M. Ceccato
M. Ceccato

homepage

  Affiliation history
Bibliometrics: publication history
Average citations per article6.24
Citation Count312
Publication count50
Publication years2004-2017
Available for download18
Average downloads per article248.89
Downloads (cumulative)4,480
Downloads (12 Months)529
Downloads (6 Weeks)72
SEARCH
ROLE
Arrow RightAuthor only


AUTHOR'S COLLEAGUES
See all colleagues of this author

SUBJECT AREAS
See all subject areas




BOOKMARK & SHARE


51 results found Export Results: bibtexendnoteacmrefcsv

Result 1 – 20 of 51
Result page: 1 2 3

Sort by:

1 published by ACM
May 2018 MOBILESoft '18: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 6,   Downloads (12 Months): 12,   Downloads (Overall): 12

Full text available: PDFPDF
Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external entities through the Internet or with other apps. Confidentiality of user data could be breached if there are anomalies in the way sensitive data is handled ...

2
May 2017 ICPC '17: Proceedings of the 25th International Conference on Program Comprehension
Publisher: IEEE Press
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 0,   Downloads (12 Months): 0,   Downloads (Overall): 0

Full text available: PDFPDF
Code protections aim at blocking (or at least delaying) reverse engineering and tampering attacks to critical assets within programs. Knowing the way hackers understand protected code and perform attacks is important to achieve a stronger protection of the software assets, based on realistic assumptions about the hackers' behaviour. However, building ...

3 published by ACM
October 2016 SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 3,   Downloads (12 Months): 25,   Downloads (Overall): 82

Full text available: PDFPDF
In the ASPIRE research project, a software protection tool flow was designed and prototyped that targets native ARM Android code. This tool flow supports the deployment of a number of protections against man-at-the-end attacks. In this tutorial, an overview of the tool flow will be presented and attendants will participate ...
Keywords: software metrics, annotations, compilers, attack modeling, decision support systems, man-at-the-end attacks, software protection tool chain

4 published by ACM
October 2016 SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 5,   Downloads (12 Months): 29,   Downloads (Overall): 100

Full text available: PDFPDF
Anti-tampering is a form of software protection conceived to detect and avoid the execution of tampered programs. Tamper detection assesses programs' integrity with load or execution-time checks. Avoidance reacts to tampered programs by stopping or rendering them unusable. General purpose reactions (such as halting the execution) stand out like a ...
Keywords: tamper detection, code splitting, anti-tampering, tamper reaction, remote attestation, software attestation, software security

5 published by ACM
September 2016 ESEM '16: Proceedings of the 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 12,   Downloads (12 Months): 96,   Downloads (Overall): 221

Full text available: PDFPDF
Static analysis and penetration testing are common techniques used to discover security bugs in implementation code. Penetration testing is often performed in black-box way by probing the attack surface of a running system and discovering its security holes. Static analysis techniques operate in a white-box way by analyzing the source ...
Keywords: Static analysis, Penetration testing, Software maintenance

6 published by ACM
August 2016 ASE 2016: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 5,   Downloads (12 Months): 85,   Downloads (Overall): 305

Full text available: PDFPDF
Security testing is a pivotal activity in engineering secure software. It consists of two phases: generating attack inputs to test the system, and assessing whether test executions expose any vulnerabilities. The latter phase is known as the security oracle problem. In this work, we present SOFIA, a Security Oracle for ...
Keywords: Security oracle, Security testing, SQL-injection

7 published by ACM
May 2016 MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and Systems
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 2,   Downloads (12 Months): 24,   Downloads (Overall): 120

Full text available: PDFPDF
The Android platform is designed to facilitate inter-app integration and communication, so that apps can reuse functionalities implemented by other apps by resorting to delegation. Though this feature is usually mentioned to be the main reason for the popularity of Android, it also poses security risks to the end user. ...

8 published by ACM
December 2015 ACM Transactions on Software Engineering and Methodology (TOSEM): Volume 25 Issue 1, December 2015
Publisher: ACM
Bibliometrics:
Citation Count: 5
Downloads (6 Weeks): 14,   Downloads (12 Months): 89,   Downloads (Overall): 472

Full text available: PDFPDF
Several techniques and tools have been proposed for the automatic generation of test cases. Usually, these tools are evaluated in terms of fault-revealing or coverage capability, but their impact on the manual debugging activity is not considered. The question is whether automatically generated test cases are equally effective in supporting ...
Keywords: Empirical software engineering, automatic test case generation, debugging

9
December 2015 Empirical Software Engineering: Volume 20 Issue 6, December 2015
Publisher: Kluwer Academic Publishers
Bibliometrics:
Citation Count: 1

Context: Obfuscation is a common technique used to protect software against malicious reverse engineering. Obfuscators manipulate the source code to make it harder to analyze and more difficult to understand for the attacker. Although different obfuscation algorithms and implementations are available, they have never been directly compared in a large ...

10
November 2015 Journal of Systems and Software: Volume 109 Issue C, November 2015
Publisher: Elsevier Science Inc.
Bibliometrics:
Citation Count: 0

The Ahab's leg (AL) is a known problem of conversion between media.The validation of requirements may be subject to the problem of AL.This work is an empirical study on participatory validation of requirements.The goal is to evaluate the impact of AL due to the translation into scenarios. The correct identification ...
Keywords: Human factors of requirement Engineering, Requirement validation

11
May 2015 SPRO '15: Proceedings of the 2015 IEEE/ACM 1st International Workshop on Software Protection
Publisher: IEEE Computer Society
Bibliometrics:
Citation Count: 0

Software obfuscation was proposed as a technique to mitigate the problem of malicious code tampering, by making code more difficult to understand and consequently more difficult to alter. In particular, "residue number coding" encodes program variables to hide their actual values, while supporting operations in the encoded domain. Some computations ...

12
May 2015 SPRO '15: Proceedings of the 1st International Workshop on Software Protection
Publisher: IEEE Press
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 3,   Downloads (12 Months): 7,   Downloads (Overall): 40

Full text available: PDFPDF
Software obfuscation was proposed as a technique to mitigate the problem of malicious code tampering, by making code more difficult to understand and consequently more difficult to alter. In particular, "residue number coding" encodes program variables to hide their actual values, while supporting operations in the encoded domain. Some computations ...

13 published by ACM
November 2014 CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
Publisher: ACM
Bibliometrics:
Citation Count: 0
Downloads (6 Weeks): 3,   Downloads (12 Months): 13,   Downloads (Overall): 125

Full text available: PDFPDF
Programs often run under strict usage conditions (e.g., license restrictions) that could be broken in case of code tampering. Possible attacks include malicious reverse engineering, tampering using static, dynamic and hybrid techniques, on standard devices as well as in labs with additional special purpose hardware equipment. ASPIRE (http://www.aspire-fp7.eu) is a ...
Keywords: code tampering, software metrics, software protection

14
August 2014 Empirical Software Engineering: Volume 19 Issue 4, August 2014
Publisher: Kluwer Academic Publishers
Bibliometrics:
Citation Count: 18

Context: code obfuscation is intended to obstruct code understanding and, eventually, to delay malicious code changes and ultimately render it uneconomical. Although code understanding cannot be completely impeded, code obfuscation makes it more laborious and troublesome, so as to discourage or retard code tampering. Despite the extensive adoption of obfuscation, ...
Keywords: Program comprehension, Empirical studies, Software obfuscation

15
June 2014 Journal of Software: Evolution and Process: Volume 26 Issue 6, June 2014
Publisher: John Wiley & Sons, Inc.
Bibliometrics:
Citation Count: 0

Keywords: source code analysis, source code manipulation, SCAM 2012

16
December 2013 Information and Software Technology: Volume 55 Issue 12, December, 2013
Publisher: Butterworth-Heinemann
Bibliometrics:
Citation Count: 2

Context: Cross-site scripting (XSS for short) is considered one of the major threat to the security of web applications. Static analysis supports manual security review in mitigating the impact of XSS-related issues, by suggesting a set of potential problems, expressed in terms of candidate vulnerabilities. A security problem spotted by ...
Keywords: Security testing, Static analysis, Dynamic analysis

17
May 2013 AST '13: Proceedings of the 8th International Workshop on Automation of Software Test
Publisher: IEEE Press
Bibliometrics:
Citation Count: 3
Downloads (6 Weeks): 5,   Downloads (12 Months): 20,   Downloads (Overall): 257

Full text available: PDFPDF
An important reason behind the popularity of smartphones and tablets is the huge amount of available applications to download, to expand functionalities of the devices with brand new features. In fact, official stores provide a plethora of applications developed by third parties, for entertainment and business, most of which for ...
Keywords: mobile applications, testing, security testing

18
August 2012 EternalS'12: Proceedings of the Second International Conference on Trustworthy Eternal Systems via Evolving Software, Data and Knowledge
Publisher: Springer-Verlag
Bibliometrics:
Citation Count: 0

The objective of software testing is to stress a program to reveal programming defects. Security testing is, more specifically, that branch of testing which aims to reveal defects that could lead to security problems. Most of security testing declensions, however, have been mostly interested in the automatic generation of test ...

19
June 2012 AST '12: Proceedings of the 7th International Workshop on Automation of Software Test
Publisher: IEEE Press
Bibliometrics:
Citation Count: 1
Downloads (6 Weeks): 3,   Downloads (12 Months): 9,   Downloads (Overall): 83

Full text available: PDFPDF
The goal of security testing is to detect those defects that could be exploited to conduct attacks. Existing works, however, address security testing mostly from the point of view of automatic generation of test cases. Less attention is paid to the problem of developing and integrating with a security oracle. ...
Keywords: cross site scripting, security testing, test oracle

20
June 2012 ICSE '12: Proceedings of the 34th International Conference on Software Engineering
Publisher: IEEE Press
Bibliometrics:
Citation Count: 7
Downloads (6 Weeks): 6,   Downloads (12 Months): 13,   Downloads (Overall): 234

Full text available: PDFPDF
Automatically generated test cases are usually evaluated in terms of their fault revealing or coverage capability. Beside these two aspects, test cases are also the major source of information for fault localization and fixing. The impact of automatically generated test cases on the debugging activity, compared to the use of ...



The ACM Digital Library is published by the Association for Computing Machinery. Copyright © 2018 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us