Motivated and competent team members are a vital part of Agile Software development and make or break any project's success. Motivation is fostered by continuous progress and recognition of efforts. These concepts are founding pillars of the Scrum methodology, which focuses on self-organizing teams. The types of contributions Scrum development team members make to a project's progress are not only technical. However, a comprehensive model comprising the varied contributions in modern software engineering teams is not yet established. We propose a model that incorporates contributions of all Scrum roles, explicitly including those which are not directly related to project artifacts. It improves the visibility of performed tasks, acts as a starting point for team retrospection, and serves as a foundation for discussion in the research community.
{"title":"More than Code: Contributions in Scrum Software Engineering Teams","authors":"Frederike Ramin, Christoph Matthies, Ralf Teusner","doi":"10.1145/3387940.3392241","DOIUrl":"https://doi.org/10.1145/3387940.3392241","url":null,"abstract":"Motivated and competent team members are a vital part of Agile Software development and make or break any project's success. Motivation is fostered by continuous progress and recognition of efforts. These concepts are founding pillars of the Scrum methodology, which focuses on self-organizing teams. The types of contributions Scrum development team members make to a project's progress are not only technical. However, a comprehensive model comprising the varied contributions in modern software engineering teams is not yet established. We propose a model that incorporates contributions of all Scrum roles, explicitly including those which are not directly related to project artifacts. It improves the visibility of performed tasks, acts as a starting point for team retrospection, and serves as a foundation for discussion in the research community.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"248 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122196951","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Docker helps developers reuse software artifacts by providing a lightweight solution to the problem of operating system virtualization. A Docker image contains very rich and useful knowledge of software engineering, including the source of software packages, the correlations among software packages, the installation methods of software packages and the information on operating systems. To effectively obtain this knowledge, this paper proposes an approach to constructing a knowledge graph of Docker artifacts, named DockerKG, by analyzing a large number of Dockerfiles in Docker Hub, which contains more than 3.08 million Docker repositories (up to February 2020). Currently, DockerKG contains the domain knowledge extracted from approximately 200 thousand Dockerfiles in Docker Hub. Besides, it contains the information on Docker repositories and their semantic tags. In future work, DockerKG can be used for Docker image recommendations and online Q&A service providing software engineering domain knowledge.
{"title":"DockerKG","authors":"Jiahong Zhou, Wei Chen, Chang Liu, Jiaxin Zhu, Guoquan Wu, Jun Wei","doi":"10.1145/3387940.3392161","DOIUrl":"https://doi.org/10.1145/3387940.3392161","url":null,"abstract":"Docker helps developers reuse software artifacts by providing a lightweight solution to the problem of operating system virtualization. A Docker image contains very rich and useful knowledge of software engineering, including the source of software packages, the correlations among software packages, the installation methods of software packages and the information on operating systems. To effectively obtain this knowledge, this paper proposes an approach to constructing a knowledge graph of Docker artifacts, named DockerKG, by analyzing a large number of Dockerfiles in Docker Hub, which contains more than 3.08 million Docker repositories (up to February 2020). Currently, DockerKG contains the domain knowledge extracted from approximately 200 thousand Dockerfiles in Docker Hub. Besides, it contains the information on Docker repositories and their semantic tags. In future work, DockerKG can be used for Docker image recommendations and online Q&A service providing software engineering domain knowledge.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"10482 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122596484","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Luis F. Rivera, H. Müller, Norha M. Villegas, Gabriel Tamura, Miguel A. Jiménez
Digital Twins (DT) are software systems representing different aspects of a physical or conceptual counterpart---the real twin, which is instrumented with several sensors or computing devices that generate, consume and transfer data to its DT with different purposes. In other words, DT systems are, to a large extent, IoT-intensive systems. Indeed, by exploiting and managing IoT data, artificial intelligence, and big data and simulation capabilities, DTs have emerged as a promising approach to manage the virtual manifestation of real-world entities throughout their entire lifecycle. Their proliferation will contribute to realizing the long-craved convergence of virtual and physical spaces to augment things and human capabilities. In this context, despite the proposal of noteworthy contributions, we argue that DTs have not been sufficiently investigated from a software engineering perspective. To address this, in this paper we propose GEMINIS, an architectural reference model that adopts self-adaptation, control, and model-driven engineering techniques to specify the structural and behavioural aspects of DTs and enable the evolution of their internal models. Moreover, we introduce an approach for engineering IoT-intensive Digital Twin Software Systems (DTSS) using GEMINIS' capabilities to deal with uncertain conditions that are inherent to the nature of mirrored physical environments and that might compromise the fidelity of a DT. With GEMINIS and the proposed approach, we aim to advance the engineering of DTSS as well as IoT and cyber-physical systems by providing practitioners with guidelines to model and specify inherent structural and behavioural characteristics of DTs, addressing common design concerns.
{"title":"On the Engineering of IoT-Intensive Digital Twin Software Systems","authors":"Luis F. Rivera, H. Müller, Norha M. Villegas, Gabriel Tamura, Miguel A. Jiménez","doi":"10.1145/3387940.3392195","DOIUrl":"https://doi.org/10.1145/3387940.3392195","url":null,"abstract":"Digital Twins (DT) are software systems representing different aspects of a physical or conceptual counterpart---the real twin, which is instrumented with several sensors or computing devices that generate, consume and transfer data to its DT with different purposes. In other words, DT systems are, to a large extent, IoT-intensive systems. Indeed, by exploiting and managing IoT data, artificial intelligence, and big data and simulation capabilities, DTs have emerged as a promising approach to manage the virtual manifestation of real-world entities throughout their entire lifecycle. Their proliferation will contribute to realizing the long-craved convergence of virtual and physical spaces to augment things and human capabilities. In this context, despite the proposal of noteworthy contributions, we argue that DTs have not been sufficiently investigated from a software engineering perspective. To address this, in this paper we propose GEMINIS, an architectural reference model that adopts self-adaptation, control, and model-driven engineering techniques to specify the structural and behavioural aspects of DTs and enable the evolution of their internal models. Moreover, we introduce an approach for engineering IoT-intensive Digital Twin Software Systems (DTSS) using GEMINIS' capabilities to deal with uncertain conditions that are inherent to the nature of mirrored physical environments and that might compromise the fidelity of a DT. With GEMINIS and the proposed approach, we aim to advance the engineering of DTSS as well as IoT and cyber-physical systems by providing practitioners with guidelines to model and specify inherent structural and behavioural characteristics of DTs, addressing common design concerns.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126801327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This is essentially a 'call for research' and collaboration between industry and academia to improve the motivation and performance of software engineers through use of language, words and symbols. How languages and symbols shape the way people think, feel and behave has been a topic of wide research. Words have powerful association with perception and cognition and throughout history, language has been used as a medium for influencing minds and for mass propaganda. While this is widely understood in politics, psychology and sociology, very little research has been to study the implicit and explicit impact of words, phrases and language on the way software engineers think, feel, behave and perform. While software engineering could be seen as a science that lends itself to a formal process and methods, it can also be seen as a craft and art which needs imagination and creativity which in turn are influenced by emotions. We propose some hypotheses, research questions and ideas to trigger formal studies of deeper connections between language/ symbols and software engineers' performance. We also draw inspiration from a wide body of research already conducted in this area which have influenced the field of psychology, sociology and mass communication. This is essentially a 'call for research' and collaboration between industry and academia to improve the motivation and performance of software engineers through use of language, words and symbols.
{"title":"Research Idea on How Language and Symbols (Semantics and Semiotics) Affect Emotions of Software Engineers","authors":"Mahesh Venkataraman, Kishore P. Durg","doi":"10.1145/3387940.3392232","DOIUrl":"https://doi.org/10.1145/3387940.3392232","url":null,"abstract":"This is essentially a 'call for research' and collaboration between industry and academia to improve the motivation and performance of software engineers through use of language, words and symbols. How languages and symbols shape the way people think, feel and behave has been a topic of wide research. Words have powerful association with perception and cognition and throughout history, language has been used as a medium for influencing minds and for mass propaganda. While this is widely understood in politics, psychology and sociology, very little research has been to study the implicit and explicit impact of words, phrases and language on the way software engineers think, feel, behave and perform. While software engineering could be seen as a science that lends itself to a formal process and methods, it can also be seen as a craft and art which needs imagination and creativity which in turn are influenced by emotions. We propose some hypotheses, research questions and ideas to trigger formal studies of deeper connections between language/ symbols and software engineers' performance. We also draw inspiration from a wide body of research already conducted in this area which have influenced the field of psychology, sociology and mass communication. This is essentially a 'call for research' and collaboration between industry and academia to improve the motivation and performance of software engineers through use of language, words and symbols.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125582265","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-06-27DOI: 10.5040/9781350040809.00000002
Jón Arnar Briem, Jordi Smit, Hendrig Sellik, Pavel Rapoport, Georgios Gousios, M. Aniche
{"title":"OffSide","authors":"Jón Arnar Briem, Jordi Smit, Hendrig Sellik, Pavel Rapoport, Georgios Gousios, M. Aniche","doi":"10.5040/9781350040809.00000002","DOIUrl":"https://doi.org/10.5040/9781350040809.00000002","url":null,"abstract":"","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125629531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The video game industry is a multimillionaire market, which makes solo indie developers millionaire in one day. However, success in the game industry is not a coincidence. Video game development is an unusual kind of software that mix multidisciplinary teams: software engineers, designers, and artists. Also, for a video game to become popular, it must be fun and polished: exhaustively well tested. Testing in video game development encompasses different types of tests at different moments of the development process. In particular, assessing the players' gameplay in a test session can drive the development drastically. The designers analyze the players' actions and behaviour in the game. They can then decide if a feature/level requires rework. They often spend many man/work hours reworking a feature just because it is not engaging. As the designers (usually) assess the gameplay session by hand, they cannot be sure that a specific feature is engaging enough. They would benefit from meaningful data that would help them better assess the gameplay and take the decision to keep, rework, or remove a feature. Consequently, we describe the need for an IoT framework to assess players' gameplay using IoT sensors together with game devices which will produce a rich output for the game designers.
{"title":"Improving Engagement Assessment in Gameplay Testing Sessions using IoT Sensors","authors":"Cristiano Politowski, Fábio Petrillo, Yann-Gaël Guéhéneuc","doi":"10.1145/3387940.3392249","DOIUrl":"https://doi.org/10.1145/3387940.3392249","url":null,"abstract":"The video game industry is a multimillionaire market, which makes solo indie developers millionaire in one day. However, success in the game industry is not a coincidence. Video game development is an unusual kind of software that mix multidisciplinary teams: software engineers, designers, and artists. Also, for a video game to become popular, it must be fun and polished: exhaustively well tested. Testing in video game development encompasses different types of tests at different moments of the development process. In particular, assessing the players' gameplay in a test session can drive the development drastically. The designers analyze the players' actions and behaviour in the game. They can then decide if a feature/level requires rework. They often spend many man/work hours reworking a feature just because it is not engaging. As the designers (usually) assess the gameplay session by hand, they cannot be sure that a specific feature is engaging enough. They would benefit from meaningful data that would help them better assess the gameplay and take the decision to keep, rework, or remove a feature. Consequently, we describe the need for an IoT framework to assess players' gameplay using IoT sensors together with game devices which will produce a rich output for the game designers.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130956227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Code recommendation systems for software engineering are designed to accelerate the development of large software projects. A classical example is code completion or next token prediction offered by modern integrated development environments. A particular challenging case for such systems are dynamic languages like Python due to limited type information at editing time. Recently, researchers proposed machine learning approaches to address this challenge. In particular, the Probabilistic Higher Order Grammar technique (Bielik et al., ICML 2016) uses a grammar-based approach with a classical machine learning schema to exploit local context. A method by Li et al., (IJCAI 2018) uses deep learning methods, in detail a Recurrent Neural Network coupled with a Pointer Network. We compare these two approaches quantitatively on a large corpus of Python files from GitHub. We also propose a combination of both approaches, where a neural network decides which schema to use for each prediction. The proposed method achieves a slightly better accuracy than either of the systems alone. This demonstrates the potential of ensemble-like methods for code completion and recommendation tasks in dynamically typed languages.
{"title":"Improving Code Recommendations by Combining Neural and Classical Machine Learning Approaches","authors":"M. Schumacher, K. T. Le, A. Andrzejak","doi":"10.1145/3387940.3391489","DOIUrl":"https://doi.org/10.1145/3387940.3391489","url":null,"abstract":"Code recommendation systems for software engineering are designed to accelerate the development of large software projects. A classical example is code completion or next token prediction offered by modern integrated development environments. A particular challenging case for such systems are dynamic languages like Python due to limited type information at editing time. Recently, researchers proposed machine learning approaches to address this challenge. In particular, the Probabilistic Higher Order Grammar technique (Bielik et al., ICML 2016) uses a grammar-based approach with a classical machine learning schema to exploit local context. A method by Li et al., (IJCAI 2018) uses deep learning methods, in detail a Recurrent Neural Network coupled with a Pointer Network. We compare these two approaches quantitatively on a large corpus of Python files from GitHub. We also propose a combination of both approaches, where a neural network decides which schema to use for each prediction. The proposed method achieves a slightly better accuracy than either of the systems alone. This demonstrates the potential of ensemble-like methods for code completion and recommendation tasks in dynamically typed languages.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131324260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Darius Foo, Jonah Dela Cruz, S. Sekar, Asankhaya Sharma
The Scaled Agile Framework (SAFe) is a popular realisation of the agile methodology for large organisations. It is widely adopted but challenging to implement. We describe a new tool which automates aspects of the SAFe PI Planning process to enable continuous planning and facilitate collaboration between remote teams.
