By Topic

Secure Software Integration and Reliability Improvement (SSIRI), 2011 Fifth International Conference on

Date 27-29 June 2011

Filter Results

Displaying Results 1 - 25 of 37
  • [Front cover]

    Publication Year: 2011, Page(s): C1
    Request permission for commercial reuse | PDF file iconPDF (401 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2011, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (19 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2011, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (58 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2011, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (121 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2011, Page(s):v - vii
    Request permission for commercial reuse | PDF file iconPDF (136 KB)
    Freely Available from IEEE
  • Message from Steering Committee Chairs

    Publication Year: 2011, Page(s): viii
    Request permission for commercial reuse | PDF file iconPDF (139 KB) | HTML iconHTML
    Freely Available from IEEE
  • Message from General Chairs

    Publication Year: 2011, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (162 KB) | HTML iconHTML
    Freely Available from IEEE
  • Message from Program Chairs

    Publication Year: 2011, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (150 KB) | HTML iconHTML
    Freely Available from IEEE
  • Committees

    Publication Year: 2011, Page(s):xi - xiv
    Request permission for commercial reuse | PDF file iconPDF (97 KB)
    Freely Available from IEEE
  • Additional Reviewers

    Publication Year: 2011, Page(s): xv
    Request permission for commercial reuse | PDF file iconPDF (56 KB)
    Freely Available from IEEE
  • Keynotes

    Publication Year: 2011, Page(s):xvi - xix
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (79 KB)

    These keynote speeches discuss the following: verifying complex software systems: the challenge; software engineering approaches to the challenges in technology education and system development in the software ecosystem environment; and evolving critical systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards an Enhanced Design Level Security: Integrating Attack Trees with Statecharts

    Publication Year: 2011, Page(s):1 - 10
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (420 KB) | HTML iconHTML

    Software security has become more and more critical as we are increasingly depending on the Internet, an untrustworthy computing environment. Software functionality and security are tightly related to each other, vulnerabilities due to design errors, inconsistencies, incompleteness, and missing constraints in system specifications can be wrongly exploited by security attacks. These two concerns, h... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Probabilistic Risk Assessment for Security Requirements: A Preliminary Study

    Publication Year: 2011, Page(s):11 - 20
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (611 KB) | HTML iconHTML

    Risk assessment is a critical decision making process during the Security Certification and Accreditation (C&A) process. However, existing infrastructure-wide C&A processes in real world are challenged by the ever increasing complexity of information systems and their diverse socio-technical operational environments. The lack of an explicit model and the associated uncertainties of softwar... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Component-Based Malicious Software Engineer Intrusion Detection

    Publication Year: 2011, Page(s):21 - 30
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (250 KB) | HTML iconHTML

    These days, security-sensitive business application systems are developed and maintained by more than one software engineer, some of which may be unethical or malicious. Unethical software engineers can insert malicious code to the systems or maliciously change the existing code in the systems to gain personal benefits. As the result, security of the business application systems can be compromised... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Execution Constraint Verification of Exception Handling on UML Sequence Diagrams

    Publication Year: 2011, Page(s):31 - 40
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (342 KB) | HTML iconHTML

    Exception handling alters the control flow of the program. As such, errors introduced in exception handling code may influence the overall program in undesired ways. To detect such errors early and thereby decrease the programming costs, it is worthwhile to consider exception handling at design level. Preferably, design models must be extended to incorporate exception handling behavior and the con... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Runtime Verification of Domain-Specific Models of Physical Characteristics in Control Software

    Publication Year: 2011, Page(s):41 - 50
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (277 KB) | HTML iconHTML

    Control logic of embedded systems is nowadays largely implemented in software. Such control software implements, among others, models of physical characteristics, like heat exchange among system components. Due to evolution of system properties and increasing complexity, faults can be left undetected in these models. Therefore, their accuracy must be verified at runtime. Traditional runtime verifi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Validation of SDL-Based Architectural Design Models: New Coverage Criteria

