Physical Sciences and Mathematics Commons^™

Deviant: A Mutation Testing Tool For Solidity Smart Contracts, Patrick Chapman

Boise State University Theses and Dissertations

Blockchain in recent years has exploded in popularity with Ethereum being one of the leading blockchain platforms. Solidity is a widely used scripting language for creating smart contracts in Ethereum applications. Quality assurance in Solidity contracts is of critical importance because bugs or vulnerabilities can lead to a considerable loss of financial assets. However, it is unclear what level of quality assurance is provided in many of these applications.

Mutation testing is the process of intentionally injecting faults into a target program and then running the provided test suite against the various injected faults. Mutation testing is used to evaluate …

Suitability Of Finite State Automata To Model String Constraints In Probablistic Symbolic Execution, Andrew Harris

Boise State University Theses and Dissertations

Probabilistic Symbolic Execution (PSE) extends Symbolic Execution (SE), a path-sensitive static program analysis technique, by calculating the probabilities with which program paths are executed. PSE relies on the ability of the underlying symbolic models to accurately represent the execution paths of the program as the collection of input values following these paths. While researchers established PSE for numerical data types, PSE for complex data types such as strings is a novel area of research.

For string data types SE tools commonly utilize finite state automata to represent a symbolic string model. Thus, PSE inherits from SE automata-based symbolic string models …

Detecting Saliency By Combining Speech And Object Detection In Indoor Environments, Kiran Thapa

Boise State University Theses and Dissertations

Describing scenes such as rooms, city streets, or routes, is a very common human task that requires the ability to identify and describe the scene sufficiently for a hearer to develop a mental model of the scene. When people talk about such scenes, they mention some objects of the scene at the exclusion of others. We call the mentioned objects salient objects as people consider them noticeable or important in comparison to other non-mentioned objects. In this thesis, we look at saliency of visual scenes and how visual saliency informs what can and should be said about a scene when …

Performance, Scalability, And Robustness In Distributed File Tree Copy, Christopher Robert Sutton

Boise State University Theses and Dissertations

As storage needs continually increase, and network file systems become more common, the need arises for tools that efficiently copy to and from these types of file systems. Traditional copy tools like the Linux cp utility were originally created for traditional storage systems, where storage is managed by a single host machine. cp uses a single-threaded approach to copying files. Using a multi-threaded approach would likely not provide an advantage in this system since the disk accesses are the bottleneck for this type of operation. In a distributed file system the disk accesses are spread across multiple hosts, and many …

Towards Automatic Repair Of Xacml Policies, Shuai Peng

Boise State University Theses and Dissertations

In a complex information system, controlling the access to resources is challenging. As a new generation of access control techniques, Attribute-Based Access Control (ABAC) can provide more flexible and fine-grained access control than Role-Based-Access Control (RBAC). XACML (eXtensible Access Control Markup Language) is an industrial standard for specifying ABAC policies. XACML policies tend to be complex because of the great variety of attribute types for fine-grained access control. This means that XACML policies are prone to errors and difficult to debug. This paper presents a first attempt at automating the debugging process of XACML policies. Two techniques are used for …

Security Testing With Misuse Case Modeling, Samer Yousef Khamaiseh

Boise State University Theses and Dissertations

Having a comprehensive model of security requirements is a crucial step towards developing a reliable software system. An effective model of security requirements which describes the possible scenarios that may affect the security aspects of the system under development can be an effective approach for subsequent use in generating security test cases.

Misuse case was first proposed by Sinder and Opdahl as an approach to extract the security requirements of the system under development [1]. A misuse case is a use case representing scenarios that might be followed by a system adversary in order to compromise the system; that is …

Evaluation Of String Constraint Solvers Using Dynamic Symbolic Execution, Scott Kausler

Boise State University Theses and Dissertations

Symbolic execution is a path sensitive program analysis technique used for error detection and test case generation. Symbolic execution tools rely on constraint solvers to determine the feasibility of program paths and generate concrete inputs for feasible paths. Therefore, the effectiveness of such tools depends on their constraint solvers.

Most modern constraint solvers for primitive data types, such as integers, are both efficient and accurate. However, the research on constraint solvers for complex data types, such as strings, is ongoing and less converged. For example, there are several types of string constraint solvers provided by researchers. However, a potential user …