651 research outputs found
An Approach Toward Implementing Continuous Security In Agile Environment
Traditionally, developers design software to accomplish a set of functions and then later addâor do not addâsecurity measures, especially after the prevalence of the agile software development model. Consequently, there is an increased risk of security vulnerabilities that are introduced into the software in various stages of development. To avoid security vulnerabilities, there are many secure software development efforts in the directions of secure software development lifecycle process. The purpose of this thesis is to propose a software security assurance methodology and integrate it into the Msg Life organizationâs development lifecycle based on security best practices that fulfill their needs in building secure software applications. Ultimately, the objective adhered to increasing the security maturity level according to the suggested security assurance roadmap and implemented partly in the context of this thesis.Tradicionalmente, os desenvolvedores projetam o software para realizar um conjunto de funçÔes e, posteriormente, adicionam - ou nĂŁo - medidas de segurança, especialmente apĂłs a prevalĂȘncia do modelo de desenvolvimento ĂĄgil de software. Consequentemente, hĂĄ um risco aumentado de vulnerabilidades de segurança que sĂŁo introduzidas no software em vĂĄrios estĂĄgios de desenvolvimento. Para evitar vulnerabilidades de segurança, existem muitos esforços no desenvolvimento de software nas direçÔes dos processos do ciclo de vida desse mesmo software. O objetivo desta tese Ă© propor uma metodologia de garantia de segurança de software e integrĂĄ-la ao ciclo de vida de desenvolvimento da Msg Life Company, com base nas melhores prĂĄticas de segurança que atendem Ă s suas necessidades na criação de aplicativos de software seguros. Por fim, o objetivo aderiu ao aumento do nĂvel de maturidade da segurança de acordo com o roteiro sugerido de garantia de segurança e implementado parcialmente no contexto desta tese
Automatic synthesis of SDL from MSC and its applications in forward and reverse engineering
Abstract Wider adoption of formal specification languages in industry is impeded by the lack of support for early development phases and for integration with older, legacy software. Methodology aimed at improving this situation is presented. The methodology uses Message Sequence Charts (MSC) as a "front-end" specification language and systematically applies an automatic synthesis technique to produce executable specifications in the telecommunications standard Specification and Description Language (SDL). Applications of the automatic synthesis technique for both forward and reverse engineering are demonstrated
An integrated search-based approach for automatic testing from extended finite state machine (EFSM) models
This is the post-print version of the Article - Copyright @ 2011 ElsevierThe extended finite state machine (EFSM) is a modelling approach that has been used to represent a wide range of systems. When testing from an EFSM, it is normal to use a test criterion such as transition coverage. Such test criteria are often expressed in terms of transition paths (TPs) through an EFSM. Despite the popularity of EFSMs, testing from an EFSM is difficult for two main reasons: path feasibility and path input sequence generation. The path feasibility problem concerns generating paths that are feasible whereas the path input sequence generation problem is to find an input sequence that can traverse a feasible path. While search-based approaches have been used in test automation, there has been relatively little work that uses them when testing from an EFSM. In this paper, we propose an integrated search-based approach to automate testing from an EFSM. The approach has two phases, the aim of the first phase being to produce a feasible TP (FTP) while the second phase searches for an input sequence to trigger this TP. The first phase uses a Genetic Algorithm whose fitness function is a TP feasibility metric based on dataflow dependence. The second phase uses a Genetic Algorithm whose fitness function is based on a combination of a branch distance function and approach level. Experimental results using five EFSMs found the first phase to be effective in generating FTPs with a success rate of approximately 96.6%. Furthermore, the proposed input sequence generator could trigger all the generated feasible TPs (success rate = 100%). The results derived from the experiment demonstrate that the proposed approach is effective in automating testing from an EFSM
Potential Errors and Test Assessment in Software Product Line Engineering
Software product lines (SPL) are a method for the development of variant-rich
software systems. Compared to non-variable systems, testing SPLs is extensive
due to an increasingly amount of possible products. Different approaches exist
for testing SPLs, but there is less research for assessing the quality of these
tests by means of error detection capability. Such test assessment is based on
error injection into correct version of the system under test. However to our
knowledge, potential errors in SPL engineering have never been systematically
identified before. This article presents an overview over existing paradigms
