429,898 research outputs found
Tailored Source Code Transformations to Synthesize Computationally Diverse Program Variants
The predictability of program execution provides attackers a rich source of
knowledge who can exploit it to spy or remotely control the program. Moving
target defense addresses this issue by constantly switching between many
diverse variants of a program, which reduces the certainty that an attacker can
have about the program execution. The effectiveness of this approach relies on
the availability of a large number of software variants that exhibit different
executions. However, current approaches rely on the natural diversity provided
by off-the-shelf components, which is very limited. In this paper, we explore
the automatic synthesis of large sets of program variants, called sosies.
Sosies provide the same expected functionality as the original program, while
exhibiting different executions. They are said to be computationally diverse.
This work addresses two objectives: comparing different transformations for
increasing the likelihood of sosie synthesis (densifying the search space for
sosies); demonstrating computation diversity in synthesized sosies. We
synthesized 30184 sosies in total, for 9 large, real-world, open source
applications. For all these programs we identified one type of program analysis
that systematically increases the density of sosies; we measured computation
diversity for sosies of 3 programs and found diversity in method calls or data
in more than 40% of sosies. This is a step towards controlled massive
unpredictability of software
Towards Automated Boundary Value Testing with Program Derivatives and Search
A natural and often used strategy when testing software is to use input
values at boundaries, i.e. where behavior is expected to change the most, an
approach often called boundary value testing or analysis (BVA). Even though
this has been a key testing idea for long it has been hard to clearly define
and formalize. Consequently, it has also been hard to automate.
In this research note we propose one such formalization of BVA by, in a
similar way as to how the derivative of a function is defined in mathematics,
considering (software) program derivatives. Critical to our definition is the
notion of distance between inputs and outputs which we can formalize and then
quantify based on ideas from Information theory.
However, for our (black-box) approach to be practical one must search for
test inputs with specific properties. Coupling it with search-based software
engineering is thus required and we discuss how program derivatives can be used
as and within fitness functions.
This brief note does not allow a deeper, empirical investigation but we use a
simple illustrative example throughout to introduce the main ideas. By
combining program derivatives with search, we thus propose a practical as well
as theoretically interesting technique for automated boundary value (analysis
and) testing
DSpot: Test Amplification for Automatic Assessment of Computational Diversity
Context: Computational diversity, i.e., the presence of a set of programs
that all perform compatible services but that exhibit behavioral differences
under certain conditions, is essential for fault tolerance and security.
Objective: We aim at proposing an approach for automatically assessing the
presence of computational diversity. In this work, computationally diverse
variants are defined as (i) sharing the same API, (ii) behaving the same
according to an input-output based specification (a test-suite) and (iii)
exhibiting observable differences when they run outside the specified input
space. Method: Our technique relies on test amplification. We propose source
code transformations on test cases to explore the input domain and
systematically sense the observation domain. We quantify computational
diversity as the dissimilarity between observations on inputs that are outside
the specified domain. Results: We run our experiments on 472 variants of 7
classes from open-source, large and thoroughly tested Java classes. Our test
amplification multiplies by ten the number of input points in the test suite
and is effective at detecting software diversity. Conclusion: The key insights
of this study are: the systematic exploration of the observable output space of
a class provides new insights about its degree of encapsulation; the behavioral
diversity that we observe originates from areas of the code that are
characterized by their flexibility (caching, checking, formatting, etc.).Comment: 12 page
Recommended from our members
Learning to Diversify Web Search Results with a Document Repulsion Model
Search diversification (also called diversity search), is an important approach to tackling the query ambiguity problem in information retrieval. It aims to diversify the search results that are originally ranked according to their probabilities of relevance to a given query, by re-ranking them to cover as many as possible different aspects (or subtopics) of the query. Most existing diversity search models heuristically balance the relevance ranking and the diversity ranking, yet lacking an efficient learning mechanism to reach an optimized parameter setting. To address this problem, we propose a learning-to-diversify approach which can directly optimize the search diversification performance (in term of any effectiveness metric). We first extend the ranking function of a widely used learning-to-rank framework, i.e., LambdaMART, so that the extended ranking function can correlate relevance and diversity indicators. Furthermore, we develop an effective learning algorithm, namely Document Repulsion Model (DRM), to train the ranking function based on a Document Repulsion Theory (DRT). DRT assumes that two result documents covering similar query aspects (i.e., subtopics) should be mutually repulsive, for the purpose of search diversification. Accordingly, the proposed DRM exerts a repulsion force between each pair of similar documents in the learning process, and includes the diversity effectiveness metric to be optimized as part of the loss function. Although there have been existing learning based diversity search methods, they often involve an iterative sequential selection process in the ranking process, which is computationally complex and time consuming for training, while our proposed learning strategy can largely reduce the time cost. Extensive experiments are conducted on the TREC diversity track data (2009, 2010 and 2011). The results demonstrate that our model significantly outperforms a number of baselines in terms of effectiveness and robustness. Further, an efficiency analysis shows that the proposed DRM has a lower computational complexity than the state of the art learning-to-diversify methods
Initial specification of the evaluation tasks "Use cases to bridge validation and benchmarking" PROMISE Deliverable 2.1
Evaluation of multimedia and multilingual information access systems needs to be performed from a usage oriented perspective. This document outlines use cases from the three use case domains of the PROMISE project and gives some initial pointers to how their respective characteristics can be extrapolated to determine and guide evaluation activities, both with respect to benchmarking and to validation of the usage hypotheses. The use cases will be developed further during the course of the evaluation activities and workshops projected to occur in coming CLEF conferences
- …