Search results

Software vulnerabilities have been the greatest threat to the software industry for a long time. Many detection techniques have been developed to address this kind of issue, such as Fuzzing, but mere Fuzz Testing is not good enough, because the Fuzzing only alters the input of program randomly, and does not consider the basic semantics of the target software. The purpose of this paper is to introduce a new vulnerability exploring system, called “SEVE” to explore the target software more deeply and to generate more test cases with more accuracy.

Symbolic execution is the core technique of SEVE. The user can just input a standard input, and the SEVE system will record the execution path, alter the critical branches of it, and generate a totally different test case which will make the software under test execute a different path. In this way, some potential bugs or defects, even the exploitable vulnerabilities will be discovered. To alleviate path explosion, the authors propose heuristic method and function abstraction, which in turn improve the performance of SEVE even further.

We evaluate SEVE system to record critical data about its efficiency and performance. We have tested some real‐world vulnerabilities, from which the underlying file‐input programs suffer. After that, the results show that SEVE is not only re‐creating the discovery of these vulnerabilities, but also at a higher performance level than traditional techniques.

The paper proposes a new vulnerability exploring system, called “SEVE” to explore the target software and generate test cases automatically and also heuristic method and function abstraction to handle path explosion.

Test suite prioritization technique is the process of modifying the order in which tests run to meet certain objectives. Early fault detection and maximum coverage of source code are the main objectives of testing. There are several test suite prioritization approaches that have been proposed at the maintenance phase of software development life cycle. A few works are done on prioritizing test suites that satisfy modified condition decision coverage (MC/DC) criteria which are derived for safety-critical systems. The authors know that it is mandatory to do MC/DC testing for Level A type software according to RTCA/DO178C standards. The paper aims to discuss this issue.

This paper provides a novel method to prioritize the test suites for a system that includes MC/DC criteria along with other important criteria that ensure adequate testing.

In this approach, the authors generate test suites from the input Java program using concolic testing. These test suites are utilized to measure MC/DC% by using the coverage calculator algorithm. Now, use MC/DC% and the execution time of these test suites in the basic particle swarm optimization technique with a modified objective function to prioritize the generated test suites.

The proposed approach maximizes MC/DC% and minimizes the execution time of the test suites. The effectiveness of this approach is validated by experiments on 20 moderate-sized Java programs using average percentage of fault detected metric.

Smart contracts are written in high-level programming languages, compiled into Ethereum Virtual Machine (EVM) bytecode, deployed onto blockchain systems and called with the corresponding address by transactions. The deployed smart contracts are immutable, even if there are bugs or vulnerabilities. Therefore, it is critical to verify smart contracts before deployment. This paper aims to help developers effectively and efficiently locate potential defects in smart contracts.

GethReplayer, a smart contract testing method based on transaction replay, is proposed. It constructs a parallel transaction execution environment with two virtual machines to compare the execution results. It uses the real existing transaction data on Ethereum and the source code of the tested smart contacts as inputs, conditionally substitutes the bytecode of the tested smart contract input into the testing EVM, and then monitors the environmental information to check the correctness of the contract.

Experiments verified that the proposed method is effective in smart contract testing. Virtual environmental information has a significant effect on the success of transaction replay, which is the basis for the performance of the method. The efficiency of error locating was approximately 14 times faster with the proposed method than without. In addition, the proposed method supports gas consumption analysis.

This paper addresses the difficulty that developers encounter in testing smart contracts before deployment and focuses on helping develop smart contracts with as few defects as possible. GethReplayer is expected to be an alternative solution for smart contract testing and provide inspiration for further research.

The purpose of this paper was to examine the interaction effects of managers' perceptions of the supporting vision clarity, appropriateness, and execution of a major organizational change on their job satisfaction, organizational commitment, turnover intentions, and role ambiguity.

Data were collected from upper and middle‐level managers of a Fortune 500 US manufacturer and maker of consumer goods involved in a large organizational change initiative. A survey was completed by 217 managers, for a response rate of 89 percent. Change attitudes, job satisfaction, organizational commitment, turnover intentions, role ambiguity, and control variables were all assessed.

A three‐way interaction between change vision clarity, change appropriateness, and change execution was found to predict managers' job satisfaction, turnover intentions, and role ambiguity.

The study relied on self‐reports collected at one point in time, allowing for the possibility of common method bias. The complex, nonlinear relationships indicate that method bias cannot fully account for the reported relationships.

Study results illustrate that the individual experience of major change is multifaceted and that simultaneously considering the combined effects of individual's change attitudes including readiness (in the form of believing a change is needed and appropriate) and the perceived effectiveness of the change execution on key job‐related outcomes can help practitioners understand more fully the implications of organizational change.

The findings lend support to the notion that individual's sentiments concerning organizational change are interactive and should not be ignored.

The purpose of this study is to reduce the number of mutations and, consequently, reduce the cost of mutation test. The results of related studies indicate that about 40% of injected faults (mutants) in the source code are effect-less (equivalent). Equivalent mutants are one of the major costs of mutation testing and the identification of equivalent and effect-less mutants has been known as an undecidable problem.

In a program with n branch instructions (if instruction) there are 2n execution paths (test paths) that the data and codes into each of these paths can be considered as a target of mutation. Given the role and impact of data in a program, some of data and codes propagates the injected mutants more likely to the output of the program. In this study, firstly the error-propagation rate of the program data is quantified using static analysis of the program control-flow graph. Then, the most error-propagating test paths are identified by the proposed heuristic algorithm (Genetic Algorithm [GA]). Data and codes with higher error-propagation rate are only considered as the strategic locations for the mutation testing.

In order to evaluate the proposed method, an extensive series of mutation testing experiments have been conducted on a set of traditional benchmark programs using MuJava tool set. The results depict that the proposed method reduces the number of mutants about 24%. Also, in the corresponding experiments, the mutation score is increased about 5.6%. The success rate of the GA in finding the most error-propagating paths of the input programs is 99%. On average, only 7.46% of generated mutants by the proposed method are equivalent. Indeed, 92.54% of generated mutants are non-equivalent.

The main contribution of this study is as follows: Proposing a set of equations to measure the error-propagation rate of each data, basic-block and execution path of a program. Proposing a genetic algorithm to identify a most error-propagating path of program as locations of mutations. Developing an efficient mutation-testing framework that mutates only the strategic locations of a program identified by the proposed genetic algorithms. Reducing the time and cost of mutation testing by reducing the equivalent mutants.

To overcome the high manual effort of assessments for teaching personnel, e‐assessment systems are used to assess students using information systems (IS). The purpose of this paper is to propose an extension of EASy, a system for e‐assessment of exercises that require higher‐order cognitive skills. The latest module allows assessing programming exercises in conjunction with particular test‐driven‐development and back‐to‐back testing.

EASy was developed following a design science research approach. To prove the effectiveness of the approach, the authors discuss findings from a survey that was conducted with almost 200 students from a programming lecture and present quantitative and qualitative findings.

Most students reflected positively on using EASy. EASy proves to be a versatile tool and the extension meets the authors' aims. Several details require further investigation, most notably usability and the support of tutors.

E‐assessment is a field that requires much future research to enable commercial‐scale systems for assessment of higher‐order cognitive skills. The authors' research is currently limited in the number of exercise types the system supports.

EASy is a research tool despite being used in actual lectures. It is not yet a general e‐assessment solution.

While EASy is a research prototype, its usage in lectures demonstrates the practicability of using e‐assessment. EASy currently is one of the few systems with advanced capabilities. The paper strongly contributes to the knowledge base on building e‐assessment systems; thus, it is relevant both for practitioners seeking to establish e‐assessment and to researchers trying to understand the future needs towards comparable systems.

Looks at the reasons for the collapse of both regimes and considers the importance of repression with these developments. Contrasts the methods of Imperial Russia with the Bolsheviks looking at Court proceedings, prison conditions, education and propaganda in prison, exile and the secret police. Concludes that whilst social support is usually seen as essential for survival of a system, repression is not regarded as a positive element but can become the method for a system’s survival and stability.

For delivering high-quality software applications, proper testing is required. A software test will function successfully if it can find more software faults. The traditional method of assessing the quality and effectiveness of a test suite is mutation testing. One of the main drawbacks of mutation testing is its computational cost. The research problem of this study is the high computational cost of the mutation test. Reducing the time and cost of the mutation test is the main goal of this study.

With regard to the 80–20 rule, 80% of the faults are found in 20% of the fault-prone code of a program. The proposed method statically analyzes the source code of the program to identify the fault-prone locations of the program. Identifying the fault-prone (complex) paths of a program is an NP-hard problem. In the proposed method, a firefly optimization algorithm is used for identifying the most fault-prone paths of a program; then, the mutation operators are injected only on the identified fault-prone instructions.

The source codes of five traditional benchmark programs were used for evaluating the effectiveness of the proposed method to reduce the mutant number. The proposed method was implemented in Matlab. The mutation injection operations were carried out by MuJava, and the output was investigated. The results confirm that the proposed method considerably reduces the number of mutants, and consequently, the cost of software mutation-test.

The proposed method avoids the mutation of nonfault-prone (simple) codes of the program, and consequently, the number of mutants considerably is reduced. In a program with n branch instructions (if instruction), there are 2n execution paths (test paths) that the data and codes into each of these paths can be considered as a target of mutation. Identifying the error-prone (complex) paths of a program is an NP-hard problem. In the proposed method, a firefly optimization algorithm as a heuristic algorithm is used for identifying the most error-prone paths of a program; then, the mutation operators (faults) are injected only on the identified fault-prone instructions.

The purpose of this paper is to propose an approach to detect Indirect Memory‐Corruption Exploit (IMCE) at runtime on binary code, which is often caused by integer conversion error. Real‐world attacks were evaluated for experimentation.

Current dynamic analysis detects attacks by enforcing low level policy which can only detect control‐flow hijacking attack. The proposed approach detects IMCE with high level policy enforcement using dynamic taint analysis. Unlike low‐level policy enforced on instruction level, the authors' policy is imposed on memory operation routine. The authors implemented a fine‐grained taint analysis system with accurate taint propagation for detection.

Conversion errors are common and most of them are legitimate. Taint analysis with high‐level policy can accurately block IMCE but have false positives. Proper design of data structures to maintain taint tag can greatly improve overhead.

This paper proposes an approach to block IMCE with high‐level policy enforcement using taint analysis. It has very low false negatives, though still causes certain false positives. The authors made several implementation contributions to strengthen accuracy and performance.

Reactive rules are used for programming rule-based Web agents, which have the ability to detect events and respond to them automatically and can have complex structure and unpredictable behavior. The aim of this paper is to provide an appropriate formal framework for analyzing such rules.

To achieve this goal, the authors give two alternative semantics for the basic reactive rules’ families which allow us to specify reactive rule-based agents and verify their intended behavior. The first approach expresses the functionality of production and event condition action rules in terms of equations, whereas the second methodology is based in the formalism of rewriting logic. Both semantics can be expressed within the framework of CafeOBJ algebraic specification language, which then offers the verification support and have their advantages and downsides.

The authors report on experiences gained by applying those methodologies in a reactive rule-based system and compare the two methodologies.

Finally, the authors demonstrate a tool that translates a set of reactive rules into CafeOBJ rewrite rules, thus making the verification of reactive rules possible for inexperienced users.