for specifying software product lines and the errors that can occur during the
respective specification processes. For assessment of test quality, we leverage
mutation testing techniques to SPL engineering and implement the identified
errors as mutation operators. This allows us to run existing tests against
defective products for the purpose of test assessment. From the results, we
draw conclusions about the error-proneness of the surveyed SPL design paradigms
and how quality of SPL tests can be improved.Comment: In Proceedings MBT 2015, arXiv:1504.0192
Comparative Evaluation of the State-of-art Requirements-based Test Case Generation Approaches
The overall aim of software testing is to deliver the error-free and high-quality software products to the end users. The testing process ensures that a software is aligned with the user specification and requirements. In software testing process, there are many challenging tasks however test case generation process is considered as the most challenging one. The quality of the generated test cases has a significant impact on efficiency and effectiveness of the testing process. In order to improve the quality of a developed software, the test cases should be able to achieve maximum adequacy in the testing and requirements' coverage. This paper presents a comparative evaluation of the prominent requirement-based test case generation approaches. Five evaluation criteria namely, inputs for test case generation, transformation techniques, coverage criteria, time and tool's support are defined to systematically compare the approaches. The results of the evaluation are used to identify the gap in the current approaches and research opportunities in requirement-based test case's generation.
An Infrastructure to Support Interoperability in Reverse Engineering
An infrastructure that supports interoperability among reverse engineering tools and other software tools is described. The three major components of the infrastructure are: (1) a hierarchy of schemas for low- and middle-level program representation graphs, (2) g4re, a tool chain for reverse engineering C++ programs, and (3) a repository of reverse engineering artifacts, including the previous two components, a test suite, and tools, GXL instances, and XSLT transformations for graphs at each level of the hierarchy. The results of two case studies that investigated the space and time costs incurred by the infrastructure are provided. The results of two empirical evaluations that were performed using the api module of g4re, and were focused on computation of object-oriented metrics and three-dimensional visualization of class template diagrams, respectively, are also provided
Recommended from our members
Semantic discovery and reuse of business process patterns
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.In modern organisations business process modelling has become fundamental due to the
increasing rate of organisational change. As a consequence, an organisation needs to
continuously redesign its business processes on a regular basis. One major problem
associated with the way business process modelling (BPM) is carried out today is the
lack of explicit and systematic reuse of previously developed models. Enabling the reuse of previously modelled behaviour can have a beneficial impact on the quality and
efficiency of the overall information systems development process and also improve the effectiveness of an organisationâs business processes. In related disciplines, like software engineering, patterns have emerged as a widely accepted architectural mechanism for reusing solutions. In business process modelling the use of patterns is quite limited apart from few sporadic attempts proposed by the literature. Thus, pattern-based BPM is not commonplace. Business process patterns should ideally be discovered from the empirical analysis of organisational processes. Empiricism is currently not the basis for the discovery of patterns for business process modelling and no systematic methodology for collecting and analysing process models of business organisations currently exists.
The purpose of the presented research project is to develop a methodological framework for achieving reuse in BPM via the discovery and adoption of patterns. The framework is called Semantic Discovery and Reuse of Business Process Patterns (SDR). SDR
provides a systematic method for identifying patterns among organisational data assets
representing business behaviour. The framework adopts ontologies (i.e., formalised
conceptual models of real-world domains) in order to facilitate such discovery. The
research has also produced an ontology of business processes that provides the
underlying semantic definitions of processes and their constituent parts. The use of
ontologies to model business processes represents a novel approach and combines
advances achieved by the Semantic Web and BPM communities. The methodological
framework also relates to a new line of research in BPM on declarative business
processes in which the models specify what should be done rather than how to
âprescriptivelyâ do it. The research follows a design science method for designing and
evaluating SDR. Evaluation is carried out using real world sources and reuse scenarios
taken from both the financial and educational domains
- âŠ