Visible to the public Biblio

Filters: Author is Sun, J.  [Clear All Filters]
2019-08-26
Wang, C., Jiang, Y., Zhao, X., Song, X., Gu, M., Sun, J..  2018.  Weak-Assert: A Weakness-Oriented Assertion Recommendation Toolkit for Program Analysis. 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion). :69–72.

Assertions are helpful in program analysis, such as software testing and verification. The most challenging part of automatically recommending assertions is to design the assertion patterns and to insert assertions in proper locations. In this paper, we develop Weak-Assert, a weakness-oriented assertion recommendation toolkit for program analysis of C code. A weakness-oriented assertion is an assertion which can help to find potential program weaknesses. Weak-Assert uses well-designed patterns to match the abstract syntax trees of source code automatically. It collects significant messages from trees and inserts assertions into proper locations of programs. These assertions can be checked by using program analysis techniques. The experiments are set up on Juliet test suite and several actual projects in Github. Experimental results show that Weak-Assert helps to find 125 program weaknesses in 26 actual projects. These weaknesses are confirmed manually to be triggered by some test cases.

2019-06-28
Chen, G., Wang, D., Li, T., Zhang, C., Gu, M., Sun, J..  2018.  Scalable Verification Framework for C Program. 2018 25th Asia-Pacific Software Engineering Conference (APSEC). :129-138.

Software verification has been well applied in safety critical areas and has shown the ability to provide better quality assurance for modern software. However, as lines of code and complexity of software systems increase, the scalability of verification becomes a challenge. In this paper, we present an automatic software verification framework TSV to address the scalability issues: (i) the extended structural abstraction and property-guided program slicing to solve large-scale program verification problem, saving time and memory without losing accuracy; (ii) automatically select different verification methods according to the program and property context to improve the verification efficiency. For evaluation, we compare TSV's different configurations with existing C program verifiers based on open benchmarks. We found that TSV with auto-selection performs better than with bounded model checking only or with extended structural abstraction only. Compared to existing tools such as CMBC and CPAChecker, it acquires 10%-20% improvement of accuracy and 50%-90% improvement of memory consumption.

2018-11-19
Yin, H., Yin, Z., Yang, Y., Sun, J..  2018.  Research on the Node Information Security of WSN Based on Multi-Party Data Fusion Algorithm. 2018 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). :400–405.
Smart grid is the cornerstone of the modern urban construction, leading the development trend of the urban power industry. Wireless sensor network (WSN) is widely used in smart power grid. It mainly covers two routing methods, the plane routing protocol and the clustering routing protocol. Since the plane routing protocol needs to maintain a large routing table and works with a poor scalability, it will increase the overall cost of the system in practical use. Therefore, in this paper, the clustering routing protocol is selected to achieve a better operation performance of the wireless sensor network. In order to enhance the reliability of the routing security, the data fusion technology is also utilized. Based on this method, the rationality of the topology structure of the smart grid and the security of the node information can be effectively improved.
2018-02-06
Sun, J., Sun, K., Li, Q..  2017.  CyberMoat: Camouflaging Critical Server Infrastructures with Large Scale Decoy Farms. 2017 IEEE Conference on Communications and Network Security (CNS). :1–9.

Traditional deception-based cyber defenses often undertake reactive strategies that utilize decoy systems or services for attack detection and information gathering. Unfortunately, the effectiveness of these defense mechanisms has been largely constrained by the low decoy fidelity, the poor scalability of decoy platform, and the static decoy configurations, which allow the attackers to identify and bypass the deployed decoys. In this paper, we develop a decoy-enhanced defense framework that can proactively protect critical servers against targeted remote attacks through deception. To achieve both high fidelity and good scalability, our system follows a hybrid architecture that separates lightweight yet versatile front-end proxies from back-end high-fidelity decoy servers. Moreover, our system can further invalidate the attackers' reconnaissance through dynamic proxy address shuffling. To guarantee service availability, we develop a transparent connection translation strategy to maintain existing connections during shuffling. Our evaluation on a prototype implementation demonstrates the effectiveness of our approach in defeating attacker reconnaissance and shows that it only introduces small performance overhead.

2017-12-28
Cheng, X., Zhou, M., Song, X., Gu, M., Sun, J..  2017.  IntPTI: Automatic integer error repair with proper-type inference. 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE). :996–1001.

Integer errors in C/C++ are caused by arithmetic operations yielding results which are unrepresentable in certain type. They can lead to serious safety and security issues. Due to the complicated semantics of C/C++ integers, integer errors are widely harbored in real-world programs and it is error-prone to repair them even for experts. An automatic tool is desired to 1) automatically generate fixes which assist developers to correct the buggy code, and 2) provide sufficient hints to help developers review the generated fixes and better understand integer types in C/C++. In this paper, we present a tool IntPTI that implements the desired functionalities for C programs. IntPTI infers appropriate types for variables and expressions to eliminate representation issues, and then utilizes the derived types with fix patterns codified from the successful human-written patches. IntPTI provides a user-friendly web interface which allows users to review and manage the fixes. We evaluate IntPTI on 7 real-world projects and the results show its competitive repair accuracy and its scalability on large code bases. The demo video for IntPTI is available at: https://youtu.be/9Tgd4A\_FgZM.