Search

Your search keyword '"Pretschner, Alexander"' showing total 672 results
Start Over Author "Pretschner, Alexander"

Refine your results

more »

more »

more »

more »
672 results on '"Pretschner, Alexander"'

258. Pairika

Author

Rahman, Md. Rezaur, primary, Golagha, Mojdeh, additional, and Pretschner, Alexander, additional

Published
2018
Full Text
View/download PDF

259. Aletheia

Author

Golagha, Mojdeh, primary, Raisuddin, Abu Mohammed, additional, Mittag, Lennart, additional, Hellhake, Dominik, additional, and Pretschner, Alexander, additional

Published
2018
Full Text
View/download PDF

263. Model-Based Policy Derivation for Usage Control

Author

Pretschner, Alexander (Prof. Dr.), Pretschner, Alexander (Prof. Dr.);Dulay, Naranker (Ph.D.), Kumari, Prachi, Pretschner, Alexander (Prof. Dr.), Pretschner, Alexander (Prof. Dr.);Dulay, Naranker (Ph.D.), and Kumari, Prachi

Abstract

Usage control concerns how data is used post-access. In existing work on usage control enforcement, policies are assumed to exist at the implementation-level: their derivation from specification-level policies has not been looked into. The expected behavior of a usage controlled system may therefore differ from the actual behavior. This research fills this gap with a policy derivation framework that uses a model-based refinement of domain-specific abstractions, data and actions, in terms of technical constructs viz. events and states of systems., Existierende Arbeiten zur Datennutzungskontrolle setzen die Existenz von Datennutzungsrichtlinien auf der Implementierungsebene voraus. Die Ableitung dieser Datennutzungsrichtlinien von der umgangssprachlichen Spezifikationsebene zur Implementierungsebene wurde in bisherigen Arbeiten jedoch noch nicht untersucht. Entsprechend beschreibt diese Doktorarbeit eine solche Ableitung von Datennutzungsrichtlinien mit Hilfe von Regeln die auf einer modellbasierten Verfeinerung der domänenspezifischen Daten und Aktionen basiert.

Published
2015

264. Cross-layer Data-centric Usage Control

Author

Pretschner, Alexander (Prof. Dr.), Pretschner, Alexander (Prof. Dr.);Piessens, Frank (Prof. Dr.), Lovat, Enrico, Pretschner, Alexander (Prof. Dr.), Pretschner, Alexander (Prof. Dr.);Piessens, Frank (Prof. Dr.), and Lovat, Enrico

Abstract

Usage control (UC) specifies what happens to data after access to it has been granted. Within the system, data (e.g. “a picture”) exists in form of various representations, possibly located at different levels of abstraction (e.g. a file, a set of pixels or a Java object). To control data, one must control the usage of all its different representations.This work (1) presents a generic UC model and a policy specification language that capture the distinction between data and representations of data and (2) discusses how to improve the model’s precision leveraging additional information about the system., Datennutzungskontrolle (DNK) spezifiziert, was mit Daten passiert, nachdem der initiale Zugriff auf diese gewährt wurde. Dazu muss die Nutzung der Daten (z.B. "ein Bild") in allen verschiedenen Repräsentationen (z.B. eine Datei, ein Java Objekt) innerhalb eines Systems kontrolliert werden. Die vorliegende Arbeit 1) präsentiert ein generisches DNK-Modell und eine Richtlinienspezifikationssprache, die den Unterschied zwischen Daten und ihren Repräsentation erfasst und 2) diskutiert wie durch Zusatzinformationen über das System die Präzision des Modells erhöht werden kann.