{"title":"Automating Continuous Planning in SAFe","authors":"Darius Foo, Jonah Dela Cruz, S. Sekar, Asankhaya Sharma","doi":"10.1145/3387940.3391536","DOIUrl":"https://doi.org/10.1145/3387940.3391536","url":null,"abstract":"The Scaled Agile Framework (SAFe) is a popular realisation of the agile methodology for large organisations. It is widely adopted but challenging to implement. We describe a new tool which automates aspects of the SAFe PI Planning process to enable continuous planning and facilitate collaboration between remote teams.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130680011","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Macák, Agata Kruzikova, Lukas Daubner, Barbora Buhnova
Cyber-security protection of critical systems is one of the major challenges of today. Although the attacks typically originate from attackers with malicious intent, a substantial portion of attack vectors is enabled by unintentional perpetrators, i.e., insiders who cause an incident by negligence, carelessness, or lack of training. Prevention of these situations is challenging because insiders have better access to the organization's resources and hence, are more likely to cause harm. Moreover, the insider-mediated actions of an attack vector often come unrecognized by security admins as well as the insiders themselves. In this paper, we focus on the identification of the attack vector of unintentional perpetrators. To this end, we propose to employ specialized games that simulate the working period, while the player faces multiple dangers that might cause harm in their company. From the analysis of their actions, we discover the attack vector, which could be addressed before an actual attack happens. To reflect a variety of insiders and company environments, we introduce a platform for designing variants of these games, together with its architecture, an example of a simple game that can be created using the platform, and the used analysis method.
{"title":"Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification","authors":"M. Macák, Agata Kruzikova, Lukas Daubner, Barbora Buhnova","doi":"10.1145/3387940.3391475","DOIUrl":"https://doi.org/10.1145/3387940.3391475","url":null,"abstract":"Cyber-security protection of critical systems is one of the major challenges of today. Although the attacks typically originate from attackers with malicious intent, a substantial portion of attack vectors is enabled by unintentional perpetrators, i.e., insiders who cause an incident by negligence, carelessness, or lack of training. Prevention of these situations is challenging because insiders have better access to the organization's resources and hence, are more likely to cause harm. Moreover, the insider-mediated actions of an attack vector often come unrecognized by security admins as well as the insiders themselves. In this paper, we focus on the identification of the attack vector of unintentional perpetrators. To this end, we propose to employ specialized games that simulate the working period, while the player faces multiple dangers that might cause harm in their company. From the analysis of their actions, we discover the attack vector, which could be addressed before an actual attack happens. To reflect a variety of insiders and company environments, we introduce a platform for designing variants of these games, together with its architecture, an example of a simple game that can be created using the platform, and the used analysis method.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"246 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115235801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Greybox fuzzing is an automated test-input generation technique that aims to uncover program errors by searching for bug-inducing inputs using a fitness-guided search process. Existing fuzzing approaches are primarily coverage-based. That is, they regard a test input that covers a new region of code as being fit to be retained. However, a vulnerability at a program location may not get exhibited in every execution that happens to visit to this program location; only certain program executions that lead to the location may expose the vulnerability. In this paper, we introduce a unified fitness metric called headroom, which can be used within greybox fuzzers, and which is explicitly oriented towards searching for test inputs that come closer to exposing vulnerabilities. We have implemented our approach by enhancing AFL, which is a production quality fuzzing tool. We have instantiated our approach to detecting buffer overrun as well as integer-overflow vulnerabilities. We have evaluated our approach on a suite of benchmark programs, and compared it with AFL, as well as a recent extension over AFL called AFLGo. Our approach could uncover more number of vulnerabilities in a given amount of fuzzing time and also uncover the vulnerabilities faster than these two tools.
{"title":"Fitness Guided Vulnerability Detection with Greybox Fuzzing","authors":"Raveendra Kumar Medicherla, Raghavan Komondoor, Abhik Roychoudhury","doi":"10.1145/3387940.3391457","DOIUrl":"https://doi.org/10.1145/3387940.3391457","url":null,"abstract":"Greybox fuzzing is an automated test-input generation technique that aims to uncover program errors by searching for bug-inducing inputs using a fitness-guided search process. Existing fuzzing approaches are primarily coverage-based. That is, they regard a test input that covers a new region of code as being fit to be retained. However, a vulnerability at a program location may not get exhibited in every execution that happens to visit to this program location; only certain program executions that lead to the location may expose the vulnerability. In this paper, we introduce a unified fitness metric called headroom, which can be used within greybox fuzzers, and which is explicitly oriented towards searching for test inputs that come closer to exposing vulnerabilities. We have implemented our approach by enhancing AFL, which is a production quality fuzzing tool. We have instantiated our approach to detecting buffer overrun as well as integer-overflow vulnerabilities. We have evaluated our approach on a suite of benchmark programs, and compared it with AFL, as well as a recent extension over AFL called AFLGo. Our approach could uncover more number of vulnerabilities in a given amount of fuzzing time and also uncover the vulnerabilities faster than these two tools.","PeriodicalId":309659,"journal":{"name":"Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124393077","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: