Visible to the public Biblio

Filters: Keyword is software reliability  [Clear All Filters]
2023-07-14
Bourreau, Hugo, Guichet, Emeric, Barrak, Amine, Simon, Benoît, Jaafar, Fehmi.  2022.  On Securing the Communication in IoT Infrastructure using Elliptic Curve Cryptography. 2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C). :758–759.
Internet of Things (IoT) is widely present nowadays, from businesses to connected houses, and more. IoT is considered a part of the Internet of the future and will comprise billions of intelligent communication. These devices transmit data from sensors to entities like servers to perform suitable responses. The problem of securing these data from cyberattacks increases due to the sensitive information it contains. In addition, studies have shown that most of the time data transiting in IoT devices does not apply encrypted communication. Thus, anyone has the ability to listen to or modify the information. Encrypting communications seems mandatory to secure networks and data transiting from sensors to servers. In this paper, we propose an approach to secure the transmission and the storage of data in IoT using Elliptic Curve Cryptography (ECC). The proposed method offers a high level of security at a reasonable computational cost. Indeed, we present an adequate architecture that ensures the use of a state-of-the-art cryptography algorithm to encrypt sensitive data in IoT.
ISSN: 2693-9371
2023-07-13
Wu, Yan.  2022.  Information Security Management System for Archives Management Based on Embedded Artificial Intelligence. 2022 International Conference on Artificial Intelligence of Things and Crowdsensing (AIoTCs). :340–344.
Archival services are one of the main functions of an information security management system for archival management, and the conversion and updating of archival intelligence services is an important means to meet the increasing diversity and wisdom of the age of intelligence. The purpose of this paper is to study an information security management system for archival management based on embedded artificial intelligence. The implementation of an embedded control management system for intelligent filing cabinets is studied. Based on a configurable embedded system security model, the access control process and the functional modules of the system based on a secure call cache are analysed. Software for wireless RF communication was designed, and two remote control options were designed using CAN technology and wireless RF technology. Tests have shown that the system is easy to use, feature-rich and reliable, and can meet the needs of different users for regular control of file room management.
2023-07-12
Ogiela, Marek R., Ogiela, Urszula.  2022.  DNA-based Secret Sharing and Hiding in Dispersed Computing. 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :126—127.
In this paper will be described a new security protocol for secret sharing and hiding, which use selected personal features. Such technique allows to create human-oriented personalized security protocols dedicated for particular users. Proposed method may be applied in dispersed computing systems, where secret data should be divided into particular number of parts.
2023-06-22
Hasegawa, Taichi, Saito, Taiichi, Sasaki, Ryoichi.  2022.  Analyzing Metadata in PDF Files Published by Police Agencies in Japan. 2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C). :145–151.
In recent years, new types of cyber attacks called targeted attacks have been observed. It targets specific organizations or individuals, while usual large-scale attacks do not focus on specific targets. Organizations have published many Word or PDF files on their websites. These files may provide the starting point for targeted attacks if they include hidden data unintentionally generated in the authoring process. Adhatarao and Lauradoux analyzed hidden data found in the PDF files published by security agencies in many countries and showed that many PDF files potentially leak information like author names, details on the information system and computer architecture. In this study, we analyze hidden data of PDF files published on the website of police agencies in Japan and compare the results with Adhatarao and Lauradoux's. We gathered 110989 PDF files. 56% of gathered PDF files contain personal names, organization names, usernames, or numbers that seem to be IDs within the organizations. 96% of PDF files contain software names.
ISSN: 2693-9371
2023-06-09
Williams, Daniel, Clark, Chelece, McGahan, Rachel, Potteiger, Bradley, Cohen, Daniel, Musau, Patrick.  2022.  Discovery of AI/ML Supply Chain Vulnerabilities within Automotive Cyber-Physical Systems. 2022 IEEE International Conference on Assured Autonomy (ICAA). :93—96.
Steady advancement in Artificial Intelligence (AI) development over recent years has caused AI systems to become more readily adopted across industry and military use-cases globally. As powerful as these algorithms are, there are still gaping questions regarding their security and reliability. Beyond adversarial machine learning, software supply chain vulnerabilities and model backdoor injection exploits are emerging as potential threats to the physical safety of AI reliant CPS such as autonomous vehicles. In this work in progress paper, we introduce the concept of AI supply chain vulnerabilities with a provided proof of concept autonomous exploitation framework. We investigate the viability of algorithm backdoors and software third party library dependencies for applicability into modern AI attack kill chains. We leverage an autonomous vehicle case study for demonstrating the applicability of our offensive methodologies within a realistic AI CPS operating environment.
Rimawi, Diaeddin.  2022.  Green Resilience of Cyber-Physical Systems. 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :105—109.
Cyber-Physical System (CPS) represents systems that join both hardware and software components to perform real-time services. Maintaining the system's reliability is critical to the continuous delivery of these services. However, the CPS running environment is full of uncertainties and can easily lead to performance degradation. As a result, the need for a recovery technique is highly needed to achieve resilience in the system, with keeping in mind that this technique should be as green as possible. This early doctorate proposal, suggests a game theory solution to achieve resilience and green in CPS. Game theory has been known for its fast performance in decision-making, helping the system to choose what maximizes its payoffs. The proposed game model is described over a real-life collaborative artificial intelligence system (CAIS), that involves robots with humans to achieve a common goal. It shows how the expected results of the system will achieve the resilience of CAIS with minimized CO2 footprint.
Carvalho, Gonçalo, Medeiros, Nadia, Madeira, Henrique, Cabral, Bruno.  2022.  A Functional FMECA Approach for the Assessment of Critical Infrastructure Resilience. 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS). :672—681.
The damage or destruction of Critical Infrastructures (CIs) affect societies’ sustainable functioning. Therefore, it is crucial to have effective methods to assess the risk and resilience of CIs. Failure Mode and Effects Analysis (FMEA) and Failure Mode Effects and Criticality Analysis (FMECA) are two approaches to risk assessment and criticality analysis. However, these approaches are complex to apply to intricate CIs and associated Cyber-Physical Systems (CPS). We provide a top-down strategy, starting from a high abstraction level of the system and progressing to cover the functional elements of the infrastructures. This approach develops from FMECA but estimates risks and focuses on assessing resilience. We applied the proposed technique to a real-world CI, predicting how possible improvement scenarios may influence the overall system resilience. The results show the effectiveness of our approach in benchmarking the CI resilience, providing a cost-effective way to evaluate plausible alternatives concerning the improvement of preventive measures.
2023-05-30
Shafique, Muhammad.  2022.  EDAML 2022 Invited Speaker 8: Machine Learning for Cross-Layer Reliability and Security. 2022 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW). :1189—1189.
In the deep nano-scale regime, reliability has emerged as one of the major design issues for high-density integrated systems. Among others, key reliability-related issues are soft errors, high temperature, and aging effects (e.g., NBTI-Negative Bias Temperature Instability), which jeopardize the correct applications' execution. Tremendous amount of research effort has been invested at individual system layers. Moreover, in the era of growing cyber-security threats, modern computing systems experience a wide range of security threats at different layers of the software and hardware stacks. However, considering the escalating reliability and security costs, designing a highly reliable and secure system would require engaging multiple system layers (i.e. both hardware and software) to achieve cost-effective robustness. This talk provides an overview of important reliability issues, prominent state-of-the-art techniques, and various hardwaresoftware collaborative reliability modeling and optimization techniques developed at our lab, with a focus on the recent works on ML-based reliability techniques. Afterwards, this talk will also discuss how advanced ML techniques can be leveraged to devise new types of hardware security attacks, for instance on logic locked circuits. Towards the end of the talk, I will also give a quick pitch on the reliability and security challenges for the embedded machine learning (ML) on resource/energy-constrained devices subjected to unpredictable and harsh scenarios.
2023-05-19
Ondov, Adrián, Helebrandt, Pavol.  2022.  Covert Channel Detection Methods. 2022 20th International Conference on Emerging eLearning Technologies and Applications (ICETA). :491—496.
The modern networking world is being exposed to many risks more frequently every day. Most of systems strongly rely on remaining anonymous throughout the whole endpoint exploitation process. Covert channels represent risk since they ex-ploit legitimate communications and network protocols to evade typical filtering. This firewall avoidance sees covert channels frequently used for malicious communication of intruders with systems they compromised, and thus a real threat to network security. While there are commercial tools to safeguard computer networks, novel applications such as automotive connectivity and V2X present new challenges. This paper focuses on the analysis of the recent ways of using covert channels and detecting them, but also on the state-of-the-art possibilities of protection against them. We investigate observing the timing covert channels behavior simulated via injected ICMP traffic into standard network communications. Most importantly, we concentrate on enhancing firewall with detection and prevention of such attack built-in features. The main contribution of the paper is design for detection timing covert channel threats utilizing detection methods based on statistical analysis. These detection methods are combined and implemented in one program as a simple host-based intrusion detection system (HIDS). As a result, the proposed design can analyze and detect timing covert channels, with the addition of taking preventive measures to block any future attempts to breach the security of an end device.
2023-05-12
Wang, Ning.  2022.  Resilience Analysis of Urban Rail Transit Network Under Large Passenger Flow. 2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C). :444–446.
Public transportation is an important system of urban passenger transport. The purpose of this article is to explore the impact of network resilience when each station of urban rail transit network was attacked by large passenger flow. Based on the capacity load model, we propose a load redistribution mechanism to simulate the passenger flow propagation after being attacked by large passenger flow. Then, taking Xi'an's rail network as an example, we study the resilience variety of the network after a node is attacked by large passenger flow. Through some attack experiments, the feasibility of the model for studying the resilience of the rail transit system is finally verified.
ISSN: 2693-9371
2023-02-17
Khan, Muhammad Maaz Ali, Ehabe, Enow Nkongho, Mailewa, Akalanka B..  2022.  Discovering the Need for Information Assurance to Assure the End Users: Methodologies and Best Practices. 2022 IEEE International Conference on Electro Information Technology (eIT). :131–138.

The use of software to support the information infrastructure that governments, critical infrastructure providers and businesses worldwide rely on for their daily operations and business processes is gradually becoming unavoidable. Commercial off-the shelf software is widely and increasingly used by these organizations to automate processes with information technology. That notwithstanding, cyber-attacks are becoming stealthier and more sophisticated, which has led to a complex and dynamic risk environment for IT-based operations which users are working to better understand and manage. This has made users become increasingly concerned about the integrity, security and reliability of commercial software. To meet up with these concerns and meet customer requirements, vendors have undertaken significant efforts to reduce vulnerabilities, improve resistance to attack and protect the integrity of the products they sell. These efforts are often referred to as “software assurance.” Software assurance is becoming very important for organizations critical to public safety and economic and national security. These users require a high level of confidence that commercial software is as secure as possible, something only achieved when software is created using best practices for secure software development. Therefore, in this paper, we explore the need for information assurance and its importance for both organizations and end users, methodologies and best practices for software security and information assurance, and we also conducted a survey to understand end users’ opinions on the methodologies researched in this paper and their impact.

ISSN: 2154-0373

Sharma, Pradeep Kumar, Kumar, Brijesh, Tyagi, S.S.  2022.  STADS: Security Threats Assessment and Diagnostic System in Software Defined Networking (SDN). 2022 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COM-IT-CON). 1:744–751.
Since the advent of the Software Defined Networking (SDN) in 2011 and formation of Open Networking Foundation (ONF), SDN inspired projects have emerged in various fields of computer networks. Almost all the networking organizations are working on their products to be supported by SDN concept e.g. openflow. SDN has provided a great flexibility and agility in the networks by application specific control functions with centralized controller, but it does not provide security guarantees for security vulnerabilities inside applications, data plane and controller platform. As SDN can also use third party applications, an infected application can be distributed in the network and SDN based systems may be easily collapsed. In this paper, a security threats assessment model has been presented which highlights the critical areas with security requirements in SDN. Based on threat assessment model a proposed Security Threats Assessment and Diagnostic System (STADS) is presented for establishing a reliable SDN framework. The proposed STADS detects and diagnose various threats based on specified policy mechanism when different components of SDN communicate with controller to fulfil network requirements. Mininet network emulator with Ryu controller has been used for implementation and analysis.
Ruaro, Nicola, Pagani, Fabio, Ortolani, Stefano, Kruegel, Christopher, Vigna, Giovanni.  2022.  SYMBEXCEL: Automated Analysis and Understanding of Malicious Excel 4.0 Macros. 2022 IEEE Symposium on Security and Privacy (SP). :1066–1081.
Malicious software (malware) poses a significant threat to the security of our networks and users. In the ever-evolving malware landscape, Excel 4.0 Office macros (XL4) have recently become an important attack vector. These macros are often hidden within apparently legitimate documents and under several layers of obfuscation. As such, they are difficult to analyze using static analysis techniques. Moreover, the analysis in a dynamic analysis environment (a sandbox) is challenging because the macros execute correctly only under specific environmental conditions that are not always easy to create. This paper presents SYMBEXCEL, a novel solution that leverages symbolic execution to deobfuscate and analyze Excel 4.0 macros automatically. Our approach proceeds in three stages: (1) The malicious document is parsed and loaded in memory; (2) Our symbolic execution engine executes the XL4 formulas; and (3) Our Engine concretizes any symbolic values encountered during the symbolic exploration, therefore evaluating the execution of each macro under a broad range of (meaningful) environment configurations. SYMBEXCEL significantly outperforms existing deobfuscation tools, allowing us to reliably extract Indicators of Compromise (IoCs) and other critical forensics information. Our experiments demonstrate the effectiveness of our approach, especially in deobfuscating novel malicious documents that make heavy use of environment variables and are often not identified by commercial anti-virus software.
ISSN: 2375-1207
2023-02-02
Chiari, Michele, De Pascalis, Michele, Pradella, Matteo.  2022.  Static Analysis of Infrastructure as Code: a Survey. 2022 IEEE 19th International Conference on Software Architecture Companion (ICSA-C). :218–225.
The increasing use of Infrastructure as Code (IaC) in DevOps leads to benefits in speed and reliability of deployment operation, but extends to infrastructure challenges typical of software systems. IaC scripts can contain defects that result in security and reliability issues in the deployed infrastructure: techniques for detecting and preventing them are needed. We analyze and survey the current state of research in this respect by conducting a literature review on static analysis techniques for IaC. We describe analysis techniques, defect categories and platforms targeted by tools in the literature.
2023-01-13
Kareem, Husam, Almousa, Khaleel, Dunaev, Dmitriy.  2022.  Matlab GUI-based Tool to Determine Performance Metrics of Physical Unclonable Functions. 2022 Cybernetics & Informatics (K&I). :1—5.
This paper presents a MATLAB Graphical User Interface (GUI) based tool that determines the performance evaluation metrics of the physically unclonable functions (PUFs). The PUFs are hardware security primitives which can be utilized in several hardware security applications like integrated circuits protection, device authentication, secret key generation, and hardware obfuscation. Like any other technology approach, PUFs evaluation requires testing different performance metrics, each of which can be determined by at least one mathematical equation. The proposed tool (PUFs Tool) reads the PUF instances’ output and then computes and generates the values of the main PUFs’ performance metrics: uniqueness, reliability, uniformity, and bit-aliasing. In addition, it generates a bar code for each PUF instance considered in the evaluation process. The PUFs Tool is designed and developed using the app designer of MATLAB software 2021b.
Ramaj, Xhesika.  2022.  A DevSecOps-enabled Framework for Risk Management of Critical Infrastructures. 2022 IEEE/ACM 44th International Conference on Software Engineering: Companion Proceedings (ICSE-Companion). :242–244.
This paper presents a Ph.D. research plan that focuses on solving the existing problems in risk management of critical infrastructures, by means of a novel DevSecOps-enabled framework. Critical infrastructures are complex physical and cyber-based systems that form the lifeline of a modern society, and their reliable and secure operation is of paramount importance to national security and economic vitality. Therefore, this paper proposes DevSecOps technology for managing risk throughout the entire development life cycle of such systems.
2022-12-20
Fargose, Rehan, Gaonkar, Samarth, Jadhav, Paras, Jadiya, Harshit, Lopes, Minal.  2022.  Browser Extension For A Safe Browsing Experience. 2022 International Conference on Computing, Communication, Security and Intelligent Systems (IC3SIS). :1–6.
Due to the rise of the internet a business model known as online advertising has seen unprecedented success. However, it has also become a prime method through which criminals can scam people. Often times even legitimate websites contain advertisements that are linked to scam websites since they are not verified by the website’s owners. Scammers have become quite creative with their attacks, using various unorthodox and inconspicuous methods such as I-frames, Favicons, Proxy servers, Domains, etc. Many modern Anti-viruses are paid services and hence not a feasible option for most users in 3rd world countries. Often people don’t possess devices that have enough RAM to even run such software efficiently leaving them without any options. This project aims to create a Browser extension that will be able to distinguish between safe and unsafe websites by utilizing Machine Learning algorithms. This system is lightweight and free thus fulfilling the needs of most people looking for a cheap and reliable security solution and allowing people to surf the internet easily and safely. The system will scan all the intermittent URL clicks as well, not just the main website thus providing an even greater degree of security.
2022-12-02
Chen, Yan, Zhou, Xingchen, Zhu, Jian, Ji, Hongbin.  2022.  Zero Trust Security of Energy Resource Control System. 2022 IEEE 5th International Electrical and Energy Conference (CIEEC). :5052—5055.

The security of Energy Data collection is the basis of achieving reliability and security intelligent of smart grid. The newest security communication of Data collection is Zero Trust communication; The Strategy of Zero Trust communication is that don’t trust any device of outside or inside. Only that device authenticate is successful and software and hardware is more security, the Energy intelligent power system allow the device enroll into network system, otherwise deny these devices. When the device has been communicating with the Energy system, the Zero Trust still need to detect its security and vulnerability, if device have any security issue or vulnerability issue, the Zero Trust deny from network system, it ensures that Energy power system absolute security, which lays a foundation for the security analysis of intelligent power unit.

2022-11-18
Yüksel, Ulaş, Sözer, Hasan.  2021.  Dynamic Filtering and Prioritization of Static Code Analysis Alerts. 2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). :294–295.
We propose an approach for filtering and prioritizing static code analysis alerts while these alerts are being reviewed by the developer. We construct a Prolog knowledge base that captures the data flow information in the source code as well as the reported alerts, their properties and associations with the data flow. The knowledge base is updated as the developer reviews the listed alerts and decides whether they point at an actual fault or not. These updates provide useful information since some of the alerts of the same type can be related in terms of their root cause. Hence, dynamically updated knowledge base can be queried to eliminate or prioritize the remaining alerts in the review list. We present a motivating example to illustrate the approach and its automation by integrating a set of tools.
2022-09-30
Kaneko, Tomoko, Yoshioka, Nobukazu, Sasaki, Ryoichi.  2021.  Cyber-Security Incident Analysis by Causal Analysis using System Theory (CAST). 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). :806–815.
STAMP (System Theoretic Accident Model and Processes) is one of the theories that has been attracting attention as a new safety analysis method for complex systems. CAST (Causal Analysis using System Theory) is a causal analysis method based on STAMP theory. The authors investigated an information security incident case, “AIST (National Institute of Advanced Industrial Science and Technology) report on unauthorized access to information systems,” and attempted accident analysis using CAST. We investigated whether CAST could be applied to the cyber security analysis. Since CAST is a safety accident analysis technique, this study was the first to apply CAST to cyber security incidents. Its effectiveness was confirmed from the viewpoint of the following three research questions. Q1:Features of CAST as an accident analysis method Q2:Applicability and impact on security accident analysis Q3:Understanding cyber security incidents with a five-layer model.
2022-09-09
Perucca, A., Thai, T. T., Fiasca, F., Signorile, G., Formichella, V., Sesia, I., Levi, F..  2021.  Network and Software Architecture Improvements for a Highly Automated, Robust and Efficient Realization of the Italian National Time Scale. 2021 Joint Conference of the European Frequency and Time Forum and IEEE International Frequency Control Symposium (EFTF/IFCS). :1—4.
Recently, the informatics infrastructure of INRiM Time and Frequency Laboratory has been completely renewed with particular attention to network security and software architecture aspects, with the aims to improve the reliability, robustness and automation of the overall set-up. This upgraded infrastructure has allowed, since January 2020, a fully automated generation and monitoring of the Italian time scale UTC(IT), based on dedicated software developed in-house [1]. We focus in this work on the network and software aspects of our set-up, which enable a robust and reliable automatic time scale generation with continuous monitoring and minimal human intervention.
2022-08-03
Gao, Xiaotong, Ma, Yanfang, Zhou, Wei.  2021.  The Trustworthiness Measurement Model of Component-based Software Based on the Subjective and Objective Weight Allocation Method. 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). :478—486.
Software trustworthiness includes many attributes. Reasonable weight allocation of trustworthy attributes plays a key role in the software trustworthiness measurement. In practical application, attribute weight usually comes from experts' evaluation to attributes and hidden information derived from attributes. Therefore, when the weight of attributes is researched, it is necessary to consider weight from subjective and objective aspects. Firstly, a novel weight allocation method is proposed by combining the Fuzzy Analytical Hierarchy Process (FAHP) method and the Criteria Importance Though Intercrieria Correlation (CRITIC) method. Secondly, based on the weight allocation method, the trustworthiness measurement models of component-based software are established according to the four combination structures of components. Thirdly, some metric criteria of the model are proved to verify the reasonability. Finally, a case is used to illustrate the practicality of the model.
Deng, Yuxin, Chen, Zezhong, Du, Wenjie, Mao, Bifei, Liang, Zhizhang, Lin, Qiushi, Li, Jinghui.  2021.  Trustworthiness Derivation Tree: A Model of Evidence-Based Software Trustworthiness. 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). :487—493.
In order to analyze the trustworthiness of complex software systems, we propose a model of evidence-based software trustworthiness called trustworthiness derivation tree (TDT). The basic idea of constructing a TDT is to refine main properties into key ingredients and continue the refinement until basic facts such as evidences are reached. The skeleton of a TDT can be specified by a set of rules, which is convenient for automated reasoning in Prolog. We develop a visualization tool that can construct the skeleton of a TDT by taking the rules as input, and allow a user to edit the TDT in a graphical user interface. In a software development life cycle, TDTs can serve as a communication means for different stakeholders to agree on the properties about a system in the requirement analysis phase, and they can be used for deductive reasoning so as to verify whether the system achieves trustworthiness in the product validation phase. We have piloted the approach of using TDTs in more than a dozen real scenarios of software development. Indeed, using TDTs helped us to discover and then resolve some subtle problems.
2022-06-10
Kropp, Alexander, Schwalbe, Mario, Tsokalo, Ievgenii A., Süβkraut, Martin, Schmoll, Robert-Steve, Fitzek, Frank H.P..  2021.  Reliable Control for Robotics - Hardware Resilience Powered by Software. 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC). :1–2.
Industry 4.0 is now much more than just a buzzword. However, with the advancement of automation through digitization and softwarization of dedicated hardware, applications are also becoming more susceptible to random hardware errors in the calculation. This cyber-physical demonstrator uses a robotic application to show the effects that even single bit flips can have in the real world due to hardware errors. Using the graphical user interface including the human machine interface, the audience can generate hardware errors in the form of bit flips and see their effects live on the robot. In this paper we will be showing a new technology, the SIListra Safety Transformer (SST), that makes it possible to detect those kind of random hardware errors, which can subsequently make safety-critical applications more reliable.
2022-05-19
Ji, Songyan, Dong, Jian, Qiu, Junfu, Gu, Bowen, Wang, Ye, Wang, Tongqi.  2021.  Increasing Fuzz Testing Coverage for Smart Contracts with Dynamic Taint Analysis. 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS). :243–247.
Nowadays, smart contracts manage more and more digital assets and have become an attractive target for adversaries. To prevent smart contracts from malicious attacks, a thorough test is indispensable and must be finished before deployment because smart contracts cannot be modified after being deployed. Fuzzing is an important testing approach, but most existing smart contract fuzzers can hardly solve the constraints which involve deeply nested conditional statements, resulting in low coverage. To address this problem, we propose Targy, an efficient targeted mutation strategy based on dynamic taint analysis. We obtain the taint flow by dynamic taint propagation, and generate a more accurate mutation strategy for the input parameters of functions to simultaneously satisfy all conditional statements. We implemented Targy on sFuzz with 3.6 thousand smart contracts running on Ethereum. The numbers of covered branches and detected vulnerabilities increase by 6% and 7% respectively, and the average time required for covering a branch is reduced by 11 %.