Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00097
Shamanth Manjunath, Ethan Wescoat, Vinita Jansari, Matthew Krugh, L. Mears
Bearings are a common failure component found in roto-dynamic equipment. As a bearing fails, tell-tale signs in collected data indicate progressing damage, depending on the operating conditions and bearing failure mode. This paper classifies bearing damage under different damage levels and operating conditions for contamination failure and focuses on differentiating the collected signals between different contamination levels against the baseline data. A contaminate was measured and mixed into the bearing grease before applying it to the rolling elements. An increasing amount of contamination was mixed into the bearing grease to simulate progressing damage and failure mode. Five classifiers are used to diagnose the condition: Random Forest, Multilayer Perceptron, K-Nearest Neighbor, Decision Tree, and Naive Bayes. The algorithms are compared using four different metrics: weighted average, Precision, Recall, and F-Measure. The algorithms are trained to diagnose failures over multiple operating conditions to circumvent possible operation changes in the real world. The algorithms were trained on the training dataset, and the model was deployed on unseen test data to evaluate the performance of the classifiers. Random forest classifier provided the best classification results with an overall accuracy of 96 % for the test data.
{"title":"Classification Analysis of Bearing Contrived Dataset under Different Levels of Contamination","authors":"Shamanth Manjunath, Ethan Wescoat, Vinita Jansari, Matthew Krugh, L. Mears","doi":"10.1109/ISSREW55968.2022.00097","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00097","url":null,"abstract":"Bearings are a common failure component found in roto-dynamic equipment. As a bearing fails, tell-tale signs in collected data indicate progressing damage, depending on the operating conditions and bearing failure mode. This paper classifies bearing damage under different damage levels and operating conditions for contamination failure and focuses on differentiating the collected signals between different contamination levels against the baseline data. A contaminate was measured and mixed into the bearing grease before applying it to the rolling elements. An increasing amount of contamination was mixed into the bearing grease to simulate progressing damage and failure mode. Five classifiers are used to diagnose the condition: Random Forest, Multilayer Perceptron, K-Nearest Neighbor, Decision Tree, and Naive Bayes. The algorithms are compared using four different metrics: weighted average, Precision, Recall, and F-Measure. The algorithms are trained to diagnose failures over multiple operating conditions to circumvent possible operation changes in the real world. The algorithms were trained on the training dataset, and the model was deployed on unseen test data to evaluate the performance of the classifiers. Random forest classifier provided the best classification results with an overall accuracy of 96 % for the test data.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"63 1-2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120926792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00082
Junwei Zhou, Botian Lei, Huile Lang
Detecting the gene sequence of virus strains from patients and classifying them into specific strains are very important to provide effective treatment. However, there are significant barriers to sharing the virus strains' gene data in plaintext to the privacy concerns of the patients. Homomorphic encryption is a form of encryption that allows users to calculate encrypted data without decrypting it. Achieving highly accurate viral strain prediction while safeguarding user privacy is a challenge. We develop a secure multi-label virus strains classification method using the homomorphic encryption scheme. We first used the method of statistical genotype frequencies for preprocessing to reduce the gene dimension of viral strains. Second, we improved the TFHE library proposed by Chillotti et al. to accommodate the floating-point input of the neural network to make the homomorphic calculation result more accurate. Finally, we improve computational speed and reduce storage usage by a data packing method that packs multiple feature information into one ciphertext. We successfully calculated 2000 virus strains classification inference steps on 128-bit encrypted test data in 0.09 seconds, reaching an accuracy of 100 %.
{"title":"Homomorphic multi-label classification of virus strains","authors":"Junwei Zhou, Botian Lei, Huile Lang","doi":"10.1109/ISSREW55968.2022.00082","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00082","url":null,"abstract":"Detecting the gene sequence of virus strains from patients and classifying them into specific strains are very important to provide effective treatment. However, there are significant barriers to sharing the virus strains' gene data in plaintext to the privacy concerns of the patients. Homomorphic encryption is a form of encryption that allows users to calculate encrypted data without decrypting it. Achieving highly accurate viral strain prediction while safeguarding user privacy is a challenge. We develop a secure multi-label virus strains classification method using the homomorphic encryption scheme. We first used the method of statistical genotype frequencies for preprocessing to reduce the gene dimension of viral strains. Second, we improved the TFHE library proposed by Chillotti et al. to accommodate the floating-point input of the neural network to make the homomorphic calculation result more accurate. Finally, we improve computational speed and reduce storage usage by a data packing method that packs multiple feature information into one ciphertext. We successfully calculated 2000 virus strains classification inference steps on 128-bit encrypted test data in 0.09 seconds, reaching an accuracy of 100 %.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130098490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00044
Haowei Quan, Jiawei Wang, Bo Li, Xiaoning Du, Kui Liu, Li Li
Understanding the evolution of library methods is essential for maintaining high-quality and reliable software systems as those libraries often evolve rapidly in order to meet new requirements such as adding new features, improving performance, or fixing vulnerabilities. Failing to incorporate this evolution may result in compatibility issues that may manifest themselves as runtime crashes, leading to a poor user experience. This is not uncommon for the most popular programming language, Python, for which our community has developed over 380,000 libraries. To help developers better understand their used libraries, we propose to the community a prototype tool called PyMevol to model Python libraries' APIs and their evolution. Specifically, given a Python library, PyMevol statically examines its code to extract APIs (including aliases introduced by Python's import-flow mechanism) from all its released versions to build a history-sensitive alias-aware API explorer tree, a tree structure that allows users to explore the biography of each API so as to quickly locate where and when a given API is introduced, changed, or removed. Our experimental results over five popular real-world Python libraries show that our approach is reliable in achieving its purpose (i.e., over 90 % of accuracy) and helpful in supporting further API-relevant analyses.
{"title":"Characterizing Python Method Evolution with PyMevol: An Essential Step Towards Enabling Reliable Software Systems","authors":"Haowei Quan, Jiawei Wang, Bo Li, Xiaoning Du, Kui Liu, Li Li","doi":"10.1109/ISSREW55968.2022.00044","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00044","url":null,"abstract":"Understanding the evolution of library methods is essential for maintaining high-quality and reliable software systems as those libraries often evolve rapidly in order to meet new requirements such as adding new features, improving performance, or fixing vulnerabilities. Failing to incorporate this evolution may result in compatibility issues that may manifest themselves as runtime crashes, leading to a poor user experience. This is not uncommon for the most popular programming language, Python, for which our community has developed over 380,000 libraries. To help developers better understand their used libraries, we propose to the community a prototype tool called PyMevol to model Python libraries' APIs and their evolution. Specifically, given a Python library, PyMevol statically examines its code to extract APIs (including aliases introduced by Python's import-flow mechanism) from all its released versions to build a history-sensitive alias-aware API explorer tree, a tree structure that allows users to explore the biography of each API so as to quickly locate where and when a given API is introduced, changed, or removed. Our experimental results over five popular real-world Python libraries show that our approach is reliable in achieving its purpose (i.e., over 90 % of accuracy) and helpful in supporting further API-relevant analyses.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130815943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00068
T. Hastings, Kristen R. Walcott
We are heading for a perfect storm, making open source software poisoning and next-generation supply chain attacks much easier to execute, which could have major im-plications for organizations. The widespread adoption of open source (99% of today's software utilizes open source), the ease of today's package managers, and the best practice of implementing continuous delivery for software projects provide an unprece-dented opportunity for attack. Once an adversary compromises a project, they can deploy malicious code into production under the auspicious of a software patch. Downstream projects will ingest the compromised patch, and now those projects are potentially running the malicious code. The impact could be implementing backdoors, gathering intelligence, delivering malware, or denying a service. According to Sonatype, a leading commercial software security company, these next-generation supply chain attacks have increased 430 % in the last year and there is not a good way to vet or monitor an open-source project prior to incorporating the project. In this paper, we analyzed two case studies of compromised open source components. We propose six continuous verification controls that enable organizations to make data-driven decisions and mitigate breaches, such as analyzing community metrics and project hygiene using scorecards and monitoring the boundary of the software in production. In one case study, the controls identified high levels of risk immediately even though the package is widely used and has over 7 million downloads a week. In both case studies we found that the controls could have prevented malicious actions despite the project breaches.
