party communications, one of the most important components is the group key exchange (GKE). The existing GKE approaches are computationally expensive and do not offer scalability. These approaches only support small static groups to share a common secret key and do not properly address the situation of adding or removing group member(s). This is not acceptable for the multi-party communications with a large number of participants, especially when any participant(s) can join or leave the communications at any time. In this paper, we propose a secure, authenticated, and scalable group key exchange (SAS-GKE) that implements a constant-round contributory approach to generate the common secret key between any number of participants. SAS-GKE arranges all the participants in a three-tiered (depth = 2) m-ary tree structure that distributes the computational load between the participants in a balanced way. The proposed GKE utilizes public key authentication that prevents man-in-the-middle (MITM) attacks at every step of the group key exchange.
{"title":"SAS-GKE: A Secure Authenticated Scalable Group Key Exchange","authors":"Abu Faisal, Mohammad Zulkernine","doi":"10.1109/QRS57517.2022.00064","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00064","url":null,"abstract":"Secure group communication is one of the challenging issues of present times. With the advancements of the cloud technologies and the internet services, people are getting more dependent on multi-party services, such as online meetings and classes, video and audio group calling and messaging, online conferences and webinars, and online gaming. To secure these multi-party communications, one of the most important components is the group key exchange (GKE). The existing GKE approaches are computationally expensive and do not offer scalability. These approaches only support small static groups to share a common secret key and do not properly address the situation of adding or removing group member(s). This is not acceptable for the multi-party communications with a large number of participants, especially when any participant(s) can join or leave the communications at any time. In this paper, we propose a secure, authenticated, and scalable group key exchange (SAS-GKE) that implements a constant-round contributory approach to generate the common secret key between any number of participants. SAS-GKE arranges all the participants in a three-tiered (depth = 2) m-ary tree structure that distributes the computational load between the participants in a balanced way. The proposed GKE utilizes public key authentication that prevents man-in-the-middle (MITM) attacks at every step of the group key exchange.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131753188","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00036
Zhishen Zhu, Hao Zhou, Qingya Yang, Chonghua Wang, Zhuguo Li
Identity resolution is an emerging network resource widely applied in Industrial Internet of Things. Although encryption improves the privacy of identity resolution, it also challenges DPI-based anomaly detection. Therefore, it is imperative to recognize and supplement the encrypted information of IDS. In this paper, we design a machine learning-based framework to automatically extract critical information of identity resolution system from network traffic. According to the characteristics of traffic, we use the hybrid feature of statistics and sequences to describe encrypted traffic. Besides, a supervised classification algorithm is applied to explore the effective classification of two communication processes, which are service attribution information for node addressing and operation behavior for data management. We tested this method based on the encrypted traffic collected from a realistic identity resolution system. The results indicate that our approach exhibits good performance, outperforms related works, and can be applied in resource-constrained industrial scenario. This is the first work analysing the identity resolution system from the perspective of traffic analysis.
{"title":"Anomaly Detection in Encrypted Identity Resolution Traffic based on Machine Learning","authors":"Zhishen Zhu, Hao Zhou, Qingya Yang, Chonghua Wang, Zhuguo Li","doi":"10.1109/QRS57517.2022.00036","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00036","url":null,"abstract":"Identity resolution is an emerging network resource widely applied in Industrial Internet of Things. Although encryption improves the privacy of identity resolution, it also challenges DPI-based anomaly detection. Therefore, it is imperative to recognize and supplement the encrypted information of IDS. In this paper, we design a machine learning-based framework to automatically extract critical information of identity resolution system from network traffic. According to the characteristics of traffic, we use the hybrid feature of statistics and sequences to describe encrypted traffic. Besides, a supervised classification algorithm is applied to explore the effective classification of two communication processes, which are service attribution information for node addressing and operation behavior for data management. We tested this method based on the encrypted traffic collected from a realistic identity resolution system. The results indicate that our approach exhibits good performance, outperforms related works, and can be applied in resource-constrained industrial scenario. This is the first work analysing the identity resolution system from the perspective of traffic analysis.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131282348","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00063
Pedro David Almeida, F. Cerveira, R. Barbosa, H. Madeira
Fault injection is a well-established technique in the research community that consists of emulating faults in order to obtain dependability-related data. Despite its potential, fault injection has been less widely adopted outside of academia, due to the expertise required to effectively conduct fault injection campaigns and to the lack of tools that can be easily adapted to different systems. This paper presents ucXception, an easy-to-install, extendable, open-source framework for orchestrating the entire lifecycle of fault injection campaigns without requiring expert knowledge and using a graphical interface. ucXception supports injection of software and hardware faults using realistic fault models and can be applied to a variety of target systems, including virtualized systems and complex cloud computing deployments. This brings fault injection to modern environments of cloud computing. As a use case, a preliminary analysis on the usage of failure models as a valid alternative to fault models is performed.
{"title":"ucXception: A Framework for Evaluating Dependability of Software Systems","authors":"Pedro David Almeida, F. Cerveira, R. Barbosa, H. Madeira","doi":"10.1109/QRS57517.2022.00063","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00063","url":null,"abstract":"Fault injection is a well-established technique in the research community that consists of emulating faults in order to obtain dependability-related data. Despite its potential, fault injection has been less widely adopted outside of academia, due to the expertise required to effectively conduct fault injection campaigns and to the lack of tools that can be easily adapted to different systems. This paper presents ucXception, an easy-to-install, extendable, open-source framework for orchestrating the entire lifecycle of fault injection campaigns without requiring expert knowledge and using a graphical interface. ucXception supports injection of software and hardware faults using realistic fault models and can be applied to a variety of target systems, including virtualized systems and complex cloud computing deployments. This brings fault injection to modern environments of cloud computing. As a use case, a preliminary analysis on the usage of failure models as a valid alternative to fault models is performed.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126683756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-12-01DOI: 10.1109/QRS57517.2022.00047
Huiyu Liu, Jing Liu, Wei Yin, Haiying Sun, Chenchen Yang
Establishing formal modeling and verification methods for requirements has become the key to enhancing avionics software’s safety and development efficiency. As the mainstream modeling language used in Model-Based Software Engineering (MBSE), SysML is often applied to software requirements specifications. However, due to the lack of systematic and rigorous semantic definitions, SysML can cause problems in terms of accuracy and consistency in system development, threatening the correctness of safety-critical avionics software. To address the problem, this paper defines Safety SysML State Machine, an extended SysML state machine for safety control functions. Stepwise, the authors illustrate the formal specification and the refinement rules of the Safety SysML State Machine to construct the avionics integration model. Furthermore, a tool is implemented integrating the modeling and verification of the Safety SysML State Machine. Our contribution has a profound potential to broaden the use of MBSE and its well-known advantages in safety-critical applications. A specific case study on the aircraft roll angle control system demonstrates the effectiveness of our approach and the tool.
{"title":"Safety SysML: An Executable Safety-Critical Avionics Requirement Modeling Language","authors":"Huiyu Liu, Jing Liu, Wei Yin, Haiying Sun, Chenchen Yang","doi":"10.1109/QRS57517.2022.00047","DOIUrl":"https://doi.org/10.1109/QRS57517.2022.00047","url":null,"abstract":"Establishing formal modeling and verification methods for requirements has become the key to enhancing avionics software’s safety and development efficiency. As the mainstream modeling language used in Model-Based Software Engineering (MBSE), SysML is often applied to software requirements specifications. However, due to the lack of systematic and rigorous semantic definitions, SysML can cause problems in terms of accuracy and consistency in system development, threatening the correctness of safety-critical avionics software. To address the problem, this paper defines Safety SysML State Machine, an extended SysML state machine for safety control functions. Stepwise, the authors illustrate the formal specification and the refinement rules of the Safety SysML State Machine to construct the avionics integration model. Furthermore, a tool is implemented integrating the modeling and verification of the Safety SysML State Machine. Our contribution has a profound potential to broaden the use of MBSE and its well-known advantages in safety-critical applications. A specific case study on the aircraft roll angle control system demonstrates the effectiveness of our approach and the tool.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123670098","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: