Search For:

Displaying 1-40 out of 40 total
Recovery of PTUIE Handling from Source Codes through Recognizing Its Probable Properties
Found in: IEEE Transactions on Knowledge and Data Engineering
By Hee Beng Kuan Tan, Ni Lar Thein
Issue Date:October 2004
pp. 1217-1231
Automated recovery of system features and their designs from program source codes is important in reverse engineering and system comprehension. It also helps in the testing of software. An error that is made by users in an input to an execution of a transa...
 
Detection of Mobile Malware in the Wild
Found in: Computer
By Mahinthan Chandramohan,Hee Beng Kuan Tan
Issue Date:September 2012
pp. 65-71
New techniques for detecting the presence of mobile malware can help protect smartphones from potential security threats.
 
Software Reuse through a Novel Representation that Supports Factorization
Found in: Computer Software and Applications Conference, Annual International
By Hee Beng Kuan Tan, Hua Koon Tan
Issue Date:October 1999
pp. 344
Software reuse has received more attention in recent years. However, very often, we still require to re-design and re-develop parts of software ranging from small to very large size (we shall call them software factors) that have been developed before, for...
 
Mining Attribute Lifecycle to Predict Faults and Incompleteness in Database Applications
Found in: 2013 20th Asia-Pacific Software Engineering Conference (APSEC)
By Kaiping Liu,Hee Beng Kuan Tan
Issue Date:December 2013
pp. 223-230
In a database application, for each attribute, a value is created initially via insertion. Then, the value can be referenced or updated via selection and updating respectively. Eventually, when the record is deleted, the values of the attributes are also d...
 
Towards a Hybrid Framework for Detecting Input Manipulation Vulnerabilities
Found in: 2013 20th Asia-Pacific Software Engineering Conference (APSEC)
By Sun Ding,Hee Beng Kuan Tan,Lwin Khin Shar,Bindu Madhavi Padmanabhuni
Issue Date:December 2013
pp. 363-370
Input manipulation vulnerabilities such as SQL Injection, Cross-site scripting, Buffer Overflow vulnerabilities are highly prevalent and pose critical security risks. As a result, many methods have been proposed to apply static analysis, dynamic analysis o...
 
Binary Code Analysis
Found in: Computer
By Kaiping Liu,Hee Beng Kuan Tan,Xu Chen
Issue Date:August 2013
pp. 60-68
Static and dynamic analysis of binary code can provide useful information to security researchers without access to assembly code. However, these approaches currently require separate tools, forcing users to perform distinct analysis and then combine the r...
 
Defeating SQL Injection
Found in: Computer
By Lwin Khin Shar,Hee Beng Kuan Tan
Issue Date:March 2013
pp. 69-77
The best strategy for combating SQL injection, which has emerged as the most widespread website security risk, calls for integrating defensive coding practices with both vulnerability detection and runtime attack prevention methods.
 
Predicting common web application vulnerabilities from input validation and sanitization code patterns
Found in: 2012 27th IEEE/ACM International Conference on Automated Software Engineering (ASE)
By Lwin Khin Shar,Hee Beng Kuan Tan
Issue Date:September 2012
pp. 310-313
Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approa...
 
Detection of Buffer Overflow Vulnerabilities in C/C++ with Pattern Based Limited Symbolic Evaluation
Found in: 2012 IEEE 36th IEEE Annual Computer Software and Applications Conference Workshops (COMPSACW)
By Sun Ding,Hee Beng Kuan Tan,Kaiping Liu,Mahinthan Chandramohan,Hongyu Zhang
Issue Date:July 2012
pp. 559-564
Buffer overflow vulnerability is one of the major security threats for applications written in C/C++. Among the existing approaches for detecting buffer overflow vulnerability, though flow sensitive based approaches offer higher precision but they are limi...
 
Extraction of Attribute Dependency Graph from Database Applications
Found in: Asia-Pacific Software Engineering Conference
By Kaiping Liu,Hee Beng Kuan Tan,Xu Chen
Issue Date:December 2011
pp. 138-145
Database applications constitute a large portion of the software systems. This paper proposes a novel graph called attribute dependency graph to show the dependencies between attributes in a database application and also the programs involved. We propose a...
 
Defending against Cross-Site Scripting Attacks
Found in: Computer
By Lwin Khin Shar,Hee Beng Kuan Tan
Issue Date:March 2012
pp. 55-62
Researchers have proposed multiple solutions to cross-site scripting, but vulnerabilities continue to exist in many Web applications due to developers' lack of understanding of the problem and their unfamiliarity with current defenses' strengths and limita...
 
Defending against Buffer-Overflow Vulnerabilities
Found in: Computer
By Bindu Madhavi Padmanabhuni,Hee Beng Kuan Tan
Issue Date:November 2011
pp. 53-60
A survey of techniques ranging from static analysis to hardware modification describes how various defensive approaches protect against buffer overflow, a vulnerability that represents a severe security threat.
 
A Code-Based Input Partitioning Method for Equivalence Class Testing
Found in: Software Engineering, World Congress on
By Lwin Khin Shar, Hee Beng Kuan Tan, Hui Lui
Issue Date:December 2010
pp. 223-227
Equivalence class testing is traditionally a specification-based testing technique that derives test cases through partitioning the input domain of a program into different classes. This technique is widely used for testing all kinds of software systems. H...
 
An Empirical Study of Class Sizes for Large Java Systems
Found in: Asia-Pacific Software Engineering Conference
By Hongyu Zhang, Hee Beng Kuan Tan
Issue Date:December 2007
pp. 230-237
We perform an empirical study of class sizes (in terms of Lines of Code) on a number of large Java software systems, and discover an interesting pattern - that many classes have only small sizes whereas a few classes have large size. We call this phenomeno...
 
A Method to Aid Recovery and Maintenance of the Input Error Correction Features
Found in: Software Maintenance, IEEE International Conference on
By Minh Ngoc Ngo, Hee Beng Kuan Tan
Issue Date:September 2006
pp. 360-369
In an information system, inputs are submitted to the system from its external environment. However, many input errors cannot be detected automatically and therefore result in errors in the effects raised by the system. Hence, the provision of input error ...
 
An Approach to Aid the Understanding and Maintenance of Input Validation
Found in: Software Maintenance, IEEE International Conference on
By Hui Liu, Hee Beng Kuan Tan
Issue Date:September 2006
pp. 370-379
Input validation is an essential and a very important feature in any software system that has intensive interaction with its users. In this paper, we introduce some invariant properties with regards to input validation through analyzing the control and dat...
 
Automated Extraction of Database Interactions in Web Applications
Found in: International Conference on Program Comprehension
By Minh Ngoc Ngo, Hee Beng Kuan Tan, Doanh Trinh
Issue Date:June 2006
pp. 117-126
Database interactions are among the most essential functional features in web applications. Thus, for the maintenance and understanding of web applications, it is vital that the web engineer could identify all code segments which implement the database int...
 
Estimating LOC for information systems from their conceptual data models
Found in: Software Engineering, International Conference on
By Hongyu Zhang, Yuan Zhao, Hee Beng Kuan Tan
Issue Date:May 2006
pp. 321-330
Effort and cost estimation is crucial in software management. Estimation of software size plays a key role in the estimation. Line of Code (LOC) is still a commonly used software size measure. Despite the fact that software sizing is well recognized as an ...
 
Systematic Transformation of Functional Analysis Model into OO Design and Implementation
Found in: IEEE Transactions on Software Engineering
By Hee Beng Kuan Tan, Yong Yang, Lei Bian
Issue Date:February 2006
pp. 111-135
Functional refinement is beneficial to Object-Oriented (OO) software development, especially for problems with more complex functions. However, the use of functional refinement in OO software development has not received much attention. This paper proposes...
 
On Formalization of the Whole-Part Relationship in the Unified Modeling Language
Found in: IEEE Transactions on Software Engineering
By Hee Beng Kuan Tan, Lun Hao, Yong Yang
Issue Date:November 2003
pp. 1054-1055
<p><b>Abstract</b>—A formal definition for the semantics of the Whole-Part relationship in the Unified Modeling Language (UML) is introduced. This paper reports some discrepancies and proposes solutions to these discrepancies.</p>
 
Software Cost Estimation through Conceptual Requirement
Found in: Quality Software, International Conference on
By Yuan Zhao, Hee Beng Kuan Tan, Wei Zhang
Issue Date:November 2003
pp. 141
Software cost estimation is vital for the effective control and management of the whole software development process. Currently, Constructive Cost Model (COCOMO II) is the most popular tool for estimating software cost. It uses Lines of Code and Function P...
 
Systematic Bridging the Gap between Requirements and OO Design
Found in: Automated Software Engineering, International Conference on
By Hee Beng Kuan Tan, Weihong Li
Issue Date:September 2002
pp. 249
Today, most of the OO software development methodologies analyze requirements in terms of objects and their interactions. As a result, they have the problem of forcing analysts to make design decisions on objects and their interactions at the early stage o...
 
Exploring into Programs for the Recovery of Data Dependencies Designed
Found in: IEEE Transactions on Knowledge and Data Engineering
By Hee Beng Kuan Tan, Tok Wang Ling, Cheng Hian Goh
Issue Date:July 2002
pp. 825-835
<p>Data dependencies play an important role in the design of a database. Many legacy database applications have been developed on old generation database management systems and conventional file systems. As a result, most of the data dependencies in ...
 
A Reference Infrastructure for Electronic Commerce
Found in: Asia-Pacific Conference on Quality Software
By Yu Li, Weihong Li, Hee Beng Kuan Tan
Issue Date:October 2000
pp. 324
Electronic Commerce is all the rage these days. Current challenge of Electronic Commerce for suppliers is to allow building dynamic supply link and to meet various and wide needs for the customers, furthermore to build more reasonable electronic market pla...
 
Extracting Code Fragment that Implements Functionality
Found in: Asia-Pacific Software Engineering Conference
By Hee Beng Kuan Tan, Juan Tiang Kow
Issue Date:December 1999
pp. 351
A program interacts with its environment through accepting and delivering information from and to its environment respectively. As such, the functionality in a program is achieved through its input/output statements. Based on this hypothesis, this paper pr...
 
Correct Program Slicing of Database Operations
Found in: IEEE Software
By Hee Beng Kuan Tan, Tok Wang Ling
Issue Date:March 1998
pp. 105-112
Program slicing often used in software maintenance, program version integration, and reverse engineering helps isolate program components during debugging and analysis. Often, however, traditional methods struggle to correctly slice programs that involve d...
 
Enhancing the component reusability in data-intensive business programs through interface separation
Found in: Automated Software Engineering, International Conference on
By Hee Beng Kuan Tan
Issue Date:November 1997
pp. 313
Visual development environments have provided good support in the reuse of graphical user interface, report and query generation, and simpler database retrieval and updating. However, many commonly used components for computation and database processing an...
   
Recovery of Functional Dependencies from Data-Intensive Business Programs
Found in: Hawaii International Conference on System Sciences
By Hee Beng Kuan Tan, Tok Wang Ling
Issue Date:January 1997
pp. 81
Data integrity constraints usually form a major component in a data-intensive business system. To successfully reengineer a data-intensive business system, its data integrity constraints must be understood. Functional dependencies constitute an important t...
   
Slicing Functional Components from Data-Intensive Business Programs
Found in: Computer Software and Applications Conference, Annual International
By Hee Beng Kuan Tan, Tok Wang Ling
Issue Date:August 1996
pp. 0384
Functional components are program components which provide a set of tightly-coupled program's functionalities each. As functionalities embody domain knowledge, these components provide a basis for the recovery of reusable program components. In this paper,...
 
Has this bug been reported?
Found in: 2013 20th Working Conference on Reverse Engineering (WCRE)
By Kaiping Liu,Hee Beng Kuan Tan,Hongyu Zhang
Issue Date:October 2013
pp. 82-91
Bug reporting is essentially an uncoordinated process. The same bugs could be repeatedly reported because users or testers are unaware of previously reported bugs. As a result, extra time could be spent on bug triaging and fixing. In order to reduce redund...
   
Techniques for Defending from Buffer Overflow Vulnerability Security Exploits
Found in: IEEE Internet Computing
By Bindu Padmanabhuni,Hee Beng Kuan Tan
Publication Date: September 2011
pp. N/A
Recent reports reveal that majority of security violations are caused by weaknesses in code. Buffer overflow vulnerability is the most severe of security violations. Though wide range of solutions from static analysis techniques to hardware modifications w...
 
Techniques for Defending from Buffer Overflow Vulnerability Security Exploits
Found in: IEEE Internet Computing
By Bindu Padmanabhuni,Hee Beng Kuan Tan
Publication Date: August 2011
pp. N/A
Recent reports reveal that majority of security violations are caused by weaknesses in code. Buffer overflow vulnerability is the most severe of security violations. Though wide range of solutions from static analysis techniques to hardware modifications w...
 
Has this bug been reported?
Found in: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE '12)
By Hee Beng Kuan Tan, Kaiping Liu, Mahinthan Chandramohan
Issue Date:November 2012
pp. 1-4
Bug reporting is an uncoordinated process that is often the cause of redundant workload in triaging and fixing bugs due to many duplicated bug reports. Furthermore, quite often, same bugs are repeatedly reported as users or testers are unaware of whether t...
     
Scalable malware clustering through coarse-grained behavior modeling
Found in: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE '12)
By Hee Beng Kuan Tan, Lwin Khin Shar, Mahinthan Chandramohan
Issue Date:November 2012
pp. 1-4
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants ...
     
Predicting common web application vulnerabilities from input validation and sanitization code patterns
Found in: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012)
By Hee Beng Kuan Tan, Lwin Khin Shar
Issue Date:September 2012
pp. 310-313
Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approa...
     
Conceptual data model-based software size estimation for information systems
Found in: ACM Transactions on Software Engineering and Methodology (TOSEM)
By Hee Beng Kuan Tan, Hongyu Zhang, Yuan Zhao
Issue Date:October 2009
pp. 1-37
Size estimation plays a key role in effort estimation that has a crucial impact on software projects in the software industry. Some information required by existing software sizing methods is difficult to predict in the early stage of software development....
     
Detecting large number of infeasible paths through recognizing their patterns
Found in: Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering (ESEC-FSE '07)
By Hee Beng Kuan Tan, Minh Ngoc Ngo
Issue Date:September 2007
pp. 215-224
A great majority of program paths are found to be infeasible, which in turn make static analysis overly conservative. As static analysis plays a central part in many software engineering activities, knowledge about infeasible program paths can be used to g...
     
Automated verification and test case generation for input validation
Found in: Proceedings of the 2006 international workshop on Automation of software test (AST '06)
By Hee Beng Kuan Tan, Hui Liu
Issue Date:May 2006
pp. 29-35
Input validation is essential for any software that deals with input from its external environment. It forms a major part of such software that has intensive interaction with its environment. Through the integration of invariant and empirical properties fo...
     
Estimating LOC for information systems from their conceptual data models
Found in: Proceeding of the 28th international conference on Software engineering (ICSE '06)
By Hee Beng Kuan Tan, Hongyu Zhang, Yuan Zhao
Issue Date:May 2006
pp. 321-330
Effort and cost estimation is crucial in software management. Estimation of software size plays a key role in the estimation. Line of Code (LOC) is still a commonly used software size measure. Despite the fact that software sizing is well recognized as an ...
     
The data derivation model: a program specification technique that improves reusability
Found in: Proceedings of the 1993 ACM/SIGAPP symposium on Applied computing: states of the art and practice (SAC '93)
By Hee Beng Kuan Tan, Stan Jarzabek, Tok Wang Ling, Yin Seong Ho
Issue Date:February 1993
pp. 95-102
This paper describes the effects of program restructuring in a dataflow environment. Previous studies showed that dataflow programs can exhibit locality and that a memory hierarchy is feasible in a dataflow environment. This study shows that the order in w...
     
 1