46,457 research outputs found
Neural-Augmented Static Analysis of Android Communication
We address the problem of discovering communication links between
applications in the popular Android mobile operating system, an important
problem for security and privacy in Android. Any scalable static analysis in
this complex setting is bound to produce an excessive amount of
false-positives, rendering it impractical. To improve precision, we propose to
augment static analysis with a trained neural-network model that estimates the
probability that a communication link truly exists. We describe a
neural-network architecture that encodes abstractions of communicating objects
in two applications and estimates the probability with which a link indeed
exists. At the heart of our architecture are type-directed encoders (TDE), a
general framework for elegantly constructing encoders of a compound data type
by recursively composing encoders for its constituent types. We evaluate our
approach on a large corpus of Android applications, and demonstrate that it
achieves very high accuracy. Further, we conduct thorough interpretability
studies to understand the internals of the learned neural networks.Comment: Appears in Proceedings of the 2018 ACM Joint European Software
Engineering Conference and Symposium on the Foundations of Software
Engineering (ESEC/FSE
An Exploratory Study of Forces and Frictions affecting Large-Scale Model-Driven Development
In this paper, we investigate model-driven engineering, reporting on an
exploratory case-study conducted at a large automotive company. The study
consisted of interviews with 20 engineers and managers working in different
roles. We found that, in the context of a large organization, contextual forces
dominate the cognitive issues of using model-driven technology. The four forces
we identified that are likely independent of the particular abstractions chosen
as the basis of software development are the need for diffing in software
product lines, the needs for problem-specific languages and types, the need for
live modeling in exploratory activities, and the need for point-to-point
traceability between artifacts. We also identified triggers of accidental
complexity, which we refer to as points of friction introduced by languages and
tools. Examples of the friction points identified are insufficient support for
model diffing, point-to-point traceability, and model changes at runtime.Comment: To appear in proceedings of MODELS 2012, LNCS Springe
A Generic Software Modeling Framework for Building Heterogeneous Distributed and Parallel Software Systems
Heterogeneous distributed and parallel computing environments are highly dependent on hardware and communication protocols. The result is significant difficulty in software reuse, portability across platforms, interoperability, and an increased overall development effort. A new systems engineering approach is needed for parallel processing systems in heterogeneous environments. The generic modeling framework de-emphasizes platform- specific development while exploiting software reuse (and platform-specific capabilities) with a simple, well defined, and easily integrated set of abstractions providing a high level of heterogeneous interoperability
A Case Study on Software Vulnerability Coordination
Context: Coordination is a fundamental tenet of software engineering.
Coordination is required also for identifying discovered and disclosed software
vulnerabilities with Common Vulnerabilities and Exposures (CVEs). Motivated by
recent practical challenges, this paper examines the coordination of CVEs for
open source projects through a public mailing list. Objective: The paper
observes the historical time delays between the assignment of CVEs on a mailing
list and the later appearance of these in the National Vulnerability Database
(NVD). Drawing from research on software engineering coordination, software
vulnerabilities, and bug tracking, the delays are modeled through three
dimensions: social networks and communication practices, tracking
infrastructures, and the technical characteristics of the CVEs coordinated.
Method: Given a period between 2008 and 2016, a sample of over five thousand
CVEs is used to model the delays with nearly fifty explanatory metrics.
Regression analysis is used for the modeling. Results: The results show that
the CVE coordination delays are affected by different abstractions for noise
and prerequisite constraints. These abstractions convey effects from the social
network and infrastructure dimensions. Particularly strong effect sizes are
observed for annual and monthly control metrics, a control metric for weekends,
the degrees of the nodes in the CVE coordination networks, and the number of
references given in NVD for the CVEs archived. Smaller but visible effects are
present for metrics measuring the entropy of the emails exchanged, traces to
bug tracking systems, and other related aspects. The empirical signals are
weaker for the technical characteristics. Conclusion: [...
Designing and implementing a tool to transform source code to UML diagrams
Currently, reverse engineering is considered as a significant process to extract the design information and abstractions of a system from the present software. The extracted source codes have been converted into a certain structure to be easily analyzed in the following procedure. For facilitating the software process development, it might be optimum to have tools beingcertain which generate automatically or help UML generating models from the codes as a source. The current study focuses on the reverse engineering process regarding the python and java source codes to the behavior diagrams: the use case and the activity diagrams which might be of high importance in the process of software maintenance. This approach is carried out in the current study in the application referred to as the RCUML tool with the use of the python language which helped in understanding python and java source codes in the software application, and enabling visualization regarding the software behavior
- …