Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00026
G. Bella, Pietro Biondi, Gianpiero Costantino, I. Matteucci
This paper introduces CINNAMON, a software module that extends and seamlessly integrates with the AUTOSAR "Secure Onboard Communication" (SecOC) module to also account for confidentiality of data in transit. It stands for Confidential, INtegral aNd Authentic on board coMunicatiON (CINNAMON). It takes a resource-efficient and practical approach to ensure, at the same time, confidentiality, integrity and authenticity of frames. The main new requirement that CINNAMON puts forward is the use of encryption and thus, as a result, CINNAMON exceeds SecOC against information gathering attacks. This paper sets forth the essential requirements and specification of the new module by detailing where and how to position it within AUTOSAR and by emphasizing the relevant upgrades with respect to SecOC. The presentation continues with the definition of a Security Profile and a summary of a prototype implementation of ours. While CINNAMON is easily extensible, for example through the definition of additional profiles, the current performances obtained on inexpensive boards support the claim that the approach is feasible.
{"title":"CINNAMON: A Module for AUTOSAR Secure Onboard Communication","authors":"G. Bella, Pietro Biondi, Gianpiero Costantino, I. Matteucci","doi":"10.1109/EDCC51268.2020.00026","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00026","url":null,"abstract":"This paper introduces CINNAMON, a software module that extends and seamlessly integrates with the AUTOSAR \"Secure Onboard Communication\" (SecOC) module to also account for confidentiality of data in transit. It stands for Confidential, INtegral aNd Authentic on board coMunicatiON (CINNAMON). It takes a resource-efficient and practical approach to ensure, at the same time, confidentiality, integrity and authenticity of frames. The main new requirement that CINNAMON puts forward is the use of encryption and thus, as a result, CINNAMON exceeds SecOC against information gathering attacks. This paper sets forth the essential requirements and specification of the new module by detailing where and how to position it within AUTOSAR and by emphasizing the relevant upgrades with respect to SecOC. The presentation continues with the definition of a Security Profile and a summary of a prototype implementation of ours. While CINNAMON is easily extensible, for example through the definition of additional profiles, the current performances obtained on inexpensive boards support the claim that the approach is feasible.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"38 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126959688","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00014
Miguel Amaral, M. Pardal, H. Mercier, M. Matos
Distributed systems are increasingly important in modern society, often operating on a global scale with stringent dependability requirements. Despite the vast amount of research and the development of techniques to build dependable systems, faults are inevitable as one can witness from regular failures of major providers of IT services. It is therefore fundamental to evaluate distributed systems under different fault patterns and adversarial conditions to assess their high-level behaviour and minimize the occurrence of failures. However, succinctly capturing the system configuration, environment, fault patterns and other variables affecting an experiment is very hard, leading to a reproducibility crisis. In this paper we propose the FaultSee toolkit. The two components of FaultSee are (1) the simple and descriptive FDSL language that captures the system, environment, workload and fault pattern characteristics; and (2) an easy-to-use platform to deploy and run the experiments described by the language. FaultSee allows to precisely describe and reproduce experiments and leads to a better assessment the impact of faults in distributed systems. We showcase the key features of FaultSee by studying the impact of faults with real deployments of Apache Cassandra and BFT-Smart.
{"title":"FaultSee: Reproducible Fault Injection in Distributed Systems","authors":"Miguel Amaral, M. Pardal, H. Mercier, M. Matos","doi":"10.1109/EDCC51268.2020.00014","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00014","url":null,"abstract":"Distributed systems are increasingly important in modern society, often operating on a global scale with stringent dependability requirements. Despite the vast amount of research and the development of techniques to build dependable systems, faults are inevitable as one can witness from regular failures of major providers of IT services. It is therefore fundamental to evaluate distributed systems under different fault patterns and adversarial conditions to assess their high-level behaviour and minimize the occurrence of failures. However, succinctly capturing the system configuration, environment, fault patterns and other variables affecting an experiment is very hard, leading to a reproducibility crisis. In this paper we propose the FaultSee toolkit. The two components of FaultSee are (1) the simple and descriptive FDSL language that captures the system, environment, workload and fault pattern characteristics; and (2) an easy-to-use platform to deploy and run the experiments described by the language. FaultSee allows to precisely describe and reproduce experiments and leads to a better assessment the impact of faults in distributed systems. We showcase the key features of FaultSee by studying the impact of faults with real deployments of Apache Cassandra and BFT-Smart.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134471241","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00017
Jan Reich, M. Trapp
Assuring an adequate level of safety is the key challenge for the approval of autonomous vehicles (AV). The full performance potential of AV cannot be exploited at present because traditional assurance methods at design time are based on a risk assessment involving worst-case assumptions about the operating environment. Dynamic Risk Assessment (DRA) is a novel technique that shifts this activity to runtime and enables the system itself to assess the risk of the current situation. However, existing DRA approaches neither consider environmental knowledge for risk assessments, as humans do, nor are they based on systematic design-time assurance methods. To overcome these issues, in this paper we introduce the model-based SINADRA framework for situation-aware dynamic risk assessment. It aims at the systematic synthesis of probabilistic runtime risk monitors employing tactical situational knowledge to imitate human risk reasoning with uncertain knowledge. To that end, a Bayesian network synthesis and assurance process is outlined for DRA in different operational design domains and integrated into an adaptive safety management architecture. The SINADRA monitor intends to provide an information basis at runtime to optimally balance residual risk and driving performance, in particular in non-worst-case situations.
