Mon 9 May 2022 22:10 - 22:15 at ICSE room 4-even hours - Validation and Verification 3 Chair(s): Yu Feng
Tue 10 May 2022 12:20 - 12:25 at ICSE room 3-even hours - Validation and Verification 6 Chair(s): Miguel Goulao
Wed 25 May 2022 11:25 - 11:30 at Ballroom A - Papers 5: Validation and Verification Chair(s): Shiva Nejati
Tue 10 May 2022 12:20 - 12:25 at ICSE room 3-even hours - Validation and Verification 6 Chair(s): Miguel Goulao
Wed 25 May 2022 11:25 - 11:30 at Ballroom A - Papers 5: Validation and Verification Chair(s): Shiva Nejati
Due to ubiquitous use of software services, protecting the confidentiality of private information stored in compute clouds is becoming an increasingly critical problem. Although access control specification languages and libraries provide mechanisms for protecting confidentiality of information, without verification and validation techniques that can assist developers in writing policies, complex policy specifications are likely to have errors that can lead to unintended and unauthorized access to data, possibly with disastrous consequences. In this paper, we present a quantitative and differential policy analysis framework that not only identifies if one policy is more permissive than another policy, but also quantifies the relative permissiveness of access control policies. We quantify permissiveness of policies using a model counting constraint solver. We present a heuristic that transforms constraints extracted from access control policies and significantly improves the model counting performance. We demonstrate the effectiveness of our approach by applying it to policies written in Amazon’s AWS Identity and Access Management (IAM) policy language and Microsoft’s Azure policy language.
Mon 9 MayDisplayed time zone: Eastern Time (US & Canada) change
Mon 9 May
Displayed time zone: Eastern Time (US & Canada) change
22:00 - 23:00 | Validation and Verification 3SEIP - Software Engineering in Practice / Technical Track at ICSE room 4-even hours Chair(s): Yu Feng University of California at Santa Barbara | ||
22:00 5mTalk | Verifying Dynamic Trait Objects in Rust SEIP - Software Engineering in Practice Alexa VanHattum Cornell University, Daniel Schwartz-Narbonne Amazon, n.n., Nathan Chong Amazon, Adrian Sampson Cornell University Pre-print Media Attached | ||
22:05 5mTalk | Linear-time Temporal Logic guided Greybox Fuzzing Technical Track Ruijie Meng National University of Singapore, Singapore, Zhen Dong Fudan University, China, Jialin Li National University of Singapore, Singapore, Ivan Beschastnikh University of British Columbia, Abhik Roychoudhury National University of Singapore DOI Pre-print Media Attached | ||
22:10 5mTalk | Quantifying Permissiveness of Access Control Policies Technical Track William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara Pre-print Media Attached | ||
22:15 5mTalk | Analyzing User Perspectives on Mobile App Privacy at Scale Technical Track Preksha Nema Google Inc., Pauline Anthonysamy Google Inc., Nina Taft Google Inc., Sai Teja Peddinti Google Inc. Pre-print Media Attached | ||
Tue 10 MayDisplayed time zone: Eastern Time (US & Canada) change
Tue 10 May
Displayed time zone: Eastern Time (US & Canada) change
12:00 - 13:00 | Validation and Verification 6Technical Track / SEIP - Software Engineering in Practice / NIER - New Ideas and Emerging Results / Journal-First Papers at ICSE room 3-even hours Chair(s): Miguel Goulao NOVA University of Lisbon | ||
12:00 5mTalk | Verification of Consistency between Process Models, Object Life Cycles, and Context-dependent Semantic Specifications Journal-First Papers Ralph Hoch Institute of Computer Technology, TU Wien, Christoph Luckeneder Vienna University of Technology, Roman Popp TU Wien, Vienna, Austria, Hermann Kaindl Institute of Computer Technology, TU Wien Link to publication DOI Pre-print Media Attached | ||
12:05 5mTalk | Evaluating Commit Message Generation: To BLEU Or Not To BLEU? NIER - New Ideas and Emerging Results Samanta Dey Chennai Mathematical Institute, Venkatesh Vinayakarao Chennai Mathematical Institute, Monika Gupta IBM Research India, Sampath Dechu IBM Research Link to publication DOI Pre-print Media Attached | ||
12:10 5mTalk | Verifying Dynamic Trait Objects in Rust SEIP - Software Engineering in Practice Alexa VanHattum Cornell University, Daniel Schwartz-Narbonne Amazon, n.n., Nathan Chong Amazon, Adrian Sampson Cornell University Pre-print Media Attached | ||
12:15 5mTalk | Verification of ORM-based Controllers by Summary Inference Technical Track Geetam Chawla Indian Insitute of Science, Bangalore, Navneet Aman Indian Institute of Science, Bangalore, Raghavan Komondoor IISc Bengaluru, Ashish Shashikant Bokil Indian Institute of Science, Bangalore, Nilesh Ramesh Kharat Indian Institute of Science, Bangalore Pre-print Media Attached | ||
12:20 5mTalk | Quantifying Permissiveness of Access Control Policies Technical Track William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara Pre-print Media Attached | ||
Wed 25 MayDisplayed time zone: Eastern Time (US & Canada) change
Wed 25 May
Displayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | Papers 5: Validation and VerificationSEIP - Software Engineering in Practice / Technical Track / Journal-First Papers at Ballroom A Chair(s): Shiva Nejati University of Ottawa | ||
11:00 5mTalk | Linear-time Temporal Logic guided Greybox Fuzzing Technical Track Ruijie Meng National University of Singapore, Singapore, Zhen Dong Fudan University, China, Jialin Li National University of Singapore, Singapore, Ivan Beschastnikh University of British Columbia, Abhik Roychoudhury National University of Singapore DOI Pre-print Media Attached | ||
11:05 5mTalk | Verification of Consistency between Process Models, Object Life Cycles, and Context-dependent Semantic Specifications Journal-First Papers Ralph Hoch Institute of Computer Technology, TU Wien, Christoph Luckeneder Vienna University of Technology, Roman Popp TU Wien, Vienna, Austria, Hermann Kaindl Institute of Computer Technology, TU Wien Link to publication DOI Pre-print Media Attached | ||
11:10 5mTalk | GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs Technical Track DOI Pre-print Media Attached | ||
11:15 5mTalk | ExAIS: Executable AI Semantics Technical Track Pre-print Media Attached | ||
11:20 5mTalk | Verifying Dynamic Trait Objects in Rust SEIP - Software Engineering in Practice Alexa VanHattum Cornell University, Daniel Schwartz-Narbonne Amazon, n.n., Nathan Chong Amazon, Adrian Sampson Cornell University Pre-print Media Attached | ||
11:25 5mTalk | Quantifying Permissiveness of Access Control Policies Technical Track William Eiers University of California at Santa Barbara, USA, Ganesh Sankaran University of California Santa Barbara, Albert Li University of California Santa Barbara, Emily O'Mahony University of California Santa Barbara, Benjamin Prince University of California Santa Barbara, Tevfik Bultan University of California, Santa Barbara Pre-print Media Attached | ||
11:30 5mTalk | Fuzzing Class Specifications Technical Track Facundo Molina University of Rio Cuarto and CONICET, Argentina, Marcelo d'Amorim Federal University of Pernambuco, Nazareno Aguirre University of Rio Cuarto and CONICET, Argentina Pre-print Media Attached | ||
Information for Participants
Mon 9 May 2022 22:00 - 23:00 at ICSE room 4-even hours - Validation and Verification 3 Chair(s): Yu Feng
Info for room ICSE room 4-even hours:
Tue 10 May 2022 12:00 - 13:00 at ICSE room 3-even hours - Validation and Verification 6 Chair(s): Miguel Goulao
Info for room ICSE room 3-even hours: