Location-based software modeling and analysis: Tropos-based approach

Abstract. The continuous growth of interest in mobile applications makes the concept of location essential to design and develop software systems. Location-based software is supposed to be able to monitor the surrounding location and choose accordingly the most appropriate behavior. In this paper, we propose a novel conceptual framework to model and analyze location-based software. We mainly focus on the social facets of locations adopting concepts such as actor, resource, and location-based behavior. Our approach is based on Tropos methodology and allows the analyst to elicit and model software requirements according to the different locations where the software will operate. We propose an extension of Tropos modeling and adapt its process to suit well with the development of location-based software. The proposed framework also includes automated analysis techniques to reason about the relation between location and location-based software.

Location-based Modeling and Analysis: Tropos-based Approach

The continuous growth of interest in mobile applications makes the concept of location essential to design and develop software systems. Location-based software is supposed to be able to monitor the location and choose accordingly the most appropriate behavior. In this paper, we propose a novel conceptual framework to model and analyze location-based software. We mainly focus on the social facets of locations adopting concepts such as social actor, resource, and location-based behavior. Our approach is based on Tropos methodology and allows the analyst to elicit and model software requirements according to the different locations where the software will operate. We propose an extension of Tropos modeling and adapt its process to suit well with the development of location-based software. The proposed framework also includes automated analysis techniques to reason about the relation between location and location-based behavior

Analyzing the solutions of DEA through information visualization and data mining techniques: SmartDEA framework

Data envelopment analysis (DEA) has proven to be a useful tool for assessing efficiency or productivity of organizations, which is of vital practical importance in managerial decision making. DEA provides a significant amount of information from which analysts and managers derive insights and guidelines to promote their existing performances. Regarding to this fact, effective and methodologic analysis and interpretation of DEA solutions are very critical. The main objective of this study is then to develop a general decision support system (DSS) framework to analyze the solutions of basic DEA models. The paper formally shows how the solutions of DEA models should be structured so that these solutions can be examined and interpreted by analysts through information visualization and data mining techniques effectively. An innovative and convenient DEA solver, SmartDEA, is designed and developed in accordance with the proposed analysis framework. The developed software provides a DEA solution which is consistent with the framework and is ready-to-analyze with data mining tools, through a table-based structure. The developed framework is tested and applied in a real world project for benchmarking the vendors of a leading Turkish automotive company. The results show the effectiveness and the efficacy of the proposed framework

Binary Analysis Framework

The binary analysis of software has become an integral activity for security researchers and attackers alike. As the value of being able to exploit a vulnerability has increased, the need to discover, fix and prevent such vulnerabilities has never been greater. This paper proposes the Binary Analysis Framework, which is intended to be used by security researchers to query and analyze information about system and third party libraries. Researchers can use the tool to evaluate and discover unknown vulnerabilities in these libraries. Furthermore, the framework can be utilized to analyze mitigation techniques implemented by operating system and thirdparty vendors. The Binary Analysis Framework takes a novel approach to system-level security by introducing a framework that provides for binary analysis of libraries utilizing a relational data model for permanent storage of the binary instructions, as well as providing novel ways of searching and interacting with the parsed instructions

CONFPROFITT: A CONFIGURATION-AWARE PERFORMANCE PROFILING, TESTING, AND TUNING FRAMEWORK

Modern computer software systems are complicated. Developers can change the behavior of the software system through software configurations. The large number of configuration option and their interactions make the task of software tuning, testing, and debugging very challenging. Performance is one of the key aspects of non-functional qualities, where performance bugs can cause significant performance degradation and lead to poor user experience. However, performance bugs are difficult to expose, primarily because detecting them requires specific inputs, as well as specific configurations. While researchers have developed techniques to analyze, quantify, detect, and fix performance bugs, many of these techniques are not effective in highly-configurable systems. To improve the non-functional qualities of configurable software systems, testing engineers need to be able to understand the performance influence of configuration options, adjust the performance of a system under different configurations, and detect configuration-related performance bugs. This research will provide an automated framework that allows engineers to effectively analyze performance-influence configuration options, detect performance bugs in highly-configurable software systems, and adjust configuration options to achieve higher long-term performance gains. To understand real-world performance bugs in highly-configurable software systems, we first perform a performance bug characteristics study from three large-scale opensource projects. Many researchers have studied the characteristics of performance bugs from the bug report but few have reported what the experience is when trying to replicate confirmed performance bugs from the perspective of non-domain experts such as researchers. This study is meant to report the challenges and potential workaround to replicate confirmed performance bugs. We also want to share a performance benchmark to provide real-world performance bugs to evaluate future performance testing techniques. Inspired by our performance bug study, we propose a performance profiling approach that can help developers to understand how configuration options and their interactions can influence the performance of a system. The approach uses a combination of dynamic analysis and machine learning techniques, together with configuration sampling techniques, to profile the program execution, analyze configuration options relevant to performance. Next, the framework leverages natural language processing and information retrieval techniques to automatically generate test inputs and configurations to expose performance bugs. Finally, the framework combines reinforcement learning and dynamic state reduction techniques to guide subject application towards achieving higher long-term performance gains

Local Confluence Analysis of Consistent EMF Transformations

Model transformation is one of the key activities in model-driven software development. An increasingly popular technology to define modeling languages is provided by the Eclipse Modeling Framework (EMF). Several EMF model transformation approaches have been developed, focusing on different transformation aspects. For the analysis of model transformations, graph transformation techniques provide a formal basis and tool support. In this paper we aim to make use of those techniques by providing a formal foundation of consistent EMF transformations to analyze critical pairs between EMF transformation rules as well as extending the notion of local confluence to EMF transformation systems. The analysis is also demonstrated on a small example simulating the firing behavior of elementary Petri nets

Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces

Embedded devices are becoming more widespread, interconnected, and web-enabled than ever. However, recent studies showed that these devices are far from being secure. Moreover, many embedded systems rely on web interfaces for user interaction or administration. Unfortunately, web security is known to be difficult, and therefore the web interfaces of embedded systems represent a considerable attack surface. In this paper, we present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images. We apply our framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the vendor, device, or architecture. To achieve this goal, our framework performs full system emulation to achieve the execution of firmware images in a software-only environment, i.e., without involving any physical embedded devices. Then, we analyze the web interfaces within the firmware using both static and dynamic tools. We also present some interesting case-studies, and discuss the main challenges associated with the dynamic analysis of firmware images and their web interfaces and network services. The observations we make in this paper shed light on an important aspect of embedded devices which was not previously studied at a large scale. We validate our framework by testing it on 1925 firmware images from 54 different vendors. We discover important vulnerabilities in 185 firmware images, affecting nearly a quarter of vendors in our dataset. These experimental results demonstrate the effectiveness of our approach

A framework for software reference architecture analysis and review

Premio al mejor artículo, X Workshop Latinoamericano Ingeniería de Software Experimental, ESELAW 2013Tight time-to-market needs pushes software companies and IT consulting firms to continuously look for techniques to improve their IT services in general, and the design of software architectures in particular. The use of soft-ware reference architectures allows IT consulting firms reusing architectural knowledge and components in a systematic way. In return, IT consulting firms face the need to analyze the return on investment in software reference architectures for organizations, and to review these reference architectures in order to ensure their quality and incremental improvement. Little support exists to help IT consulting firms to face these challenges. In this paper we present an empirical framework aimed to support the analysis and review of software reference architectures and their use in IT projects by harvesting relevant evidence from the wide spectrum of involved stakeholders.Award-winningPostprint (author’s final draft

The scenario coevolution paradigm: adaptive quality assurance for adaptive systems

Systems are becoming increasingly more adaptive, using techniques like machine learning to enhance their behavior on their own rather than only through human developers programming them. We analyze the impact the advent of these new techniques has on the discipline of rigorous software engineering, especially on the issue of quality assurance. To this end, we provide a general description of the processes related to machine learning and embed them into a formal framework for the analysis of adaptivity, recognizing that to test an adaptive system a new approach to adaptive testing is necessary. We introduce scenario coevolution as a design pattern describing how system and test can work as antagonists in the process of software evolution. While the general pattern applies to large-scale processes (including human developers further augmenting the system), we show all techniques on a smaller-scale example of an agent navigating a simple smart factory. We point out new aspects in software engineering for adaptive systems that may be tackled naturally using scenario coevolution. This work is a substantially extended take on Gabor et al. (International symposium on leveraging applications of formal methods, Springer, pp 137–154, 2018)