    Publication Year: 2011, Page(s):51 - 59
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (339 KB) | HTML iconHTML

    As the capability to automatically generate code from different models becomes more sophisticated, it is critical that these models be adequately tested for quality assurance prior to code generation. Although simulation-based blackbox testing strategies exist for these models, it is important that we also employ white-box testing strategies similar to those used to test implementation code. More ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Partial Ordered Numbers to Control Information Flows

    Publication Year: 2011, Page(s):60 - 69
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (221 KB) | HTML iconHTML

    Information flow control models can be applied widely. This paper discusses only the models preventing information leakage during program execution. In the prevention, an information flow control model dynamically monitors statements that will cause information flows and ban statements that may cause leakage. We involved in the research of information flow control for years and identified that sen... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Goals Assurance Based on Software Active Monitoring

    Publication Year: 2011, Page(s):70 - 79
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (258 KB) | HTML iconHTML

    Access control is a vital security mechanism in today's operating systems, and the security policies dictating the security relevant behaviors is lengthy and complex, for example in Security-Enhanced Linux (SELinux). It is extremely difficult to verify the consistency between the security policies and the security goals desired by applications. In this paper, we present how to predict whether the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Model-Driven Monitoring of Time-Critical Systems Based on Aspect-Oriented Programming

    Publication Year: 2011, Page(s):80 - 87
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (899 KB) | HTML iconHTML

    Temporal correctness is one of the most important requirements for time-critical systems. Although time-critical systems are designed to meet their timing constraints, there can be still errors especially with timing constraints in run-time due to various reasons. Typically, time-critical systems are shipped with run-time monitors to check their temporal requirements. Hence, run-time monitors are ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Feature-Based Modeling Approach for Building Hybrid Access Control Systems

    Publication Year: 2011, Page(s):88 - 97
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (224 KB) | HTML iconHTML

    Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) are widely used access control models. They are often used together in domains where both data integrity and information flow are concerned. There is much work on combined use of RBAC and MAC policies at the kernel level, which focuses on enforcing hybrid policies at run-time. However, there is little work on techniques for develo... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Practical Covert Channel Identification Approach in Source Code Based on Directed Information Flow Graph

    Publication Year: 2011, Page(s):98 - 107
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (214 KB) | HTML iconHTML

    Covert channel analysis is an important requirement when building secure information systems, and identification is the most difficult task. Although some approaches were presented, they are either experimental or constrained to some particular systems. This paper presents a practical approach based on directed information flow graph taking advantage of the source code analysis. The approach divid... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL

    Publication Year: 2011, Page(s):108 - 117
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (558 KB) | HTML iconHTML

    Organizations with stringent security requirements like banks or hospitals frequently adopt role-based access control (RBAC) principles to simplify their internal permission management. Authorization constraints represent a fundamental advanced RBAC concept enabling precise restrictions on access rights. Thereby, the complexity of the resulting security policies increases so that tool support for ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deriving Data Dependence from/for UML State Machine Diagrams

    Publication Year: 2011, Page(s):118 - 126
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (388 KB) | HTML iconHTML

    Slicing is a well-known reduction technique in many areas such as debugging, maintenance, and testing, and thus, there has been considerable research in the application of slicing techniques to models at the design level. UML state machine diagrams can properly describe the behavior of large software systems at the design level. The slicing of UML state machine diagrams is helpful for their mainte... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automatic Synthesis of Static Fault Trees from System Models

    Publication Year: 2011, Page(s):127 - 136
    Cited by:  Papers (16)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (585 KB) | HTML iconHTML

    Fault tree analysis (FTA) is a traditional reliability analysis technique. In practice, the manual development of fault trees could be costly and error-prone, especially in the case of fault tolerant systems due to the inherent complexities such as various dependencies and interactions among components. Some dynamic fault tree gates, such as Functional Dependency (FDEP) and Priority AND (PAND), ar... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.