{"title":"SINADRA: Towards a Framework for Assurable Situation-Aware Dynamic Risk Assessment of Autonomous Vehicles","authors":"Jan Reich, M. Trapp","doi":"10.1109/EDCC51268.2020.00017","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00017","url":null,"abstract":"Assuring an adequate level of safety is the key challenge for the approval of autonomous vehicles (AV). The full performance potential of AV cannot be exploited at present because traditional assurance methods at design time are based on a risk assessment involving worst-case assumptions about the operating environment. Dynamic Risk Assessment (DRA) is a novel technique that shifts this activity to runtime and enables the system itself to assess the risk of the current situation. However, existing DRA approaches neither consider environmental knowledge for risk assessments, as humans do, nor are they based on systematic design-time assurance methods. To overcome these issues, in this paper we introduce the model-based SINADRA framework for situation-aware dynamic risk assessment. It aims at the systematic synthesis of probabilistic runtime risk monitors employing tactical situational knowledge to imitate human risk reasoning with uncertain knowledge. To that end, a Bayesian network synthesis and assurance process is outlined for DRA in different operational design domains and integrated into an adaptive safety management architecture. The SINADRA monitor intends to provide an information basis at runtime to optimally balance residual risk and driving performance, in particular in non-worst-case situations.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125832834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00016
Xiaoming Du, Cong Li, Shen Zhou, Mao Ye, Jing Li
Uncorrectable memory errors are the leading causes of server failures in datacenters. Predicting uncorrectable errors (UEs) using the historical correctable error (CE) information helps for proactive replacement of memory hardware before the catastrophic events happen. In this paper, we perform an empirical study of UE prediction on the large-scale field data from more than 30,000 contemporary servers in Tencent datacenters over an 8-month period. We demonstrate that the traditional approach based on CE rate works poorly with a low precision. We then leverage the detail micro-level CE information to design several new predictors. The comparative study shows that the new predictor based on column fault identification boosts the baseline precision for a factor of more than 300% and at the same time also improve the baseline recall substantially.
{"title":"Predicting Uncorrectable Memory Errors for Proactive Replacement: An Empirical Study on Large-Scale Field Data","authors":"Xiaoming Du, Cong Li, Shen Zhou, Mao Ye, Jing Li","doi":"10.1109/EDCC51268.2020.00016","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00016","url":null,"abstract":"Uncorrectable memory errors are the leading causes of server failures in datacenters. Predicting uncorrectable errors (UEs) using the historical correctable error (CE) information helps for proactive replacement of memory hardware before the catastrophic events happen. In this paper, we perform an empirical study of UE prediction on the large-scale field data from more than 30,000 contemporary servers in Tencent datacenters over an 8-month period. We demonstrate that the traditional approach based on CE rate works poorly with a low precision. We then leverage the detail micro-level CE information to design several new predictors. The comparative study shows that the new predictor based on column fault identification boosts the baseline precision for a factor of more than 300% and at the same time also improve the baseline recall substantially.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131702202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00029
Novarun Deb, Mandira Roy, N. Chaki, Agostino Cortesi
One of the main limitations of the goal model approach to formal requirement specification is the lack of representation of temporal constraints. Existing works in this domain have transformed goal models into state machines with the only motive of model checking them against temporal properties. The generated state machines could contain invalid state sequences that violate some property. In this paper, we aim to go one step further and generate a Kripke Transition System which is compliant with respect to a given set of temporal properties. We introduce the Safety and Liveness Compliance (SLC) framework which incorporates a compliance assurance mechanism within the model transformation process itself. This assurance mechanism ensures that the generated Kripke Transition System does not generate any counter-examples when checked against the predefined safety and liveness properties. We also present a qualitative comparison of our proposed SLC framework with the other related works.
{"title":"Generation of Safety and Liveness Complaint Automata from Goal Model Specifications","authors":"Novarun Deb, Mandira Roy, N. Chaki, Agostino Cortesi","doi":"10.1109/EDCC51268.2020.00029","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00029","url":null,"abstract":"One of the main limitations of the goal model approach to formal requirement specification is the lack of representation of temporal constraints. Existing works in this domain have transformed goal models into state machines with the only motive of model checking them against temporal properties. The generated state machines could contain invalid state sequences that violate some property. In this paper, we aim to go one step further and generate a Kripke Transition System which is compliant with respect to a given set of temporal properties. We introduce the Safety and Liveness Compliance (SLC) framework which incorporates a compliance assurance mechanism within the model transformation process itself. This assurance mechanism ensures that the generated Kripke Transition System does not generate any counter-examples when checked against the predefined safety and liveness properties. We also present a qualitative comparison of our proposed SLC framework with the other related works.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116676639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00028
Shahid Khan, J. Katoen, M. Bouissou
Boolean-logic driven Markov processes (BDMPs) is a graphical language for reliability analysis of dynamic repairable systems. BDMPs are capable of defining complex interdependencies among failure modes such as functional dependencies and state-dependent failures. The interpretation of BDMPs is non-trivial due to the many possible complex interactions of activation and failure mechanisms. This paper presents a formal semantics of repairable BDMPs by using generalized stochastic Petri nets (GSPNs). Our semantics is modular and thus easily extendable to other elements, e.g., leaves dedicated to security applications. Priorities on GSPN transitions are used to impose a partial order on various possible interleaving of activation and failure mechanisms. The semantics is realized by the prototypical tool BDMP2GSPN that converts a Figaro description of a BDMP into a GSPN. The reliability and availability metrics of BDMPs are obtained using the probabilistic model-checking capability of the existing GreatSPN tool. Experiments show that our GSPN semantics corresponds to the BDMP interpretation by the tool yet another Monte Carlo simulator (YAMS).
{"title":"Explaining Boolean-Logic Driven Markov Processes using GSPNs","authors":"Shahid Khan, J. Katoen, M. Bouissou","doi":"10.1109/EDCC51268.2020.00028","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00028","url":null,"abstract":"Boolean-logic driven Markov processes (BDMPs) is a graphical language for reliability analysis of dynamic repairable systems. BDMPs are capable of defining complex interdependencies among failure modes such as functional dependencies and state-dependent failures. The interpretation of BDMPs is non-trivial due to the many possible complex interactions of activation and failure mechanisms. This paper presents a formal semantics of repairable BDMPs by using generalized stochastic Petri nets (GSPNs). Our semantics is modular and thus easily extendable to other elements, e.g., leaves dedicated to security applications. Priorities on GSPN transitions are used to impose a partial order on various possible interleaving of activation and failure mechanisms. The semantics is realized by the prototypical tool BDMP2GSPN that converts a Figaro description of a BDMP into a GSPN. The reliability and availability metrics of BDMPs are obtained using the probabilistic model-checking capability of the existing GreatSPN tool. Experiments show that our GSPN semantics corresponds to the BDMP interpretation by the tool yet another Monte Carlo simulator (YAMS).","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"70 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122711620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00012
Mojtaba Eslahi-Kelorazi, Long Hoang Le, F. Pedone
Modern applications require replication for availability. State machine replication (SMR) is a standard way to replicate applications over a number of servers. In SMR, increasing the number of servers improves fault tolerance, but it does not increase performance, since each replica executes all the requests. Partitioned state machine replication seeks to increase performance by partitioning the application state. In this paper, we discuss challenges involved in developing complex applications over partitioned state machine replication. In particular, we develop a distributed B+tree whose nodes are distributed over a set of partitions, and each partition is replicated. B+tree is an important data structure employed in a number of well-known applications and database systems. Moreover, the techniques used in the paper can be easily extended to other data structures and applications.
