Timothée Riom scite author profile

Timothée Riom

4Publications

38Citation Statements Received

152Citation Statements Given

How they've been cited

How they cite others

126

152

Affiliations

University of Luxembourg, Mines Saint-Étienne, Direction de la Recherche Technologique

Publications

Order By: Most citations

Experimental Analysis of the Laser-Induced Instruction Skip Fault Model

Dutertre

Riom

Potin

et al. 2019

View full text Add to dashboard Cite

Microcontrollers storing valuable data or using security functions are vulnerable to fault injection attacks. Among the various types of faults, instruction skips induced at runtime proved to be effective against identification routines or encryption algorithms. Several research works assessed a fault model that consists in a single instruction skip, i.e. the ability to prevent one chosen instruction in a program from being executed. This assessment is used to design countermeasures able to withstand a single instruction skip. We question this fault model on experimental basis and report the possibility to induce with a laser an arbitrary number of instruction skips. This ability to erase entire sections of a firmware has strong implications regarding the design of countermeasures.

show abstract

Revisiting the impact of common libraries for android-related investigations

Riom

Bissyandé

et al. 2019

Journal of Systems and Software

View full text Add to dashboard Cite

Revisiting the VCCFinder approach for the identification of vulnerability-contributing commits

et al. 2021

View full text Add to dashboard Cite

Detecting vulnerabilities in software is a constant race between development teams and potential attackers. While many static and dynamic approaches have focused on regularly analyzing the software in its entirety, a recent research direction has focused on the analysis of changes that are applied to the code. VCCFinder is a seminal approach in the literature that builds on machine learning to automatically detect whether an incoming commit will introduce some vulnerabilities. Given the influence of VCCFinder in the literature, we undertake an investigation into its performance as a state-of-the-art system. To that end, we propose to attempt a replication study on the VCCFinder supervised learning approach. The insights of our failure to replicate the results reported in the original publication informed the design of a new approach to identify vulnerability-contributing commits based on a semi-supervised learning technique with an alternate feature set. We provide all artefacts and a clear description of this approach as a new reproducible baseline for advancing research on machine learning-based identification of vulnerability-introducing commits.

show abstract

ANCHOR: locating android framework-specific crashing faults

Kong

Gao

et al. 2021

Autom Softw Eng

View full text Add to dashboard Cite

Android framework-specific app crashes are hard to debug. Indeed, the callback-based event-driven mechanism of Android challenges crash localization techniques that are developed for traditional Java programs. The key challenge stems from the fact that the buggy code location may not even be listed within the stack trace. For example, our empirical study on 500 framework-specific crashes from an open benchmark has revealed that 37 percent of the crash types are related to bugs that are outside the stack traces. Moreover, Android programs are a mixture of code and extra-code artifacts such as the Manifest file. The fact that any artifact can lead to failures in the app execution creates the need to position the localization target beyond the code realm. In this paper, we propose Anchor, a two-phase suspicious bug location suggestion tool. Anchor specializes in finding crash-inducing bugs outside the stack trace. Anchor is lightweight and source code independent since it only requires the crash message and the apk file to locate the fault. Experimental results, collected via cross-validation and in-thewild dataset evaluation, show that Anchor is effective in locating Android framework-specific crashing faults.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Timothée Riom

Experimental Analysis of the Laser-Induced Instruction Skip Fault Model

Revisiting the impact of common libraries for android-related investigations

Revisiting the VCCFinder approach for the identification of vulnerability-contributing commits

ANCHOR: locating android framework-specific crashing faults

Contact Info

Product

Resources

About