{"title":"Continuous Verification of Open Source Components in a World of Weak Links","authors":"T. Hastings, Kristen R. Walcott","doi":"10.1109/ISSREW55968.2022.00068","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00068","url":null,"abstract":"We are heading for a perfect storm, making open source software poisoning and next-generation supply chain attacks much easier to execute, which could have major im-plications for organizations. The widespread adoption of open source (99% of today's software utilizes open source), the ease of today's package managers, and the best practice of implementing continuous delivery for software projects provide an unprece-dented opportunity for attack. Once an adversary compromises a project, they can deploy malicious code into production under the auspicious of a software patch. Downstream projects will ingest the compromised patch, and now those projects are potentially running the malicious code. The impact could be implementing backdoors, gathering intelligence, delivering malware, or denying a service. According to Sonatype, a leading commercial software security company, these next-generation supply chain attacks have increased 430 % in the last year and there is not a good way to vet or monitor an open-source project prior to incorporating the project. In this paper, we analyzed two case studies of compromised open source components. We propose six continuous verification controls that enable organizations to make data-driven decisions and mitigate breaches, such as analyzing community metrics and project hygiene using scorecards and monitoring the boundary of the software in production. In one case study, the controls identified high levels of risk immediately even though the package is widely used and has over 7 million downloads a week. In both case studies we found that the controls could have prevented malicious actions despite the project breaches.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"297 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128608247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00061
Leonardo Miranda, Cabral Lima, D. Menasché, Guilherme de Melo Baptista Domingues
Sequential performance analysis aims at evaluating performance indicators in an online fashion. The process stops in accordance with a pre-defined stopping rule, as soon as an anomaly that should produce an alarm is observed. Traditional sequential performance analysis techniques include CUSUM and sequential probability ratio test (SPRT). More recent techniques include the bucket algorithm, wherein tokens are accumulated into buckets when the system degrades, and removed when the system naturally recovers. If the number of tokens in the system reaches a threshold, an alarm is triggered. In this paper, we analyze sequential performance analysis algorithms applied to a system that is subject to rejuvenation. Among our results, we indicate how rejuvenation impacts the time until false alarms, and how to set the optimal rejuvenation rate accounting for the fact that systems can recover from transient performance degradation either naturally, as in standard sequential performance analysis models, or due to rejuvenation.
{"title":"Sequential Performance Analysis of Systems that Age and Rejuvenate","authors":"Leonardo Miranda, Cabral Lima, D. Menasché, Guilherme de Melo Baptista Domingues","doi":"10.1109/ISSREW55968.2022.00061","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00061","url":null,"abstract":"Sequential performance analysis aims at evaluating performance indicators in an online fashion. The process stops in accordance with a pre-defined stopping rule, as soon as an anomaly that should produce an alarm is observed. Traditional sequential performance analysis techniques include CUSUM and sequential probability ratio test (SPRT). More recent techniques include the bucket algorithm, wherein tokens are accumulated into buckets when the system degrades, and removed when the system naturally recovers. If the number of tokens in the system reaches a threshold, an alarm is triggered. In this paper, we analyze sequential performance analysis algorithms applied to a system that is subject to rejuvenation. Among our results, we indicate how rejuvenation impacts the time until false alarms, and how to set the optimal rejuvenation rate accounting for the fact that systems can recover from transient performance degradation either naturally, as in standard sequential performance analysis models, or due to rejuvenation.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130761303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00056
M. Tang, T. H. Tse, Z. Zhou
Owing to big data, DBMS testing faces the oracle problem, that is, it is difficult to verify execution results against expected outcomes. Rigger and Su applied metamorphic testing to alleviate the challenge. We propose a disjoint-partitioning approach to extend their work. We have conducted an empirical case study on OceanBase, the DBMS associated with the world's fastest online transaction processing system. Even though Ocean- Base has been extensively tested and widely used in the industry, we have unveiled various hidden failures and crashes.
{"title":"A Disjoint-Partitioning Approach to Enhancing Metamorphic Testing of DBMS","authors":"M. Tang, T. H. Tse, Z. Zhou","doi":"10.1109/ISSREW55968.2022.00056","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00056","url":null,"abstract":"Owing to big data, DBMS testing faces the oracle problem, that is, it is difficult to verify execution results against expected outcomes. Rigger and Su applied metamorphic testing to alleviate the challenge. We propose a disjoint-partitioning approach to extend their work. We have conducted an empirical case study on OceanBase, the DBMS associated with the world's fastest online transaction processing system. Even though Ocean- Base has been extensively tested and widely used in the industry, we have unveiled various hidden failures and crashes.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130876010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00038
Anushri Jana, Bharti Chimdyalwar, Susheel Kumar, R. Venkatesh
In this paper, we present an algorithm that efficiently updates results of dataflow analysis in response to incremental changes. Our incremental algorithm work in two phases: it compute summaries for selected procedures in phase 1 by traversing the call graph in bottom-up order and, in phase 2, it updates the dataflow values for selected procedures by traversing call graph in top-down order, thus making the analysis faster. The selection of procedures is done by comparing summaries across the version. We have implemented this algorithm in our proprietary static analysis tool, used by many clientele over the years, for automated defect detection. An evaluation of our algorithm on a core banking application shows that on an average it takes 90 % lesser time in comparison to an exhaustive analysis, demonstrating practical benefit of our algorithm on a real-world evolving software system.
{"title":"Fast Analysis of Evolving Software Systems","authors":"Anushri Jana, Bharti Chimdyalwar, Susheel Kumar, R. Venkatesh","doi":"10.1109/ISSREW55968.2022.00038","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00038","url":null,"abstract":"In this paper, we present an algorithm that efficiently updates results of dataflow analysis in response to incremental changes. Our incremental algorithm work in two phases: it compute summaries for selected procedures in phase 1 by traversing the call graph in bottom-up order and, in phase 2, it updates the dataflow values for selected procedures by traversing call graph in top-down order, thus making the analysis faster. The selection of procedures is done by comparing summaries across the version. We have implemented this algorithm in our proprietary static analysis tool, used by many clientele over the years, for automated defect detection. An evaluation of our algorithm on a core banking application shows that on an average it takes 90 % lesser time in comparison to an exhaustive analysis, demonstrating practical benefit of our algorithm on a real-world evolving software system.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128170182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00086
Pei Yang, Jing Wang, Huandong Wang
Deep neural networks (DNNs) are widely applied in autonomous intelligent systems. However, DNNs are vulnerable to adversarial attacks from exclusively crafted input images, leading to performance degradation such as wrong classifications. A wrong classification made by an AIS could result in severe and possibly lethal consequences. While several existing works proposed applying classic computer vision techniques to adversarial defense, these methods generally deteriorate the input information to a considerable extent. To re-store model performances while minimising such deterioration, we propose a novel method for adversarial defence named Colour Space Defence. We first demonstrated the weak transferability of adversarial information across different colour spaces. We then proposed to defend against adversarial examples by ensembling models trained in multiple colour spaces. Experiments have verified the validity of Colour Space Defence in maintaining performances on clean images. In most cases of defence, this method outperformed several of its comparators.
{"title":"Colour Space Defence: Simple, Intuitive, but Effective","authors":"Pei Yang, Jing Wang, Huandong Wang","doi":"10.1109/ISSREW55968.2022.00086","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00086","url":null,"abstract":"Deep neural networks (DNNs) are widely applied in autonomous intelligent systems. However, DNNs are vulnerable to adversarial attacks from exclusively crafted input images, leading to performance degradation such as wrong classifications. A wrong classification made by an AIS could result in severe and possibly lethal consequences. While several existing works proposed applying classic computer vision techniques to adversarial defense, these methods generally deteriorate the input information to a considerable extent. To re-store model performances while minimising such deterioration, we propose a novel method for adversarial defence named Colour Space Defence. We first demonstrated the weak transferability of adversarial information across different colour spaces. We then proposed to defend against adversarial examples by ensembling models trained in multiple colour spaces. Experiments have verified the validity of Colour Space Defence in maintaining performances on clean images. In most cases of defence, this method outperformed several of its comparators.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124193163","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-10-01DOI: 10.1109/ISSREW55968.2022.00033
A. Ketterer, Asha Shekar, E. Yi, S. Bagchi, Abraham A. Clements
Firmware emulation is useful for finding vulnerabil-ities, performing debugging, and testing functionalities. However, the process of enabling firmware to execute in an emulator (i.e., re-hosting) is difficult. Each piece of the firmware may depend on hardware peripherals outside the microcontroller that are inaccessible during emulation. Current practices involve painstakingly disentangling these dependencies or replacing them with developed models that emulate functions interacting with hardware. Unfortunately, both are highly manual and error-prone. In this paper, we introduce a systematic graph-based approach to analyze firmware binaries and determine which functions need to be replaced. Our approach is customizable to balance the fidelity of the emulation and the amount of effort it would take to achieve the emulation by modeling functions. We run our algorithm across a number of firmware binaries and show its ability to capture and remove a large majority of hardware dependencies.
{"title":"An Automated Approach to Re-Hosting Embedded Firmware by Removing Hardware Dependencies","authors":"A. Ketterer, Asha Shekar, E. Yi, S. Bagchi, Abraham A. Clements","doi":"10.1109/ISSREW55968.2022.00033","DOIUrl":"https://doi.org/10.1109/ISSREW55968.2022.00033","url":null,"abstract":"Firmware emulation is useful for finding vulnerabil-ities, performing debugging, and testing functionalities. However, the process of enabling firmware to execute in an emulator (i.e., re-hosting) is difficult. Each piece of the firmware may depend on hardware peripherals outside the microcontroller that are inaccessible during emulation. Current practices involve painstakingly disentangling these dependencies or replacing them with developed models that emulate functions interacting with hardware. Unfortunately, both are highly manual and error-prone. In this paper, we introduce a systematic graph-based approach to analyze firmware binaries and determine which functions need to be replaced. Our approach is customizable to balance the fidelity of the emulation and the amount of effort it would take to achieve the emulation by modeling functions. We run our algorithm across a number of firmware binaries and show its ability to capture and remove a large majority of hardware dependencies.","PeriodicalId":178302,"journal":{"name":"2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127294995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: