物件導向軟體之架構(Object-Oriented Software Construction)探討

Control of Discrete-event Systems provides a survey of the most important topics in the discrete-event systems theory with particular focus on finite-state automata, Petri nets and max-plus algebra. Coverage ranges from introductory material on the basic notions and definitions of discrete-event systems to more recent results. Special attention is given to results on supervisory control, state estimation and fault diagnosis of both centralized and distributed/decentralized systems developed in the framework of the Distributed Supervisory Control of Large Plants (DISC) project. Later parts of the text are devoted to the study of congested systems though fluidization, an over approximation allowing a much more efficient study of observation and control problems of timed Petri nets. Finally, the max-plus algebraic approach to the analysis and control of choice-free systems is also considered. Control of Discrete-event Systems provides an introduction to discrete-event systems for readers that are not familiar with this class of systems, but also provides an introduction to research problems and open issues of current interest to readers already familiar with them. Most of the material in this book has been presented during a Ph.D. school held in Cagliari, Italy, in June 2011. This book constitutes the refereed proceedings of the Third International Workshop on Tools and Algorithms for the Construction and Analysis of Systems, TACAS '97, held in Enschede, The Netherlands, in April 1997. The book presents 20 revised full papers and 5 tool demonstrations carefully selected out of 54 submissions; also included are two extended abstracts and a full paper corresponding to invited talks. The papers are organized in topical sections on space reduction techniques, tool demonstrations, logical techniques, verification support, specification and analysis, and theorem proving, model checking and applications. The refereed proceedings of the 24th International Conference on Applications and Theory of Petri Nets, ICATPN 2003, held in Eindhoven, The Netherlands, in June 2003. The 25 revised full papers presented together with 6 invited contributions were carefully reviewed and selected from 77 submissions. All current issues on research and development in the area of Petri nets are addressed, in particular concurrent systems design and analysis, model checking, networking, business process modeling, formal methods in software engineering, agent systems, systems specification, systems validation, discrete event systems, protocols, and prototyping. The contents of this volume are application oriented. The volume contains a de tailed presentation of 19 applications of CP-nets, covering a broad range of ap plication areas. Most of the projects have been carried out in an industrial set ting.

Coloured Petri Nets Basic Concepts, Analysis Methods and Practical Use

Cyber-physical systems and their security issues

Systems and methods for analyzing electronic messages are disclosed. In some embodiments, the method comprises receiving a new received message from an indicated sender, the new received message having a first message characteristic of the indicated sender and a second message characteristic, identifying an actual sender message characteristic pattern of an actual sender using the first message characteristic, probabilistically comparing the second message characteristic to the actual sender message characteristic pattern, determining a degree of similarity of the second message characteristic to the actual sender message characteristic pattern, and influencing a probability that the indicated sender is the actual sender based upon the degree of similarity. There may be multiple message characteristics and patterns. In some embodiments, the methods may utilize pattern matching techniques, recipient background information, quality measures, threat intelligence data or URL information to help determine whether the new received message is from the actual sender.

Systems and methods for electronic message analysis

Phishing environments, techniques, and countermeasures

Security attacks typically result from unintended behaviors or invalid inputs. Security testing is labor intensive because a real-world program usually has too many invalid inputs. It is highly desirable to automate or partially automate security-testing process. This paper presents an approach to automated generation of security tests by using formal threat models represented as Predicate/Transition nets. It generates all attack paths, i.e., security tests, from a threat model and converts them into executable test code according to the given Model-Implementation Mapping (MIM) specification. We have applied this approach to two real-world systems, Magento (a web-based shopping system being used by many online stores) and FileZilla Server (a popular FTP server implementation in C++). Threat models are built systematically by examining all potential STRIDE (spoofing identity, tampering with data, repudiation, information disclosure, denial of service, and elevation of privilege) threats to system functions. The security tests generated from these models have found multiple security risks in each system. The test code for most of the security tests can be generated and executed automatically. To further evaluate the vulnerability detection capability of the testing approach, the security tests have been applied to a number of security mutants where vulnerabilities are injected deliberately. The mutants are created according to the common vulnerabilities in C++ and web applications. Our experiments show that the security tests have killed the majority of the mutants.

Automated Security Test Generation with Formal Threat Models

The world's increased dependence on software-enabled systems has raised major concerns about software reliability and security. New cost-effective tools for software quality assurance are needed. This paper presents an automated test generation technique, called Model-based Integration and System Test Automation (MISTA), for integrated functional and security testing of software systems. Given a Model-Implementation Description (MID) specification, MISTA generates test code that can be executed immediately with the implementation under test. The MID specification uses a high-level Petri net to capture both control- and data-related requirements for functional testing, access control testing, or penetration testing with threat models. After generating test cases from the test model according to a given criterion, MISTA converts the test cases into executable test code by mapping model-level elements into implementation-level constructs. MISTA has implemented test generators for various test coverage criteria of test models, code generators for various programming and scripting languages, and test execution environments such as Java, C, ${\rm C}++$ , C#, HTML-Selenium IDE, and Robot Framework. MISTA has been applied to the functional and security testing of various real-world software systems. Our experiments have demonstrated that MISTA can be highly effective in fault detection.

An Automated Test Generation Technique for Software Quality Assurance

Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations.

/pdf/a-model-based-approach-to-automated-testing-of-access-o37ch42iok.pdf

A model-based approach to automated testing of access control policies

Role-based access control is an important access control method for securing computer systems. A role-based access control policy can be implemented incorrectly due to various reasons, such as programming errors. Defects in the implementation may lead to unauthorized access and security breaches. To reveal access control defects, this paper presents a model-based approach to automated generation of executable access control tests using predicate/transition nets. Role-permission test models are built by integrating declarative access control rules with functional test models or contracts (preconditions and postconditions) of the associated activities (the system functions). The access control tests are generated automatically from the test models to exercise the interactions of access control activities. They are transformed into executable code through a model-implementation mapping that maps the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages. The full model-based testing process has been applied to three systems implemented in Java. The effectiveness is evaluated through mutation analysis of role-based access control rules. The experiments show that the model-based approach is highly effective in detecting the seeded access control defects.

/pdf/automated-model-based-testing-of-role-based-access-control-22s0i7kq4i.pdf

Automated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets

Phishing attack has been a serious concern to online banking and e-commerce websites. This paper proposes a method to detect and filter phishing emails in dynamic environment by applying a family of weak estimators. Anomaly detection identifies observations that deviate from the normal behavior of a system and is achieved by identifying the phenomena that characterize the “normal” observation. The new observations are classified either a normal or abnormal based on the characteristics of data learnt. Most of the anomaly detection works with the assumption that the underlying distributions of observations are stationary, where this assumption is relevant to many applications. However some detection problem occurs within environments that are non-stationary. One good example to demonstrate the information is by identifying anomalous temperature pattern in meteorology that takes into account the seasonal changes of normal observations. It is necessary that anomalous observations are identified even with the changes or acquire the ability to adapt to the variations in non-stationary environments. Our experimental results show the feasibility and effectiveness of our approach.

Lijo Thomas

Papers

Automated Security Test Generation with Formal Threat Models

An Automated Test Generation Technique for Software Quality Assurance

A model-based approach to automated testing of access control policies

Automated Model-Based Testing of Role-Based Access Control Using Predicate/Transition Nets

Phishing detection using stochastic learning-based weak estimators