Auflistung nach Autor:in "Noller, Yannic"
1 - 4 von 4
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragBadger: Complexity Analysis with Fuzzing and Symbolic Execution(Software Engineering and Software Management 2019, 2019) Noller, Yannic; Kersten, Rody; Pasareanu, CorinaIn this work, we report on our recent research results on “Badger: Complexity Analysis with Fuzzing and Symbolic Execution” which was published in the proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis [NKP18]. Badger employs a hybrid software analysis technique that combines fuzzing and symbolic execution for finding performance bottlenecks in software. Our primary goal is to use Badger to discover vulnerabilities which are related to worst-case time or space complexity of an application. To this end, we use a cost-guided fuzzing approach, which produces inputs to increase the code coverage, but also to maximize a resource-related cost function, such as execution time or memory usage. We combine this fuzzing technique with a customized symbolic execution, which is also guided by heuristics that aim to increase the same cost. Experimental evaluation shows that this hybrid approach enables us to use the strengths of both techniques and overcome their individual weaknesses.
- KonferenzbeitragDifFuzz: Differential Fuzzing for Side-Channel Analysis(Software Engineering 2020, 2020) Nilizadeh, Shirin; Noller, Yannic; Noller, YannicThis summary is based on our research results on ``DifFuzz: Differential Fuzzing for Side-Channel Analysis'' which was published in the proceedings of the 41st International Conference on Software Engineering. Side-channel analysis aims to investigate the risk that a potential attacker can infer any secret information through observations of the system, such as the execution time or the memory consumption. Side-channel vulnerabilities therefore represent security risks that can cause serious damage and need to be identified and repaired. DifFuzz applies differential fuzzing to identify inputs that trigger such vulnerabilities. Our fuzzing approach analyzes multiple program executions, which vary in their secret information, and uses resource-guided heuristics to identify inputs that maximize the observable cost difference between these executions. Our evaluation shows that such a dynamic analysis approach can find the same side-channel vulnerabilities as state-of-the-art static analysis techniques, and even more vulnerabilities since it does not rely on models for its analysis. Additionally, the advantage of DifFuzz compared to other techniques is not only that it can generate inputs that show a vulnerability, but that the resulting cost difference can also be used to estimate the severity of an identified vulnerability. This enables the comparing of repaired versions of an application.
- KonferenzbeitragSupporting Semi-Automatic Co-Evolution of Architecture and Fault Tree Models(Software Engineering and Software Management 2019, 2019) Getir, Sinem; van Hoorn, André; Kehrer, Timo; Noller, Yannic; Tichy, MatthiasIn this work, we report about recent research results on “Supporting Semi-Automatic Co-Evolution of Architecture and Fault Tree Models”, published in [Ge18]. During the whole life-cycle of software-intensive systems in safety-critical domains, system models must consistently co-evolve with quality evaluation models. However, performing the necessary synchronization steps is a cumbersome and often manual task prone to errors. To understand this problem in detail, we have analyzed the evolution of two representatives of system models and quality evaluation models, namely architecture and fault tree models, for a set of evolution scenarios of a factory automation system called Pick and Place Unit. We designed a set of intra- and inter-model transformation rules which fully cover the evolution scenarios of the case study and which offer the potential to semi-automate the co-evolution process. In particular, we validated these rules with respect to completeness and evaluated them by a comparison to typical visual editor operations. Our results show a significant reduction of the amount of required user interactions in order to realize the co-evolution.
- KonferenzbeitragVudenc: Vulnerability Detection with Deep Learning on a Natural Codebase for Python - Summary(Software Engineering 2023, 2023) Wartschinski, Laura; Noller, Yannic; Vogel, Thomas; Kehrer, Timo; Grunske, LarsIn this extended abstract, we summarize our work on Vudenc published in the journal Information and Software Technology (IST) in 2022 [Wa22]. Vudenc uses deep learning to learn features of vulnerable code from a real-world Python codebase and a network of long-short-term memory cells (LSTM) is then used to detect vulnerabilities in code at a fine-grained level.