{"title":"Developing Complex Data Structures over Partitioned State Machine Replication","authors":"Mojtaba Eslahi-Kelorazi, Long Hoang Le, F. Pedone","doi":"10.1109/EDCC51268.2020.00012","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00012","url":null,"abstract":"Modern applications require replication for availability. State machine replication (SMR) is a standard way to replicate applications over a number of servers. In SMR, increasing the number of servers improves fault tolerance, but it does not increase performance, since each replica executes all the requests. Partitioned state machine replication seeks to increase performance by partitioning the application state. In this paper, we discuss challenges involved in developing complex applications over partitioned state machine replication. In particular, we develop a distributed B+tree whose nodes are distributed over a set of partitions, and each partition is replicated. B+tree is an important data structure employed in a number of well-known applications and database systems. Moreover, the techniques used in the paper can be easily extended to other data structures and applications.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133876110","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00018
Mallory Graydon
Safety cases have been produced, reviewed, and written about for decades. Experts point to growing popularity and opine that their use helps to reduce major accident risk, but their history includes noteworthy accidents. Given the potential consequences of regulatory failure, it is crucial that regulatory practice be evidence-based. However, testable hypotheses about the efficacy of safety cases are rarely given, let alone supported by compelling empirical evidence. Moreover, different authors have used the term 'safety case' to mean different things. To help put safety argument practice on a sounder evidential footing, we conducted an analysis to identify potential efficacy hypotheses for future study. Our analysis considers the kinds of value arguments might bring, forms of safety case and safety argument, stakeholders, and plausible alternatives serving the same purposes. In this paper, we present our analysis and findings and discuss potential research directions.
{"title":"Towards Efficacy Hypotheses for Safety Cases","authors":"Mallory Graydon","doi":"10.1109/EDCC51268.2020.00018","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00018","url":null,"abstract":"Safety cases have been produced, reviewed, and written about for decades. Experts point to growing popularity and opine that their use helps to reduce major accident risk, but their history includes noteworthy accidents. Given the potential consequences of regulatory failure, it is crucial that regulatory practice be evidence-based. However, testable hypotheses about the efficacy of safety cases are rarely given, let alone supported by compelling empirical evidence. Moreover, different authors have used the term 'safety case' to mean different things. To help put safety argument practice on a sounder evidential footing, we conducted an analysis to identify potential efficacy hypotheses for future study. Our analysis considers the kinds of value arguments might bring, forms of safety case and safety argument, stakeholders, and plausible alternatives serving the same purposes. In this paper, we present our analysis and findings and discuss potential research directions.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"129 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130778415","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00030
Lucas Bressan, A. L. Oliveira, Fernanda Campos
Software Product Lines (SPL) and component-based approaches have been largely adopted in the development of safety-critical systems due to benefits such as increased product quality, shorter time-to-market and large-scale reuse. Safety-critical system families built upon SPLs, have to address safety, reliability and availability properties across different system variants. Variations in design and usage context may impact on safety properties such as hazards, their causes, and safety requirements to mitigate hazard effects. Therefore, the adoption of SPLs in the development of critical systems requires the introduction of safety analysis into product line processes. The manual analysis of safety properties across different system variants may be time consuming and error-prone, resulting in project delays and in the increase of development costs. Model-based techniques automate system design and safety analysis and have been recognized by safety standards. AMASS is a model-based platform that supports system design, safety analysis and variability management. In this paper we propose a systematic approach, built upon the AMASS platform, to support the reuse of safety assets and generation certifiable evidence for variant-intensive systems. The approach was evaluated in a realistic variant-intensive automotive braking system and reduced the complexity of performing safety analysis on system variants through the reuse of safety information. It has also automated safety analysis and improved the traceability between development and functional safety assets.
{"title":"An Approach to Support Variant Management on Safety Analysis using CHESS Error Models","authors":"Lucas Bressan, A. L. Oliveira, Fernanda Campos","doi":"10.1109/EDCC51268.2020.00030","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00030","url":null,"abstract":"Software Product Lines (SPL) and component-based approaches have been largely adopted in the development of safety-critical systems due to benefits such as increased product quality, shorter time-to-market and large-scale reuse. Safety-critical system families built upon SPLs, have to address safety, reliability and availability properties across different system variants. Variations in design and usage context may impact on safety properties such as hazards, their causes, and safety requirements to mitigate hazard effects. Therefore, the adoption of SPLs in the development of critical systems requires the introduction of safety analysis into product line processes. The manual analysis of safety properties across different system variants may be time consuming and error-prone, resulting in project delays and in the increase of development costs. Model-based techniques automate system design and safety analysis and have been recognized by safety standards. AMASS is a model-based platform that supports system design, safety analysis and variability management. In this paper we propose a systematic approach, built upon the AMASS platform, to support the reuse of safety assets and generation certifiable evidence for variant-intensive systems. The approach was evaluated in a realistic variant-intensive automotive braking system and reduced the complexity of performing safety analysis on system variants through the reuse of safety information. It has also automated safety analysis and improved the traceability between development and functional safety assets.","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134532838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-09-01DOI: 10.1109/EDCC51268.2020.00025
José D’Abruzzo Pereira, M. Vieira
Software applications are frequently deployed with security vulnerabilities that may open the door to attacks. In business-critical scenarios, such attacks may lead to significant financial and reputation losses. Static Analysis Tools (SATs), which analyze the source code without executing it, can be used to detect potential faults in the source code, including security vulnerabilities. However, many false alarms are normally reported, leading teams to discard the use of such tools, especially on large software projects. Existing works have dealt with the evaluation of SATs, but they are mostly based on small pieces of code designed to support the evaluation. In this paper, we present and discuss the results of the execution of two Open-Source C/C++ SATs (CPPCheck and Flawfinder) on the large open-source project Mozilla. Our goal is to study the applicability of SATs in a large project and the vulnerability categories they can detect. Results show that CppCheck could detect 83.5% of the vulnerabilities, and Flawfinder could detect 36.2%, although the number of false alarms is high (7.2% for CppCheck and 93.2% for Flawfinder). Regarding the different categories, the two SATs showed quite diverse performances (e.g., CppCheck was able to detect $92.6% of Data Protection vulnerabilities and 62.5% of Coding Practices vulnerabilities, while false alarms were 99.1% and 99.9%, respectively).
软件应用程序经常部署安全漏洞,这可能为攻击打开大门。在关键业务场景中,此类攻击可能导致重大的财务和声誉损失。静态分析工具(sat)在不执行源代码的情况下分析源代码,可用于检测源代码中的潜在错误,包括安全漏洞。然而,通常会报告许多错误警报,导致团队放弃使用这些工具,特别是在大型软件项目中。现有的工作已经处理了sat的评估,但它们大多是基于小块的代码来支持评估。在本文中,我们展示并讨论了两个开源C/ c++ sat (CPPCheck和Flawfinder)在大型开源项目Mozilla上的执行结果。我们的目标是研究sat在大型项目中的适用性以及它们可以检测到的漏洞类别。结果表明,CppCheck可以检测到83.5%的漏洞,而Flawfinder可以检测到36.2%的漏洞,尽管假警报的数量很高(CppCheck为7.2%,而Flawfinder为93.2%)。对于不同的类别,两种sat表现出相当不同的表现(例如,CppCheck能够检测到92.6%的数据保护漏洞和62.5%的编码实践漏洞,而假警报分别为99.1%和99.9%)。
{"title":"On the Use of Open-Source C/C++ Static Analysis Tools in Large Projects","authors":"José D’Abruzzo Pereira, M. Vieira","doi":"10.1109/EDCC51268.2020.00025","DOIUrl":"https://doi.org/10.1109/EDCC51268.2020.00025","url":null,"abstract":"Software applications are frequently deployed with security vulnerabilities that may open the door to attacks. In business-critical scenarios, such attacks may lead to significant financial and reputation losses. Static Analysis Tools (SATs), which analyze the source code without executing it, can be used to detect potential faults in the source code, including security vulnerabilities. However, many false alarms are normally reported, leading teams to discard the use of such tools, especially on large software projects. Existing works have dealt with the evaluation of SATs, but they are mostly based on small pieces of code designed to support the evaluation. In this paper, we present and discuss the results of the execution of two Open-Source C/C++ SATs (CPPCheck and Flawfinder) on the large open-source project Mozilla. Our goal is to study the applicability of SATs in a large project and the vulnerability categories they can detect. Results show that CppCheck could detect 83.5% of the vulnerabilities, and Flawfinder could detect 36.2%, although the number of false alarms is high (7.2% for CppCheck and 93.2% for Flawfinder). Regarding the different categories, the two SATs showed quite diverse performances (e.g., CppCheck was able to detect $92.6% of Data Protection vulnerabilities and 62.5% of Coding Practices vulnerabilities, while false alarms were 99.1% and 99.9%, respectively).","PeriodicalId":212573,"journal":{"name":"2020 16th European Dependable Computing Conference (EDCC)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124076754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: