The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior's dynamic and trusted authentication. In this paper, the author ...The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior's dynamic and trusted authentication. In this paper, the author proposes a specified measure of extracting SIBDS (software intended behaviors describing sets) statically from the binary executable using the software's API functions invoking, and also introduces the definition of the structure used to store the SIBDS in detail. Experimental results demonstrate that the extracting method and the storage structure definition offers three strong properties: (i) it can describe the software's intended behavior accurately; (ii) it demands a small storage expense; (iii) it provides strong capability to defend against mimicry attack.展开更多
Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent techni...Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.展开更多
Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) atta...Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.展开更多
For this special section on software systems, six research leaders in software systems, as guest editors tor this special section, discuss important issues that will shape this field's future research directions. The...For this special section on software systems, six research leaders in software systems, as guest editors tor this special section, discuss important issues that will shape this field's future research directions. The essays included in this roundtable article cover research opportunities and challenges for large-scale software systems such as querying organization- wide software behaviors (Xusheng Xiao), logging and log analysis (Jian-Ouang Lou), engineering reliable cloud distributed systems (Shan Lu), usage data (David C. Shepherd), clone detection and management (Xin Peng), and code search and beyond (Qian-Xiang Wang). - Tao Xie, Leading Editor of Software Systems.展开更多
In this paper, we merge software trustworthiness with software design and present an approach to trustworthy software design with an automatically adapting software update. First, software behavior and results can be ...In this paper, we merge software trustworthiness with software design and present an approach to trustworthy software design with an automatically adapting software update. First, software behavior and results can be expected and behavior states can be monitored when a software runs by introducing a trustworthy behavior trace on a software and inserting a checkpoint sensor at each checkpoint of the trustworthy software. Second, an updated approach of the trustworthy behavior trace for the software at the level of checkpoints is presented. The trustworthy behavior traces of the software for two versions can be merged adequately by constructing split points and merge points between two trustworthy behavior traces. Finally, experiments and analyses show that: (1) the software designed by our approach can detect and report the anomaly in a software automatically and effectively, so it has a higher ability of trustworthiness evaluation than the traditional software; and (2) our approach can realize the accurate update of the trustworthy behavior trace with a lower space overhead of checkpoints when the software updates.展开更多
In order to verify requirements model/document the consistency between software and users' true minds, we present a software behavior-oriented requirements visualization method. The implementation method for software...In order to verify requirements model/document the consistency between software and users' true minds, we present a software behavior-oriented requirements visualization method. The implementation method for software behavior-oriented requirements visualization is advanced in this paper first. Then, the basis language is introduced as the foundation of the method. At last, we put forward the tool platform that can achieve the requirement visualization, The result demonstrates that the method can generate requirement animation rapidly to check the correctness of the requirement. It can effectively reduce the requirements change and save a lot of software development costs.展开更多
A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security func...A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing.展开更多
Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. Accordi...Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. According to the theory and implementation of Android Binder interprocess communication mechanism, a prototype system that integrates behavior monitoring and intercepting, malware detection, and identification is built in this work. There are 50 different kinds of samples used in the experiment of malware detection, including 40 normal samples and 10 malicious samples. The theoretical analysis and experimental result demonstrate that this system is effective in malware detection and interception, with a true positive rate equal to 100% and a false positive rate less than 3%.展开更多
基金the National Natural Science Foundation of China (60673071, 60743003, 90718005, 90718006)the National High Technology Research and Development Program of China (863 Program) (2006AA01Z442, 2007AA01Z411)
文摘The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior's dynamic and trusted authentication. In this paper, the author proposes a specified measure of extracting SIBDS (software intended behaviors describing sets) statically from the binary executable using the software's API functions invoking, and also introduces the definition of the structure used to store the SIBDS in detail. Experimental results demonstrate that the extracting method and the storage structure definition offers three strong properties: (i) it can describe the software's intended behavior accurately; (ii) it demands a small storage expense; (iii) it provides strong capability to defend against mimicry attack.
基金National Natural Science Foundation of China under Grant No. 60873203Foundation of Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education under Grant No. AISTC2009_03+1 种基金Hebei National Funds for Distinguished Young Scientists under Grant No. F2010000317National Science Foundation of Hebei Province under Grant No. F2010000319
文摘Since the guarantee of trustiness is considered inadequate in traditional software development methods,software developed using these methods lacks effective measures for ensuring its trustiness.Combining agent technique with the support of trusted computing provided by TPM,a trust-shell-based constitution model of trusted software(TSCMTS)is demonstrated,trust shell ensures the trustiness of software logically.The concept of Trust Engine is proposed,which extends the "chain of trust" of TCG into application,and cooperates with TPM to perform integrity measurement for software entity to ensure the static trustiness;Data Structure called trust view is defined to represent the characteristic of software behavior.For the purpose of improving the accuracy of trustiness constraints,a strategy for determining the weights of characteristic attributes based on information entropy is proposed.Simulation experiments illustrate that the trustiness of software developed by the TSCMTS is improved effectively without performance degradation.
基金Supported by the National Natural Science Foundation of China (61202387, 61103220)Major Projects of National Science and Technology of China(2010ZX03006-001-01)+3 种基金Doctoral Fund of Ministry of Education of China (2012014110002)China Postdoctoral Science Foundation (2012M510641)Hubei Province Natural Science Foundation (2011CDB456)Wuhan Chenguang Plan Project(2012710367)
文摘Aiming at the difficulty of unknown Trojan detection in the APT flooding situation, an improved detecting method has been proposed. The basic idea of this method originates from advanced persistent threat (APT) attack intents: besides dealing with damaging or destroying facilities, the more essential purpose of APT attacks is to gather confidential data from target hosts by planting Trojans. Inspired by this idea and some in-depth analyses on recently happened APT attacks, five typical communication characteristics are adopted to describe application’s network behavior, with which a fine-grained classifier based on Decision Tree and Na ve Bayes is modeled. Finally, with the training of supervised machine learning approaches, the classification detection method is implemented. Compared with general methods, this method is capable of enhancing the detection and awareness capability of unknown Trojans with less resource consumption.
文摘For this special section on software systems, six research leaders in software systems, as guest editors tor this special section, discuss important issues that will shape this field's future research directions. The essays included in this roundtable article cover research opportunities and challenges for large-scale software systems such as querying organization- wide software behaviors (Xusheng Xiao), logging and log analysis (Jian-Ouang Lou), engineering reliable cloud distributed systems (Shan Lu), usage data (David C. Shepherd), clone detection and management (Xin Peng), and code search and beyond (Qian-Xiang Wang). - Tao Xie, Leading Editor of Software Systems.
基金Supported by the National Natural Science Foundation of China (60873203)the Foundation of Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education (AISTC2009_03)+1 种基金the Outstanding Youth Foundation of Hebei Province (F2010000317)the Natural Science Foundation of Hebei Province (F2010000319, F2011201039)
文摘In this paper, we merge software trustworthiness with software design and present an approach to trustworthy software design with an automatically adapting software update. First, software behavior and results can be expected and behavior states can be monitored when a software runs by introducing a trustworthy behavior trace on a software and inserting a checkpoint sensor at each checkpoint of the trustworthy software. Second, an updated approach of the trustworthy behavior trace for the software at the level of checkpoints is presented. The trustworthy behavior traces of the software for two versions can be merged adequately by constructing split points and merge points between two trustworthy behavior traces. Finally, experiments and analyses show that: (1) the software designed by our approach can detect and report the anomaly in a software automatically and effectively, so it has a higher ability of trustworthiness evaluation than the traditional software; and (2) our approach can realize the accurate update of the trustworthy behavior trace with a lower space overhead of checkpoints when the software updates.
基金Supported by the National Natural Science Foundation of China (91018009)the Fundamental Research Funds for the Central Universities (201121102020006)
文摘In order to verify requirements model/document the consistency between software and users' true minds, we present a software behavior-oriented requirements visualization method. The implementation method for software behavior-oriented requirements visualization is advanced in this paper first. Then, the basis language is introduced as the foundation of the method. At last, we put forward the tool platform that can achieve the requirement visualization, The result demonstrates that the method can generate requirement animation rapidly to check the correctness of the requirement. It can effectively reduce the requirements change and save a lot of software development costs.
基金Supported by the National High Technology Research and Development Program of China (863 Program) (2009AA01Z402)the PLA University of Science and Technology Pre-research Project (20110202, 20110210)+1 种基金the Natural Science Foundation of Jiangsu Province of China (BK2012059,BK2012060)the PLAUST Outstanding Graduate Student Thesis Fund (2012)
文摘A software security testing behavior model,SETAM,was proposed in our previous work as the integrated model for describing software security testing requirements behavior,which is not only compatible with security functions and latent typical misuse behaviors,but also with the interaction of them.In this paper,we analyze the differences between SETAM with security use case and security misuse case in different types of security test requirements.To illustrate the effectiveness of SETAM,we compare them in a practical case study by the number of test cases and the number of faults detected by them.The results show that SETAM could decrease about 34.87% use cases on average,and the number of faults detected by SETAM increased by 71.67% in average,which means that our model can detect more faults with fewer test cases for software security testing.
基金Supported by the National Natural Science Foundation of China(61103220)the Fundamental Research Funds for the Central Universities (6082013)+1 种基金the National Natural Science Foundation of Hubei(2011CDB456)Chenguang Program(2012710367)
文摘Focusing on the sensitive behaviors of malware, such as privacy stealing and money costing, this paper proposes a new method to monitor software behaviors and detect malicious applications on Android platform. According to the theory and implementation of Android Binder interprocess communication mechanism, a prototype system that integrates behavior monitoring and intercepting, malware detection, and identification is built in this work. There are 50 different kinds of samples used in the experiment of malware detection, including 40 normal samples and 10 malicious samples. The theoretical analysis and experimental result demonstrate that this system is effective in malware detection and interception, with a true positive rate equal to 100% and a false positive rate less than 3%.
