François Gauthier

Learn More
Software clone detection techniques identify fragments of code that share some level of syntactic similarity. In this study, we investigate security-sensitive clone clusters: clusters of syntactically similar fragments of code that are protected by some privileges. From a security perspective, security-sensitive clone clusters can help reason about the(More)
Whether for development, maintenance or refactoring, multiple steps in software development cycle require comprehension of a program's access control model (AC model). In this paper, we present a novel approach to reverse-engineer AC model structure from PHP source code. Using an hybrid approach combining static analysis and model checking techniques, we(More)
Web sites are often a mixture of static sites and programs that integrate relational databases as a back-end. As they evolve to meet ever-changing user needs, new versions of programs, interactions and functionalities may be added and existing ones may be removed or modified. Web sites require configuration and programming attention to assure security,(More)
To assess and plan future risk-analysis research projects, 275 documents describing methods and tools for assessing the risks associated with industrial machines or with other sectors such as the military, and the nuclear and aeronautics industries, etc., were collected. These documents were in the format of published books or papers, standards, technical(More)
Access control models implement mechanisms to restrict access to sensitive data from unprivileged users. Access controls typically check privileges that capture the semantics of the operations they protect. Semantic smells and errors in access control models stem from privileges that are partially or totally unrelated to the action they protect. This paper(More)
Automatic Query generators have been shown to be effective tools for software testing. For the most part, they have been used in system testing for the database as a whole or to generate specific queries to test specific features with not much randomness. In this work we explore the problems encountered when using a genetic algorithm to generate SQL for(More)
Web applications manage increasingly large amounts of sensitive information and often need to implement access control (AC) models. However, documentation about the implemented AC model is often sparse and few, if no tool exists to support AC model investigation. Based on the results of a previous study, we show how formal concept analysis (FCA) can support(More)