Published
2015

266. Automatic Extraction and Selection of Workload Specifications for Load Testing and Model-Based Performance Prediction

Author

Krcmar, Helmut (Prof. Dr.), Pretschner, Alexander (Prof. Dr.), Vögele, Christian, Krcmar, Helmut (Prof. Dr.), Pretschner, Alexander (Prof. Dr.), and Vögele, Christian

Abstract

This dissertation presents an approach that enables the automatic extraction and selection of workload specifications for session-based application systems. A domain-specific language (DSL) is introduced allowing tool- and system independent specification of workloads. Instances of this DSL are extracted from system logs and are transformed into executable workload specifications of load testing tools and workload specifications of performance models. A multi-objective optimization applied on the performance models enables the selection of workload specifications following given performance objectives. The developed methods are evaluated using a representative application system., Diese Dissertation stellt einen Ansatz vor, der die automatische Extraktion und Auswahl von Workload-Spezifikationen (WS) für Session-basierte Anwendungssysteme ermöglicht. Es wird eine domänenspezifische Sprache (DSL) eingeführt, die eine werkzeug- und systemunabhängige Spezifikation von Workloads ermöglicht. Instanzen dieser DSL werden aus Systemlogs extrahiert und in ausführbare WS von Lasttest-Tools sowie in WS von Performance-Modellen transformiert. Eine auf die Performance-Modelle angewendete mehrkriterielle Optimierung ermöglicht die Auswahl von WS innerhalb vorgegebener Ziele. Die entwickelten Methoden werden mit einem repräsentativen Anwendungssystem evaluiert.

Published
2018

267. Dynamic Symbolic Execution with Scalable Interpolation Based Path Merging

Author

Eckert, Claudia (Prof. Dr.), Pretschner, Alexander (Prof. Dr.), Ibing, Andreas, Eckert, Claudia (Prof. Dr.), Pretschner, Alexander (Prof. Dr.), and Ibing, Andreas

Abstract

This thesis deals with the automated detection of common software weaknesses in C programs. The approach is selective symbolic execution on the source code level with interpolation based path merging. Interpolation and path merging are used to reduce the necessary computational effort without reduction in bug detection accuracy compared to path coverage, the symbolic execution then achieves error and branch coverage. Interpolation is also used to further reduce the computational effort and to achieve a selectable coverage criterion (e.g., branch coverage), at the expense of false negative detections. The interpolation consists in a removal of constraints from the path constraint. It is shown that the considered algorithms yield an interpolation and coverage hierarchy with respect to subsets of constraints and subsets of program paths, and with respect to the implication of coverage criteria, respectively. Modification of source code is not necessary for analysis. Symbolic execution with Satisfiability Modulo Theories Solver is combined with binary instrumentation to efficiently detect different bug types. The implementation is a plug-in extension to the Eclipse C/C++ development tools and uses a debugger machine interface. It is evaluated by detecting memory access errors, infinite loops, information exposures, dead code and data race conditions in test programs from the Juliet test suite for program analyzers., Die vorliegende Arbeit beschäftigt sich mit der automatischen Erkennung von Fehlern (Common Weaknesses) in C Programmen. Der Ansatz ist eine selektive symbolische Ausführung auf der Quelltext-Ebene mit interpolationsbasierter Pfadverschmelzung. Interpolation und Pfadverschmelzung werden einerseits zur Verringerung der nötigen Rechenleistung ohne Genauigkeitsverlust der Fehlererkennung im Vergleich zu Path Coverage eingesetzt, erzielt wird dann ”Error and Branch Coverage”. Andererseits kann die Interpolation zur Erreichung eines wählbaren Coverage-Kriteriums (z.B. Branch Coverage) angepasst werden, um die nötige Rechenleistung noch weiter zur reduzieren, allerdings bei verminderter Genauigkeit der Erkennung. Die Interpolation besteht in einer Entfernung von Constraints aus dem Pfad-Constraint. Es wird gezeigt, dass die betrachteten Algorithmen eine Interpolations- und Coverage-Hierarchie ergeben, bezüglich Teilmengen von Constraints bzw. Teilmengen von Programmpfaden und Implikation von Coverage-Kriterien. Anpassungen des Quelltextes sind zur Analyse nicht erforderlich. Symbolische Ausführung mit Satisfiability Modulo Theories Solver wird mit Instrumentierung von Binärcode kombiniert, um verschiedene Fehlerarten effizient zu erkennen. Die Implementierung ist eine plug-in Erweiterung der Eclipse C/C++ Development Tools und verwendet ein Debugger Machine Interface. Sie wird mit Testprogrammen der Juliet Suite für Speicherzugriffsfehler, Endlosschleifen, Information Exposures, Dead Code und Race Conditions bewertet.

Published
2018

268. Computing refactorings of state machines

Author

Pretschner, Alexander, Prenninger, Wolfgang, Pretschner, Alexander, and Prenninger, Wolfgang

Abstract

For behavior models expressed in statechart-like formalisms, we show how to compute semantically equivalent yet structurally different models. These refactorings are defined by user-provided logical predicates that partition the system's state space and that characterize coherent parts - modes or control states-of the behavior. We embed the refactorings into an incremental development process that uses a combination of both tables and graphically represented state machines for describing systems

Published
2018

269. Dependable Software Systems Engineering

Author

Pretschner, Alexander, Peled, Doron, Irlbeck, Maximilian, Pretschner, Alexander, Peled, Doron, and Irlbeck, Maximilian

Subjects
Computer systems--Verification, Computer software--Verification
Abstract

We are all increasingly dependent on software systems to run the technology we use every day, so we need these systems to be both reliable and safe. This book presents papers from the NATO Advanced Study Institute Summer School Dependable Software Systems Engineering, held in Marktoberdorf, Germany, in July and August 2014. Lecturers were drawn from prestigious research groups representing both industry and academia, and the course was designed as an in-depth presentation and teaching of state-of-the-art scientific techniques and methods covering research and industrial practice as well as scientific principles. Topics covered included: syntax-guided synthesis; system behaviors and problem frames; dependable human-intensive systems; automatic alias analysis and frame inference; fault-based testing; and mechanized unifying theories of programming. Marktoberdorf is one of the most renowned international computer science summer schools, and this book, with its detailed overview of current research results and the discussion and development of new ideas will be of interest to all those whose work involves the engineering of dependable software systems.

Published
2015

270. A Tutorial on Software Obfuscation

Author

Banescu, Sebastian and Pretschner, Alexander

Subjects
ddc:000, Informatik, Wissen, Systeme
Abstract

Protecting a digital asset once it leaves the cyber trust boundary of its creator is a challenging security problem. The creator is an entity which can range from a single person to an entire organization. The trust boundary of an entity is represented by all the (virtual or physical) machines controlled by that entity. Digital assets range from media content to code, and include items such as: music, movies, computer games and premium software features. The business model of the creator implies sending digital assets to end-users – such that they can be consumed – in exchange for some form of compensation. A security threat in this context is represented by malicious end-users, who attack the confidentiality or integrity of digital assets, in detriment to digital asset creators and/or other end-users. Software obfuscation transformations have been proposed to protect digital assets against malicious end-users, also called Man-At-The-End (MATE) attackers. Obfuscation transforms a program into a functionally equivalent program which is harder for MATE to attack. However, obfuscation can be use both for benign and malicious purposes. Malware developers rely on obfuscation techniques to circumvent detection mechanisms and to prevent malware analysts from understanding the logic implemented by the malware. This chapter presents a tutorial of the most popular existing software obfuscation transformations and mentions published attacks against each transformation. We present a snapshot of the field of software obfuscation and indicate possible directions, which require more research.

Published
2016

271. Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning

Author

Banescu, Sebastian and Collberg, Christian and Pretschner, Alexander

Subjects
ddc:000, Informatik, Wissen, Systeme
Abstract

Software obfuscation transforms code such that it is more difficult to reverse engineer. However, it is known that given enough resources, an attacker will successfully reverse engineer an obfuscated program. Therefore, an open challenge for software obfuscation is estimating the time an obfuscated program is able to withstand a given reverse engineering attack. This paper proposes a general framework for choosing the most relevant software features to estimate the effort of automated attacks. Our framework uses these software features to build regression models that can predict the resilience of different software protection transformations against automated attacks. To evaluate the effectiveness of our approach, we instantiate it in a case-study about predicting the time needed to deobfuscate a set of C programs, using an attack based on symbolic execution. To train regression models our system requires a large set of programs as input. We have therefore implemented a code generator that can generate large numbers of arbitrarily complex random C functions. Our results show that features such as the number of community structures in the graphrepresentation of symbolic path-constraints, are far more relevant for predicting deobfuscation time than other features generally used to measure the potency of controlflow obfuscation (e.g. cyclomatic complexity). Our best model is able to predict the number of seconds of symbolic execution-based deobfuscation attacks with over 90% accuracy for 80% of the programs in our dataset, which also includes several realistic hash functions.

Published
2016

279. Aletheia.

Author

Golagha, Mojdeh, Raisuddin, Abu Mohammed, Mittag, Lennart, Hellhake, Dominik, and Pretschner, Alexander

Subjects
COMPUTER software development, FAULT-tolerant computing, DEBUGGING, COMPUTER software testing, COMPUTER software developers, OPEN source software
Abstract

Testing and debugging are time-consuming, tedious and costly. As many automated test generation tools are being applied in practice nowadays, there is a growing need for automated failure diagnosis. We introduce Aletheia, a failure diagnosis toolchain, which aims to help developers and testers reduce failure analysis time. The key ideas include: data generation to provide the relevant data for further analysis, failure clustering to group failing tests based on the hypothesized faults, and fault localization to pinpoint suspicious elements of the code. We evaluated Aletheia in a large-scale industrial case study as well as two open-source projects. Aletheia is released as an open-source tool on Github, and a demo video can be found at: https://youtu.be/BP9D68D02ZI [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

280. Characterizing the Strength of Software Obfuscation Against Automated Attacks

Author

Debray, Saumya (Prof., Ph.D.), Pretschner, Alexander (Prof. Dr.), Kemper, Alfons (Prof., Ph.D.), Banescu, Sebastian-Emilian, Debray, Saumya (Prof., Ph.D.), Pretschner, Alexander (Prof. Dr.), Kemper, Alfons (Prof., Ph.D.), and Banescu, Sebastian-Emilian

Abstract

In this thesis, we develop a framework for the characterization of software obfuscation strength by formalizing automated analysis attacks as search problems. This helps developers to choose obfuscating transformations, which change those software characteristics, such that heuristics are no longer applicable or to increase the search effort to an extent that it is no longer economically attractive. We present multiple experiments involving various software applications, obfuscating transformations and an automated attack based on symbolic execution, whose results support our hypothesis., In dieser Dissertation entwickeln wir eine Grundstruktur, in der wir die automatische Analyse als Suchprobleme formalisieren, deren Komplexität von Eigenschaften der Software abhängt. Dies hilft Entwicklern dabei, die Verschleierungtransformationen auszuwählen, die die Eigenschaften der Software so verändern, dass Heuristiken nicht mehr angewendet werden können oder der benötigte Aufwand für die Suche aus wirtschaftlicher Sicht nicht mehr attraktiv ist. Wir stellen mehrere Fallstudien unter Einbezug von verschiedenen Software-Anwendungen, Verschleierungstransformationen und einem automatisierten Angriff bassierend auf symbolischer Ausführung vor, die unsere Hypothese untermauern.

Published
2017

281. A framework for empirical evaluation of malware detection resilience against behavior obfuscation

Author

Banescu, Sebastian, Wuechner, Tobias, Salem, Aleieldin, Guggenmos, Marius, Ochoa, Martín, and Pretschner, Alexander

Subjects
ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Malware, Resilience, Writing, Computer crashes, Operating systems, Message systems, ddc
Abstract

Program obfuscation is increasingly popular among malware creators. Objectively comparing different malware detection approaches with respect to their resilience against obfuscation is challenging. To the best of our knowledge, there is no common empirical framework for evaluating the resilience of malware detection approaches w.r.t. behavior obfuscation. We propose and implement such a framework, called FEEBO that obfuscates the observable behavior of malware binaries targeting Microsoft Windows operating systems. To assess the framework?s utility, we use it to obfuscate known malware binaries and then investigate the impact on detection effectiveness of different popular behavior based malware detection approaches. We find that the obfuscation transformations employed by FEEBO can affect the accuracy of such detection approaches significantly. FEEBO is therefore an effective and fair way to test the degree of resilience of behavior-based malware detection approaches against behavior obfuscation.

Published
2014

283. SHRIFT System-wide HybRid Information Flow Tracking

Author

Lovat, Enrico, Fromm, Alexander, Mohr, Martin, and Pretschner, Alexander

Subjects
information flow analyses, system wide data flow tracking, security, privacy, usage control, ddc
Published
2014

284. Exploiting Execution Profiles in Software Maintenance and Test

Author

Broy, Manfred (Prof. Dr. Dr. h.c.), Pretschner, Alexander (Prof. Dr.), Eder, Sebastian, Broy, Manfred (Prof. Dr. Dr. h.c.), Pretschner, Alexander (Prof. Dr.), and Eder, Sebastian

Abstract

This thesis explores the benefit of knowledge about which parts of software systems were executed in business information systems. We analyze, how this knowledge can support the activities software maintenance and test. We contribute a series of studies to gain insights into the actual execution of source code and its implications, approaches that transfer knowledge about execution to other artifacts, and we embed the approaches into the maintenance process., Diese Dissertation untersucht die Vorteile von Wissen darüber, welche Teile eines Business Information Systems ausgeführt werden. Wir analysieren, wie dieses Wissen die Aktivitäten Softwarewartung und Softwaretest unterstützen kann. Wir präsentieren Studien, die Einblicke in die tatsächliche Ausführung von Code, und die daraus entstehenden Effekte geben, Ansätze, die Wissen über Ausführung zu anderen Entwicklungsartefakten übertragen und betten diese Ansätze in bestehende Wartungsprozesse ein.

Published
2016

285. Data Usage Control for Distributed Systems

Author

Katzenbeisser, Stefan (Prof. Dr.), Pretschner, Alexander (Prof. Dr.), Kelbert, Florian Manuel, Katzenbeisser, Stefan (Prof. Dr.), Pretschner, Alexander (Prof. Dr.), and Kelbert, Florian Manuel

Abstract

This thesis is concerned with controlling the usage of sensitive data once it has been disseminated to multiple systems. To this end a formal model for distributed data usage control is proposed, allowing to track data flows across systems and to enforce distributed data usage policies in a decentral manner. The correctness of the provided formal methods is proven. Further, the proposed ideas are implemented and evaluated in terms of security as well as communication and performance overheads., Diese Arbeit beschäftigt sich mit der Kontrolle der Nutzung sensibler Daten in verteilten Systemen. Hierzu wird ein formales Modell entwickelt, das es ermöglicht die Verbreitung geschützter Daten systemübergreifend zu verfolgen sowie globale Datennutzungsanforderungen in dezentraler Weise durchzusetzen. Die Korrektheit der entwickelten Methoden wird bewiesen. Ferner werden die Vorschläge implementiert und im Hinblick auf Sicherheit und Leistungseinbußen evaluiert.

Published
2016

288. VOT4CS

Author

Banescu, Sebastian, primary, Lucaci, Ciprian, additional, Krämer, Benjamin, additional, and Pretschner, Alexander, additional

Published
2016
Full Text
View/download PDF

292. MalFlow

Author

Wüchner, Tobias, primary, Ochoa, Martín, additional, Golagha, Mojdeh, additional, Srivastava, Gaurav, additional, Schreck, Thomas, additional, and Pretschner, Alexander, additional

Published
2016
Full Text
View/download PDF

296. 10421 Summary ��� Model-Based Testing in Practice

Author

Grieskamp, Wolfgang, Hierons, Robert M., and Pretschner, Alexander

Subjects
Model-Driven Development, Testing, Modeling
Abstract

Software testing is one of the most cost-intensive tasks in the modern software production process. Model-based testing is a light-weight formal method which enables the automatic derivation of tests from software models and their environment. Model-based testing (MBT) has matured as a rich research area in the last decade, with a significant body of research and applications. The academic community is well established with many conferences, workshops, and research projects. Tools for model-based testing have been developed both as research prototypes and as commercial or semi-commercial applications brought to users by midsize and enterprise-level companies, and applied in large scale projects. In the family of model-driven approaches, model-based testing can be seen as a success story in particular with respect to the degree of mechanical processing and automation that has been achieved, and the adoption in practice. The successful deployment of model-based testing in industrial settings can be seen in the telecommunication domain, chip cards, specific Windows components, and embedded systems in general. An interesting issue is under which circumstances we can expect these successes to carry over to other domains and families of systems as well (e.g., distributed systems; testing the cloud).

Published
2011
Full Text
View/download PDF

297. 10421 Abstracts Collection ��� Model-Based Testing in Practice

Author

Grieskamp, Wolfgang, Hierons, Robert M., and Pretschner, Alexander

Subjects
Model-Driven Development, Testing, Modeling
Abstract

From 17.10. to 22.10.2010, the Dagstuhl Seminar 10421 ``Model-Based Testing in Practice '' was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available.

Published
2011
Full Text
View/download PDF

299. Syntax-Guided Synthesis

Author

Alur, Rajeev, Irlbeck, Maximilian1, Peled, Doron A, Pretschner, Alexander, Alur, Rajeev, Bodik, Rastislav, Dallal, Eric, Fisman, Dana, Garg, Pranav, Juniwal, Garvit, Kress-Gazit, Hadas, Madhusudan, P, Martin, Milo MK, Raghothaman, Mukund, Saha, Shamwaditya, Seshia, Sanjit A, Singh, Rishabh, Solar-Lezama, Armando, Torlak, Emina, Udupa, Abhishek, Alur, Rajeev, Irlbeck, Maximilian1, Peled, Doron A, Pretschner, Alexander, Alur, Rajeev, Bodik, Rastislav, Dallal, Eric, Fisman, Dana, Garg, Pranav, Juniwal, Garvit, Kress-Gazit, Hadas, Madhusudan, P, Martin, Milo MK, Raghothaman, Mukund, Saha, Shamwaditya, Seshia, Sanjit A, Singh, Rishabh, Solar-Lezama, Armando, Torlak, Emina, and Udupa, Abhishek

Published
2015

300. Model-Based Policy Derivation for Usage Control

Author

Dulay, Naranker (Ph.D.), Pretschner, Alexander (Prof. Dr.), Kumari, Prachi, Dulay, Naranker (Ph.D.), Pretschner, Alexander (Prof. Dr.), and Kumari, Prachi

Abstract

Usage control concerns how data is used post-access. In existing work on usage control enforcement, policies are assumed to exist at the implementation-level: their derivation from specification-level policies has not been looked into. The expected behavior of a usage controlled system may therefore differ from the actual behavior. This research fills this gap with a policy derivation framework that uses a model-based refinement of domain-specific abstractions, data and actions, in terms of technical constructs viz. events and states of systems., Existierende Arbeiten zur Datennutzungskontrolle setzen die Existenz von Datennutzungsrichtlinien auf der Implementierungsebene voraus. Die Ableitung dieser Datennutzungsrichtlinien von der umgangssprachlichen Spezifikationsebene zur Implementierungsebene wurde in bisherigen Arbeiten jedoch noch nicht untersucht. Entsprechend beschreibt diese Doktorarbeit eine solche Ableitung von Datennutzungsrichtlinien mit Hilfe von Regeln die auf einer modellbasierten Verfeinerung der domänenspezifischen Daten und Aktionen basiert.

Published
2015

Catalog

Books, media, physical & digital resources
See catalog results